On Sun, 01 Mar, 2026 at 11:20:31PM -0300, Fermín Olaiz wrote: > Hey guys! > > I just made my first PKGBUILD [1] for a tool I use and would like to see > what could be improved. I've been maintaining some things for a while but > they don't have that much use and this is the first one I make from > scratch. So far I've checked things with namcap. >
Very nice! You just need to run namcap against the final .pkg.tar.zst:
```console
$ namcap /var/lib/repo/aur/hpsahba-git-r41.0a57a52-2-x86_64.pkg.tar.zst
hpsahba-git W: ELF file ('usr/bin/hpsahba') lacks FULL RELRO, check LDFLAGS.
hpsahba-git E: The SPDX license statement 'GPL-2.0' should be
formatted as 'GPL-2.0-only' instead
hpsahba-git E: Dependency glibc detected and not included (libraries
['usr/lib/libc.so.6'] needed in files ['usr/bin/hpsahba'])
hpsahba-git W: Dependency included, but may not be needed ('pandoc')
```
The first warning tells us the Makefile is probably ignoring LDFLAGS
and maybe CFLAGS from makepkg. You might need to enforce them via the
command line, like `make CFLAGS="${CFLAGS}" ...` or `make -e`.
The next issue is about an invalid SPDX License Identifiers [1]. It
should be one of `GPL-2.0-only` or ` GPL-2.0-or-later`. It's sometimes
hard to tell which one, though.
The third one might not be required because `glibc` is part of the
`base` group, but I'm not completely sure about it. Best to just
include it the `depends` array.
Last one is because you included `pandoc` in the `depends` array,
instead of `makedepends`. It's only required for building the docs.
[1]: https://spdx.org/licenses/
Happy packaging!
signature.asc
Description: PGP signature
