lintian: r1106 - in trunk: checks debian testset testset/binary/debian testset/foo++/debian testset/libbaz/debian testset/scripts/debian
Author: rra
Date: 2008-01-04 05:54:12 +0100 (Fri, 04 Jan 2008)
New Revision: 1106
Added:
trunk/testset/foo++/debian/copyright
trunk/testset/scripts/debian/copyright
Modified:
trunk/checks/copyright-file
trunk/checks/copyright-file.desc
trunk/debian/changelog
trunk/testset/binary/debian/control
trunk/testset/binary/debian/copyright
trunk/testset/foo++/debian/control
trunk/testset/libbaz/debian/control
trunk/testset/libbaz/debian/copyright
trunk/testset/scripts/debian/control
trunk/testset/scripts/debian/rules
trunk/testset/tags.binary
trunk/testset/tags.scripts
Log:
* checks/copyright-file{.desc,}:
+ [RA] Warn about packages covered by the GPL and linked with libssl
that don't list other common licenses or mention a license exception
or exemption. Requested by Joerg Jaspert. (Closes: #454238)
Modified: trunk/checks/copyright-file
===================================================================
--- trunk/checks/copyright-file 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/checks/copyright-file 2008-01-04 04:54:12 UTC (rev 1106)
@@ -176,11 +176,15 @@
tag "old-fsf-address-in-copyright-file", "";
}
+# Whether the package is covered by the GPL, used later for the libssl check.
+my $gpl;
+
if (length($_) > 12000
and ((m/\bGNU GENERAL PUBLIC LICENSE\s*TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\b/m
and m/\bVersion 2\s/)
or (m/\bGNU GENERAL PUBLIC LICENSE\s*Version 3/ and m/\bTERMS AND CONDITIONS\s/))) {
tag "copyright-file-contains-full-gpl-license";
+ $gpl = 1;
}
if (length($_) > 12000
@@ -221,6 +225,7 @@
tag "copyright-should-refer-to-common-license-file-for-lgpl";
} elsif (m/GNU General Public License/i or m/\bGPL\b/) {
tag "copyright-should-refer-to-common-license-file-for-gpl";
+ $gpl = 1;
}
if (m,Upstream Author\(s\),) {
@@ -233,6 +238,22 @@
spelling_check('spelling-error-in-copyright', $_);
+# Now, check for linking against libssl if the package is covered by the GPL.
+# (This check was requested by ftp-master.) First, see if the package is
+# under the GPL alone and try to exclude packages with a mix of GPL and LGPL
+# or Artistic licensing or with an exception or exemption.
+if ($gpl || m,/usr/share/common-licenses/GPL,) {
+ unless (m,exception|exemption|/usr/share/common-licenses/(?!GPL)\S,) {
+ if (open(DEP, '<', 'fields/depends')) {
+ my @depends = split (/\s*,\s*/, scalar <DEP>);
+ close DEP;
+ if (grep { /^libssl[0-9.]+(\s|\z)/ && !/\|/ } @depends) {
+ tag 'possible-gpl-code-linked-with-openssl';
+ }
+ }
+ }
+}
+
} # </run>
# -----------------------------------
@@ -265,4 +286,8 @@
1;
+# Local Variables:
+# indent-tabs-mode: t
+# cperl-indent-level: 4
+# End:
# vim: syntax=perl ts=8 sw=4
Modified: trunk/checks/copyright-file.desc
===================================================================
--- trunk/checks/copyright-file.desc 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/checks/copyright-file.desc 2008-01-04 04:54:12 UTC (rev 1106)
@@ -195,3 +195,12 @@
Info: Lintian found a spelling error in the copyright file. Lintian has a
list of common misspellings that it looks for. It does not have a
dictionary like a spelling checker does.
+
+Tag: possible-gpl-code-linked-with-openssl
+Type: warning
+Info: This package appears to be covered by the GNU GPL but depends on
+ the OpenSSL libssl package and does not mention a license exemption or
+ exception for OpenSSL in its copyright file. The GPL (including version
+ 3) is incompatible with some terms of the OpenSSL license, and therefore
+ Debian does not allow GPL-licensed code linked with OpenSSL libraries
+ unless there is a license exception explicitly permitting this.
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/debian/changelog 2008-01-04 04:54:12 UTC (rev 1106)
@@ -16,6 +16,10 @@
+ [RA] Include the package name in stronger-dependency-implies-weaker.
+ [RA] Fix stronger-dependency-implies-weaker description cut and
paste error. Thanks, Rafael Laboissiere. (Closes: #456405)
+ * checks/copyright-file{.desc,}:
+ + [RA] Warn about packages covered by the GPL and linked with libssl
+ that don't list other common licenses or mention a license exception
+ or exemption. Requested by Joerg Jaspert. (Closes: #454238)
* checks/debian-readme{.desc,}:
+ Combine readme-debian-{is,contains}-debmake-template and be less
particular about the exact formatting of the dh-make template.
Modified: trunk/testset/binary/debian/control
===================================================================
--- trunk/testset/binary/debian/control 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/binary/debian/control 2008-01-04 04:54:12 UTC (rev 1106)
@@ -10,7 +10,7 @@
Package: binary
Architecture: any
-Depends: ${shlibs:Depends}, xorg, binary-data (= ${Source-Version})
+Depends: ${shlibs:Depends}, xorg, binary-data (= ${Source-Version}), libssl0.9.8
Homepage: <http://lintian.debian.org/>
Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk
Description: test handling of binary files
@@ -21,7 +21,8 @@
Package: binary-data
Architecture: all
-Depends: binary (= ${Source-Version})
+Depends: binary (= ${Source-Version}), libssl-not-openssl,
+ libssl0.9.8 | or-something-else
Description: test handling of binary relationships
Regression test for lintian's checking of package relationships between
arch:any and arch:all packages.
Modified: trunk/testset/binary/debian/copyright
===================================================================
--- trunk/testset/binary/debian/copyright 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/binary/debian/copyright 2008-01-04 04:54:12 UTC (rev 1106)
@@ -2,6 +2,9 @@
it will be useful, but without any warranty; without even the implied warranty
of merchantability or fitness for a particular purpose.
+A reference to /usr/share/common-licenses/GPL to make it look like this
+package is under the GPL and trigger the OpenSSL warning.
+
Test for old FSF address:
Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Modified: trunk/testset/foo++/debian/control
===================================================================
--- trunk/testset/foo++/debian/control 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/foo++/debian/control 2008-01-04 04:54:12 UTC (rev 1106)
@@ -10,7 +10,7 @@
Package: foo++
Architecture: all
Build-Depends: test
-Depends: test
+Depends: test, libssl0.9.7
Description: see how lintian reacts to plus signs in the package name
Regression test to see if lintian tests work on a package with plus signs in
its name.
Added: trunk/testset/foo++/debian/copyright
===================================================================
--- trunk/testset/foo++/debian/copyright (rev 0)
+++ trunk/testset/foo++/debian/copyright 2008-01-04 04:54:12 UTC (rev 1106)
@@ -0,0 +1,5 @@
+A reference to /usr/share/common-licenses/GPL to make it look like this
+package is under the GPL and trigger the OpenSSL warning.
+
+However, there is also a reference to /usr/share/common-licenses/LGPL, so
+who knows what bits actually depend on libssl.
Modified: trunk/testset/libbaz/debian/control
===================================================================
--- trunk/testset/libbaz/debian/control 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/libbaz/debian/control 2008-01-04 04:54:12 UTC (rev 1106)
@@ -19,7 +19,7 @@
Package: libbaz2
Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, libssl0.9.8
Description: test handling of library packages
Regression test for lintian's handling of libraries
Modified: trunk/testset/libbaz/debian/copyright
===================================================================
--- trunk/testset/libbaz/debian/copyright 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/libbaz/debian/copyright 2008-01-04 04:54:12 UTC (rev 1106)
@@ -1,3 +1,8 @@
This package is released under public domain. This is distributed in the hope
that it will be useful, but without any warranty; without even the implied
warranty of merchantability or fitness for a particular purpose.
+
+A reference to /usr/share/common-licenses/GPL to make it look like this
+package is under the GPL and trigger the OpenSSL warning.
+
+However, this has an OpenSSL exception.
Modified: trunk/testset/scripts/debian/control
===================================================================
--- trunk/testset/scripts/debian/control 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/scripts/debian/control 2008-01-04 04:54:12 UTC (rev 1106)
@@ -8,7 +8,7 @@
Package: scripts
Architecture: all
-Depends: test, ruby1.8, build-essential
+Depends: test, ruby1.8, build-essential, libssl0.9.7
Recommends: tk8.4 | wish
Description: test lintian's script file checks
Regression test lintian's script file checks.
Added: trunk/testset/scripts/debian/copyright
===================================================================
--- trunk/testset/scripts/debian/copyright (rev 0)
+++ trunk/testset/scripts/debian/copyright 2008-01-04 04:54:12 UTC (rev 1106)
@@ -0,0 +1,2 @@
+This file contains the phrase "under the same terms as Perl itself" to
+trigger warnings about not having common-licenses references.
Modified: trunk/testset/scripts/debian/rules
===================================================================
--- trunk/testset/scripts/debian/rules 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/scripts/debian/rules 2008-01-04 04:54:12 UTC (rev 1106)
@@ -75,6 +75,7 @@
touch $(tmp)/usr/lib/python2.3/site-packages/test.pyc
cp debian/changelog $(tmp)/usr/share/doc/scripts/changelog
gzip -9 $(tmp)/usr/share/doc/scripts/changelog
+ cp debian/copyright $(tmp)/usr/share/doc/scripts/copyright
cp debian/scripts.conffiles $(tmp)/DEBIAN/conffiles
install -m 755 debian/postinst $(tmp)/DEBIAN/postinst
Modified: trunk/testset/tags.binary
===================================================================
--- trunk/testset/tags.binary 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/tags.binary 2008-01-04 04:54:12 UTC (rev 1106)
@@ -64,7 +64,7 @@
W: binary: binary-without-manpage usr/bin/iminusrbin
W: binary: binary-without-manpage usr/bin/static-hello
W: binary: changelog-file-not-compressed changelog
-W: binary: debian-copyright-file-uses-obsolete-national-encoding at line 10
+W: binary: debian-copyright-file-uses-obsolete-national-encoding at line 13
W: binary: debian-news-entry-has-strange-distribution UNRELEASED
W: binary: description-contains-homepage
W: binary: desktop-command-not-in-package /usr/share/applications/goodbye.desktop goodbye
@@ -105,6 +105,7 @@
W: binary: old-fsf-address-in-copyright-file
W: binary: package-contains-hardlink usr/bar2 -> usr/share/baz
W: binary: package-contains-upstream-install-documentation usr/share/doc/binary/INSTALL
+W: binary: possible-gpl-code-linked-with-openssl
W: binary: spelling-error-in-description debian Debian
W: binary: spelling-error-in-doc-base-abstract-field binary:10 speling spelling
W: binary: spelling-error-in-doc-base-title-field binary:2 debian Debian
Modified: trunk/testset/tags.scripts
===================================================================
--- trunk/testset/tags.scripts 2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/tags.scripts 2008-01-04 04:54:12 UTC (rev 1106)
@@ -1,13 +1,13 @@
E: scripts source: dpatch-index-references-non-existant-patch 01_not_here_right_now.dpatch
E: scripts source: package-uses-debhelper-but-lacks-build-depends
E: scripts: calls-suidperl-directly ./usr/bin/suidperlfoo
+E: scripts: copyright-file-lacks-pointer-to-perl-license
E: scripts: file-in-etc-not-marked-as-conffile /etc/init.d/skeleton
E: scripts: init.d-script-does-not-implement-required-option /etc/init.d/lsb-broken force-reload
E: scripts: init.d-script-does-not-implement-required-option /etc/init.d/lsb-broken restart
E: scripts: init.d-script-has-duplicate-lsb-section /etc/init.d/lsb-broken
E: scripts: init.d-script-has-unterminated-lsb-section /etc/init.d/lsb-broken:15
E: scripts: missing-dep-for-interpreter lefty => graphviz (./usr/bin/lefty-foo)
-E: scripts: no-copyright-file
E: scripts: php-script-but-no-php-cli-dep ./usr/share/scripts/phpfoo
E: scripts: php5-script-but-no-php5-cli-dep ./usr/share/scripts/php5foo
E: scripts: python-script-but-no-python-dep ./usr/bin/py2foo
Reply to: