\@def_ldflags,
\@def_ldflags_relro,
\@def_ldflags_bindnow,
+ \@def_ldflags_pie,
);
# References to all used flags.
my @flag_refs_all = (
@flag_refs,
- \@def_ldflags_pie,
\@def_ldflags_pic,
);
# Renaming rules for the output so the regex parts are not visible. Also
invalid_cmake => 1 << 5,
);
+my %buildd_tag = (
+ no_compiler_commands => 'I-no-compiler-commands',
+ non_verbose_build => 'W-compiler-flags-hidden',
+ flags_missing => 'W-dpkg-buildflags-missing',
+ hardening_wrapper => 'I-hardening-wrapper-used',
+ invalid_cmake => 'I-invalid-cmake-used',
+);
+
# Statistics of missing flags and non-verbose build commands. Used for
# $option_buildd.
my %statistics = (
foreach my $file (@ARGV) {
print "checking '$file'...\n" if scalar @ARGV > 1;
- open my $fh, '<', $file or die "$!: $file";
+ open my $fh, '<', $file or die $!;
# Architecture of this file.
my $arch = $option_arch;
if (not $option_buildd) {
error_invalid_cmake($1);
} else {
- print "W-invalid-cmake-used $1\n";
+ print "$buildd_tag{invalid_cmake} $1\n";
}
$exit |= $exit_code{invalid_cmake};
}
if (not $option_buildd) {
error_hardening_wrapper();
} else {
- print "I-hardening-wrapper-used\n";
+ print "$buildd_tag{hardening_wrapper}\n";
}
$exit |= $exit_code{hardening_wrapper};
next FILE;
if (not $option_buildd) {
print "No compiler commands!\n";
} else {
- print "W-no-compiler-commands\n";
+ print "$buildd_tag{no_compiler_commands}\n";
}
$exit |= $exit_code{no_compiler_commands};
next FILE;
}
if (scalar @warning) {
local $" = ', '; # array join string
- print "W-dpkg-buildflags-missing @warning missing\n";
+ print "$buildd_tag{flags_missing} @warning missing\n";
}
if ($statistics{commands_nonverbose}) {
- printf "W-compiler-flags-hidden %d (of %d) hidden\n",
+ printf "$buildd_tag{non_verbose_build} %d (of %d) hidden\n",
$statistics{commands_nonverbose},
$statistics{commands},
}
=over 2
-=item
+=item *
Print tags instead of normal warnings, see L</"BUILDD TAGS"> for a list of
possible tags.
-=item
+=item *
Don't check hardening flags in old log files (if dpkg-dev << 1.16.1 is
detected).
-=item
+=item *
Don't require Term::ANSIColor.
=over 2
-=item
-
-B<I-hardening-wrapper-used>
+=item B<I-hardening-wrapper-used>
The package uses hardening-wrapper which intercepts calls to gcc and adds
hardening flags. The build log doesn't contain any hardening flags and thus
can't be checked by blhc.
-=item
-
-B<W-compiler-flags-hidden> (summary of hidden lines)
+=item B<W-compiler-flags-hidden> (summary of hidden lines)
Build log contains lines which hide the real compiler flags. For example:
in a F<Makefile> must be removed. And as last resort the F<Makefile> must be
patched to remove the C<@>s hiding the real compiler commands.
-=item
-
-B<W-dpkg-buildflags-missing> (summary of missing flags)
+=item B<W-dpkg-buildflags-missing> (summary of missing flags)
CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS missing.
-=item
-
-B<W-invalid-cmake-used> (version)
+=item B<I-invalid-cmake-used> (version)
-=item
+By default CMake ignores CPPFLAGS thus missing those hardening flags. Debian
+patched CMake in versions 2.8.7-1 and 2.8.7-2 to respect CPPFLAGS, but this
+patch was rejected by upstream and later reverted in Debian. Thus those two
+versions show correct usage of CPPFLAGS even if the package doesn't correctly
+handle them (for example by passing them to CFLAGS). To prevent false
+negatives just blacklist those two versions.
-B<W-no-compiler-commands>
+=item B<I-no-compiler-commands>
No compiler commands were detected. Either the log contains none or they were
not correctly detected by blhc (please report the bug in this case).
Hardening wrapper detected, no tests performed.
+=item B<32>
+
+Invalid CMake version used. See B<I-invalid-cmake-used> under L</"BUILDD
+TAGS"> for a detailed explanation.
+
=back
=head1 AUTHOR
ruderich.org/simon / blhc / blhc.git / blobdiff