Bug#1033406: licensecheck: scan-copyrights fails to create copyright file for texlive-extra

Vignesh Raman vignesh.raman at collabora.com
Fri Mar 24 14:08:53 GMT 2023 

Package: licensecheck
Version: 3.3.5-1
Severity: normal
Tags: upstream
X-Debbugs-Cc: vignesh.raman at collabora.com

Dear Maintainer,

scan-copyrights is unable to create the copyright file when using texlive-extra sources (https://deb.debian.org/debian/pool/main/t/texlive-extra/texlive-extra_2020.20210202-3.dsc).

The below program crashes,
#!/usr/bin/env python3

import sh

scan_copyrights = sh.Command('scan-copyrights')

def main():
    try:
        scan_copyrights()
    except sh.ErrorReturnCode as e:
        print("An error occurred:", e.stderr, file=sys.stderr)
        sys.exit(1)
    except Exception as e:
        print("An unknown error occurred:", e, file=sys.stderr)
        sys.exit(1)

if __name__ == '__main__':
    main()

Output:
raise exc
sh.ErrorReturnCode_255: 
RAN: /usr/bin/scan-copyrights

It appears that the following files may be causing the issue:
./texmf-dist/fonts/type1/public/baskervillef/BaskervilleF-Bold.pfb
./texmf-dist/fonts/type1/public/baskervillef/BaskervilleF-BoldItalic.pfb
./texmf-dist/tex/latex/exp-testopt/exp-testopt.sty

Removing these files prevents the program from crashing, but individual runs of licensecheck on
these files do not result in any issues. This issue has been observed with libconfig-model-dpkg-perl versions 2.143 and 2.165,
licensecheck version 3.1.1-2 and 3.3.5-1. This issue is not consistently reproducible.

scan-copyrights crashes because the output from licensecheck looks invalid.
licensecheck tries to parse the binary file (pfb) and returns invalid data.

As per the comment in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828941, it is mentioned,
For use right now, I recommend to combine licensecheck with helper 
scripts part of cdbs (but *not* build-depend on or otherwise use cdbs).  
For examples of using those helper scripts to pre-parse some binary 
files and skip select other ones, while not accidentally silencing later 
introduced unknown types of files, see file debian/copyright-check in 
the source code of ghostscript (or pandoc or valentina), and the files 
/usr/lib/cdbs/license-miner and /usr/lib/cdbs/licensecheck2dep5 in 
package cdbs.

Please let me know if this recommendation can be followed or if there are any other fixes for this issue.

Thank you.

Regards,
Vignesh

-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-6-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages licensecheck depends on:
ii  libfeature-compat-class-perl    0.05-1
ii  libfeature-compat-try-perl      0.05-1
ii  libio-interactive-perl          1.023-2
ii  liblist-someutils-perl          0.59-1
ii  liblog-any-adapter-screen-perl  0.140-2
ii  liblog-any-perl                 1.713-1
ii  libnamespace-clean-perl         0.27-2
ii  libpath-iterator-rule-perl      1.015-2
ii  libpath-tiny-perl               0.144-1
ii  libpod-constants-perl           0.19-2
ii  libstrictures-perl              2.000006-1
ii  libstring-copyright-perl        0.003014-1
ii  libstring-escape-perl           2010.002-3
ii  libstring-license-perl          0.0.2-1
ii  perl                            5.36.0-7

Versions of packages licensecheck recommends:
ii  libregexp-pattern-license-perl  3.9.4-3

Versions of packages licensecheck suggests:
ii  bash-completion  1:2.11-6

-- no debconf information

More information about the pkg-perl-maintainers mailing list