License audit tooling for Fedora packages

This page describes the tools used in standard practice to audit licensing of packages in the Fedora Linux distribution.

Packaging tools

These tools are used for evaluating the state of licensing in Fedora Linux packages. These use the Fedora License Data as a source for valid licenses.

RPMLint

RPMLint is the standard tool used for evaluating Fedora Linux packages for well-known issues for packagers to fix. In the context of licensing, RPMLint evaluates the License: field in the spec file and ensures the values comply with the known standard of allowed licenses.

This is packaged in Fedora Linux as rpmlint.

RPMInspect

RPMInspect is the tool used to evaluate Fedora Linux packages for policy compliance as they are built in the Fedora Build System. In the context of licensing, RPMInspect evaluates the License: field in RPMs and ensures the values comply with the known standard of allowed licenses.

This is packaged in Fedora Linux as rpminspect. To use it, you need both rpminspect and rpminspect-data-fedora.

Source inspection tools

These tools are used for evaluating the state of licensing in the software being packaged for Fedora Linux. All of these tools are distribution-agnostic.

Licensecheck

Licensecheck is a tool used to evaluate source files for their licensing. This tool is principally used in the Fedora context for the initial package review for packages to be included in the Fedora Linux distribution. It is run automaically as part of FedoraReview.

Licensecheck, by default, provides license reports with the full license names, but can be told to produce output using any number of license identifier schemes.

This is packaged in Fedora Linux as licensecheck.