-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
include copyright information for locally built dependencies #270
Comments
Right now, the deployment of copyright data is supported only on Debian and makes use of Debian's package management tools. I don't see a generic solution for self-provided libraries. Is there any reason not to just copy those files to the AppDir yourself? We could brainstorm about a linuxdeploy plugin that handles additional copyright files, but, again, I'm not sure there's a generic solution. I don't even think CMake and its friends could be utilized for this... |
The first reason is that I like the structured approach which I see right now from the automatic extraction with a standardized process. I suppose the resulting 'copyright' files might even be machine-readable, and they all look uniform. What I find as copyright information in the libraries I use is in varying formats (e.g. .md files or plain text), and I'm unsure as to how to format them to comply with their diverse license requirements. There is a set of tools - see e.g. this list which can be used for automatic licensing/copyright extraction from entire project folders, but so far I haven't found a solution to my liking. The second reason is the necessity to do such a thing in the first place: I saw that I could build appimages with linuxdeploy, it made working appimages but it did not initially occur to me that distributing the resulting appimages can be a breach of the license agreement if the appimage does not contain license information for a library it incorporates, which seems to be the case for every library which isn't installed via a debian package. There are the warnings in the output, but they are easy to overlook, considering the large number of libraries which may be involved. |
@TheAssassin, are you sure your copyright extraction code is doing the right thing? I dug a bit deeper and followed some of the warnings which told me that copyright information could not be found with dpkg-query, and it looks like the lookup failed, even though the copyright information is actually present. For this test, I worked on a debian12 system. I used this linuxdeploy:
But when I build an AppImage with linuxdeploy, I get the warning that it can't find copyright information:
Maybe there is something amiss with the arguments you pass to dpkg-query? If there are only a few dependencies where copyright information can't be found, I could maybe live with copying them manually into the AppDir, but for the application I am currently working on, I get 57 misses, which is a bit excessive. |
Recently, I tentatively added OpenImageIO support to my project - an image and panorama viewer. OpenImageIO is quickly evolving, and the package shipping with Ubuntu 20.04 is missing several features I'd like to see in the AppImage. So I built OpenImageIO from source and installed to /usr/local. Then I built the appimage and scanned the AppDir to see if the copyright for OpenImageIO was present - it wasn't. A bit of digging revealed that the copyright information is gathered by using dpkg-query - but that would only produce copyright information for packages which are installed on the system with the package manager. When I looked at the output of the build process, I noticed quite a few more WARNING messages - likely due to the fact that I also built some of OpenImageIO's dependencies from source (stuff like OpenVC and openexr).
Nevertheless, I got an AppImage which works just fine - the libraries and binary are all there - but OpenImageIO, for example, is now licensed under Apache 2 which requires people who distribute it in object format to 'give' a copy of the license to the recipient, and distributing an AppImage is certainly distributing the library in object form.
So I'm a bit at a loss what to do. I imagine I could try and gather all the copyright and licensing information 'manually' and somehow incorporate it into the AppDir, but that kind of defeats the purpose of having a tool which automates the process. Can someone here give me advice on how to get the copyright info into the AppImage?
The text was updated successfully, but these errors were encountered: