Apache-2.0 missing from common-licenses

Bug #247082 reported by Thierry Carrez on 2008-07-09
4
Affects Status Importance Assigned to Milestone
base-files (Ubuntu)
Low
Thierry Carrez

Bug Description

Binary package hint: base-files

Debian base-files 4.0.4 added the Apache-2.0 license to common-licenses. This triggers two problems :
- the intrepid lintian reports errors for all packages that quote that license in debian/copyright (could be ignored)
- in intrepid we may have synced packages from Debian that reference a missing file in debian/copyright (bad)

We should fix it either by adding the Apache-2.0 license to common-licenses, or merging 4.0.4 with our version.

Related branches

Thierry Carrez (ttx) wrote :

Debdiff for a new release adding the missing license.
Let me know if you prefer a complete merge with Debian base-files 4.0.4.

Changed in base-files:
assignee: nobody → tcarrez
status: New → In Progress
Steve Langasek (vorlon) wrote :

During the development phase, I think it's always preferable to do a merge with Debian than to cherry-pick changes unless we know of a specific reason that the Debian changes are unsuitable.

I don't see anything unsuitable in the base-files 4.0.4 changelog; can you please prepare this as a merge?

Thierry Carrez (ttx) wrote :

Debdiff from last Ubuntu version to merged version

base-files (4.0.4) unstable; urgency=low

  * Added Apache-2.0 to common-licenses. Closes: #471736.
    Retrieved from http://www.apache.org/licenses/LICENSE-2.0.txt.
  * Fixed typo in README.base. Closes: #475201.

 -- Santiago Vila <email address hidden> Sun, 18 May 2008 16:26:00 +0200

base-files (4.0.3) unstable; urgency=low

  * Added md5sums. Closes: #464479.
  * Do not create /initrd at install time anymore. Closes: #467429.

 -- Santiago Vila <email address hidden> Tue, 11 Mar 2008 11:04:00 +0100

base-files (4.0.2) unstable; urgency=low

  * Changed default /root/.profile so that it sources /root/.bashrc only
    if the shell is bash. Closes: #364326.

 -- Santiago Vila <email address hidden> Mon, 19 Nov 2007 19:04:10 +0100

Thierry Carrez (ttx) wrote :

Debdiff from Debian version to merged version

base-files (4.0.4ubuntu1) intrepid; urgency=low

  * Merge from debian unstable (LP: #247082), remaining changes:
    - Branding changes.
    - Add /etc/lsb-release file.
    - Add lsb-release-udeb package.
    - Record md5sums of unmodified /etc/profile versions so that we can
      upgrade it automatically.
    - Various bashrc extensions.
    - Restore order line in /etc/host.conf with a comment.
    - Add default /etc/networks file.
    - Implement LSB-3.1, 16.2 (/etc/profile.d)
    - Added information about the docs web page
    - Update the motd upgrade handling to know about /etc/motd.tail

 -- Thierry Carrez <email address hidden> Wed, 06 Aug 2008 14:41:28 +0200

Thierry Carrez (ttx) wrote :

Steve: let me know if you don't have time to sponsor the merge, I would then subscribe the relevant team.

Changed in base-files:
importance: Undecided → Low
status: In Progress → Triaged
Steve Langasek (vorlon) wrote :

Hi Thierry,

A few comments on the resulting debdiff; none of these are issues that you've introduced, but as long as we're merging (sorry, I know that was my idea :), I think they should be addressed.

--- base-files-4.0.4/debian/postinst 2008-03-11 11:02:27.000000000 +0100
+++ base-files-4.0.4ubuntu1/debian/postinst 2008-05-19 00:44:17.000000000 +0
200
@@ -5,8 +5,8 @@
   if [ ! -d $1 ]; then
     mkdir -p $1
   fi
- chown root:staff $1 2> /dev/null || true
- chmod 2775 $1 2> /dev/null || true
+ #chown root:staff $1 2> /dev/null || true
+ #chmod 2775 $1 2> /dev/null || true
 }

 install_from_default() {

This change is not documented in the current changelog entry; it looks like it was dropped somewhere along the line. The original changelog description is this:

base-files (3.1.0ubuntu2) hoary; urgency=low

  * debian/postinst: Do not install /usr/local and subdirectories with "staff"
    group writeability. This group is essentially root-equivalent, but there
    are cases where somebody can become any user but root (like NFS).

Could you summarize this for the current changelog entry as one of the 'remaining changes'?

This change:

@@ -70,6 +71,7 @@
   if [ ! -L /var/mail ] && [ ! -d /var/mail ]; then
     ln -sf spool/mail /var/mail
   fi
+ install_from_default /usr/share/base-files/networks /etc/networks
 fi

 preserve_directory floppy

forces the creation of /etc/networks on /every/ upgrade of the package. Since anyone who has upgraded to feisty or later will have had this file created already, we shouldn't need to keep this delta. I think it should be dropped.

+if [ "$2" = 4.0.1ubuntu3 ]; then
+ if [ -f /etc/motd ] && [ ! -L /etc/motd ] && [ -L /etc/motd.old ]; then
+ rm /etc/motd
+ mv /etc/motd.old /etc/motd
+ fi
+fi

This is also transitional code, for a hardy pre-release version of base-files, that I think should be dropped.

+ifeq ($(shell dpkg-architecture -qDEB_BUILD_ARCH),amd64)
+ sed -i -e 's/^Depends:/Depends: libc6 \(>= 2.4-1ubuntu3\),/' \
+ debian/tmp/DEBIAN/control
+endif

I unfortunately can't find any reason documented in the changelog for this change; and glibc 2.4-1ubuntu3 was superseded by a later debian sync, so changelog archaeology there also gives me no ideas. I think this code should *probably* be dropped on the grounds that this is a transitional depends only, but it's difficult for me to say for sure.

Could you provide an updated debdiff addressing these points? On the last point in particular, I'm probably willing to go along with whatever you decide is best here.

Thierry Carrez (ttx) wrote :

Thanks for those complete comments.
Here is the new debdiff from last Ubuntu version to merged version...

Thierry Carrez (ttx) wrote :

...and the new debdiff from Debian version to merged version.

base-files (4.0.4ubuntu1) intrepid; urgency=low

  * Merge from debian unstable (LP: #247082), remaining changes:
    - Branding changes
    - Add /etc/lsb-release file
    - Add lsb-release-udeb package
    - Record md5sums of unmodified /etc/profile versions so that we can
      upgrade it automatically
    - Various bashrc extensions
    - Restore order line in /etc/host.conf with a comment
    - Add default /etc/networks file
    - Implement LSB-3.1, 16.2 (/etc/profile.d)
    - Added information about the docs web page
    - Update the motd upgrade handling to know about /etc/motd.tail
    - Do not install /usr/local dirs with staff group writeability, as there
      are cases where somebody can become any user but root (like NFS)
  * Dropped changes (transitional code):
    - Add default /etc/networks file on upgrade
    - Fix 4.0.1ubuntu3 motd upgrade
    - On amd64, depend on a libc6 that ships /lib64 to avoid broken upgrades

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package base-files - 4.0.4ubuntu1

---------------
base-files (4.0.4ubuntu1) intrepid; urgency=low

  * Merge from debian unstable (LP: #247082), remaining changes:
    - Branding changes
    - Add /etc/lsb-release file
    - Add lsb-release-udeb package
    - Record md5sums of unmodified /etc/profile versions so that we can
      upgrade it automatically
    - Various bashrc extensions
    - Restore order line in /etc/host.conf with a comment
    - Add default /etc/networks file
    - Implement LSB-3.1, 16.2 (/etc/profile.d)
    - Added information about the docs web page
    - Update the motd upgrade handling to know about /etc/motd.tail
    - Do not install /usr/local dirs with staff group writeability, as there
      are cases where somebody can become any user but root (like NFS)
  * Dropped changes (transitional code):
    - Add default /etc/networks file on upgrade
    - Fix 4.0.1ubuntu3 motd upgrade
    - On amd64, depend on a libc6 that ships /lib64 to avoid broken upgrades

 -- Thierry Carrez <email address hidden> Fri, 08 Aug 2008 10:02:16 +0200

Changed in base-files:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers