Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#66430 - {namcap} python script: Referenced library 'python' is an uninstalled dependency

Attached to Project: Arch Linux
Opened by Eric Langlois (elanglois) - Sunday, 26 April 2020, 21:44 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 05 May 2020, 03:25 GMT
Task Type Bug Report
Category Arch Projects
Status Assigned
Assigned To Kyle Keen (keenerd)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:
When running namcap on a PKGBUILD for a python script I get the following output:

helloworld W: Referenced library 'python' is an uninstalled dependency
helloworld I: Script link detected (python) in file ['usr/bin/helloworld']
helloworld W: Dependency included and not needed ('python')
helloworld I: Depends as namcap sees them: depends=()

"python" is listed as a dependency in the PKGBUILD and is installed.
namcap seems to be contradictory, claiming python is both present and not?
I'm not sure why it thinks python is a library but `find /usr/lib -name '*python.so*'` finds nothing.

This is all being run in an Arch Linux docker container with a minimal install
A standalone repository with the PKGBUILD and a github action to run the namcap test is here: https://github.com/edlanglois/namcap-python-warning-standalone

I have attached the relevant log file from the action. It shows the complete list of installed packages before running namcap.
The blank output after *** PYTHON LIBRARIES *** is the output produced by `find /usr/lib -name '*python.so*'`

If I download the resulting package archive file onto my personal computer (which has many more installed packages) then namcap produces no output on it.

Additional info:
* namcap version 3.2.10-1
* Possibly related to https://bugs.archlinux.org/task/58291

Steps to reproduce:
See https://github.com/edlanglois/namcap-python-warning-standalone/blob/master/entrypoint.sh
https://github.com/edlanglois/namcap-python-warning-standalone/runs/620509599?check_suite_focus=true
This task depends upon

Comment by Eric Langlois (elanglois) - Saturday, 02 May 2020, 22:24 GMT
After doing some debugging I have figured out what is going wrong:

1. The python scriptpath is being resolved as /usr/sbin/python
This is because the container is running as root. Even running under `sudo -u nobody` does not fix it (it seems $PATH is unchanged)

2. The python package provides /usr/bin/python but not /usr/sbin/python. This is because /usr/sbin -> /usr/bin is a symbolic link.
Therefore, namcap does not detect the python package as providing the script.

While I could fix PATH in this specific case, namcap will fail in general whenever a directory in the detected script path is a symbolic link.

The fix is to replace
scriptpath = out.lstrip('/')
with
scriptpath = os.path.realpath(out).lstrip('/')
in shebangdepends.py line 64

I have attached a patch that applies the fix.
Comment by Eli Schwartz (eschwartz) - Tuesday, 05 May 2020, 03:25 GMT
  • Field changed: Summary ([namcap] python script: Referenced library 'python' is an uninstalled dependency → {namcap} python script: Referenced library 'python' is an uninstalled dependency)
  • Field changed: Category (Packages: Extra → Arch Projects)
  • Task reassigned to Kyle Keen (keenerd)
Reassigning the bug from the namcap package / PKGBUILD maintainer to the namcap project / developer.

Loading...