You are not logged in.

#1 2017-12-29 00:16:25

andalenavals
Member
Registered: 2017-10-30
Posts: 39

namcap Erorr Insecure RPATH. Checking PKGBUILD

Hi everyone.
I am creating a PKBUILD

pkgname=python-galsim
pkgver=r12328.9de448ef9
pkgrel=1
#epoch=
pkgdesc=" The modular galaxy image simulation toolkit "

arch=('i686' 'x86_64')
url="https://github.com/GalSim-developers/GalSim"
license=('BSD')
groups=()
depends=('scons' 'python-numpy' 'python-astropy' 'fftw' 'boost' 'tmv' 'python-scipy' 'python-pandas' 'python-yaml')
makedepends=('git')
checkdepends=()
optdepends=()
#provides=()
#conflicts=()
#replaces=()
#backup=()
options=()
install=
changelog=
source=("$pkgname-$pkgver::git+${url}")
#noextract=()
md5sums=('SKIP')
#validpgpkeys=()


build() {
	cd "$src"	
	cd "$pkgname-$pkgver"
	scons PREFIX=/usr TMV_DIR=/usr FFTW_DIR=/usr BOOST_DIR=/usr PYTHON=python2
}

pkgver() {
  cd "$pkgname-$pkgver"
  printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
}

package() {
	cd "$src"
	cd "$pkgname-$pkgver"		
	scons PREFIX=$pkgdir/usr install
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}

However, when I check it with namcap I got

python-galsim E: Insecure RPATH '/data/packages/python-galsim/python-galsim/pkg/python-galsim/usr/lib' in file ('usr/lib/python2.7/site-packages/galsim/_galsim.so')
python-galsim W: Referenced library 'libgalsim.so.1.5' is an uninstalled dependency
python-galsim W: Unused shared library '/usr/lib/libcblas.so.3' by file ('usr/lib/libgalsim.so.1.5')
python-galsim W: Unused shared library '/usr/lib/libgomp.so.1' by file ('usr/lib/libgalsim.so.1.5')
python-galsim W: Unused shared library '/usr/lib/libcblas.so.3' by file ('usr/lib/python2.7/site-packages/galsim/_galsim.so')
python-galsim W: Dependency included and not needed ('scons')
python-galsim W: Dependency included and not needed ('python-numpy')
python-galsim W: Dependency included and not needed ('python-astropy')
python-galsim W: Dependency included and not needed ('boost')
python-galsim W: Dependency included and not needed ('python-scipy')
python-galsim W: Dependency included and not needed ('python-pandas')
python-galsim W: Dependency included and not needed ('python-yaml')

Could you give some advice to improve it, mainly, how can I solve the error of the insecure RPATH? should I worry about the warnings?
In fact, I have already pushed the package to the AUR python-galsim
I believe that might be fixing this error, the package will be ready. By the moment it does not pass all the test (nosetest -v). Although for some applications it is just OK.

It is worth to mention that this is the path where I had located the PKGBUILD in my PC

/data/packages/python-galsim/python-galsim/

The idea is let the package available for python2 and python, something like python2-galsim and python-galsim, to do so I am going to change the flag PYTHON in the build to python or python2 respectively, I hope that works. I am new creating PKGBUILD and Packaging with scons.

Thanks in advance for your opinions.

Offline

#2 2017-12-29 00:22:54

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,471

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

That's a bogus rpath in the first place, it's wanting to point to /usr/lib. I would just remove it with patchelf for now.

It's a bogus dir because you're using PREFIX to install it to $pkgdir. If the project doesn't support something like DESTDIR, you should complain to them.

The PKGBUILD has a lot of other problems as well, but I don't know if you want to get into that.

Edit2: It looks like they use FINAL_PREFIX, you should be using that in the package function, maybe? Try FINAL_PREFIX=/usr PREFIX="$pkgdir/usr"

Last edited by Scimmia (2017-12-29 00:35:35)

Online

#3 2017-12-29 00:27:51

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,452
Website

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

I can't contribute much about those namcap errors, but your package name should end in '-git'.  You should also get rid of all those empty variables.  I doubt that `scons` is a dependency, is it?  I suspect it's just a makedepends.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#4 2017-12-29 03:53:45

andalenavals
Member
Registered: 2017-10-30
Posts: 39

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

Thank you Scimmia

Scimmia wrote:

It looks like they use FINAL_PREFIX, you should be using that in the package function, maybe? Try FINAL_PREFIX=/usr PREFIX="$pkgdir/usr"

that solve the RPATH error. Please tell what else you see as problems.

Thank you Trilby

Trilby wrote:

I can't contribute much about those namcap errors, but your package name should end in '-git'.  You should also get rid of all those empty variables.  I doubt that `scons` is a dependency, is it?  I suspect it's just a makedepends.

I have done those changes too.

Now tha PKGBUILD is.

pkgname=python-galsim-git
pkgver=r12328.9de448ef9
pkgrel=1
#epoch=

pkgdesc=" The modular galaxy image simulation toolkit "


arch=('i686' 'x86_64')
url="https://github.com/GalSim-developers/GalSim"
license=('BSD')
groups=()
depends=('python' 'boost-libs' 'fftw' 'tmv')
makedepends=('git' 'scons' )
checkdepends=()
optdepends=()
#provides=()
#conflicts=()
#replaces=()
#backup=()
options=()
install=
changelog=
source=("$pkgname-$pkgver::git+${url}")
#noextract=()
md5sums=('SKIP')
#validpgpkeys=()


build() {
	cd "$src"	
	cd "$pkgname-$pkgver"
	scons PREFIX=/usr TMV_DIR=/usr FFTW_DIR=/usr BOOST_DIR=/usr PYTHON=python
}

pkgver() {
  cd "$pkgname-$pkgver"
  printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
}

package() {
	cd "$src"
	cd "$pkgname-$pkgver"		
	scons PREFIX=$pkgdir/usr  FINAL_PREFIX=/usr install
	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}

I added all those not needed depencys because according to galsim those are dependency. Before checking if I get a right installation.

Here the namcap output

python-galsim-git W: Referenced library 'libgalsim.so.1.5' is an uninstalled dependency
python-galsim-git W: Unused shared library '/usr/lib/libcblas.so.3' by file ('usr/lib/libgalsim.so.1.5')
python-galsim-git W: Unused shared library '/usr/lib/libgomp.so.1' by file ('usr/lib/libgalsim.so.1.5')
python-galsim-git W: Unused shared library '/usr/lib/libcblas.so.3' by file ('usr/lib/python3.6/site-packages/galsim/_galsim.so')

Could you tell me, how else can improve this PKGBUILD? or solve new problems you see?

Offline

#5 2017-12-29 04:18:17

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,471

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

Alright, we'll do a full review.

You still have a bunch of empty or commented out variables and arrays. Get rid of them.
Why the extra spaces at the beginning and end of the pkgdesc?
Have you tried building it in a clean chroot? Does it actually build with those deps, and without boost in the makedeps?
Renaming the source to $pkgname-$pkgver is a horrible idea for VCS packages. You'll end up cloning the repo over and over again.
'cd "$src"' does nothing
This repo has tags, you should use them in the pkgver function.
Is 'TMV_DIR=/usr FFTW_DIR=/usr BOOST_DIR=/usr' in the first scons call really needed? Seems like a really bad idea.
You indent some with tabs and some with 2 spaces, they should be consistent.
The scons call in the package function uses $pkgdir unquoted.

As for the namcap warnings, is 'libgalsim.so.1.5' part of this package? It usually means you didn't install the package before running namcap. The others are overlinking, which is a problem with the upstream build system, nothing to do or worry about.

Online

#6 2017-12-29 07:14:08

andalenavals
Member
Registered: 2017-10-30
Posts: 39

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

Here the current PKGBUILD

pkgname=python-galsim-git
pkgver=v1.5.1.r0.9de448ef9
pkgrel=1
pkgdesc=" The modular galaxy image simulation toolkit "
arch=('i686' 'x86_64')
url="https://github.com/GalSim-developers/GalSim.git"
license=('BSD')
depends=('python' 'boost-libs' 'fftw' 'tmv-git')
makedepends=('git' 'scons' )
source=("${pkgname%-git}::git+${url}")
md5sums=('SKIP')

pkgver() {
	 cd "$srcdir/${pkgname%-git}"
	 printf "%s" "$(git describe --long | sed 's/\([^-]*-\)g/r\1/;s/-/./g')"
}

build() {
	cd "$srcdir/${pkgname%-git}"
	scons PREFIX=/usr TMV_DIR=/usr PYTHON=python
}

package() {
	  cd "$srcdir/${pkgname%-git}"	
	  scons PREFIX=$pkgdir/usr  FINAL_PREFIX=/usr install
	  install -Dm644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
}

And the namcap output


python-galsim-git W: Unused shared library '/usr/lib/libcblas.so.3' by file ('usr/lib/libgalsim.so.1.5')
python-galsim-git W: Unused shared library '/usr/lib/libgomp.so.1' by file ('usr/lib/libgalsim.so.1.5')
python-galsim-git W: Unused shared library '/usr/lib/libcblas.so.3' by file ('usr/lib/python3.6/site-packages/galsim/_galsim.so')
[andres@PAN python-galsim-git]$ 
Scimmia wrote:

You still have a bunch of empty or commented out variables and arrays. Get rid of them.
Why the extra spaces at the beginning and end of the pkgdesc?

I think now It is done!

Scimmia wrote:

Have you tried building it in a clean chroot? Does it actually build with those deps, and without boost in the makedeps?

I have not tried, it seems a lot of things to read. Is this mandatory each time I want to contribute in to the AUR in order to have correctly defined dependences in the PKGBUILD?

Scimmia wrote:

Renaming the source to $pkgname-$pkgver is a horrible idea for VCS packages. You'll end up cloning the repo over and over again.
'cd "$src"' does nothing
This repo has tags, you should use them in the pkgver function.

I think now It is fixed!


Scimmia wrote:

Is 'TMV_DIR=/usr FFTW_DIR=/usr BOOST_DIR=/usr' in the first scons call really needed? Seems like a really bad idea.

Only the TMV_DIR=/usr, since this value is defined by default in source as /usr/local.

Scimmia wrote:

You indent some with tabs and some with 2 spaces, they should be consistent.
The scons call in the package function uses $pkgdir unquoted.

Now, it is done

Scimmia wrote:

As for the namcap warnings, is 'libgalsim.so.1.5' part of this package? It usually means you didn't install the package before running namcap..

you right that was my problem

Last edited by andalenavals (2017-12-29 14:13:59)

Offline

#7 2017-12-29 11:49:02

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,452
Website

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

Trimming -git in those variable expansions should work, but it's much more common to just define another variable for the upstream name, e.g.:

_pkgname=python-galsim
pkgname=${_pkgname}-git
source=("${_pkgname}::git+https://domain.tld/path")
# ...

build() {
   cd ${_pkgname}
   # ...
}

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#8 2017-12-29 14:25:32

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,471

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

My second and ninth points are still an issue.

As for building in a clean chroot, it's a very good way to help you find missing deps/makedeps, but it's not required.

You've added $srcdir to the cd commands. Functions are guaranteed to start in $srcdir, so that really doesn't do anything. It's fine, though, just comes down to personal preference at that point.

Last edited by Scimmia (2017-12-29 14:27:15)

Online

#9 2018-02-08 13:51:13

andalenavals
Member
Registered: 2017-10-30
Posts: 39

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

Scimmia wrote:

As for building in a clean chroot, it's a very good way to help you find missing deps/makedeps, but it's not required.

Do you thing that testing it in a docker container will be equivalent? instead of a clean chroot.

Offline

#10 2018-02-08 14:23:56

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,452
Website

Re: namcap Erorr Insecure RPATH. Checking PKGBUILD

It certainly isn't equivalent.  There is a bit of overlap, and testing in a docker container is better than not testing at all.  But testing in a clean chroot is the gold standard.  If you're going to make the effort to do such testing, why not do it right?


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

Board footer

Powered by FluxBB