Package: debhelper Version: 9.20150811 Severity: normal Tags: patch Hello,
blhc is used in the buildd log scanner [1] to detect missing compiler (hardening) flags. At the moment only the default flags provided by dpkg-buildflags are verified as blhc can't detect additional flag options specified in debian/rules (e.g. hardening=+pie or hardening=-fortify to exclude hardening flags). Since dpkg 1.16.5 dpkg-buildflags supports a --status option which displays the current settings. Please call dpkg-buildflags --status when building a package. The attached patch tries to implement it for the `dh` binary, thus supporting (only) the new dh short rules, but I'm not sure if this is the best way to handle it. Would it be possible to also call dpkg-buildflags --status when using only the traditional dh_* commands? Regards Simon [1]: https://qa.debian.org/bls/ -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
--- /usr/bin/dh 2015-09-25 11:24:41.227536351 +0200 +++ /tmp/dh 2015-09-25 11:24:37.743528671 +0200 @@ -647,6 +647,14 @@ $stoppoint=command_pos($dh{BEFORE}, @sequence) - 1; } +# Print information about compiler flags to be later used when parsing the +# build log (e.g. by blhc). +if ($sequence eq 'build' + or $sequence eq 'build-arch' + or $sequence eq 'build-indep') { + doit('dpkg-buildflags', '--status'); +} + # Now run the commands in the sequence. foreach my $i (0..$stoppoint) { my $command=$sequence[$i];
signature.asc
Description: PGP signature