# Build log hardening check, checks build logs for missing hardening flags.
-# Copyright (C) 2012-2020 Simon Ruderich
+# Copyright (C) 2012-2021 Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
}
if ($option_version) {
print <<"EOF";
-blhc $VERSION Copyright (C) 2012-2020 Simon Ruderich
+blhc $VERSION Copyright (C) 2012-2021 Simon Ruderich
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
next if $line =~ /^C\+\+ linker for the host machine: /;
# Embedded `gcc -print-*` commands
next if $line =~ /`$cc_regex_normal\s*[^`]*-print-\S+`/;
+ # cmake checking for compiler flags without setting CPPFLAGS
+ next if $line =~ m{^\s*/usr/(bin|lib)/(ccache/)?c\+\+ -dM -E -c /usr/share/cmake-\S+/Modules/CMakeCXXCompilerABI\.cpp};
# Check if additional hardening options were used. Used to ensure
# they are used for the complete build.
To generate this string simply use echo in C<debian/rules>; make sure to use @
to suppress the echo command itself as it could also trigger a false positive.
+If the build process takes a long time edit the C<.build> file in place and
+tweak the ignore string until B<blhc --all --debian package.build> no longer
+reports any false positives.
=head1 OPTIONS