[Cc]ompiler[\s.]*:?\s+
/x;
next if $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex_full\s*$/o;
- # `moc-qt4`, contains '-I/usr/share/qt4/mkspecs/linux-g++' (or
- # similar for other architectures) which gets recognized as a
- # compiler line. Ignore it.
- next if $line =~ m{^/usr/bin/moc-qt4
+ # `moc-qt4`/`moc-qt5` contain '-I.../linux-g++' in their command
+ # line (or similar for other architectures) which gets recognized
+ # as a compiler line, but `moc-qt*` is only a preprocessor for Qt
+ # C++ files. No hardening flags are relevant during this step,
+ # thus ignore `moc-qt*` lines. The resulting files will be
+ # compiled in a separate step (and therefore checked).
+ next if $line =~ m{^\S+/bin/moc-qt[45]
\s.+\s
- -I/usr/share/qt4/mkspecs/[a-z]+-g\++(?:-64)?
+ -I\S+/mkspecs/[a-z]+-g\++(?:-64)?
\s}x;
# Ignore false positives when the line contains only CC=gcc but no
# other gcc command.