From 7c2d7bf70b579bfb7143b604f8246395c1cbc4d7 Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Mon, 24 Sep 2012 15:38:06 +0200
Subject: [PATCH] Fix build dependency related checks for pbuilder build logs.

This affects Ada and hardening-wrapper checks.
---
 MANIFEST                                 |  2 ++
 bin/blhc                                 |  5 ++++-
 t/logs/ada-pbuilder                      | 17 +++++++++++++++++
 t/logs/debian-hardening-wrapper-pbuilder |  9 +++++++++
 t/tests.t                                | 14 +++++++++++---
 5 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 t/logs/ada-pbuilder
 create mode 100644 t/logs/debian-hardening-wrapper-pbuilder

diff --git a/MANIFEST b/MANIFEST
index adebaab..1b2b03d 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -7,6 +7,7 @@ META.yml
 NEWS
 README
 t/logs/ada
+t/logs/ada-pbuilder
 t/logs/arch-amd64
 t/logs/arch-avr32
 t/logs/arch-i386
@@ -31,6 +32,7 @@ t/logs/debian-cmake
 t/logs/debian-cmake-2
 t/logs/debian-cmake-ok
 t/logs/debian-hardening-wrapper
+t/logs/debian-hardening-wrapper-pbuilder
 t/logs/empty
 t/logs/false-positives
 t/logs/g++
diff --git a/bin/blhc b/bin/blhc
index 4037750..bfdcfc5 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -723,7 +723,10 @@ foreach my $file (@ARGV) {
             }
         }
 
-        if (index($line, 'Build-Depends: ') == 0) {
+        # Debian's build daemons use Build-Depends: for the build
+        # dependencies, but pbuilder just uses Depends:; support both.
+        if (index($line, 'Build-Depends: ') == 0
+                or index($line, 'Depends: ') == 0) {
             # If hardening wrapper is used (wraps calls to gcc and adds
             # hardening flags automatically) we can't perform any checks,
             # abort.
diff --git a/t/logs/ada-pbuilder b/t/logs/ada-pbuilder
new file mode 100644
index 0000000..5b1e47a
--- /dev/null
+++ b/t/logs/ada-pbuilder
@@ -0,0 +1,17 @@
+# pbuilder uses Depends: for the build dependencies.
+Depends: ..., gnat, gnat-4.6, ...
+
+dpkg-buildpackage: source package ada package
+
+
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test.c
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-a.adb
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-b.adb
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-c.adb
+gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -gnatn -gnatw.eH test-d.ads
+
+/usr/bin/gcc-4.6 -shared -lgnat-4.6 -o libtest.so.2 test-a.o test-b.o test-c.o -Wl,-z,relro -Wl,--as-needed
+/usr/bin/gcc-4.6 -shared -lgnat-4.6 -o libtest.so.2 test-a.o test-b.o test-c.o -Wl,--as-needed
+
+gcc -c -g -O2 test.c
+gcc -g -O2 test.c
diff --git a/t/logs/debian-hardening-wrapper-pbuilder b/t/logs/debian-hardening-wrapper-pbuilder
new file mode 100644
index 0000000..97dae92
--- /dev/null
+++ b/t/logs/debian-hardening-wrapper-pbuilder
@@ -0,0 +1,9 @@
+# pbuilder uses Depends: for the build dependencies.
+Depends: .., hardening-wrapper, ...
+
+dpkg-buildpackage: source package test
+
+gcc -g -O2 -c test-a.c
+gcc -g -O2 -c test-b.c
+gcc -g -O2 -c test-c.c
+gcc -o test test-a.o test-b.o test-c.o -ltest
diff --git a/t/tests.t b/t/tests.t
index 0e1833e..6b47757 100644
--- a/t/tests.t
+++ b/t/tests.t
@@ -19,7 +19,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 196;
+use Test::More tests => 202;
 
 
 sub is_blhc {
@@ -750,8 +750,7 @@ LDFLAGS missing (-fPIE -pie -Wl,-z,relro -Wl,-z,now): g++-4.6 -Wl,-z,defs -o tes
 
 # ada
 
-is_blhc 'ada', '', 8,
-        'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test.c
+my $ada = 'CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc-4.6 -c -fPIC -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security test.c
 LDFLAGS missing (-Wl,-z,relro): /usr/bin/gcc-4.6 -shared -lgnat-4.6 -o libtest.so.2 test-a.o test-b.o test-c.o -Wl,--as-needed
 CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security): gcc -c -g -O2 test.c
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -c -g -O2 test.c
@@ -759,6 +758,10 @@ CFLAGS missing (-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=for
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -g -O2 test.c
 LDFLAGS missing (-Wl,-z,relro): gcc -g -O2 test.c
 ';
+is_blhc 'ada', '', 8,
+        $ada;
+is_blhc 'ada-pbuilder', '', 8,
+        $ada;
 
 
 # libtool
@@ -871,6 +874,8 @@ my $debian_hardening_wrapper =
 ';
 is_blhc 'debian-hardening-wrapper', '', 16,
         $debian_hardening_wrapper;
+is_blhc 'debian-hardening-wrapper-pbuilder', '', 16,
+        $debian_hardening_wrapper;
 
 
 # false positives
@@ -903,6 +908,9 @@ is_blhc 'buildd-dpkg-dev-missing', '--buildd', 0,
 is_blhc 'debian-hardening-wrapper', '--buildd', 0,
         'I-hardening-wrapper-used||
 ';
+is_blhc 'debian-hardening-wrapper-pbuilder', '--buildd', 0,
+        'I-hardening-wrapper-used||
+';
 
 is_blhc 'buildd-verbose-build', '--buildd', 0,
         'W-compiler-flags-hidden|1 (of 5) hidden|
-- 
2.43.2