#!/bin/sh

# If using normal root, avoid check. Will give too much false positive
if [ -z "$RPM_BUILD_ROOT" ]; then
        exit 0
fi

# hppa does not have pie
test "`uname -m`" = parisc && exit 0

PIE_USED=1

check_path() {
  if [ -e $1 ]; then
    #
    # brp-pie runs after brp-symlink, so we should have relative symlinks
    # only and so should be able to resolve them:
    #

    file -<$1 | grep "shared object" > /dev/null
    if [ $? -eq 1 ]; then
      test $PIE_USED == 1 && echo ""
      echo $1 is not compiled with -fpie/linked with -pie!
      PIE_USED=0
    fi
  fi
}

#
# Listed binaries should be linked with -pie to allow the kernel
# to dynamically randomize the address space of the program:
#

for i in `cat /usr/lib/rpm/brp-pie.data/filelist` ; do
  check_path $RPM_BUILD_ROOT/$i 
done

#for dir in $RPM_BUILD_ROOT{/usr,}/bin; do
#  if [ -e $dir ]; then
#     for file in `grep -lr libgcrypt.so $dir`; do
#       check_path $file
#     done
#  fi
#done

if [ $PIE_USED -eq 0 ]; then
  echo ""
  echo "Please adjust your package and compile the above programs with -fpie/-pie"
  echo
  exit 1
fi

exit 0
