Hi, Quoting Paul Wise (2016-08-10 05:12:55) > The only possible way to solve this in general terms is, accurate document > the copyright/license of the source package using the machine-readable format > and during builds, track the transformation of input files in the source > package to output files in the binary package and then generate the > copyright/license information for the binary package based on which input > files from which source/binary packages ended up in the new binary package.
in the past I investigated this problem myself as well. I came to the conclusion that with the current available techniques it is impossible to reliable trace process execution and system calls in all scenarios (i.e. for all source package) and without a way to reliably (and automatically) figure out for which source packages it does work. Thus I gave up and asked this question: http://unix.stackexchange.com/questions/188849/how-to-reliably-and-transparently-trace-process-execution Helmut also once wrote a proof of concept that tackled the problem of generating linearized build logs but also ran into the problem that his approach failed if events happened too fast. Using ptrace we could today write a program that analyzes our builds (on Linux) and generates the required information to extract copyright information and a bunch of more useful and interesting data. Unfortunately this would not work for all source packages in the archive as a ptraced process cannot execute ptrace themselves. Maybe this problem could be alleviated by running source package builds with nocheck as I would expect ptrace being mainly used in test cases and not during the real build. Reproducible builds could also be used to make sure that a ptraced build produced the same binary packages as a non-ptraced build. Unfortunately, because of the involved limitations, I gave up on the project. Thanks! cheers, josch
signature.asc
Description: signature
