Fix build dependency related checks for pbuilder build logs.

author Simon Ruderich <simon@ruderich.org>

Mon, 24 Sep 2012 13:38:06 +0000 (15:38 +0200)

committer Simon Ruderich <simon@ruderich.org>

Mon, 24 Sep 2012 13:38:06 +0000 (15:38 +0200)
author Simon Ruderich <simon@ruderich.org>
Mon, 24 Sep 2012 13:38:06 +0000 (15:38 +0200)
committer Simon Ruderich <simon@ruderich.org>
Mon, 24 Sep 2012 13:38:06 +0000 (15:38 +0200)
diff --git a/MANIFEST b/MANIFEST

index adebaab4e2cee1ae5fc7e1b0791d9e64d886982b..1b2b03ddc90f18fdf344f19a59706127232515a8 100644 (file)
--- a/MANIFEST
+++ b/MANIFEST
@@ -7,6 +7,7 @@ META.yml
  NEWS
  README
  t/logs/ada
+t/logs/ada-pbuilder
  t/logs/arch-amd64
  t/logs/arch-avr32
  t/logs/arch-i386
@@ -31,6 +32,7 @@ t/logs/debian-cmake
  t/logs/debian-cmake-2
  t/logs/debian-cmake-ok
  t/logs/debian-hardening-wrapper
+t/logs/debian-hardening-wrapper-pbuilder
  t/logs/empty
  t/logs/false-positives
  t/logs/g++
diff --git a/bin/blhc b/bin/blhc

index 403775086fb88a849a5aae43791fa65bcff393e8..bfdcfc575ee7642ae81fff9faf6c86c2ae62dcc0 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -723,7 +723,10 @@ foreach my $file (@ARGV) {
              }
          }
  
-        if (index($line, 'Build-Depends: ') == 0) {
+        # Debian's build daemons use Build-Depends: for the build
+        # dependencies, but pbuilder just uses Depends:; support both.
+        if (index($line, 'Build-Depends: ') == 0
+                or index($line, 'Depends: ') == 0) {
              # If hardening wrapper is used (wraps calls to gcc and adds
              # hardening flags automatically) we can't perform any checks,
              # abort.
diff --git a/t/logs/ada-pbuilder b/t/logs/ada-pbuilder

new file mode 100644 (file)

index 0000000..5b1e47a
--- /dev/null
+++ b/t/logs/ada-pbuilder
@@ -0,0 +1,17 @@
+# pbuilder uses Depends: for the build dependencies.
+Depends: ..., gnat, gnat-4.6, ...
+
+dpkg-buildpackage: source package ada package
+
+
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test.c
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-a.adb
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-b.adb
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-c.adb
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-d.ads
+
+/usr/bin/gcc-4.6 -shared -lgnat-4.6 -o libtest.so.2 test-a.o test-b.o test-c.o -Wl,-z,relro -Wl,--as-needed
+/usr/bin/gcc-4.6 -shared -lgnat-4.6 -o libtest.so.2 test-a.o test-b.o test-c.o -Wl,--as-needed
+
+gcc -c -g -O2 test.c
+gcc -g -O2 test.c
diff --git a/t/logs/debian-hardening-wrapper-pbuilder b/t/logs/debian-hardening-wrapper-pbuilder

new file mode 100644 (file)

index 0000000..97dae92
--- /dev/null
+++ b/t/logs/debian-hardening-wrapper-pbuilder
@@ -0,0 +1,9 @@
+# pbuilder uses Depends: for the build dependencies.
+Depends: .., hardening-wrapper, ...
+
+dpkg-buildpackage: source package test
+
+gcc -g -O2 -c test-a.c
+gcc -g -O2 -c test-b.c
+gcc -g -O2 -c test-c.c
+gcc -o test test-a.o test-b.o test-c.o -ltest
diff --git a/t/tests.t b/t/tests.t

index 0e1833e34e040139082360a3939fb9ca406b8209..6b47757e391015aab12e5833c1a5c338cf1727fc 100644 (file)
--- a/t/tests.t
+++ b/t/tests.t
@@ -19,7 +19,7 @@
  use strict;
  use warnings;
  
-use Test::More tests => 196;
+use Test::More tests => 202;
  
  
  sub is_blhc {
@@ -750,8 +750,7 @@ LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++-4.6 -Wl,-z,defs -o tes
  
  # ada
  
-is_blhc 'ada', '', 8,
-        'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test.c
+my $ada = 'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test.c
  LDFLAGS missing (-Wl,-z,relro): /usr/bin/gcc-4.6 -shared -lgnat-4.6 -o libtest.so.2 test-a.o test-b.o test-c.o -Wl,--as-needed
  CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -g -O2 test.c
  CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -c -g -O2 test.c
@@ -759,6 +758,10 @@ CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=for
  CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 test.c
  LDFLAGS missing (-Wl,-z,relro): gcc -g -O2 test.c
  ';
+is_blhc 'ada', '', 8,
+        $ada;
+is_blhc 'ada-pbuilder', '', 8,
+        $ada;
  
  
  # libtool
@@ -871,6 +874,8 @@ my $debian_hardening_wrapper =
  ';
  is_blhc 'debian-hardening-wrapper', '', 16,
          $debian_hardening_wrapper;
+is_blhc 'debian-hardening-wrapper-pbuilder', '', 16,
+        $debian_hardening_wrapper;
  
  
  # false positives
@@ -903,6 +908,9 @@ is_blhc 'buildd-dpkg-dev-missing', '--buildd', 0,
  is_blhc 'debian-hardening-wrapper', '--buildd', 0,
          'I-hardening-wrapper-used||
  ';
+is_blhc 'debian-hardening-wrapper-pbuilder', '--buildd', 0,
+        'I-hardening-wrapper-used||
+';
  
  is_blhc 'buildd-verbose-build', '--buildd', 0,
          'W-compiler-flags-hidden|1 (of 5) hidden|
author	Simon Ruderich <simon@ruderich.org>
	Mon, 24 Sep 2012 13:38:06 +0000 (15:38 +0200)
committer	Simon Ruderich <simon@ruderich.org>
	Mon, 24 Sep 2012 13:38:06 +0000 (15:38 +0200)
MANIFEST		patch \| blob \| history
bin/blhc		patch \| blob \| history
t/logs/ada-pbuilder	[new file with mode: 0644]	patch \| blob
t/logs/debian-hardening-wrapper-pbuilder	[new file with mode: 0644]	patch \| blob
t/tests.t		patch \| blob \| history