On Wed, Jun 16, 2021 at 04:19:43PM +0200, Michael Olbrich wrote: > > +Adding license files to PTXdist package rules > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > + > > +The SPDX license identifier of the package goes into the ``<PKG>_LICENSE`` > > +variable in the respective package rule file. > > +All relevant files identified in the steps above are then added to the > > variable ``<PKG>_LICENSE``, > > +including a checksum so that PTXdist complains when they change. > > + > > +Example: > > + > > +.. code-block:: make > > + :caption: ddrescue.make > > + > > + DDRESCUE_LICENSE := GPL-2.0-or-later AND BSD-2-Clause > > + DDRESCUE_LICENSE_FILES := \ > > + file://COPYING;md5=76d6e300ffd8fb9d18bd9b136a9bba13 \ > > + > > file://main.cc;startline=1;endline=16;md5=a01d61d3293ce28b883d8ba0c497e968 \ > > + > > file://arg_parser.cc;startline=1;endline=18;md5=41d1341d0d733a5d24b26dc3cbc1ac42 > > + > > +See the section :ref:`package_specific_variables` for more information > > about > > +the syntax of those two variables. > > + > > +The MD5 sum for a block of lines can be generated with sed's ``p`` (print) > > +command applied to a range of lines. > > +For the example above, lines 1 to 16 of main.cc would be:: > > + > > + $ sed -n 1,16p main.cc | md5sum - > > + a01d61d3293ce28b883d8ba0c497e968 > > + > > +If the copyright statement contains a string of years, leave those lines > > out for > > +the calculation of the checksum, as an added year does not change the > > license > > +(in fact, not even a single year is needed for the license to be valid), > > +but only makes package version updates more cumbersome. > > I think, this is not quite clear or incorrect. For me, a 'copyright > statement' is something like this: > > Copyright (C) 2013 by Michael Olbrich <[email protected]> > > And for many licenses, this must not be removed. So omitting those lines is > wrong.
Hmmmm, yes, that makes sense to me too. I guess the reasoning was that the year could be updated every year, so the license MD5 will change too and needs updating. But yes, GPL actually demands that the copyright lines stay in place. I'll rephrase that paragraph to include the copyright statement, the license statement and (if present) the license text in the _LICENSE_FILES variable. Having to bump license MD5s is a smaller evil compared to delivering incomplete data. - Roland > In some cases the copyright header in a file contains lines with only the > year. Maybe those can be skipped. But they are pretty rare. > > The rest looks good to me. > > Michael -- Roland Hieber, Pengutronix e.K. | [email protected] | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list [email protected] To unsubscribe, send a mail with subject "unsubscribe" to [email protected]
