#!/usr/bin/perl

# Usage: packages-missing-hardening BUILD_MANIFEST LINTIAN_YAML_REPORT
#
# Prints to stdout a YAML-encoded list of binary packages listed
# in a Tails build manifest, that lack some hardening build flags
# according to a Lintian report.

use strict;
use warnings;
use 5.10.1;

use Path::Tiny;
use Set::Object qw{set};
use YAML::XS;

my $missing_hardening_tag_re = qr{hardening-no-[a-z-]+};

sub missing_hardening_tags {
    my @tags = @_;
    grep {
        $_->{tag} =~ m{\A$missing_hardening_tag_re}xms
    } @tags;
}

my $build_manifest = Load(path($ARGV[0])->slurp);
my $lintian_report = Load(path($ARGV[1])->slurp);

my @included_binary_packages = map {
    $_->{package}
} @{$build_manifest->{packages}->{binary}};

my $pkgs_missing_hardening = set();
while (my ($srcpkg_version, $srcpkg_info) = each %{ $lintian_report }) {
    while (my ($binpkg_version, $binpkg_info) = each %{ $srcpkg_info->{binaries} }) {
        my ($binpkg) = ($binpkg_version =~ m{\A ([^/]+) /}xms);
        if (missing_hardening_tags(@{ $binpkg_info->{tags} })
                && grep { $_ eq $binpkg } @included_binary_packages) {
            $pkgs_missing_hardening->insert($binpkg);
        }
    }
}

say Dump([@$pkgs_missing_hardening]);