This is an automated email from the git hooks/post-receive script.
lamby pushed a commit to branch master
in repository lintian.
commit 6110e0f1185e26d903dd0ed8a7a8edaae14cf905
Author: Chris Lamb
Date: Sat Dec 23 16:06:23 2017 +
Check for Apache 2.0 packages that do not distribute their accompanying
"NOTICE" files. (Closes: #885042)
---
checks/source-copyright.desc | 18 +++
checks/source-copyright.pm | 27 +-
debian/changelog | 3 +++
.../debian/NOTICE | 1 +
.../debian/debian/copyright| 23 ++
...ng-notice-file-for-apache-license-unrel.install | 1 +
.../desc | 5
.../tags | 0
.../debian/NOTICE | 1 +
.../debian/debian/copyright| 23 ++
.../debian/subdir/NOTICE | 1 +
.../debian/unrel/NOTICE| 1 +
.../desc | 5
.../tags | 1 +
14 files changed, 109 insertions(+), 1 deletion(-)
diff --git a/checks/source-copyright.desc b/checks/source-copyright.desc
index 336..b0fd57e 100644
--- a/checks/source-copyright.desc
+++ b/checks/source-copyright.desc
@@ -324,3 +324,21 @@ Info: A file specified in the Files-Excluded
header in
.
mk-origtargz(1) is typically responsible for removing such files. Support
in git-buildpackage is being tracked in #812721.
+
+Tag: missing-notice-file-for-apache-license
+Severity: serious
+Certainty: possible
+Info: The package appears to be licensed under the Apache 2.0 license and
+ a NOTICE file exists in the source tree. However, no files called
+ NOTICE are installed in any of the binary packages.
+ .
+ The Apache 2.0 license requires distributing of such files:
+ .
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file [..]
+ .
+ Please include the file in your package, for example by adding
+ path/to/NOTICE to a debian/package.install file.
+Ref: /usr/share/common-licenses/Apache-2.0
diff --git a/checks/source-copyright.pm b/checks/source-copyright.pm
index a5f66db..b7494a9 100644
--- a/checks/source-copyright.pm
+++ b/checks/source-copyright.pm
@@ -59,7 +59,7 @@ my %dep5_renamed_fields= (
);
sub run {
-my (undef, undef, $info) = @_;
+my (undef, undef, $info, undef, $group) = @_;
my $debian_dir = $info->index_resolved_path('debian/');
return if not $debian_dir;
my $copyright_path = $debian_dir->child('copyright');
@@ -81,6 +81,7 @@ sub run {
if ($copyright_path->is_open_ok) {
_check_dep5_copyright($info, $copyright_path);
+_check_apache_notice_files($info, $group, $copyright_path);
}
return;
}
@@ -148,6 +149,30 @@ sub _find_dep5_version {
return;
}
+sub _check_apache_notice_files {
+my ($info, $group, $copyright_path) = @_;
+
+my @procs = $group->get_processables('binary');
+return if not @procs;
+return if $copyright_path->file_contents !~ m/apache[-\s]+2\./i;
+
+my @notice_files = grep {
+ $_->basename eq 'NOTICE'
+ and $_->is_open_ok
+ and $_->file_contents =~ m/apache/i
+} $info->sorted_index;
+return if not @notice_files;
+
+foreach my $binpkg (@procs) {
+my @files = $binpkg->info->sorted_index;
+return if any { $_->basename =~ m/^NOTICE(\.gz)?$/} @files;
+}
+
+tag 'missing-notice-file-for-apache-license', join(' ', @notice_files);
+
+return;
+}
+
sub _check_dep5_copyright {
my ($info, $copyright_path) = @_;
my $contents = $copyright_path->file_contents;
diff --git a/debian/changelog b/debian/changelog
index f6b5704..a488d7b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -34,6 +34,9 @@ lintian (2.5.66) UNRELEASED; urgency=medium
timewarp-standards-version warnings if the date parts are identical
(ie. "2017-11-30 < 2017-11-30"). Thanks to Andrea Bolognani
e...@kiyuko.org> for the report. (Closes: #884785)
+ * checks/source-copyright.{desc,pm}:
++ [CL] Check for Apache 2.0 packages that do not distribute their
+ accompanying "NOTICE" files. (Closes: #885042)
* data/debhelper/compat-level:
+ [MR] Bump the experimental debhelper compat level to 12.
diff --git
a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE
b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE
new file mode 100644
index 000..2a74156
--- /dev/null
+++