You are not logged in.

#1 2021-05-07 10:50:21

wolegis
Member
Registered: 2021-05-07
Posts: 6

namcap complaining about ependencies required only to run the software

Quote from wiki https://wiki.archlinux.org/title/PKGBUILD#depends:

depends

An array of packages that must be installed for the software to build and run. Dependencies defined inside the package() function are only required to run the software.

I'm currently in the process of taking over on abandonned AUR package. It's a PHP based application. So there is no actual build step and consequently no dependencies to build the package. So the variable 'depends' is of little use for me and I firstly define it as an empty array. Within package() I fill this variable with all dependencies that are required to run the application. The resulting package looks correct and the dealing with dependencies during installation is as expected.

What bothers me is the output of namcap

grav W: Referenced library 'php' is an uninstalled dependency
grav W: Dependency included and not needed ('php')
grav W: Dependency included and not needed ('php-gd')

Is this something I have to worry about?

Or is the cited text above not correct?

Or (this is what I assume) is namcap just not prepared to correctly deal with dependencies that are not required to build the package (and thus not installed on the packager's system)?

As requested: PKGBUILD

Last edited by wolegis (2021-05-07 11:14:09)

Offline

#2 2021-05-07 10:58:39

mpan
Member
Registered: 2012-08-01
Posts: 1,188
Website

Re: namcap complaining about ependencies required only to run the software

You forgot to attach the PKGBUILD in question.


Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#3 2021-05-10 01:28:10

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: namcap complaining about ependencies required only to run the software

namcap is very bad at detecting needed-but-missing, or unneeded-and-extraneous, dependencies.

To be more specific -- its only mechanisms for telling one way or the other is (IIRC):

  • checking for ELF shared library dependencies

  • recognizing script shebangs

On an unrelated note, you don't need to define an empty array, "empty" is the default state so simply don't declare the variable to begin with (it is line noise and serves no purpose).
It is generally not harmful to declare global depends, it just means the person building the package needs to install it before they build, rather than afterward once they try to install the package. It is also often easier than listing a bunch of packages in both checkdepends and package() -> depends.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

Board footer

Powered by FluxBB