Simon Josefsson: Validating debian/copyright: licenserecon
Recently I noticed a new tool called
licenserecon written by Peter Blackman, and I helped get licenserecon into Debian. The purpose of licenserecon is to reconcile licenses from debian/copyright against the output from licensecheck, a tool written by Jonas Smedegaard. It assumes DEP5 copyright files. You run the tool in a directory that has a debian/ sub-directory, and its output when it notices mismatches (this is for resolv-wrapper):
# sudo apt install licenserecon jas@kaka:~/dpkg/resolv-wrapper$ lrc Parsing Source Tree .... Running licensecheck .... d/copyright licensecheck BSD-3-Clauses BSD-3-clause src/resolv_wrapper.c BSD-3-Clauses BSD-3-clause tests/dns_srv.c BSD-3-Clauses BSD-3-clause tests/test_dns_fake.c BSD-3-Clauses BSD-3-clause tests/test_res_query_search.c BSD-3-Clauses BSD-3-clause tests/torture.c BSD-3-Clauses BSD-3-clause tests/torture.h jas@kaka:~/dpkg/resolv-wrapper$Noticing one-character typos like this may not bring satisfaction except to the most obsessive-compulsive among us, however the tool has the potential of discovering more serious mistakes. Using it manually once in a while may be useful, however I tend to forget QA steps that are not automated. Could we add this to the Salsa CI/CD pipeline? I recently proposed a merge request to add a wrap-and-sort job to the Salsa CI/CD pipeline (disabled by default) and learned how easy it was to extend it. I think
licenserecon is still a bit rough on the edges, and I haven t been able to successfully use it on any but the simplest packages yet. I wouldn t want to suggest it is added to the normal Salsa CI/CD pipeline, even if disabled. If you maintain a Debian package on Salsa and wish to add a licenserecon job to your pipeline, I wrote licenserecon.yml for you.
The simplest way to use licenserecon.yml is to replace recipes/debian.yml@salsa-ci-team/pipeline as the Salsa CI/CD configuration file setting with debian/salsa-ci.yml@debian/licenserecon. If you use a debian/salsa-ci.yml file you may put something like this in it instead:
--- include: - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml - https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.ymlOnce you trigger the pipeline, this will result in a new job
licenserecon that validates debian/copyright against licensecheck output on every build! I have added this to the libcpucycles package on Salsa and the pipeline contains a new job licenserecon whose output currently ends with:
$ cd $ WORKING_DIR /$ SOURCE_DIR $ lrc Parsing Source Tree .... Running licensecheck .... No differences found Cleaning up project directory and file based variablesIf upstream releases a new version with files not matching our
debian/copyright file, we will detect that on the next Salsa build job rather than months later when somebody happens to run the tools manually or there is some license conflict.
Incidentally licenserecon is written in Pascal which brought back old memories with Turbo Pascal back in the MS-DOS days. Thanks Peter for licenserecon, and Jonas for licensecheck making this possible!
The following contributor got his Debian Developer account in the last two months: