From e44dbcfa8487a008098ae1f37123b9cf363fea8f Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Wed, 14 Aug 2013 17:58:31 +0200 Subject: [PATCH] README,blhc: Documentation update. --- README | 7 ++++--- bin/blhc | 8 ++++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/README b/README index 605ab68..e039ce9 100644 --- a/README +++ b/README @@ -13,8 +13,9 @@ all compiler commands use the correct hardening flags and thus all hardening features are correctly used. It's designed to check build logs generated by Debian's dpkg-buildpackage (or -tools using dpkg-buildpackage like pbuilder or the official buildd build logs) -to help maintainers detect missing hardening flags in their packages. +tools using dpkg-buildpackage like pbuilder or sbuild (which is used for the +official buildd build logs)) to help maintainers detect missing hardening +flags in their packages. At the moment it works only on Debian and derivatives but it should be easily extendable to other systems as well. Patches are welcome. @@ -118,7 +119,7 @@ real compile process (output of dpkg-buildpackage): dpkg-buildpackage: ... If it's not present no compiler commands are detected. In case you don't use -dpkp-buildpackage but still want to check a build log adding it as first line +dpkp-buildpackage but still want to check a build log, adding it as first line should work fine. The following non-verbose builds can't be detected: diff --git a/bin/blhc b/bin/blhc index 9ed648a..c77a16c 100755 --- a/bin/blhc +++ b/bin/blhc @@ -1267,14 +1267,18 @@ blhc is a small tool which checks build logs for missing hardening flags. It's licensed under the GPL 3 or later. It's designed to check build logs generated by Debian's dpkg-buildpackage (or -tools using dpkg-buildpackage like pbuilder or the official buildd build logs) -to help maintainers detect missing hardening flags in their packages. +tools using dpkg-buildpackage like pbuilder or sbuild (which is used for the +official buildd build logs)) to help maintainers detect missing hardening +flags in their packages. Only gcc is detected as compiler at the moment. If other compilers support hardening flags as well, please report them. If there's no output, no flags are missing and the build log is fine. +See F for details about performed checks, auto-detection and +limitations. + =head1 OPTIONS =over 8 -- 2.43.2