From c53acd8e582d6065004d0d7a95e9eb829c17f1d6 Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Thu, 22 Mar 2012 02:05:50 +0100
Subject: [PATCH] Don't perform any tests if hardening-wrapper is used.

---
 MANIFEST                        |  1 +
 bin/blhc                        | 18 ++++++++++++++++++
 t/logs/debian-hardening-wrapper |  8 ++++++++
 t/tests.t                       |  6 +++++-
 4 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 t/logs/debian-hardening-wrapper

diff --git a/MANIFEST b/MANIFEST
index 6a79d89..c5b34a5 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -21,6 +21,7 @@ t/logs/c++
 t/logs/cc
 t/logs/configure
 t/logs/debian
+t/logs/debian-hardening-wrapper
 t/logs/empty
 t/logs/g++
 t/logs/gcc
diff --git a/bin/blhc b/bin/blhc
index d804ecd..a28f36f 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -180,6 +180,12 @@ sub error_non_verbose_build {
            error_color(':', 'yellow'),
            $line;
 }
+sub error_hardening_wrapper {
+    printf "%s%s %s\n",
+            error_color('HARDENING WRAPPER', 'red'),
+            error_color(':', 'yellow'),
+            'no checks possible, aborting';
+}
 sub error_color {
     my ($message, $color) = @_;
 
@@ -366,6 +372,14 @@ while (my $line = <>) {
         }
     }
 
+    # If hardening wrapper is used (wraps calls to gcc and adds hardening
+    # flags automatically) we can't perform any checks, abort.
+    if (not $start and $line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
+        error_hardening_wrapper();
+        $exit |= 1 << 4;
+        exit $exit;
+    }
+
     # We skip over unimportant lines at the beginning of the log to prevent
     # false positives.
     $start = 1 if $line =~ /^dpkg-buildpackage:/;
@@ -695,6 +709,10 @@ Non verbose build.
 
 Missing hardening flags.
 
+=item B<16>
+
+Hardening wrapper detected, no tests performed.
+
 =back
 
 =head1 AUTHOR
diff --git a/t/logs/debian-hardening-wrapper b/t/logs/debian-hardening-wrapper
new file mode 100644
index 0000000..2e2966c
--- /dev/null
+++ b/t/logs/debian-hardening-wrapper
@@ -0,0 +1,8 @@
+Build-Depends: .., hardening-wrapper, ...
+
+dpkg-buildpackage: source package test
+
+gcc -g -O2 -c test-a.c
+gcc -g -O2 -c test-b.c
+gcc -g -O2 -c test-c.c
+gcc -o test test-a.o test-b.o test-c.o -ltest
diff --git a/t/tests.t b/t/tests.t
index ff9e3ed..555b5be 100644
--- a/t/tests.t
+++ b/t/tests.t
@@ -19,7 +19,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 86;
+use Test::More tests => 88;
 
 
 sub is_blhc {
@@ -540,6 +540,10 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -c `dpkg-buildflags --get LDFLAGS` t
 LDFLAGS missing (-Wl,-z,relro): gcc -o test test.o `dpkg-buildflags --get CFLAGS`
 ';
 
+is_blhc 'debian-hardening-wrapper', '', 16,
+        'HARDENING WRAPPER: no checks possible, aborting
+';
+
 
 # buildd support
 
-- 
2.43.2