[Buildroot] [PATCH 1/1] package/python-bsdiff4: new packge

[Buildroot] [PATCH 1/1] package/python-bsdiff4: new packge

[Asaf Kahlon]

binary diff and patch using the BSDIFF4-format.

License file isn't shipped with the package, so PKG-INFO
is used instead.

Signed-off-by: Asaf Kahlon <asafka7@gmail.com>
---
 package/Config.in                          |  1 +
 package/python-bsdiff4/Config.in           |  8 ++++++++
 package/python-bsdiff4/python-bsdiff4.hash |  5 +++++
 package/python-bsdiff4/python-bsdiff4.mk   | 14 ++++++++++++++
 4 files changed, 28 insertions(+)
 create mode 100644 package/python-bsdiff4/Config.in
 create mode 100644 package/python-bsdiff4/python-bsdiff4.hash
 create mode 100644 package/python-bsdiff4/python-bsdiff4.mk

diff --git a/package/Config.in b/package/Config.in
index dfa3f34b9d..14845436b0 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -878,6 +878,7 @@ menu "External python modules"
 	source "package/python-bluezero/Config.in"
 	source "package/python-bottle/Config.in"
 	source "package/python-brotli/Config.in"
+	source "package/python-bsdiff4/Config.in"
 	source "package/python-bunch/Config.in"
 	source "package/python-cached-property/Config.in"
 	source "package/python-can/Config.in"
diff --git a/package/python-bsdiff4/Config.in b/package/python-bsdiff4/Config.in
new file mode 100644
index 0000000000..a383cda0f5
--- /dev/null
+++ b/package/python-bsdiff4/Config.in
@@ -0,0 +1,8 @@
+config BR2_PACKAGE_PYTHON_BSDIFF4
+	bool "python-bsdiff4"
+	select BR2_PACKAGE_PYTHON_BZIP2 if BR2_PACKAGE_PYTHON # runtime
+	select BR2_PACKAGE_PYTHON3_BZIP2 if BR2_PACKAGE_PYTHON3 # runtime
+	help
+	  binary diff and patch using the BSDIFF4-format.
+
+	  https://github.com/ilanschnell/bsdiff4
diff --git a/package/python-bsdiff4/python-bsdiff4.hash b/package/python-bsdiff4/python-bsdiff4.hash
new file mode 100644
index 0000000000..6db2535cc1
--- /dev/null
+++ b/package/python-bsdiff4/python-bsdiff4.hash
@@ -0,0 +1,5 @@
+# md5, sha256 from https://pypi.org/pypi/bsdiff4/json
+md5	59ae574a8bc2aae659ce4c282293202c  bsdiff4-1.1.9.tar.gz
+sha256	a7c48ec58dc1c4a2b9fb5da05637524d5dbb1643a3df7cdc6ed105636909ff79  bsdiff4-1.1.9.tar.gz
+# Locally computed sha256
+sha256	e60be11b30cb7f07210e4c2d64246b49d20a25caf48efea5c13995788a425468  PKG-INFO
diff --git a/package/python-bsdiff4/python-bsdiff4.mk b/package/python-bsdiff4/python-bsdiff4.mk
new file mode 100644
index 0000000000..7caf535dcf
--- /dev/null
+++ b/package/python-bsdiff4/python-bsdiff4.mk
@@ -0,0 +1,14 @@
+################################################################################
+#
+# python-bsdiff4
+#
+################################################################################
+
+PYTHON_BSDIFF4_VERSION = 1.1.9
+PYTHON_BSDIFF4_SOURCE = bsdiff4-$(PYTHON_BSDIFF4_VERSION).tar.gz
+PYTHON_BSDIFF4_SITE = https://files.pythonhosted.org/packages/39/34/bd2ae6cd4b2a5d3af9173a9d7f6ecd2723ea7b0401ad807a0c7e7b50faa3
+PYTHON_BSDIFF4_LICENSE = BSD-2-Clause
+PYTHON_BSDIFF4_LICENSE_FILES = PKG-INFO
+PYTHON_BSDIFF4_SETUP_TYPE = distutils
+
+$(eval $(python-package))
-- 
2.20.1

[Buildroot] [PATCH 1/1] package/python-bsdiff4: new packge

[Thomas Petazzoni]

Hello,

On Thu, 27 Feb 2020 22:43:35 +0200
Asaf Kahlon <asafka7@gmail.com> wrote:

> License file isn't shipped with the package, so PKG-INFO
> is used instead.

I am concerned by the license here.

> +PYTHON_BSDIFF4_VERSION = 1.1.9
> +PYTHON_BSDIFF4_SOURCE = bsdiff4-$(PYTHON_BSDIFF4_VERSION).tar.gz
> +PYTHON_BSDIFF4_SITE = https://files.pythonhosted.org/packages/39/34/bd2ae6cd4b2a5d3af9173a9d7f6ecd2723ea7b0401ad807a0c7e7b50faa3
> +PYTHON_BSDIFF4_LICENSE = BSD-2-Clause
> +PYTHON_BSDIFF4_LICENSE_FILES = PKG-INFO

PKG-INFO only says "BSD", and nothing in the source code indicates what
is the license.

The only indication is in core.c, which contains:

/*
  The code below is mostly derived from cx_bsdiff (written by Anthony
  Tuininga, http://cx-bsdiff.sourceforge.net/).  The cx_bsdiff code in
  turn was derived from bsdiff, the standalone utility produced for BSD
  which can be found at http://www.daemonology.net/bsdiff.
*/

If we visit http://cx-bsdiff.sourceforge.net/ we can find
http://cx-bsdiff.sourceforge.net/LICENSE.txt, which is not the
BSD-2-Clause, but some weird license called the "BSD Protection
License", which is known by SPDX as BSD-Protection:
https://spdx.org/licenses/BSD-Protection.html

Could you try to clarify what is the license of this package ? It would
be really good for PyPi to be a bit more "strict" in the description of
the licenses.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 1/1] package/python-bsdiff4: new packge

[Asaf Kahlon]

Hello Thomas,

On Sat, Apr 25, 2020 at 11:53 PM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> Hello,
>
> On Thu, 27 Feb 2020 22:43:35 +0200
> Asaf Kahlon <asafka7@gmail.com> wrote:
>
> > License file isn't shipped with the package, so PKG-INFO
> > is used instead.
>
> I am concerned by the license here.
>
> > +PYTHON_BSDIFF4_VERSION = 1.1.9
> > +PYTHON_BSDIFF4_SOURCE = bsdiff4-$(PYTHON_BSDIFF4_VERSION).tar.gz
> > +PYTHON_BSDIFF4_SITE = https://files.pythonhosted.org/packages/39/34/bd2ae6cd4b2a5d3af9173a9d7f6ecd2723ea7b0401ad807a0c7e7b50faa3
> > +PYTHON_BSDIFF4_LICENSE = BSD-2-Clause
> > +PYTHON_BSDIFF4_LICENSE_FILES = PKG-INFO
>
> PKG-INFO only says "BSD", and nothing in the source code indicates what
> is the license.
>
> The only indication is in core.c, which contains:
>
> /*
>   The code below is mostly derived from cx_bsdiff (written by Anthony
>   Tuininga, http://cx-bsdiff.sourceforge.net/).  The cx_bsdiff code in
>   turn was derived from bsdiff, the standalone utility produced for BSD
>   which can be found at http://www.daemonology.net/bsdiff.
> */
>
> If we visit http://cx-bsdiff.sourceforge.net/ we can find
> http://cx-bsdiff.sourceforge.net/LICENSE.txt, which is not the
> BSD-2-Clause, but some weird license called the "BSD Protection
> License", which is known by SPDX as BSD-Protection:
> https://spdx.org/licenses/BSD-Protection.html
>
> Could you try to clarify what is the license of this package ? It would
> be really good for PyPi to be a bit more "strict" in the description of
> the licenses.
Thanks for the reply!
I privately contacted the maintainer of the package and he told me he released
the package under BSD-2-Clause (as in the current patch).
Moreover, according to spdx_lookup, it has 90.5% confidence that BSD-2-Clause
is the type of the license file committed in the repo (which, as
stated in the commit
message, unfortunately isn't shipped with the package).

Do you want to apply the current version of the patch?
Do you have any other suggestion?

>
> Thanks!
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com

Best regards,
Asaf.

[Buildroot] [PATCH 1/1] package/python-bsdiff4: new packge

[Thomas Petazzoni]

Hello,

On Sun, 26 Apr 2020 21:03:04 +0300
Asaf Kahlon <asafka7@gmail.com> wrote:

> > Could you try to clarify what is the license of this package ? It would
> > be really good for PyPi to be a bit more "strict" in the description of
> > the licenses.  
> Thanks for the reply!
> I privately contacted the maintainer of the package and he told me he released
> the package under BSD-2-Clause (as in the current patch).
> Moreover, according to spdx_lookup, it has 90.5% confidence that BSD-2-Clause
> is the type of the license file committed in the repo (which, as
> stated in the commit
> message, unfortunately isn't shipped with the package).
> 
> Do you want to apply the current version of the patch?
> Do you have any other suggestion?

If you are in contact with the maintainer, it would be nice if he could
add an explicit "LICENSE" file that clarifies the license.

Thanks a lot!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 1/1] package/python-bsdiff4: new packge

[Asaf Kahlon]

Hello,

On Mon, Apr 27, 2020 at 8:35 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> Hello,
>
> On Sun, 26 Apr 2020 21:03:04 +0300
> Asaf Kahlon <asafka7@gmail.com> wrote:
>
> > > Could you try to clarify what is the license of this package ? It would
> > > be really good for PyPi to be a bit more "strict" in the description of
> > > the licenses.
> > Thanks for the reply!
> > I privately contacted the maintainer of the package and he told me he released
> > the package under BSD-2-Clause (as in the current patch).
> > Moreover, according to spdx_lookup, it has 90.5% confidence that BSD-2-Clause
> > is the type of the license file committed in the repo (which, as
> > stated in the commit
> > message, unfortunately isn't shipped with the package).
> >
> > Do you want to apply the current version of the patch?
> > Do you have any other suggestion?
>
> If you are in contact with the maintainer, it would be nice if he could
> add an explicit "LICENSE" file that clarifies the license.
>
The maintainer has just added a section in the license file regarding the
use of "BSD Protection License" in core.c.
It can be seen here:
https://github.com/ilanschnell/bsdiff4/commit/935149e7828b0e04fc95d34030479d8e297aae00
In addition, I've sent a PR for him with a MANIFEST.in file in order to include
the license file in the package.
Until it's merged and a new version is released, I'll send a v2 stating the
package has BSD-2-Clause and BSD-Protection.

> Thanks a lot!
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Regards,
Asaf.