Error: SHELLCHECK_WARNING (CWE-153): [#def1] /usr/share/makepkg/autodep/library_depends.sh:54:28: warning[SC2053]: Quote the right-hand side of == in [[ ]] to prevent glob matching. # 52| unset prefix # 53| for libdir in ${LIB_DIRS[@]}; do # 54|-> if [[ ${libdir/*:} == ${libpath} ]]; then # 55| prefix=${libdir/:*} # 56| fi Error: SHELLCHECK_WARNING (CWE-457): [#def2] /usr/share/makepkg/lint_pkgbuild/arch.sh:36:21: warning[SC2154]: arch is referenced but not assigned. # 34| local a name list ret=0 # 35| # 36|-> if in_array "any" "${arch[@]}"; then # 37| if (( ${#arch[@]} == 1 )); then # 38| return 0; Error: SHELLCHECK_WARNING (CWE-457): [#def3] /usr/share/makepkg/lint_pkgbuild/pkglist.sh:37:23: warning[SC2154]: pkgname is referenced but not assigned. # 35| # 36| for i in "${PKGLIST[@]}"; do # 37|-> if ! in_array "$i" "${pkgname[@]}"; then # 38| error "$(gettext "Requested package %s is not provided in %s")" "$i" "$BUILDFILE" # 39| ret=1 Error: SHELLCHECK_WARNING (CWE-88): [#def4] /usr/share/makepkg/tidy/docs.sh:35:13: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 33| if check_option "docs" "n" && [[ -n ${DOC_DIRS[*]} ]]; then # 34| msg2 "$(gettext "Removing doc files...")" # 35|-> rm -rf -- ${DOC_DIRS[@]} # 36| fi # 37| } Error: SHELLCHECK_WARNING (CWE-149): [#def5] /usr/share/makepkg/tidy/libtool.sh:35:30: warning[SC2140]: Word is of the form "A"B"C" (B indicated). Did you mean "ABC" or "A\"B\"C"? # 33| tidy_libtool() { # 34| if check_option "libtool" "n"; then # 35|-> msg2 "$(gettext "Removing "%s" files...")" "libtool" # 36| find . ! -type d -name "*.la" -exec rm -f -- '{}' + # 37| fi Error: SHELLCHECK_WARNING (CWE-457): [#def6] /usr/share/makepkg/tidy/strip.sh:49:15: warning[SC2154]: srcdir is referenced but not assigned. # 47| # 48| LANG=C debugedit --no-recompute-build-id \ # 49|-> --base-dir "${srcdir}" \ # 50| --dest-dir "${dbgsrcdir}" \ # 51| --list-file /dev/stdout "$1" \ Error: SHELLCHECK_WARNING (CWE-571): [#def7] /usr/share/makepkg/tidy/strip.sh:73:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 71| # 72| if check_option "debug" "y"; then # 73|-> local bid=$(build_id "$binary") # 74| # 75| # has this file already been stripped Error: SHELLCHECK_WARNING (CWE-571): [#def8] /usr/share/makepkg/tidy/strip.sh:95:9: warning[SC2155]: Declare and assign separately to avoid masking return values. # 93| fi # 94| # 95|-> local tempfile=$(mktemp "$binary.XXXXXX") # 96| objcopy --add-gnu-debuglink="$dbgdir/${binary#/}.debug" "$binary" "$tempfile" # 97| cat "$tempfile" > "$binary" Error: SHELLCHECK_WARNING (CWE-571): [#def9] /usr/share/makepkg/tidy/strip.sh:125:8: warning[SC2155]: Declare and assign separately to avoid masking return values. # 123| strip_file(){ # 124| local binary=$1; shift # 125|-> local tempfile=$(mktemp "$binary.XXXXXX") # 126| if strip "$@" "$binary" -o "$tempfile"; then # 127| cat "$tempfile" > "$binary" Error: SHELLCHECK_WARNING (CWE-571): [#def10] /usr/share/makepkg/tidy/strip.sh:135:8: warning[SC2155]: Declare and assign separately to avoid masking return values. # 133| local binary=$1; # 134| # 135|-> local tempfile=$(mktemp "$binary.XXXXXX") # 136| if strip -R .gnu.lto_* -R .gnu.debuglto_* -N __gnu_lto_v1 "$binary" -o "$tempfile"; then # 137| cat "$tempfile" > "$binary" Error: SHELLCHECK_WARNING (CWE-457): [#def11] /usr/share/makepkg/tidy/strip.sh:151:12: warning[SC2154]: pkgdirbase is referenced but not assigned. # 149| # 150| if check_option "debug" "y"; then # 151|-> dbgdir="$pkgdirbase/$pkgbase-debug/usr/lib/debug" # 152| dbgsrcdir="${DBGSRCDIR:-/usr/src/debug}/${pkgbase}" # 153| dbgsrc="$pkgdirbase/$pkgbase-debug$dbgsrcdir" Error: SHELLCHECK_WARNING (CWE-457): [#def12] /usr/share/makepkg/tidy/strip.sh:151:24: warning[SC2154]: pkgbase is referenced but not assigned. # 149| # 150| if check_option "debug" "y"; then # 151|-> dbgdir="$pkgdirbase/$pkgbase-debug/usr/lib/debug" # 152| dbgsrcdir="${DBGSRCDIR:-/usr/src/debug}/${pkgbase}" # 153| dbgsrc="$pkgdirbase/$pkgbase-debug$dbgsrcdir" Error: SHELLCHECK_WARNING (CWE-563): [#def13] /usr/share/makepkg/util/config.sh:81:14: warning[SC2034]: BUILDENV appears unused. Verify use (or export if used externally). # 79| # 80| # prevent PKGBUILDs altering this directly # 81|-> readonly -a BUILDENV # 82| # 83| eval "$restore_envvars" Error: SHELLCHECK_WARNING (CWE-457): [#def14] /usr/share/makepkg/util/option.sh:85:40: warning[SC2154]: options is referenced but not assigned (did you mean 'option'?). # 83| ## # 84| check_option() { # 85|-> check_opt_array "$@" "${OPTIONS[@]}" "${options[@]}" # 86| } # 87| Error: COMPILER_WARNING (CWE-1023): [#def15] pacman-v7.0.0/lib/libalpm/signing.c: scope_hint: In function ‘key_search_keyserver’ pacman-v7.0.0/lib/libalpm/signing.c:378:9: warning[-Wswitch]: enumeration value ‘GPGME_PK_KYBER’ not handled in switch # 378 | switch(key->subkeys->pubkey_algo) { # | ^~~~~~ # 376| pgpkey->pubkey_algo = '?'; # 377| # 378|-> switch(key->subkeys->pubkey_algo) { # 379| case GPGME_PK_RSA: # 380| case GPGME_PK_RSA_E:
| analyzer-version-clippy | 1.95.0 |
| analyzer-version-cppcheck | 2.20.0 |
| analyzer-version-gcc | 16.1.1 |
| analyzer-version-gcc-analyzer | 16.1.1 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.95.0 |
| diffbase-analyzer-version-cppcheck | 2.20.0 |
| diffbase-analyzer-version-gcc | 16.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 16.1.1 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-19.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | pacman-7.1.0-1.fc45 |
| diffbase-store-results-to | /tmp/tmpydszei7f/pacman-7.1.0-1.fc45.tar.xz |
| diffbase-time-created | 2026-06-01 15:28:01 |
| diffbase-time-finished | 2026-06-01 15:29:30 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpydszei7f/pacman-7.1.0-1.fc45.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpydszei7f/pacman-7.1.0-1.fc45.src.rpm' |
| diffbase-tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-19.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | pacman-7.0.0-6.fc44 |
| store-results-to | /tmp/tmpdnjxjfb7/pacman-7.0.0-6.fc44.tar.xz |
| time-created | 2026-06-01 15:25:37 |
| time-finished | 2026-06-01 15:27:35 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmpdnjxjfb7/pacman-7.0.0-6.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpdnjxjfb7/pacman-7.0.0-6.fc44.src.rpm' |
| tool-version | csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9 |