error_color($message, 'red'), $flags, error_color(':', 'yellow'),
$line;
}
+sub error_non_verbose_build {
+ my ($line) = @_;
+
+ printf "%s%s %s",
+ error_color('NONVERBOSE BUILD', 'red'),
+ error_color(':', 'yellow'),
+ $line;
+}
sub error_color {
my ($message, $color) = @_;
my ($line, $pie, $missing_flags_ref, @flags_pie) = @_;
return 0 if not $pie;
- return 0 if not any_flags_used($line, ('-fPIC'));
+ return 0 if not any_flags_used($line, ('-fPIC', '-fpic'));
my %flags = map { $_ => 1 } @flags_pie;
return scalar @result == 0;
}
+sub is_non_verbose_build {
+ my ($line, $next_line, $cc_regex, $skip_ref) = @_;
+
+ my $cmake_non_verbose = qr/^\s*\[[\d ]+%\] Building (C|CXX) object (.+?)$/;
+ if (not ($line =~ /^checking if you want to see long compiling messages\.\.\. no/
+ or $line =~ /^\s*(CC|CCLD)\s+/
+ or $line =~ /^\s*(C|c)ompiling\s+/
+ or $line =~ /$cmake_non_verbose/)) {
+ return 0;
+ }
+
+ # On the first pass we only check if this line is verbose or not.
+ return 1 if not defined $next_line;
+
+ # Second pass, we have access to the next line.
+ ${$skip_ref} = 0;
+
+ # CMake prints the non-verbose messages also when building verbose. If a
+ # compiler and the file name occurs in the next line, treat it as verbose
+ # build.
+ if ($line =~ /$cmake_non_verbose/) {
+ # Get filename, we can't use the complete path as only parts of it are
+ # used in the real compiler command ...
+ $2 =~ m{/([a-zA-Z0-9._-]+)$};
+ my $file = $1;
+
+ if ($next_line =~ /\Q$file\E/ and $next_line =~ /$cc_regex/) {
+ # We still have to skip the current line as it doesn't contain any
+ # compiler commands.
+ ${$skip_ref} = 1;
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
# CONSTANTS/VARIABLES
+# Regex to catch compiler commands.
+my $cc_regex = qr/((?<!\.)cc|(x86_64-linux-gnu-)?gcc|g\+\+|c\+\+)/;
# Regex to catch (GCC) compiler warnings.
my $warning_regex = qr/^(.+?):([0-9]+):[0-9]+: warning: (.+?) \[(.+?)\]$/;
# Ignore compiler warnings for now.
next if $line =~ /$warning_regex/;
+ # Check if this line indicates a non verbose build.
+ my $non_verbose = is_non_verbose_build($line);
+
# One line may contain multiple commands (";"). Treat each one as single
# line.
my @line = split /(?<!\\);/, $line;
} else {
# Ignore lines with no compiler commands.
- next if $line !~ /\b(cc|gcc|g\+\+|c\+\+)(\s|\\)/;
+ next if $line !~ /\b$cc_regex(\s|\\)/ and not $non_verbose;
# Ignore false positives.
#
# `./configure` output.
- if ($line =~ /^checking /) {
- next;
- }
+ next if not $non_verbose and $line =~ /^checking /;
push @input, $line;
}
@ldflags = (@ldflags, @ldflags_bindnow);
}
-foreach my $line (@input) {
+for (my $i = 0; $i < scalar @input; $i++) {
+ my $line = $input[$i];
+
+ my $skip = 0;
+ if (is_non_verbose_build($line, $input[$i + 1], $cc_regex, \$skip)) {
+ error_non_verbose_build($line);
+ $exit |= 1 << 2;
+ next;
+ }
+ # Even if it's a verbose build, we might have to skip this line.
+ next if $skip;
+
# Ignore false positives.
#
# ./configure summary.
- next if $line =~ /^Compiler:\s+(cc|gcc|g\+\+|c\+\+)$/;
+ next if $line =~ /^\s*(C|c)ompiler[\s.]*:\s+$cc_regex(\s-std=[a-z0-9:+]+)?\s*$/
+ or $line =~ /^\s*- (CC|CXX)\s*=\s*$cc_regex\s*$/
+ or $line =~ /^\s*-- Check for working (C|CXX) compiler: /;
# Is this a compiler or linker command?
my $compiler = 1;
my $linker = 0;
# Linker commands.
- if ($line =~ m{\s-o\s+(\\\s+)*([A-Za-z0-9_/.-]+/)?[A-Za-z0-9_-]+(\.so([0-9.])*|\.la)?(\s|\\|\$)}
+ if ($line =~ m{\s-o # -o
+ [\s\\]*\s+ # possible line continuation
+ ([A-Za-z0-9_/.-]+/)? # path to file
+ [A-Za-z0-9_-]+ # binary name (no dots!)
+ ([0-9.]*\.so[0-9.]*[a-z]? # library (including version)
+ |\.la)?
+ (\s|\\|\$) # end of file name
+ }x
or $line =~ /^libtool: link: /
or $line =~ m{\s*/bin/bash .+?libtool\s+(.+?\s+)?--mode=(re)?link}) {
$compiler = 0;
# with -fPIE as well. It's no error if only PIE flags are missing.
and not pic_pie_conflict($line, $pie, \@missing, @cflags_pie)) {
error_flags('CFLAGS missing', \@missing, \%flag_renames, $line);
- $exit |= 1 << 2;
+ $exit |= 1 << 3;
}
if ($compiler and not all_flags_used($line, \@missing, @cppflags)) {
error_flags('CPPFLAGS missing', \@missing, \%flag_renames, $line);
- $exit |= 1 << 2;
+ $exit |= 1 << 3;
}
if ($linker and not all_flags_used($line, \@missing, @ldflags)
# Same here, -fPIC conflicts with -fPIE.
and not pic_pie_conflict($line, $pie, \@missing, @ldflags_pie)) {
error_flags('LDFLAGS missing', \@missing, \%flag_renames, $line);
- $exit |= 1 << 2;
+ $exit |= 1 << 3;
}
}
=item B<4>
+Non verbose build.
+
+=item B<8>
+
Missing hardening flags.
=back