'-Wl,(-z,)?now' => '-Wl,-z,now',
);
+# Use colored (ANSI) output?
+my $option_color;
+
# FUNCTIONS
sub error_color {
my ($message, $color) = @_;
- # Use colors when writing to a terminal.
- if (-t STDOUT) {
+ if ($option_color) {
return Term::ANSIColor::colored($message, $color);
} else {
return $message;
my $option_all = 0;
my $option_arch = undef;
my $option_buildd = 0;
+ $option_color = 0;
if (not Getopt::Long::GetOptions(
'help|h|?' => \$option_help,
'version' => \$option_version,
'bindnow' => \$harden_bindnow,
'all' => \$option_all,
# Misc.
+ 'color' => \$option_color,
'arch' => \$option_arch,
'buildd' => \$option_buildd,
)) {
or $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex\s*$/
or $line =~ /^\s*-- Check for working (?:C|CXX) compiler: /
or $line =~ /^\s*(?:echo )?Using [A-Z_]+\s*=\s*/;
+ # `make` output.
+ next if $line =~ /^Making [a-z]+ in \S+/; # e.g. "[...] in c++"
# Check if additional hardening options were used. Used to ensure
# they are used for the complete build.
=head1 SYNOPSIS
-B<blhc> [-h -? --help]
-
-B<blhc> [--pie] [--bindnow] [--all]
+B<blhc> [options] <dpkg-buildpackage build log file>
- --help available options
- --version version number and license
- --pie force +pie check
- --bindnow force +bindbow check
--all force +all (+pie, +bindnow) check
--arch set architecture (autodetected)
+ --bindnow force +bindbow check
--buildd parser mode for buildds
+ --color use colored output
+ --pie force +pie check
+ --help available options
+ --version version number and license
=head1 DESCRIPTION
=over 8
-=item B<-h -? --help>
-
-Print available options.
-
-=item B<--version>
-
-Print version number and license.
-
-=item B<--pie>
-
-Force check for all +pie hardening flags. By default it's auto detected.
-
-=item B<--bindnow>
-
-Force check for all +bindnow hardening flags. By default it's auto detected.
-
=item B<--all>
Force check for all +all (+pie, +bindnow) hardening flags. By default it's
disables hardening flags not available on this architecture. Is detected
automatically if dpkg-buildpackage is used.
+=item B<--bindnow>
+
+Force check for all +bindnow hardening flags. By default it's auto detected.
+
=item B<--buildd>
Special mode for buildds when automatically parsing log files. The following
=back
+=item B<--color>
+
+Use colored (ANSI) output for warning messages.
+
+=item B<--pie>
+
+Force check for all +pie hardening flags. By default it's auto detected.
+
+=item B<-h -? --help>
+
+Print available options.
+
+=item B<--version>
+
+Print version number and license.
+
=back
Auto detection for B<--pie> and B<--bindnow> only works if at least one
The exit status is a "bit mask", each listed status is ORed when the error
condition occurs to get the result.
-=over 8
+=over 4
=item B<0>