#!/usr/bin/perl -w
# hardening-info -- lintian collection script

# The original shell script version of this script is
# Copyright (C) 1998 Christian Schwarz
#
# The objdump version, including support for etch's binutils, is
# Copyright (C) 2008 Adam D. Barratt
#
# This version, a trimmed-down wrapper for hardening-check, is
# Copyright (C) 2012 Kees Cook <kees@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, you can find it on the World Wide
# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
# MA 02110-1301, USA.

package Lintian::coll::hardening_info;

use strict;
use warnings;
use autodie;

use FileHandle;

use lib "$ENV{'LINTIAN_ROOT'}/lib";
use Lintian::Collect;
use Lintian::Command qw(spawn reap);
use Lintian::Util qw(fail touch_file locate_helper_tool);

my $helper = locate_helper_tool('coll/hardening-info-helper');

sub collect {
    my ($pkg, $type, $dir) = @_;
    my $info = Lintian::Collect->new($pkg, $type, $dir);

    if (-e "$dir/hardening-info") {
        unlink("$dir/hardening-info");
    }

    # Prepare to examine the file tree.
    chdir("$dir/unpacked");

    my %opts;
    my $open_hardening_info = sub {
        # Use xargs to keep processing times of packages like linux-image
        # reasonble.

        %opts = (
            pipe_in => FileHandle->new,
            out => "$dir/hardening-info",
            fail => 'error'
        );
        spawn(\%opts, ['xargs', '-0r', 'hardening-check', '--lintian', '--'],
            '|', [$helper]);
        $opts{pipe_in}->blocking(1);
    };

    foreach my $bin ($info->sorted_index) {
        next unless $info->index($bin)->is_file;
        # Skip kernel modules and debug files
        next if $bin =~ m/\.ko$/o or $bin =~ m{\A usr/lib/debug/ }xsm;
        my $finfo = $info->file_info($bin);
        next unless $finfo =~ m/\bELF\b/o;
        $open_hardening_info->() unless %opts;
        printf {$opts{pipe_in}} "%s\0", $bin;
    }

    if (%opts) {
        close($opts{pipe_in});
        reap(\%opts);
    }

    return;
}

collect(@ARGV) if $0 =~ m,(?:^|/)hardening-info$,;
1;

# Local Variables:
# indent-tabs-mode: nil
# cperl-indent-level: 4
# End:
# vim: syntax=perl sw=4 sts=4 sr et
