Use dedicated loop to ignore beginning of the log file.

Prevents a few unnecessary checks for each line.

diff --git a/bin/blhc b/bin/blhc
index f1580217aaf64f94c482c63d9339cb84d10afed6..a188c899d775fa742c55758cf260e44bae6690ea 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -404,12 +404,6 @@ FILE: foreach my $file (@ARGV) {
     my $harden_bindnow = $option_bindnow; # defaults to 0
     my $harden_pie     = $option_pie;     # defaults to 0
 
     my $harden_bindnow = $option_bindnow; # defaults to 0
     my $harden_pie     = $option_pie;     # defaults to 0
 

-    # Input lines, contain only the lines with compiler commands.
-    my @input = ();
-
-    my $start = 0;
-    my $continuation = 0;
-    my $complete_line = undef;

     while (my $line = <$fh>) {
         # dpkg-buildflags only provides hardening flags since 1.16.1, don't
         # check for hardening flags in buildd mode if an older dpkg-dev is
     while (my $line = <$fh>) {
         # dpkg-buildflags only provides hardening flags since 1.16.1, don't
         # check for hardening flags in buildd mode if an older dpkg-dev is


@@ -417,8 +411,7 @@ FILE: foreach my $file (@ARGV) {
         #
         # Packages which were built before 1.16.1 but used their own hardening
         # flags are not checked.
         #
         # Packages which were built before 1.16.1 but used their own hardening
         # flags are not checked.

-        if ($option_buildd and not $start
-                and $line =~ /^Toolchain package versions: /) {
+        if ($option_buildd and $line =~ /^Toolchain package versions: /) {

             require Dpkg::Version;
             if ($line !~ /dpkg-dev_(\S+)/
                     or Dpkg::Version::version_compare($1, '1.16.1') < 0) {
             require Dpkg::Version;
             if ($line !~ /dpkg-dev_(\S+)/
                     or Dpkg::Version::version_compare($1, '1.16.1') < 0) {


@@ -433,7 +426,7 @@ FILE: foreach my $file (@ARGV) {
 
         # If hardening wrapper is used (wraps calls to gcc and adds hardening
         # flags automatically) we can't perform any checks, abort.
 
         # If hardening wrapper is used (wraps calls to gcc and adds hardening
         # flags automatically) we can't perform any checks, abort.

-        if (not $start and $line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
+        if ($line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {

             error_hardening_wrapper();
             $exit |= 1 << 4;
             next FILE;
             error_hardening_wrapper();
             $exit |= 1 << 4;
             next FILE;


@@ -441,8 +434,15 @@ FILE: foreach my $file (@ARGV) {
 
         # We skip over unimportant lines at the beginning of the log to
         # prevent false positives.
 
         # We skip over unimportant lines at the beginning of the log to
         # prevent false positives.

-        $start = 1 if $line =~ /^dpkg-buildpackage:/;
-        next if not $start;
+        last if $line =~ /^dpkg-buildpackage:/;
+    }
+
+    # Input lines, contain only the lines with compiler commands.
+    my @input = ();
+
+    my $continuation = 0;
+    my $complete_line = undef;
+    while (my $line = <$fh>) {

         # And stop at the end of the build log. Package details (reported by
         # the buildd logs) are not important for us. This also prevents false
         # positives.
         # And stop at the end of the build log. Package details (reported by
         # the buildd logs) are not important for us. This also prevents false
         # positives.