Also ignore PIE flags when -shared is used.

[blhc/blhc.git] / bin / blhc

diff --git a/bin/blhc b/bin/blhc
index 62ddb86a6076f986eb6fdeffec5b84e71b6f8731..b4d87e45eb9dc856e574906e4958afc04f4317d5 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -193,6 +193,7 @@ my @def_ldflags_pie = (
 my @def_ldflags_pic = (
     '-fPIC',
     '-fpic',
+    '-shared',
 );
 # Renaming rules for the output so the regex parts are not visible. Also
 # stores string values of flag regexps above, see compile_flag_regexp().
@@ -602,7 +603,11 @@ FILE: foreach my $file (@ARGV) {
     close $fh;
 
     if (scalar @input == 0) {
-        print "No compiler commands!\n";
+        if (not $option_buildd) {
+            print "No compiler commands!\n";
+        } else {
+            print "W-no-compiler-commands\n";
+        }
         $exit |= 1;
         next FILE;
     }
@@ -850,16 +855,7 @@ blhc - build log hardening check, checks build logs for missing hardening flags
 
 =head1 SYNOPSIS
 
-B<blhc> [options] <dpkg-buildpackage build log file>..
-
-    --all                   force +all (+pie, +bindnow) check
-    --arch                  set architecture (autodetected)
-    --bindnow               force +bindbow check
-    --buildd                parser mode for buildds
-    --color                 use colored output
-    --pie                   force +pie check
-    --help                  available options
-    --version               version number and license
+B<blhc> [I<options>] I<E<lt>dpkg-buildpackage build log fileE<gt>..>
 
 =head1 DESCRIPTION
 
@@ -875,7 +871,7 @@ other important warnings. It's licensed under the GPL 3 or later.
 Force check for all +all (+pie, +bindnow) hardening flags. By default it's
 auto detected.
 
-=item B<--arch>
+=item B<--arch> I<architecture>
 
 Set the specific architecture (e.g. amd64, armel, etc.), automatically
 disables hardening flags not available on this architecture. Is detected