Hello everybody out there packaging for Ubuntu and Debian
I’m doing a (free) packaging script (just a hobby, won’t be big and professional like gnu) for Ubuntu and Debian packagers. This has been brewing since June, and is starting to get ready. I’d like any feedback on things people like/dislike in licensecheck or decopy, as my script resembles it somewhat (same purpose and uses them (due to practical reasons) among other things).
Ok, that was all tongue-in-cheek. But seriously, I have a few motivations for this.
As a software packager for Ubuntu and Debian packages, one of the most painstaking things we do is create the debian/copyright file for each package. It must account for every single file in the package, its copyright, and the license under which the file is released as part of the source package. While globbing is allowed, for small packages, this can take hours. For large packages, this can take days.
My thought was simple: there’s a pattern to it, and it can, indeed, be automated, but automated tools like licensecheck and decopy miss the mark by a mile, creating what only really amounts to a template at best. While this does, indeed, help the packager to understand the licenses used in the project they are attempting to package, there are certainly still ways to automate that and even whether or not licenses are compatible with each other combined in binary form.
With that, I present copyright-audit, a command-line tool for packagers and reviewers, such as sponsors and archive administrators alike. It uses scantool to search for file metadata, headers, and such in order to determine the copyright date, license, and holder for each file. It then figures out the most appropriate grouping for each one, adds copyright stubs for licenses in /usr/share/common-licenses, retrieves whole license text for licenses not included in /usr/share/common-licenses, figures out the source (if able), and does one of three things:
- generates a complete
debian/copyrightfile, - checks if a
debian/copyrightfile has issues (and offers to fix it), or - alerts a reviewer of any issues, including incompatible licenses.
It is packaged as a snap as scancode, one of its integral components, is not available in the Ubuntu repositories. It can be installed via sudo snap install –channel latest/edge copyright-audit. Bear in mind, there’s a lot of fixes that need to happen, so feel free to test it and report back.
I’d like feedback filed at https://eeickmeyer/copyright-audit/issues, and feel free to look over the code. Thanks for checking it out, and “happy hacking”.
Minor disclaimer: after beating my head against the wall with this, I finally decided to try something. That said, development of this was assisted by an AI LLM, but in no way was it started or completely written by it.