non_verbose_build => 1 << 2,
flags_missing => 1 << 3,
hardening_wrapper => 1 << 4,
+ invalid_cmake => 1 << 5,
);
# Statistics of missing flags and non-verbose build commands. Used for
error_color(':', 'yellow'),
$line;
}
+sub error_invalid_cmake {
+ my ($version) = @_;
+
+ printf "%s%s %s\n",
+ error_color('INVALID CMAKE', 'red'),
+ error_color(':', 'yellow'),
+ $version;
+}
sub error_hardening_wrapper {
printf "%s%s %s\n",
error_color('HARDENING WRAPPER', 'red'),
}
}
+ # The following two versions of CMake in Debian obeyed CPPFLAGS, but
+ # this was later dropped because upstream rejected the patch. Thus
+ # build logs with these versions will have fortify hardening flags
+ # enabled, even though they may be not correctly set and are missing
+ # when build with later CMake versions. Thanks to Aron Xu for letting
+ # me know.
+ if ($line =~ /^Package versions: /
+ and $line =~ /\bcmake_(\S+)/
+ and ($1 eq '2.8.7-1' or $1 eq '2.8.7-2')) {
+ if (not $option_buildd) {
+ error_invalid_cmake($1);
+ } else {
+ print "W-invalid-cmake-used $1\n";
+ }
+ $exit |= $exit_code{invalid_cmake};
+ }
+
# If hardening wrapper is used (wraps calls to gcc and adds hardening
# flags automatically) we can't perform any checks, abort.
if ($line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
--- /dev/null
+Package versions: ... cmake_2.8.7-2 cmake-data_2.8.7-2 ...
+
+dpkg-buildpackage: source package test
+
+gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-a.c
+gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-b.c
+gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-c.c
+gcc -g -O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-d.c
+gcc -Wl,-z,relro -o test test-a.o test-b.o test-c.o -ltest
+
+Build finished at 20120308-1648
use strict;
use warnings;
-use Test::More tests => 104;
+use Test::More tests => 108;
sub is_blhc {
LDFLAGS missing (-Wl,-z,relro): gcc -o test test.o `dpkg-buildflags --get CFLAGS`
';
+is_blhc 'debian-cmake', '', 32,
+ 'INVALID CMAKE: 2.8.7-2
+';
+
my $debian_hardening_wrapper =
'HARDENING WRAPPER: no checks possible, aborting
';
'W-no-compiler-commands
';
+is_blhc 'debian-cmake', '--buildd', 32,
+ 'W-invalid-cmake-used 2.8.7-2
+';
+
# multiple files
ruderich.org/simon / blhc / blhc.git / commitdiff