namcap(1) User Commands namcap(1)

namcap - package analysis utility

namcap [options] <package|PKGBUILD> [package|PKGBUILD] ...

namcap is a package analysis utility that looks for problems with Arch Linux packages or their PKGBUILD files. It can apply rules to the file list, the files themselves, or individual PKGBUILD files.

Rules return lists of messages. Each message can be one of three types: error, warning, or information (think of them as notes or comments). Errors (designated by 'E:') are things that namcap is very sure are wrong and need to be fixed. Warnings (designated by 'W:') are things that namcap thinks should be changed but if you know what you're doing then you can leave them. Information (designated 'I:') are only shown when you use the info argument. Information messages give information that might be helpful but isn't anything that needs changing.

Do not run RULELIST rules on the package
display information messages
return a list of valid rules and their descriptions
displays easily parseable namcap tags instead of the normal human readable description; for example using non-fhs-man-page instead of "Non-FHS man page (%s) found. Use /usr/share/man instead". A full list of namcap tags along with their human readable descriptions can be found at /usr/share/namcap/tags.
only apply RULELIST rules to the package
RULELIST is a comma-separated list of rule names
print version and exit

Verifies that array variables are actually arrays and not strings
Verifies that backup entries don't begin with /
Looks for references to i686 and i586 and tells you to use $CARCH instead
Checks a PKGBUILD to verify that the package name has no upper case characters
Checks a package to verify that the package name has no upper case characters
Makes sure that a PKGBUILD includes valid checksums
This module runs ldd on all executables, gets the link-level dependencies, finds the smallest subset of dependencies that cover the link-level dependencies, and compares that list to the depends of the package. It returns messages in three cases: dependency detected and not included, dependency included but already satisfied, and dependency included and not needed. These suggestions are just guidelines and all package builders should take this into account (i.e. you're smarter than namcap is)

Some cases where namcap fails are dlopen() and obscure links. dlopen()'d libraries don't show up because they are loaded at run time: in the case of a program that loads plugins. Obscure links are the cases where only a small portion of the package needs something to run; usually, the small portion won't be accessed unless that thing is installed (i.e. a java plugin for mozilla included in the java package).

Checks the directory names in the package file list for standard directories (i.e. /etc, /usr/bin, /usr/lib). All files in directories that are non-standard are returned
Gives an error if it finds ELF (binary) files outside the standard paths (/bin, /usr/bin, etc.)
Looks for directories in a package that don't contain any files
Verifies that extra variables start with an underscore
Verifies correct installation of info pages
Verifies correct installation of man pages
Verifies that all files are owned by root:root and not some other user or group
Checks for generated GNOME mime files
Checks whether the hicolor icon cache is updated when a package installs files in /usr/share/icons/hicolor
Verifies that a package does not contain the info directory file (/usr/share/info/dir)
Any PKGBUILDs that refer to files in $startdir are incorrect
Warns if libtool (*.la) files are present
Verifies that the licenses variable has been filled in in a PKGBUILD.
Verifies that the licenses variable has been filled in in a package. For packages with a custom license it checks whether the license file has been installed in /usr/share/licenses/$pkgname/
Searches for perllocal.pod. perllocal.pod is a nasty file that's included during most perl module installations
Checks basic file and and directory permissions. It returns warnings about world readable bits not being set, world writable bits being set, and world executable bit not being set for directories
Gives an error if a binary has RPATH set to something other than /usr/lib
Gives an error if a binary has RUNPATH set to something other than /usr/lib, /usr/lib32
Verifies that there aren't any scrollkeeper directories
Warns if a PKGBUILD is downloading from a specific sourceforge mirror instead of the generic downloads.sourceforge.net
Finds out symbolic and hard links which do not point to a valid path in the package
For package maintainers, this module verifies that we have remembered to add a Maintainer and Contributor comment.
Verifies that we have the url variable set in the PKGBUILD
Verifies that we have the url variable set in the package file

apply all rules to foo.pkg.tar.gz
apply the depends and symlink rules to foo.pkg.tar.gz
apply all PKGBUILD based rules to the file PKGBUILD
list all of the available rules

Copyright © 2003-2009 Jason Chu
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Jason Chu <jason@archlinux.org>
Abhishek Dasgupta <abhidg@gmail.com>
Hugo Doria <hugo@archlinux.org>
Dan McGee <dan@archlinux.org>
Allan McRae <allan@archlinux.org>
Jesse Young <jesseyoung@gmail.com>
JJDaNiMoTh <jjdanimoth@gmail.com>
Kyle Keen <keenerd@gmail.com>
June 23, 2022 namcap 3.3.1