[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[lintian] 01/01: Check for Apache 2.0 packages that do not distribute their accompanying "NOTICE" files. (Closes: #885042)

This is an automated email from the git hooks/post-receive script.

lamby pushed a commit to branch master
in repository lintian.

commit 6110e0f1185e26d903dd0ed8a7a8edaae14cf905
Author: Chris Lamb <lamby@debian.org>
Date:   Sat Dec 23 16:06:23 2017 +0000

    Check for Apache 2.0 packages that do not distribute their accompanying "NOTICE" files. (Closes: #885042)
---
 checks/source-copyright.desc                       | 18 +++++++++++++++
 checks/source-copyright.pm                         | 27 +++++++++++++++++++++-
 debian/changelog                                   |  3 +++
 .../debian/NOTICE                                  |  1 +
 .../debian/debian/copyright                        | 23 ++++++++++++++++++
 ...ng-notice-file-for-apache-license-unrel.install |  1 +
 .../desc                                           |  5 ++++
 .../tags                                           |  0
 .../debian/NOTICE                                  |  1 +
 .../debian/debian/copyright                        | 23 ++++++++++++++++++
 .../debian/subdir/NOTICE                           |  1 +
 .../debian/unrel/NOTICE                            |  1 +
 .../desc                                           |  5 ++++
 .../tags                                           |  1 +
 14 files changed, 109 insertions(+), 1 deletion(-)

diff --git a/checks/source-copyright.desc b/checks/source-copyright.desc
index 33eeee6..b0fd57e 100644
--- a/checks/source-copyright.desc
+++ b/checks/source-copyright.desc
@@ -324,3 +324,21 @@ Info: A file specified in the <tt>Files-Excluded</tt> header in
  .
  mk-origtargz(1) is typically responsible for removing such files. Support
  in <tt>git-buildpackage</tt> is being tracked in #812721.
+
+Tag: missing-notice-file-for-apache-license
+Severity: serious
+Certainty: possible
+Info: The package appears to be licensed under the Apache 2.0 license and
+ a <tt>NOTICE</tt> file exists in the source tree. However, no files called
+ <tt>NOTICE</tt> are installed in any of the binary packages.
+ .
+ The Apache 2.0 license requires distributing of such files:
+ .
+  (d) If the Work includes a "NOTICE" text file as part of its
+      distribution, then any Derivative Works that You distribute must
+      include a readable copy of the attribution notices contained
+      within such NOTICE file [..]
+ .
+ Please include the file in your package, for example by adding
+ <tt>path/to/NOTICE</tt> to a <tt>debian/package.install</tt> file.
+Ref: /usr/share/common-licenses/Apache-2.0
diff --git a/checks/source-copyright.pm b/checks/source-copyright.pm
index a5f66db..b7494a9 100644
--- a/checks/source-copyright.pm
+++ b/checks/source-copyright.pm
@@ -59,7 +59,7 @@ my %dep5_renamed_fields        = (
 );
 
 sub run {
-    my (undef, undef, $info) = @_;
+    my (undef, undef, $info, undef, $group) = @_;
     my $debian_dir = $info->index_resolved_path('debian/');
     return if not $debian_dir;
     my $copyright_path = $debian_dir->child('copyright');
@@ -81,6 +81,7 @@ sub run {
 
     if ($copyright_path->is_open_ok) {
         _check_dep5_copyright($info, $copyright_path);
+        _check_apache_notice_files($info, $group, $copyright_path);
     }
     return;
 }
@@ -148,6 +149,30 @@ sub _find_dep5_version {
     return;
 }
 
+sub _check_apache_notice_files {
+    my ($info, $group, $copyright_path) = @_;
+
+    my @procs = $group->get_processables('binary');
+    return if not @procs;
+    return if $copyright_path->file_contents !~ m/apache[-\s]+2\./i;
+
+    my @notice_files = grep {
+              $_->basename eq 'NOTICE'
+          and $_->is_open_ok
+          and $_->file_contents =~ m/apache/i
+    } $info->sorted_index;
+    return if not @notice_files;
+
+    foreach my $binpkg (@procs) {
+        my @files = $binpkg->info->sorted_index;
+        return if any { $_->basename =~ m/^NOTICE(\.gz)?$/} @files;
+    }
+
+    tag 'missing-notice-file-for-apache-license', join(' ', @notice_files);
+
+    return;
+}
+
 sub _check_dep5_copyright {
     my ($info, $copyright_path) = @_;
     my $contents = $copyright_path->file_contents;
diff --git a/debian/changelog b/debian/changelog
index f6b5704..a488d7b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -34,6 +34,9 @@ lintian (2.5.66) UNRELEASED; urgency=medium
       timewarp-standards-version warnings if the date parts are identical
       (ie. "2017-11-30 < 2017-11-30"). Thanks to Andrea Bolognani
       eof@kiyuko.org> for the report.  (Closes: #884785)
+  * checks/source-copyright.{desc,pm}:
+    + [CL] Check for Apache 2.0 packages that do not distribute their
+      accompanying "NOTICE" files.  (Closes: #885042)
 
   * data/debhelper/compat-level:
     + [MR] Bump the experimental debhelper compat level to 12.
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE
new file mode 100644
index 0000000..2a74156
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/NOTICE
@@ -0,0 +1 @@
+This file is installed to the binary package.
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/copyright b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/copyright
new file mode 100644
index 0000000..082beb1
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/copyright
@@ -0,0 +1,23 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Doohickey
+Upstream-Contact: J. Random Hacker <j.r.hacker@example.com>
+Source: http://examples.com/doohickey/source/
+
+Files: *
+Copyright: © 2011 J. Random Hacker <j.r.hacker@example.com>
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/source-copyright-missing-notice-file-for-apache-license-unrel.install b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/source-copyright-missing-notice-file-for-apache-license-unrel.install
new file mode 100644
index 0000000..4268786
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/debian/debian/source-copyright-missing-notice-file-for-apache-license-unrel.install
@@ -0,0 +1 @@
+NOTICE usr/share/doc/foo
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/desc b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/desc
new file mode 100644
index 0000000..7dad602
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/desc
@@ -0,0 +1,5 @@
+Testname: source-copyright-missing-notice-file-for-apache-license-unrel
+Version: 1.0
+Description: Test for no packages missing Apache NOTICE files (false-positive)
+Test-Against:
+ missing-notice-file-for-apache-license
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/tags b/t/tests/source-copyright-missing-notice-file-for-apache-license-unrel/tags
new file mode 100644
index 0000000..e69de29
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/NOTICE
new file mode 100644
index 0000000..6c64526
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/NOTICE
@@ -0,0 +1 @@
+This Apache 2.0 license NOTICE is not installed to any binary package.
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/debian/copyright b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/debian/copyright
new file mode 100644
index 0000000..082beb1
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/debian/copyright
@@ -0,0 +1,23 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Doohickey
+Upstream-Contact: J. Random Hacker <j.r.hacker@example.com>
+Source: http://examples.com/doohickey/source/
+
+Files: *
+Copyright: © 2011 J. Random Hacker <j.r.hacker@example.com>
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/subdir/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/subdir/NOTICE
new file mode 100644
index 0000000..6c64526
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/subdir/NOTICE
@@ -0,0 +1 @@
+This Apache 2.0 license NOTICE is not installed to any binary package.
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/unrel/NOTICE b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/unrel/NOTICE
new file mode 100644
index 0000000..bdc5a71
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/debian/unrel/NOTICE
@@ -0,0 +1 @@
+This file is not installed but is not a A_pache license NOTICE file anyway.
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/desc b/t/tests/source-copyright-missing-notice-file-for-apache-license/desc
new file mode 100644
index 0000000..e23d2b7
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/desc
@@ -0,0 +1,5 @@
+Testname: source-copyright-missing-notice-file-for-apache-license
+Version: 1.0
+Description: Test for no packages missing Apache NOTICE files
+Test-For:
+ missing-notice-file-for-apache-license
diff --git a/t/tests/source-copyright-missing-notice-file-for-apache-license/tags b/t/tests/source-copyright-missing-notice-file-for-apache-license/tags
new file mode 100644
index 0000000..4de1eac
--- /dev/null
+++ b/t/tests/source-copyright-missing-notice-file-for-apache-license/tags
@@ -0,0 +1 @@
+E: source-copyright-missing-notice-file-for-apache-license source: missing-notice-file-for-apache-license NOTICE subdir/NOTICE

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Reply to: