--- /dev/null
+#!/bin/sh -e
+
+# check given debs for SSP and print out the deb and filename of non-SSP ELF
+# files
+
+D=`mktemp -d`
+trap "rm -rf $D" 0 1 2 3 11 13 15
+
+for i; do
+ rm -rf D/*
+
+ dpkg-deb -x "$i" "$D"
+ find "$D" -type f | while read f; do
+ # ignore non-ELF files
+ readelf -h "$f" > /dev/null 2>&1 || continue
+ nm -D "$f" | grep -q __stack_chk_fail || {
+ echo "$i: ${f#$D} not built with SSP"
+ }
+ done
+done