我正在尝试自动获取 Debian 发行版中已安装软件包的许可证列表。我是通过扫描版权文件来做到这一点的,/usr/share/doc/如几个问题的答案中所解释的,例如这和这。
但是,我不知道如何处理包包含不同二进制文件的情况,这些二进制文件单独安装但共享相同的版权文件。在这种情况下,版权文件包括不同的文件节但不明确设备上安装了哪些文件,也不清楚哪个包安装这些文件。
例如,有 libmodbus 的例子。
根据 Debian 跟踪器, libmodbus 是一个包含两个二进制文件的包:libmodbus5和libmodbus-dev。如果libmodbus5安装了,内容/usr/share/doc/libmodbus5/copyright如下:
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: libmodbus
Upstream-Contact: Stéphane Raimbault <[email protected]>
Source: http://www.libmodbus.org/
Files: *
Copyright:
2008-2014 Stéphane Raimbault <[email protected]
License: LGPL-2.1+
Files: debian/*
Copyright:
2008-2011 Stéphane Raimbault <[email protected]>
2011-2014 Ivo De Decker <[email protected]>
License: LGPL-2.1+
Files: tests/*
Copyright:
2008-2014 Stéphane Raimbault <[email protected]>
License: GPL-3+
License: LGPL-2.1+
This library is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by the
Free Software Foundation; either version 2.1 of the License, or (at your
option) any later version.
.
This library is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License
for more details.
.
You should have received a copy of the GNU Lesser General Public License
along with this library; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
.
On Debian systems, the complete text of the GNU General Public License
can be found in /usr/share/common-licenses/LGPL-2.1
License: GPL-3+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General Public License
version 3 can be found in "/usr/share/common-licenses/GPL-3".
也就是说,主许可证是,LGPL-2.1+但tests文件夹中文件的许可证是GPL-3+.但是,尚不清楚我是否已安装这些文件,因此该许可证是否适用于我的安装。
我能想到的查明这些文件是否安装在我的设备上的唯一方法是检查安装描述文件代码存储库,在 Debian 跟踪器中链接。然而,这种方法远非自动化,并且不容易找到所有包中二进制文件的安装描述文件。
有没有办法自动检查版权文件中的哪些许可证适用于我的设备上安装的二进制文件?
答案1
没有通用的自动方法来确定给定二进制文件(或二进制包,我的印象是您的问题涉及后者)的许可证。copyrightDebian 附带的文件描述了来源包,而不是二进制包的最终许可证。这些File:节适用于源树中的文件,而不是二进制文件中的文件(因此将它们与.install文件匹配没有帮助)。
在某些情况下,可以自动推导二进制包的许可证:简单地说,如果文件中有单个许可证copyright,则该许可证完全适用于二进制包(以及其中包含的二进制文件)。当应用不同的许可证时,您必须确定它们所应用的文件是否实际最终出现在构建中。这可以在某种程度上实现自动化;您可以执行仅二进制构建,无需测试,并检查读取了哪些文件以及适用于它们的许可证。在这种libmodbus情况下,测试文件的许可证很可能不会影响生成的二进制文件,但如果没有进一步分析,就无法保证这一点(我见过一些项目最终使用了一些“测试”)代码在其主代码中)。