Hi!
On Fri, 2011-12-16 at 16:39:25 -0800, Kees Cook wrote:
> Fresh patch attached! :)
Thanks! Could you split the refactoring/cleaning into its own patch
(actually something that already crossed my mind when first seeing
the original buildflags code), and the new functionality into another
one?
> >From cd183a3e7e360d3e1a82b330fb430622848b68e1 Mon Sep 17 00:00:00 2001
> From: Kees Cook <k...@outflux.net>
> Date: Thu, 8 Dec 2011 15:53:14 -0800
> Subject: [PATCH] dpkg-buildflags: provide feature query ability
> diff --git a/man/dpkg-buildflags.1 b/man/dpkg-buildflags.1
> index a018edb..8b6f16e 100644
> --- a/man/dpkg-buildflags.1
> +++ b/man/dpkg-buildflags.1
> @@ -87,6 +87,22 @@ the flag is set/modified by a user-specific configuration;
> the flag is set/modified by an environment-specific configuration.
> .RE
> .TP
> +.BI \-\-query\-features " area"
> +Print the features enabled for a given area. The only currently recognized
> +area is \fBhardening\fP. Exits with 0 if the area is known otherwise exits
> +with 1.
> +.br
> +
To start a new paragraph use ā.Pā.
> +The output format is RFC822 header-style, with one section per feature.
> +For example:
Use .nf / .fi here:
> +.br
> +
> + Feature: pie
> + Enabled: no
> +
> + Feature: stackprotector
> + Enabled: yes
> +.TP
> .B \-\-help
> Show the usage message and exit.
> .TP
> diff --git a/scripts/dpkg-buildflags.pl b/scripts/dpkg-buildflags.pl
> index ee33961..1254cf8 100755
> --- a/scripts/dpkg-buildflags.pl
> +++ b/scripts/dpkg-buildflags.pl
> @@ -47,6 +47,9 @@ Actions:
> --get <flag> output the requested flag to stdout.
> --origin <flag> output the origin of the flag to stdout:
> value is one of vendor, system, user, env.
> + --query-features <area>
> + output the list of features for the given area,
> + along with their enablement status, in RFC822 style.
Just nitpicking, but I don't think we need the --help output to be
that verbose. If it could be reworded to take one line less, great,
otherwise I guess it's fine.
> --list output a list of the flags supported by the current
> vendor.
> --export=(sh|make|configure)
> output something convenient to import the
> @@ -115,6 +118,18 @@ if ($action eq "get") {
> print $build_flags->get_origin($param) . "\n";
> exit(0);
> }
> +} elsif ($action eq "query-features") {
> + if ($build_flags->has_features($param)) {
> + my %features = $build_flags->get_features($param);
> + my @report;
> + foreach my $feature (sort keys %features) {
> + my $item = "Feature: $feature\nEnabled: ";
> + $item .= $features{$feature} ? "yes\n" : "no\n";
> + push(@report, $item);
> + }
> + print join("\n", @report);
Hmm, why not just print as we go? The code would seem cleaner to me.
> + exit(0);
> + }
> } elsif ($action =~ m/^export-(.*)$/) {
> my $export_type = $1;
> foreach my $flag ($build_flags->list()) {
regards,
guillem
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
