This is an automated email from the git hooks/post-receive script. lamby pushed a commit to branch master in repository lintian.
commit 6110e0f1185e26d903dd0ed8a7a8edaae14cf905 Author: Chris Lamb <la...@debian.org> Date: Sat Dec 23 16:06:23 2017 +0000 Check for Apache 2.0 packages that do not distribute their accompanying "NOTICE" files. (Closes: #885042) --- checks/source-copyright.desc | 18 +++++++++++++++ checks/source-copyright.pm | 27 +++++++++++++++++++++- debian/changelog | 3 +++ .../debian/NOTICE | 1 + .../debian/debian/copyright | 23 ++++++++++++++++++ ...ng-notice-file-for-apache-license-unrel.install | 1 + .../desc | 5 ++++ .../tags | 0 .../debian/NOTICE | 1 + .../debian/debian/copyright | 23 ++++++++++++++++++ .../debian/subdir/NOTICE | 1 + .../debian/unrel/NOTICE | 1 + .../desc | 5 ++++ .../tags | 1 + 14 files changed, 109 insertions(+), 1 deletion(-) diff --git a/checks/source-copyright.desc b/checks/source-copyright.desc index 33eeee6..b0fd57e 100644 --- a/checks/source-copyright.desc +++ b/checks/source-copyright.desc @@ -324,3 +324,21 @@ Info: A file specified in the <tt>Files-Excluded</tt> header in . mk-origtargz(1) is typically responsible for removing such files. Support in <tt>git-buildpackage</tt> is being tracked in #812721. + +Tag: missing-notice-file-for-apache-license +Severity: serious +Certainty: possible +Info: The package appears to be licensed under the Apache 2.0 license and + a <tt>NOTICE</tt> file exists in the source tree. However, no files called + <tt>NOTICE</tt> are installed in any of the binary packages. + . + The Apache 2.0 license requires distributing of such files: + . + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file [..] + . + Please include the file in your package, for example by adding + <tt>path/to/NOTICE</tt> to a <tt>debian/package.install</tt> file. +Ref: /usr/share/common-licenses/Apache-2.0 diff --git a/checks/source-copyright.pm b/checks/source-copyright.pm index a5f66db..b7494a9 100644 --- a/checks/source-copyright.pm +++ b/checks/source-copyright.pm @@ -59,7 +59,7 @@ my %dep5_renamed_fields = ( ); sub run { - my (undef, undef, $info) = @_; + my (undef, undef, $info, undef, $group) = @_; my $debian_dir = $info->index_resolved_path('debian/'); return if not $debian_dir; my $copyright_path = $debian_dir->child('copyright'); @@ -81,6 +81,7 @@ sub run { if ($copyright_path->is_open_ok) { _check_dep5_copyright($info, $copyright_path); + _check_apache_notice_files($info, $group, $copyright_path); } return; } @@ -148,6 +149,30 @@ sub _find_dep5_version { return; } +sub _check_apache_notice_files { + my ($info, $group, $copyright_path) = @_; + + my @procs = $group->get_processables('binary'); + return if not @procs; + return if $copyright_path->file_contents !~ m/apache[-\s]+2\./i; + + my @notice_files = grep { + $_->basename eq 'NOTICE' + and $_->is_open_ok + and $_->file_contents =~ m/apache/i + } $info->sorted_index; + return if not @notice_files; + + foreach my $binpkg (@procs) { + my @files = $binpkg->info->sorted_index; + return if any { $_->basename =~ m/^NOTICE(\.gz)?$/} @files; + } + + tag 'missing-notice-file-for-apache-license', join(' ', @notice_files); + + return; +} + sub _check_dep5_copyright { my ($info, $copyright_path) = @_; my $contents = $copyright_path->file_contents; diff --git a/debian/changelog b/debian/changelog index f6b5704..a488d7b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -34,6 +34,9 @@ lintian (2.5.66) UNRELEASED; urgency=medium timewarp-standards-version warnings if the date parts are identical (ie. "2017-11-30 < 2017-11-30"). Thanks to Andrea Bolognani e...@kiyuko.org> for the report. (Closes: #884785) + * checks/source-copyright.{desc,pm}: + + [CL] Check for Apache 2.0 packages that do not distribute their + accompanying "NOTICE" files. (Closes: #885042) * data/debhelper/compat-level: + [MR] Bump the experimental debhelper compat level to 12. diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE new file mode 100644 index 0000000..2a74156 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE @@ -0,0 +1 @@ +This file is installed to the binary package. diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/copyright b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/copyright new file mode 100644 index 0000000..082beb1 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/copyright @@ -0,0 +1,23 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Doohickey +Upstream-Contact: J. Random Hacker <j.r.hac...@example.com> +Source: http://examples.com/doohickey/source/ + +Files: * +Copyright: © 2011 J. Random Hacker <j.r.hac...@example.com> +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". + diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/source-copyright-missing-notice-file-for-apache-license-unrel.install b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/source-copyright-missing-notice-file-for-apache-license-unrel.install new file mode 100644 index 0000000..4268786 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/source-copyright-missing-notice-file-for-apache-license-unrel.install @@ -0,0 +1 @@ +NOTICE usr/share/doc/foo diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/desc b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/desc new file mode 100644 index 0000000..7dad602 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/desc @@ -0,0 +1,5 @@ +Testname: source-copyright-missing-notice-file-for-apache-license-unrel +Version: 1.0 +Description: Test for no packages missing Apache NOTICE files (false-positive) +Test-Against: + missing-notice-file-for-apache-license diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/tags b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/tags new file mode 100644 index 0000000..e69de29 diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/NOTICE new file mode 100644 index 0000000..6c64526 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/NOTICE @@ -0,0 +1 @@ +This Apache 2.0 license NOTICE is not installed to any binary package. diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/debian/copyright b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/debian/copyright new file mode 100644 index 0000000..082beb1 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/debian/copyright @@ -0,0 +1,23 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: Doohickey +Upstream-Contact: J. Random Hacker <j.r.hac...@example.com> +Source: http://examples.com/doohickey/source/ + +Files: * +Copyright: © 2011 J. Random Hacker <j.r.hac...@example.com> +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". + diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/subdir/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/subdir/NOTICE new file mode 100644 index 0000000..6c64526 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/subdir/NOTICE @@ -0,0 +1 @@ +This Apache 2.0 license NOTICE is not installed to any binary package. diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/unrel/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/unrel/NOTICE new file mode 100644 index 0000000..bdc5a71 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/unrel/NOTICE @@ -0,0 +1 @@ +This file is not installed but is not a A_pache license NOTICE file anyway. diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/desc b/t/tests/source-copyright-missing-notice-file-for-apache-license/desc new file mode 100644 index 0000000..e23d2b7 --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/desc @@ -0,0 +1,5 @@ +Testname: source-copyright-missing-notice-file-for-apache-license +Version: 1.0 +Description: Test for no packages missing Apache NOTICE files +Test-For: + missing-notice-file-for-apache-license diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/tags b/t/tests/source-copyright-missing-notice-file-for-apache-license/tags new file mode 100644 index 0000000..4de1eac --- /dev/null +++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/tags @@ -0,0 +1 @@ +E: source-copyright-missing-notice-file-for-apache-license source: missing-notice-file-for-apache-license NOTICE subdir/NOTICE -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git