|Dpkg::Copyright::Scanner(3pm)||User Contributed Perl Documentation||Dpkg::Copyright::Scanner(3pm)|
Dpkg::Copyright::Scanner - Scan files to provide copyright data
use Dpkg::Copyright::Scanner qw/print_copyright scan_files/; # print copyright data on STDOUT print_copyright; # return a data structure containing copyright information my @copyright_data = scan_files();
This modules scans current package directory to extract copyright and license information. Information are packed in a way to ease review and maintenance. Files information is grouped with wildcards ('*') to reduce the list of files.
About LICENSE and README files¶
Projects often store global copyright information, i.e. information that apply to all files of a project (unless specified otherwise in some files) in README or LICENSE or COPYING file.
The information contained in these files id merged and applied to the directory entry that contain them.
I.e files like:
foo_comp/README: (c) 2018 Joe, GPL-2 foo_comp/LICENSE: (c) 2017 Max, GPL-3
yield the following copyright entries:
foo_comp/*: Copyright: 2018 Joe 2019 Max License: GPL-2 or GPL-3 README: Copyright: 2018 Joe License: GPL-2
Selecting or ignoring files to scan¶
By default, scanner scans source files with known suffixes (like .c .pl ...), README, scripts and skip backup files.
If needed, this behavior can tuned with "debian/copyright-scan-patterns.yml" file. This YAML file contains a list of suffixes or patterns to scan or to ignore that are added to the default list. Any file that is not scanned or ignored will be shown as "skipped".
This file must have the following structure (all fields are optional and order does not matter):
--- check : suffixes : - PL # check .PL$ - asm pattern: - /README$ ignore : suffixes : - yml pattern : - /t/ - /models/ - /debian/ - /Changes
Do not specify the dot with the suffixes. This will be added by the scanner.
Note that a file that match both "check" and "ignore" pattern is ignored.
Filling the blanks¶
Sometimes, upstream coders are not perfect: some source files cannot be parsed correctly or some legal information is missing.
All scanned files, even without copyright or license will be used. A warning will be shown for each file with missing information.
Instead of patching upstream source files to fill the blank, you can specify the missing information in a special file. This file is "debian/fill.copyright.blanks.yml". It should contain a "mapping" YAML structure (i.e. a hash), where the key is a Perl pattern used to match a path.
If the source of the package contains a lot of files without legal information, you may need to specify there information for a whole directory (See the "/src" dir in the example below).
--- debian: copyright: 2015, Marcel license: Expat src/: copyright: 2016. Joe license: Expat share/pkgs/openSUSE/systemd/onedsetup: copyright: 2015, Marcel share/vendor/ruby/gems/rbvmomi/lib/rbvmomi.*\.rb: license: Expat .*/NOTICE: skip: 1 share/websockify/: license: LGPL-2 src/sunstone/: license: Apache-2.0 src/garbled/: 'override-copyright': 2016 Marcel MeXzigue
Patterns are matched from the beginning a path. I.e. "share/websockify/" pattern will match "share/websockify/foo.rb" but will not match "web/share/websockify/foo.rb".
Patterns are tried in reversed sorted order. I.e. the data attached to more specific path (e.g. "3rdparty/foo/blah.c") are applied before more generic patterns (e.g. "3rdparty/foo/"
The "license" key must contain a license short name as returned by "license_check".
When "skip" is true, the file is skipped like a file without any information.
The "override-copyright" and "override-license" keys can be used to ignore the copyright information coming from the source and provide the correct information. Use this as last resort for instance when the encoding of the owner is not ascii or utf-8 or when the license data is corrupted. Note that a warning will be shown each time an override key is used.
Print copyright information on STDOUT like scan-copyrights.
scan_files ( %args )¶
Return a data structure with copyright and license information.
The structure is a list of list:
[ [ [ path1 ,path2, ...], copyright, license_short_name ], ... ]
[ [ [ '*' ], '1994-2001, by Frank Pilhofer.', 'GPL-2+' ], [ [ 'pan/*' ], '2002-2006, Charles Kerr <email@example.com>', 'GPL-2' ], [ [ 'pan/data/parts.cc', 'pan/data/parts.h' ], '2002-2007, Charles Kerr <firstname.lastname@example.org>', 'GPL-2' ], ]
Parameters in %args:
- set to 1 to suppress progress messages. Should be used only in tests.
The output of licensecheck is expected to be utf-8. Which means that the source files scanned by licensecheck should also be encoded in utf-8. This program will abort if invalid utf-8 characters are found.
Extracting license and copyright data from unstructured comments is not reliable. User must check manually the files when no copyright info is found or when the license is unknown.
Source files are assumed to be utf8 (or ascii). Using files with invalid characters will break "cme". In this case, you can:
- Patch source files to use utf-8 encoding.
- Use the "fill copyright blank" mechanism described above with "copyright-override" to provide an owner name with the correct encoding.
- File a bug against licensecheck package to find a better solution.
licensecheck, "licensecheck2dep5" from "cdbs" package
Dominique Dumont <email@example.com>