Bug#1033406: licensecheck: scan-copyrights fails to create copyright file for texlive-extra

Fri Mar 24 14:39:09 GMT 2023

Hi Vignesh,

Quoting Vignesh Raman (2023-03-24 15:08:53)
> scan-copyrights is unable to create the copyright file when using texlive-extra sources (https://deb.debian.org/debian/pool/main/t/texlive-extra/texlive-extra_2020.20210202-3.dsc).

As you most likely know, but mentioning for reference, the script
scan-copyrights is part of libconfig-model-dpkg-perl (not licensecheck).

> It appears that the following files may be causing the issue:
> ./texmf-dist/fonts/type1/public/baskervillef/BaskervilleF-Bold.pfb
> ./texmf-dist/fonts/type1/public/baskervillef/BaskervilleF-BoldItalic.pfb
> ./texmf-dist/tex/latex/exp-testopt/exp-testopt.sty
> 
> Removing these files prevents the program from crashing, but individual runs of licensecheck on
> these files do not result in any issues. This issue has been observed with libconfig-model-dpkg-perl versions 2.143 and 2.165,
> licensecheck version 3.1.1-2 and 3.3.5-1. This issue is not consistently reproducible.

Please try isolate the exact licensecheck command that scan-copyrights
executes (e.g. by hacking that script to print to stderr before
executing).

When that exact command - including options and arguments - is known, we
can move on to examine why the failure isn't deterministic.

> scan-copyrights crashes because the output from licensecheck looks invalid.
> licensecheck tries to parse the binary file (pfb) and returns invalid data.

Yes, licensecheck does not (in its current form) support non-text
sources at all.  That is not a bug but a limitation of the tool - i.e.
at most a wishlist issue.

Your mentioning above that licensecheck failing is "not consistently
reproducible" is another bug that is more serious, however: Licensecheck
should - with same version also of its libraries - behave the same at
each execution.

So it would be helpful to me, independent of the issue of not parsing
binary data - if you can help isolate the command which is unreliable.

> As per the comment in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828941, it is mentioned,
> For use right now, I recommend to combine licensecheck with helper 
> scripts part of cdbs (but *not* build-depend on or otherwise use cdbs).  
> For examples of using those helper scripts to pre-parse some binary 
> files and skip select other ones, while not accidentally silencing later 
> introduced unknown types of files, see file debian/copyright-check in 
> the source code of ghostscript (or pandoc or valentina), and the files 
> /usr/lib/cdbs/license-miner and /usr/lib/cdbs/licensecheck2dep5 in 
> package cdbs.
> 
> Please let me know if this recommendation can be followed or if there are any other fixes for this issue.

It is unclear what you are referring to as "this issue": What you
summarise in the subject of this bugreport strictly speaking is an issue
with libconfig-model-dpkg-perl, and above I have mentioned 2 potential
underlying issues that might be your main concern here (as I assume you
deliberately chose to file this bugreport against licensecheck).

If you are not really reporting a new issue here, but instead are asking
for best practice of using licensecheck with sources that include binary
data, then my most up-to-date notes on that is here:
https://wiki.debian.org/CopyrightReviewTools#licensecheck

Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20230324/b0c99583/attachment.sig>