insecure-rpath error

[sum01]

Running namcap vcash-electron-0.32.0-3-x86_64.pkg.tar, which is created from running makepkg on v0.32.0-3 of the AUR PKGBUILD, outputs...

vcash-electron W: ELF file ('usr/lib/vcash-electron/vcash-electron') has executable stack.
vcash-electron E: Insecure RPATH '../../deps/db/lib' in file ('usr/lib/vcash-electron/resources/app.asar.unpacked/bin/vcashd-x64')
vcash-electron W: Referenced library 'libnode.so' is an uninstalled dependency
vcash-electron W: Referenced library 'libffmpeg.so' is an uninstalled dependency
vcash-electron W: Unused shared library '/usr/lib/libcups.so.2' by file ('usr/lib/vcash-electron/vcash-electron')

but the only thing labeled as an error (the rest are warnings) is this...

Insecure RPATH '../../deps/db/lib' in file ('usr/lib/vcash-electron/resources/app.asar.unpacked/bin/vcashd-x64')

The Arch Wiki on the namcap program lists this for the insecure-rpath error...

insecure-rpath (error) An RPATH (for an executable) is outside /usr/lib. An RPATH to an insecure location is a potential security issue. See FS#14049 for discussion. https://bugs.archlinux.org/task/14049

Running readelf -d /usr/lib/vcash-electron/resources/app.asar.unpacked/bin/vcashd-x64 results in...

(RPATH)              Library rpath: [../../deps/db/lib:../../deps/openssl:../../deps/openssl/lib:../../deps/platforms/osx/db/build_unix:../../deps/platforms/osx/db/lib:../../deps/platforms/osx/openssl/lib:../../deps/platforms/windows/db/build_windows:../../deps/platforms/windows/openssl/lib:/usr/local/ssl/lib]

Which seems to be the thing causing the error listed from namcap.

[sum01]

Potential fix is here. Requires a flag during building of the vcashd binary.

[whphhg]

Thanks for taking the time & reporting! I've rebuilt the daemon using the updated script and bundled it with the Linux packages in v0.33.0.