Hi, On Thu, 2024-02-08 at 10:43 +0100, Dominik 'Rathann' Mierzejewski wrote: > > Right, thanks for that. But the branch I posted has had some work > > unbundling a number of items. > > > > But mainly I was looking for confirmation that I do need to list all > > of the licenses of all of the third_party code. > > > > I think https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ > > could be clearer on this point. > > One way of finding out which source files end up in the binary package > is inspecting the corresponding -debugsource package. You could even > install/extract its contents and run licensecheck on that tree. Note that might both miss any sources embedded through build- dependencies and might have too many sources if you are using license tags for the binaries in each sub-packages since it bundles all sources for all binaries in all sub-packages. Using some elfutils tools you could get a more exact list using something like: $ dnf install <sub-package> $ dnf builddep <sub-package> $ dnf debuginfo-install <sub-package> $ for i in `rpm -ql <sub-package>`; \ do eu-elfclassify --elf --file $i; \ if [ $? -eq 0 ]; then eu-srcfiles --exec $i; fi; done | sort -u \ | xargs licensecheck --shortname-scheme spdx | cut -f2- -d: \ | sort -u | sed -z -e 's/\n / AND /g' (A newer, not yet released, version of eu-srcfiles should also be able to create a zip file of all the sources gotten through debuginfod.fedoraproject.org, so you don't need to install the builddep and debuginfo locally.) Cheers, Mark -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
