Hi,
On Thu, 2024-02-08 at 10:43 +0100, Dominik 'Rathann' Mierzejewski
wrote:
> Right, thanks for that. But the branch I posted has had some
work
> unbundling a number of items.
>
> But mainly I was looking for confirmation that I do need to list all
> of the licenses of all of the third_party code.
>
> I think
https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidel...
> could be clearer on this point.
One way of finding out which source files end up in the binary package
is inspecting the corresponding -debugsource package. You could even
install/extract its contents and run licensecheck on that tree.
Note that might both miss any sources embedded through build-
dependencies and might have too many sources if you are using license
tags for the binaries in each sub-packages since it bundles all sources
for all binaries in all sub-packages. Using some elfutils tools you
could get a more exact list using something like:
$ dnf install <sub-package>
$ dnf builddep <sub-package>
$ dnf debuginfo-install <sub-package>
$ for i in `rpm -ql <sub-package>`; \
do eu-elfclassify --elf --file $i; \
if [ $? -eq 0 ]; then eu-srcfiles --exec $i; fi; done | sort -u \
| xargs licensecheck --shortname-scheme spdx | cut -f2- -d: \
| sort -u | sed -z -e 's/\n / AND /g'
(A newer, not yet released, version of eu-srcfiles should also be able
to create a zip file of all the sources gotten through
debuginfod.fedoraproject.org, so you don't need to install the builddep
and debuginfo locally.)
Cheers,
Mark