X-Git-Url: https://ruderich.org/simon/gitweb/?p=blhc%2Fblhc.git;a=blobdiff_plain;f=bin%2Fblhc;h=5e8e0181356613dca5de8afe591ce3ab24a5d684;hp=92ab3b442b1beae820aad9eb3988e3cfbb125795;hb=f0ae7b1580cd26bcf44dc5b780f1c2e081314479;hpb=c1062539346fc41efb4316cb04f2893ce954bb37 diff --git a/bin/blhc b/bin/blhc index 92ab3b4..5e8e018 100755 --- a/bin/blhc +++ b/bin/blhc @@ -428,6 +428,7 @@ my $option_help = 0; my $option_version = 0; my $option_pie = 0; my $option_bindnow = 0; +my @option_ignore_arch = (); my @option_ignore_flag = (); my @option_ignore_line = (); my $option_all = 0; @@ -442,6 +443,7 @@ if (not Getopt::Long::GetOptions( 'bindnow' => \$option_bindnow, 'all' => \$option_all, # Ignore. + 'ignore-arch=s' => \@option_ignore_arch, 'ignore-flag=s' => \@option_ignore_flag, 'ignore-line=s' => \@option_ignore_line, # Misc. @@ -533,6 +535,15 @@ foreach my $file (@ARGV) { my $harden_pie = $option_pie; # defaults to 0 while (my $line = <$fh>) { + # Detect architecture automatically unless overridden. For buildd logs + # only, doesn't use the dpkg-buildpackage header. Necessary to ignore + # build logs which aren't built (wrong architecture, build error, + # etc.). + if (not $arch + and $line =~ /^Architecture: (.+)$/) { + $arch = $1; + } + # dpkg-buildflags only provides hardening flags since 1.16.1, don't # check for hardening flags in buildd mode if an older dpkg-dev is # used. Default flags (-g -O2) are still checked. @@ -542,7 +553,7 @@ foreach my $file (@ARGV) { if ($option_buildd and index($line, 'Toolchain package versions: ') == 0) { require Dpkg::Version; - if ($line !~ /\bdpkg-dev_(\S+)/ + if (not $line =~ /\bdpkg-dev_(\S+)/ or Dpkg::Version::version_compare($1, '1.16.1') < 0) { $harden_format = 0; $harden_fortify = 0; @@ -689,6 +700,16 @@ foreach my $file (@ARGV) { close $fh; + # Ignore arch if requested. + if (scalar @option_ignore_arch > 0 and $arch) { + foreach my $ignore (@option_ignore_arch) { + if ($arch eq $ignore) { + print "ignoring architecture '$arch'\n"; + next FILE; + } + } + } + if (scalar @input == 0) { if (not $option_buildd) { print "No compiler commands!\n"; @@ -1020,6 +1041,12 @@ Don't require Term::ANSIColor. Use colored (ANSI) output for warning messages. +=item B<--ignore-arch> I + +Ignore build logs from architectures matching I. I is a string. + +Used to prevent false positives. This option can be specified multiple times. + =item B<--ignore-flag> I Don't print an error when the specific flag is missing in a compiler line.