Scroll to navigation

Dpkg::Copyright::Scanner(3pm) User Contributed Perl Documentation Dpkg::Copyright::Scanner(3pm)

NAME

 Dpkg::Copyright::Scanner - Scan files to provide copyright data

SYNOPSIS

 use Dpkg::Copyright::Scanner qw/print_copyright scan_files/;
 # print copyright data on STDOUT
 print_copyright;
 # return a data structure containing copyright information
 my @copyright_data = scan_files();

DESCRIPTION

This modules scans current package directory to extract copyright and license information. Information are packed in a way to ease review and maintenance. Files information is grouped with wildcards ('*') to reduce the list of files.

About LICENSE and README files

Projects often store global copyright information, i.e. information that apply to all files of a project (unless specified otherwise in some files) in README or LICENSE or COPYING file.

The information contained in these files id merged and applied to the directory entry that contain them.

I.e files like:

 foo_comp/README: (c) 2018 Joe, GPL-2
 foo_comp/LICENSE: (c) 2017 Max, GPL-3

yield the following copyright entries:

 foo_comp/*:
 Copyright: 2018 Joe
   2019 Max
 License: GPL-2 or GPL-3
 README:
 Copyright: 2018 Joe
 License: GPL-2

Selecting or ignoring files to scan

By default, scanner scans source files with known suffixes (like .c .pl ...), README, scripts and skip backup files.

If needed, this behavior can tuned with "debian/copyright-scan-patterns.yml" file. This YAML file contains a list of suffixes or patterns to scan or to ignore that are added to the default list. Any file that is not scanned or ignored will be shown as "skipped".

This file must have the following structure (all fields are optional and order does not matter):

 ---
 check :
   suffixes :
     - PL       # check .PL$
     - asm
   pattern:
     - /README$
 ignore :
   suffixes :
     - yml
   pattern :
     - /t/
     - /models/
     - /debian/
     - /Changes

Do not specify the dot with the suffixes. This will be added by the scanner.

Note that a file that match both "check" and "ignore" pattern is ignored.

Filling the blanks

Sometimes, upstream coders are not perfect: some source files cannot be parsed correctly or some legal information is missing.

All scanned files, even without copyright or license will be used. A warning will be shown for each file with missing information.

Instead of patching upstream source files to fill the blank, you can specify the missing information in a special file. This file is "debian/fill.copyright.blanks.yml". It should contain a "mapping" YAML structure (i.e. a hash), where the key is a Perl pattern used to match a path.

If the source of the package contains a lot of files without legal information, you may need to specify there information for a whole directory (See the "/src" dir in the example below).

For instance:

 ---
 debian:
   copyright: 2015, Marcel
   license: Expat
 src/:
   copyright: 2016. Joe
   license: Expat
 share/pkgs/openSUSE/systemd/onedsetup:
   copyright: 2015, Marcel
 share/vendor/ruby/gems/rbvmomi/lib/rbvmomi.*\.rb:
   license: Expat
 .*/NOTICE:
   skip: 1
 share/websockify/:
   license: LGPL-2
 src/sunstone/:
   license: Apache-2.0
 src/garbled/:
   'override-copyright': 2016 Marcel MeXzigue

Patterns are matched from the beginning a path. I.e. "share/websockify/" pattern will match "share/websockify/foo.rb" but will not match "web/share/websockify/foo.rb".

Patterns are tried in reversed sorted order. I.e. the data attached to more specific path (e.g. "3rdparty/foo/blah.c") are applied before more generic patterns (e.g. "3rdparty/foo/"

The "license" key must contain a license short name as returned by "license_check".

When "skip" is true, the file is skipped like a file without any information.

The "override-copyright" and "override-license" keys can be used to ignore the copyright information coming from the source and provide the correct information. Use this as last resort for instance when the encoding of the owner is not ascii or utf-8 or when the license data is corrupted. Note that a warning will be shown each time an override key is used.

METHODS

Print copyright information on STDOUT like scan-copyrights.

scan_files ( %args )

Return a data structure with copyright and license information.

The structure is a list of list:

 [
   [
     [ path1 ,path2, ...],
     copyright,
     license_short_name
   ],
   ...
 ]

Example:

 [
  [
    [ '*' ],
    '1994-2001, by Frank Pilhofer.',
    'GPL-2+'
  ],
  [
    [ 'pan/*' ],
    '2002-2006, Charles Kerr <charles@rebelbase.com>',
    'GPL-2'
  ],
  [
    [
      'pan/data/parts.cc',
      'pan/data/parts.h'
    ],
    '2002-2007, Charles Kerr <charles@rebelbase.com>',
    'GPL-2'
  ],
 ]

Parameters in %args:

set to 1 to suppress progress messages. Should be used only in tests.
set to 1 to avoid squashing copyright ids. Useful to avoid output with wild cards.

Encoding

The output of licensecheck is expected to be utf-8. Which means that the source files scanned by licensecheck should also be encoded in utf-8. This program will abort if invalid utf-8 characters are found.

BUGS

Extracting license and copyright data from unstructured comments is not reliable. User must check manually the files when no copyright info is found or when the license is unknown.

Source files are assumed to be utf8 (or ascii). Using files with invalid characters will break "cme". In this case, you can:

  • Patch source files to use utf-8 encoding.
  • Use the "fill copyright blank" mechanism described above with "copyright-override" to provide an owner name with the correct encoding.
  • File a bug against licensecheck package to find a better solution.

SEE ALSO

licensecheck, "licensecheck2dep5" from "cdbs" package

AUTHOR

Dominique Dumont <dod@debian.org>

2021-10-17 perl v5.32.1