lintian: r1106 - in trunk: checks debian testset testset/binary/debian testset/foo++/debian testset/libbaz/debian testset/scripts/debian

To: debian-lint-maint@lists.debian.org
Subject: lintian: r1106 - in trunk: checks debian testset testset/binary/debian testset/foo++/debian testset/libbaz/debian testset/scripts/debian
From: rra@debian.org
Date: Fri, 04 Jan 2008 05:54:14 +0100
Message-id: <[🔎] E1JAeZS-0002vE-Fm@mordor.wolffelaar.nl>
Author: rra
Date: 2008-01-04 05:54:12 +0100 (Fri, 04 Jan 2008)
New Revision: 1106

Added:
   trunk/testset/foo++/debian/copyright
   trunk/testset/scripts/debian/copyright
Modified:
   trunk/checks/copyright-file
   trunk/checks/copyright-file.desc
   trunk/debian/changelog
   trunk/testset/binary/debian/control
   trunk/testset/binary/debian/copyright
   trunk/testset/foo++/debian/control
   trunk/testset/libbaz/debian/control
   trunk/testset/libbaz/debian/copyright
   trunk/testset/scripts/debian/control
   trunk/testset/scripts/debian/rules
   trunk/testset/tags.binary
   trunk/testset/tags.scripts
Log:
* checks/copyright-file{.desc,}:
  + [RA] Warn about packages covered by the GPL and linked with libssl
    that don't list other common licenses or mention a license exception
    or exemption.  Requested by Joerg Jaspert.  (Closes: #454238)

Modified: trunk/checks/copyright-file
===================================================================
--- trunk/checks/copyright-file	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/checks/copyright-file	2008-01-04 04:54:12 UTC (rev 1106)
@@ -176,11 +176,15 @@
     tag "old-fsf-address-in-copyright-file", "";
 }
 
+# Whether the package is covered by the GPL, used later for the libssl check.
+my $gpl;
+
 if (length($_) > 12000
     and ((m/\bGNU GENERAL PUBLIC LICENSE\s*TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\b/m
           and m/\bVersion 2\s/)
          or (m/\bGNU GENERAL PUBLIC LICENSE\s*Version 3/ and m/\bTERMS AND CONDITIONS\s/))) {
     tag "copyright-file-contains-full-gpl-license";
+    $gpl = 1;
 }
 
 if (length($_) > 12000
@@ -221,6 +225,7 @@
     tag "copyright-should-refer-to-common-license-file-for-lgpl";
 } elsif (m/GNU General Public License/i or m/\bGPL\b/) {
     tag "copyright-should-refer-to-common-license-file-for-gpl";
+    $gpl = 1;
 }
 
 if (m,Upstream Author\(s\),) {
@@ -233,6 +238,22 @@
 
 spelling_check('spelling-error-in-copyright', $_);
 
+# Now, check for linking against libssl if the package is covered by the GPL.
+# (This check was requested by ftp-master.)  First, see if the package is
+# under the GPL alone and try to exclude packages with a mix of GPL and LGPL
+# or Artistic licensing or with an exception or exemption.
+if ($gpl || m,/usr/share/common-licenses/GPL,) {
+    unless (m,exception|exemption|/usr/share/common-licenses/(?!GPL)\S,) {
+        if (open(DEP, '<', 'fields/depends')) {
+            my @depends = split (/\s*,\s*/, scalar <DEP>);
+            close DEP;
+            if (grep { /^libssl[0-9.]+(\s|\z)/ && !/\|/ } @depends) {
+                tag 'possible-gpl-code-linked-with-openssl';
+            }
+        }
+    }
+}
+
 } # </run>
 
 # -----------------------------------
@@ -265,4 +286,8 @@
 
 1;
 
+# Local Variables:
+# indent-tabs-mode: t
+# cperl-indent-level: 4
+# End:
 # vim: syntax=perl ts=8 sw=4

Modified: trunk/checks/copyright-file.desc
===================================================================
--- trunk/checks/copyright-file.desc	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/checks/copyright-file.desc	2008-01-04 04:54:12 UTC (rev 1106)
@@ -195,3 +195,12 @@
 Info: Lintian found a spelling error in the copyright file.  Lintian has a
  list of common misspellings that it looks for.  It does not have a
  dictionary like a spelling checker does.
+
+Tag: possible-gpl-code-linked-with-openssl
+Type: warning
+Info: This package appears to be covered by the GNU GPL but depends on
+ the OpenSSL libssl package and does not mention a license exemption or
+ exception for OpenSSL in its copyright file.  The GPL (including version
+ 3) is incompatible with some terms of the OpenSSL license, and therefore
+ Debian does not allow GPL-licensed code linked with OpenSSL libraries
+ unless there is a license exception explicitly permitting this.

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/debian/changelog	2008-01-04 04:54:12 UTC (rev 1106)
@@ -16,6 +16,10 @@
     + [RA] Include the package name in stronger-dependency-implies-weaker.
     + [RA] Fix stronger-dependency-implies-weaker description cut and
       paste error.  Thanks, Rafael Laboissiere.  (Closes: #456405)
+  * checks/copyright-file{.desc,}:
+    + [RA] Warn about packages covered by the GPL and linked with libssl
+      that don't list other common licenses or mention a license exception
+      or exemption.  Requested by Joerg Jaspert.  (Closes: #454238)
   * checks/debian-readme{.desc,}:
     + Combine readme-debian-{is,contains}-debmake-template and be less
       particular about the exact formatting of the dh-make template.

Modified: trunk/testset/binary/debian/control
===================================================================
--- trunk/testset/binary/debian/control	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/binary/debian/control	2008-01-04 04:54:12 UTC (rev 1106)
@@ -10,7 +10,7 @@
 
 Package: binary
 Architecture: any
-Depends: ${shlibs:Depends}, xorg, binary-data (= ${Source-Version})
+Depends: ${shlibs:Depends}, xorg, binary-data (= ${Source-Version}), libssl0.9.8
 Homepage: <http://lintian.debian.org/>
 Vcs-Svn: http://svn.wolffelaar.nl/lintian/trunk
 Description: test handling of binary files
@@ -21,7 +21,8 @@
 
 Package: binary-data
 Architecture: all
-Depends: binary (= ${Source-Version})
+Depends: binary (= ${Source-Version}), libssl-not-openssl,
+ libssl0.9.8 | or-something-else
 Description: test handling of binary relationships
  Regression test for lintian's checking of package relationships between
  arch:any and arch:all packages.

Modified: trunk/testset/binary/debian/copyright
===================================================================
--- trunk/testset/binary/debian/copyright	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/binary/debian/copyright	2008-01-04 04:54:12 UTC (rev 1106)
@@ -2,6 +2,9 @@
 it will be useful, but without any warranty; without even the implied warranty
 of merchantability or fitness for a particular purpose.
 
+A reference to /usr/share/common-licenses/GPL to make it look like this
+package is under the GPL and trigger the OpenSSL warning.
+
 Test for old FSF address:
 
 Free Software Foundation, Inc., 59 Temple Place - Suite 330,

Modified: trunk/testset/foo++/debian/control
===================================================================
--- trunk/testset/foo++/debian/control	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/foo++/debian/control	2008-01-04 04:54:12 UTC (rev 1106)
@@ -10,7 +10,7 @@
 Package: foo++
 Architecture: all
 Build-Depends: test
-Depends: test
+Depends: test, libssl0.9.7
 Description: see how lintian reacts to plus signs in the package name
  Regression test to see if lintian tests work on a package with plus signs in
  its name.

Added: trunk/testset/foo++/debian/copyright
===================================================================
--- trunk/testset/foo++/debian/copyright	                        (rev 0)
+++ trunk/testset/foo++/debian/copyright	2008-01-04 04:54:12 UTC (rev 1106)
@@ -0,0 +1,5 @@
+A reference to /usr/share/common-licenses/GPL to make it look like this
+package is under the GPL and trigger the OpenSSL warning.
+
+However, there is also a reference to /usr/share/common-licenses/LGPL, so
+who knows what bits actually depend on libssl.

Modified: trunk/testset/libbaz/debian/control
===================================================================
--- trunk/testset/libbaz/debian/control	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/libbaz/debian/control	2008-01-04 04:54:12 UTC (rev 1106)
@@ -19,7 +19,7 @@
 
 Package: libbaz2
 Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, libssl0.9.8
 Description: test handling of library packages
  Regression test for lintian's handling of libraries
 

Modified: trunk/testset/libbaz/debian/copyright
===================================================================
--- trunk/testset/libbaz/debian/copyright	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/libbaz/debian/copyright	2008-01-04 04:54:12 UTC (rev 1106)
@@ -1,3 +1,8 @@
 This package is released under public domain.  This is distributed in the hope
 that it will be useful, but without any warranty; without even the implied
 warranty of merchantability or fitness for a particular purpose.
+
+A reference to /usr/share/common-licenses/GPL to make it look like this
+package is under the GPL and trigger the OpenSSL warning.
+
+However, this has an OpenSSL exception.

Modified: trunk/testset/scripts/debian/control
===================================================================
--- trunk/testset/scripts/debian/control	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/scripts/debian/control	2008-01-04 04:54:12 UTC (rev 1106)
@@ -8,7 +8,7 @@
 
 Package: scripts
 Architecture: all
-Depends: test, ruby1.8, build-essential
+Depends: test, ruby1.8, build-essential, libssl0.9.7
 Recommends: tk8.4 | wish
 Description: test lintian's script file checks
  Regression test lintian's script file checks.

Added: trunk/testset/scripts/debian/copyright
===================================================================
--- trunk/testset/scripts/debian/copyright	                        (rev 0)
+++ trunk/testset/scripts/debian/copyright	2008-01-04 04:54:12 UTC (rev 1106)
@@ -0,0 +1,2 @@
+This file contains the phrase "under the same terms as Perl itself" to
+trigger warnings about not having common-licenses references.

Modified: trunk/testset/scripts/debian/rules
===================================================================
--- trunk/testset/scripts/debian/rules	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/scripts/debian/rules	2008-01-04 04:54:12 UTC (rev 1106)
@@ -75,6 +75,7 @@
 	touch $(tmp)/usr/lib/python2.3/site-packages/test.pyc
 	cp debian/changelog $(tmp)/usr/share/doc/scripts/changelog
 	gzip -9 $(tmp)/usr/share/doc/scripts/changelog
+	cp debian/copyright $(tmp)/usr/share/doc/scripts/copyright
 
 	cp debian/scripts.conffiles $(tmp)/DEBIAN/conffiles
 	install -m 755 debian/postinst $(tmp)/DEBIAN/postinst

Modified: trunk/testset/tags.binary
===================================================================
--- trunk/testset/tags.binary	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/tags.binary	2008-01-04 04:54:12 UTC (rev 1106)
@@ -64,7 +64,7 @@
 W: binary: binary-without-manpage usr/bin/iminusrbin
 W: binary: binary-without-manpage usr/bin/static-hello
 W: binary: changelog-file-not-compressed changelog
-W: binary: debian-copyright-file-uses-obsolete-national-encoding at line 10
+W: binary: debian-copyright-file-uses-obsolete-national-encoding at line 13
 W: binary: debian-news-entry-has-strange-distribution UNRELEASED
 W: binary: description-contains-homepage
 W: binary: desktop-command-not-in-package /usr/share/applications/goodbye.desktop goodbye
@@ -105,6 +105,7 @@
 W: binary: old-fsf-address-in-copyright-file
 W: binary: package-contains-hardlink usr/bar2 -> usr/share/baz
 W: binary: package-contains-upstream-install-documentation usr/share/doc/binary/INSTALL
+W: binary: possible-gpl-code-linked-with-openssl
 W: binary: spelling-error-in-description debian Debian
 W: binary: spelling-error-in-doc-base-abstract-field binary:10 speling spelling
 W: binary: spelling-error-in-doc-base-title-field binary:2 debian Debian

Modified: trunk/testset/tags.scripts
===================================================================
--- trunk/testset/tags.scripts	2008-01-04 04:18:28 UTC (rev 1105)
+++ trunk/testset/tags.scripts	2008-01-04 04:54:12 UTC (rev 1106)
@@ -1,13 +1,13 @@
 E: scripts source: dpatch-index-references-non-existant-patch 01_not_here_right_now.dpatch
 E: scripts source: package-uses-debhelper-but-lacks-build-depends
 E: scripts: calls-suidperl-directly ./usr/bin/suidperlfoo
+E: scripts: copyright-file-lacks-pointer-to-perl-license
 E: scripts: file-in-etc-not-marked-as-conffile /etc/init.d/skeleton
 E: scripts: init.d-script-does-not-implement-required-option /etc/init.d/lsb-broken force-reload
 E: scripts: init.d-script-does-not-implement-required-option /etc/init.d/lsb-broken restart
 E: scripts: init.d-script-has-duplicate-lsb-section /etc/init.d/lsb-broken
 E: scripts: init.d-script-has-unterminated-lsb-section /etc/init.d/lsb-broken:15
 E: scripts: missing-dep-for-interpreter lefty => graphviz (./usr/bin/lefty-foo)
-E: scripts: no-copyright-file
 E: scripts: php-script-but-no-php-cli-dep ./usr/share/scripts/phpfoo
 E: scripts: php5-script-but-no-php5-cli-dep ./usr/share/scripts/php5foo
 E: scripts: python-script-but-no-python-dep ./usr/bin/py2foo
Reply to:
Prev by Date: Processed: Lintian bugs fixed in revision r1105
Next by Date: Processed: Lintian bugs fixed in revision r1106
Previous by thread: Processed: Lintian bugs fixed in revision r1105
Next by thread: Processed: Lintian bugs fixed in revision r1106
Index(es):
- Date
- Thread