namcap for builders

Arch based Porteus community project
Post Reply

namcap for builders

Post#1 by aus9 » 19 Nov 2015, 00:12

only of interest to potential builders?

If you were to submit a package to Arch they recommend you run namcap.....normally this means run namcap against your PKGBUILD ... _standards
Verify the package dependencies (eg, run ldd on dynamic executables, check tools required by scripts, etc). The TU team strongly recommend the use of the namcap utility, written by Jason Chu (, to analyze the sanity of packages. namcap will warn you about bad permissions, missing dependencies, un-needed dependencies, and other common mistakes. You can install the namcap package with pacman. Remember namcap can be used to check both pkg.tar.gz files and PKGBUILDs

Code: Select all

pman -S namcap
some info

Code: Select all

namcap -L
-------------------- Namcap rule list --------------------
anyelf              : Check for ELF files to see if a package should be 'any' architecture
array               : Verifies that array variables are actually arrays
badbackups          : Checks for bad backup entries
capsnamespkg        : Verifies package name in package does not include upper case letters
carch               : Verifies that no specific host type is used
checksums           : Verifies checksums are included in a PKGBUILD
description         : Verifies that the description is set in a PKGBUILD
directoryname       : Checks for standard directories.
elfexecstack        : Check for executable stacks in ELF files.
elfpaths            : Check about ELF files outside some standard paths.
elftextrel          : Check for text relocations in ELF files.
emptydir            : Warns about empty directories in a package
extravars           : Verifies that extra variables start with an underscore
fhs-infopages       : Verifies correct installation of info pages
fhs-manpages        : Verifies correct installation of man pages
filenames           : Checks for invalid filenames.
fileownership       : Checks file ownership.
giomodules          : Check that GIO modules are registered
glibschemas         : Check that dconf schemas are compiled
gnomemime           : Checks for generated GNOME mime files
hardlinks           : Look for cross-directory/partition hard links
hicoloricons        : Checks whether the hicolor icon cache is updated.
infodirectory       : Checks for info directory file.
infoinstall         : Checks that info files are correctly installed.
invalidstartdir     : Looks for references to $startdir
javafiles           : Check for existence of Java classes or JARs
kdeprograms         : Checks that KDE programs have kdebase-runtime as a dependency
libtool             : Checks for libtool (*.la) files.
license             : Verifies license is included in a PKGBUILD
licensepkg          : Verifies license is included in a package file
lots-of-docs        : See if a package is carrying more documentation than it should
mimedesktop         : Check that MIME associations are updated
mimefiles           : Check for files in /usr/share/mime
missingbackups      : Backup files listed in package should exist
perllocal           : Verifies the absence of perllocal.pod.
permissions         : Checks file permissions.
pkgnameindesc       : Verifies if the package name is included on package description
rpath               : Verifies correct and secure RPATH for files.
rubypaths           : Verifies correct usage of folders by ruby packages
scrollkeeper        : Verifies that there aren't any scrollkeeper directories.
sfurl               : Checks for proper sourceforge URLs
shebangdepends      : Checks dependencies semi-smartly.
sodepends           : Checks dependencies caused by linked shared libraries
splitpkgfunctions   : Checks that all package_* functions exist.
splitpkgmakedeps    : Checks that a split PKGBUILD has enough makedeps.
symlink             : Checks that symlinks point to the right place
tags                : Looks for Maintainer and Contributor comments
unusedsodepends     : Checks for unused dependencies caused by linked shared libraries
urlpkg              : Verifies url is included in a package file

It has wiki here

Of relevance are the types of output by running namcap -i PKGBUILD
tags are of three types, errors (denoted by E), warnings (denoted by W) and informational (denoted by I). An error is important and should be fixed immediately; mostly they relate to insufficient security, missing licenses or permission problems.

Normally namcap prints a human-readable explanation (sometimes with suggestions on how to fix the problem). If you want output which can be easily parsed by a program, then pass the -m (machine-readable) flag to namcap (this feature is currently in the development branch).


Re: namcap for builders

Post#2 by aus9 » 06 Dec 2015, 08:14

hmm if I use a hardened openssl with disabled ssl2, namcap complains and won't work as it expects
curl to use sslv2

Post Reply