Package: debhelper Version: 9.20150811 Severity: normal Tags: patch Hello,
blhc is used in the buildd log scanner [1] to detect missing compiler (hardening) flags. At the moment only the default flags provided by dpkg-buildflags are verified as blhc can't detect additional flag options specified in debian/rules (e.g. hardening=+pie or hardening=-fortify to exclude hardening flags). Since dpkg 1.16.5 dpkg-buildflags supports a --status option which displays the current settings. Please call dpkg-buildflags --status when building a package. The attached patch tries to implement it for the `dh` binary, thus supporting (only) the new dh short rules, but I'm not sure if this is the best way to handle it. Would it be possible to also call dpkg-buildflags --status when using only the traditional dh_* commands? Regards Simon [1]: https://qa.debian.org/bls/ -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
--- /usr/bin/dh 2015-09-25 11:24:41.227536351 +0200
+++ /tmp/dh 2015-09-25 11:24:37.743528671 +0200
@@ -647,6 +647,14 @@
$stoppoint=command_pos($dh{BEFORE}, @sequence) - 1;
}
+# Print information about compiler flags to be later used when parsing the
+# build log (e.g. by blhc).
+if ($sequence eq 'build'
+ or $sequence eq 'build-arch'
+ or $sequence eq 'build-indep') {
+ doit('dpkg-buildflags', '--status');
+}
+
# Now run the commands in the sequence.
foreach my $i (0..$stoppoint) {
my $command=$sequence[$i];
signature.asc
Description: PGP signature
