On Sun, 01 Mar, 2026 at 11:20:31PM -0300, Fermín Olaiz wrote:

Hey guys!

I just made my first PKGBUILD [1] for a tool I use and would like to see what could be improved. I've been maintaining some things for a while but they don't have that much use and this is the first one I make from scratch. So far I've checked things with namcap.

Very nice! You just need to run namcap against the final .pkg.tar.zst: ```console $ namcap /var/lib/repo/aur/hpsahba-git-r41.0a57a52-2-x86_64.pkg.tar.zst hpsahba-git W: ELF file ('usr/bin/hpsahba') lacks FULL RELRO, check LDFLAGS. hpsahba-git E: The SPDX license statement 'GPL-2.0' should be formatted as 'GPL-2.0-only' instead hpsahba-git E: Dependency glibc detected and not included (libraries ['usr/lib/libc.so.6'] needed in files ['usr/bin/hpsahba']) hpsahba-git W: Dependency included, but may not be needed ('pandoc') ``` The first warning tells us the Makefile is probably ignoring LDFLAGS and maybe CFLAGS from makepkg. You might need to enforce them via the command line, like `make CFLAGS="${CFLAGS}" ...` or `make -e`. The next issue is about an invalid SPDX License Identifiers [1]. It should be one of `GPL-2.0-only` or ` GPL-2.0-or-later`. It's sometimes hard to tell which one, though. The third one might not be required because `glibc` is part of the `base` group, but I'm not completely sure about it. Best to just include it the `depends` array. Last one is because you included `pandoc` in the `depends` array, instead of `makedepends`. It's only required for building the docs. [1]: https://spdx.org/licenses/ Happy packaging!