error_color($message, 'red'), $flags, error_color(':', 'yellow'),
$line;
}
+sub error_nonverbose_build {
+ my ($line) = @_;
+
+ printf "%s%s %s",
+ error_color('NONVERBOSE BUILD', 'red'),
+ error_color(':', 'yellow'),
+ $line;
+}
sub error_color {
my ($message, $color) = @_;
my ($line, $pie, $missing_flags_ref, @flags_pie) = @_;
return 0 if not $pie;
- return 0 if not any_flags_used($line, ('-fPIC'));
+ return 0 if not any_flags_used($line, ('-fPIC', '-fpic'));
my %flags = map { $_ => 1 } @flags_pie;
# Ignore compiler warnings for now.
next if $line =~ /$warning_regex/;
+ # Try to detect non verbose build logs.
+ if ($line =~ /^checking if you want to see long compiling messages\.\.\. no/
+ or $line =~ /^\s*(CC|CCLD)\s+/
+ or $line =~ /^\s*(C|c)ompiling\s+/
+ or $line =~ /^\s*\[[\d ]+%\] Building /) {
+ error_nonverbose_build($line);
+ $exit |= 1 << 2;
+ }
+
+
# One line may contain multiple commands (";"). Treat each one as single
# line.
my @line = split /(?<!\\);/, $line;
} else {
# Ignore lines with no compiler commands.
- next if $line !~ /\b(cc\b|gcc\b|g\+\+|c\+\+)/;
+ next if $line !~ /\b(cc|gcc|g\+\+|c\+\+)(\s|\\)/;
# Ignore false positives.
#
}
foreach my $line (@input) {
+ # Ignore false positives.
+ #
+ # ./configure summary.
+ my $cc_regex = qr/(cc|(x86_64-linux-gnu-)?gcc|g\+\+|c\+\+)/;
+ next if $line =~ /^\s*(C|c)ompiler[\s.]*:\s+$cc_regex(\s-std=[a-z0-9:+]+)?\s*$/
+ or $line =~ /^\s*- (CC|CXX)\s*=\s*$cc_regex\s*$/
+ or $line =~ /^\s*-- Check for working (C|CXX) compiler: /;
+
# Is this a compiler or linker command?
my $compiler = 1;
my $linker = 0;
# Linker commands.
- if ($line =~ /\s-l[A-Za-z0-9.-]+(\s|\\|$)/
- or $line =~ m{\s-o ([A-Za-z0-9_/.-]+/)?[A-Za-z0-9_-]+(\.so([0-9.])*|\.la)?(\s|\\|\$)}
+ if ($line =~ m{\s-o # -o
+ [\s\\]*\s+ # possible line continuation
+ ([A-Za-z0-9_/.-]+/)? # path to file
+ [A-Za-z0-9_-]+ # binary name (no dots!)
+ ([0-9.]*\.so[0-9.]*[a-z]? # library (including version)
+ |\.la)?
+ (\s|\\|\$) # end of file name
+ }x
or $line =~ /^libtool: link: /
or $line =~ m{\s*/bin/bash .+?libtool\s+(.+?\s+)?--mode=(re)?link}) {
$compiler = 0;
# with -fPIE as well. It's no error if only PIE flags are missing.
and not pic_pie_conflict($line, $pie, \@missing, @cflags_pie)) {
error_flags('CFLAGS missing', \@missing, \%flag_renames, $line);
- $exit |= 1 << 2;
+ $exit |= 1 << 3;
}
if ($compiler and not all_flags_used($line, \@missing, @cppflags)) {
error_flags('CPPFLAGS missing', \@missing, \%flag_renames, $line);
- $exit |= 1 << 2;
+ $exit |= 1 << 3;
}
if ($linker and not all_flags_used($line, \@missing, @ldflags)
# Same here, -fPIC conflicts with -fPIE.
and not pic_pie_conflict($line, $pie, \@missing, @ldflags_pie)) {
error_flags('LDFLAGS missing', \@missing, \%flag_renames, $line);
- $exit |= 1 << 2;
+ $exit |= 1 << 3;
}
}
=item B<4>
+Non verbose build.
+
+=item B<8>
+
Missing hardening flags.
=back