diff options
Diffstat (limited to 't/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration')
-rwxr-xr-x | t/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/t/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration new file mode 100755 index 0000000..89c85ec --- /dev/null +++ b/t/recipes/checks/binaries/hardening/binaries-hardening/eval/test-calibration @@ -0,0 +1,53 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use lib "$ENV{LINTIAN_BASE}/lib"; + +use Lintian::Profile; + +my $PROFILE = Lintian::Profile->new; +$PROFILE->load('debian/main', [$ENV{'LINTIAN_BASE'}]); + +my %recommended_hardening_features + = %{$PROFILE->data->hardening_buildflags->recommended_features}; + +my ($expected, undef, $calibrated) = @ARGV; + +my $arch = `dpkg-architecture -qDEB_HOST_ARCH`; +chomp $arch; + +die "Unknown architecture: $arch" + unless exists $recommended_hardening_features{$arch}; + +open my $cfd, '>', $calibrated or die "open $calibrated: $!"; +open my $efd, '<', $expected or die "open $expected: $!"; + +while (my $line = <$efd>) { + my $dp = 0; + if ($line =~ m/^.: [^:]+: hardening-no-(\S+)/) { + + # hardening flag, but maybe not for this architecture + my $feature = $1; + + my %renames = ('fortify-functions' => 'fortify'); + my $renamed_feature = $renames{$feature} // $feature; + + $dp = 1 if $recommended_hardening_features{$arch}{$renamed_feature}; + } else { + # only calibrate hardening flags. + $dp = 1; + } + + print $cfd $line if $dp; +} + +close $efd; +close $cfd or die "close $expected: $!"; + +# Local Variables: +# indent-tabs-mode: nil +# cperl-indent-level: 4 +# End: +# vim: syntax=perl sw=4 sts=4 sr et |