Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p7zip: remove non-free RAR support #85780

Merged
merged 1 commit into from Apr 22, 2020
Merged

p7zip: remove non-free RAR support #85780

merged 1 commit into from Apr 22, 2020

Conversation

emilazy
Copy link
Member

@emilazy emilazy commented Apr 22, 2020

Motivation for this change

7-Zip's RAR implementation is built on the non-free UnRAR source code; DOC/License.txt says:

  Licenses for files are:

    1) CPP/7zip/Compress/Rar* files:  GNU LGPL + unRAR restriction
    2) All other files:  GNU LGPL

  The GNU LGPL + unRAR restriction means that you must follow both 
  GNU LGPL rules and unRAR restriction rules.

...

  unRAR restriction
  -----------------

    The decompression engine for RAR archives was developed using source 
    code of unRAR program.
    All copyrights to original unRAR code are owned by Alexander Roshal.

    The license for original unRAR code has the following restriction:

    The unRAR sources cannot be used to re-create the RAR compression algorithm, 
    which is proprietary. Distribution of modified unRAR sources in separate form 
    or as a part of other software is permitted, provided that it is clearly
    stated in the documentation and source comments that the code may
    not be used to develop a RAR (WinRAR) compatible archiver.

The unrar licensing is infamously restrictive and non-free; it's inappropriate for us to keep the RAR support while labelling the package as free software (and indeed there's a commented-out line pointing out that the current meta.license is false). Unfortunately, the 7-Zip upstream seems uninterested in replacing the code with a freely-licensed alternative (see 7-Zip ticket #1229).

An alternative solution would be to mark the p7zip package as non-free instead; I decided not to because its other functionality (especially .7z support) is freely-licensed and useful, and there are free software alternatives for extracting RAR files (e.g. in nixpkgs there's archiver, which is written in a memory-safe language, and unar, which at least doesn't have two patches for CVEs that haven't been addressed upstream...).

I checked that 7z(1) fails gracefully on .rar files now:

emily@renko ~/tmp> curl -L -O https://www.philippwinterberg.com/download/example.rar
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 5715k  100 5715k    0     0  6716k      0 --:--:-- --:--:-- --:--:-- 6716k
emily@renko ~/tmp> 7z x example.rar

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_CA.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)

Scanning the drive for archives:
1 file, 5853119 bytes (5716 KiB)

Extracting archive: example.rar
ERROR: example.rar
Can not open the file as archive

    
Can't open as archive: 1
Files: 0
Size:       0
Compressed: 0
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@emilazy
p7zip: remove non-free RAR support
ca9674b 
7-Zip's RAR implementation is built on the non-free UnRAR source code;
DOC/License.txt says:

      Licenses for files are:
    
        1) CPP/7zip/Compress/Rar* files:  GNU LGPL + unRAR restriction
        2) All other files:  GNU LGPL
    
      The GNU LGPL + unRAR restriction means that you must follow both 
      GNU LGPL rules and unRAR restriction rules.
    
    ...
    
      unRAR restriction
      -----------------
    
        The decompression engine for RAR archives was developed using source 
        code of unRAR program.
        All copyrights to original unRAR code are owned by Alexander Roshal.
    
        The license for original unRAR code has the following restriction:
    
        The unRAR sources cannot be used to re-create the RAR compression algorithm, 
        which is proprietary. Distribution of modified unRAR sources in separate form 
        or as a part of other software is permitted, provided that it is clearly
        stated in the documentation and source comments that the code may
        not be used to develop a RAR (WinRAR) compatible archiver.

The unrar licensing is [infamously restrictive and non-free][fedora];
it's inappropriate for us to keep the RAR support while labelling the
package as free software (and indeed there's a commented-out line
pointing out that the current `meta.license` is false). Unfortunately,
the 7-Zip upstream seems uninterested in replacing the code with a
freely-licensed alternative (see [7-Zip ticket NixOS#1229][7zip]).

[fedora]: https://fedoraproject.org/wiki/Licensing:Unrar
[7zip]: https://sourceforge.net/p/sevenzip/feature-requests/1229/

An alternative solution would be to mark the p7zip package as non-free
instead; I decided not to because its other functionality (especially
`.7z` support) is freely-licensed and useful, and there are free
software alternatives for extracting RAR files (e.g. in nixpkgs there's
`archiver`, which is written in a memory-safe language, and `unar`,
which at least doesn't have two patches for CVEs that haven't been
addressed upstream...).

I checked that `7z(1)` fails gracefully on `.rar` files now:
    
    emily@renko ~/tmp> curl -L -O https://www.philippwinterberg.com/download/example.rar
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 5715k  100 5715k    0     0  6716k      0 --:--:-- --:--:-- --:--:-- 6716k
    emily@renko ~/tmp> 7z x example.rar
    
    7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
    p7zip Version 16.02 (locale=en_CA.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
    
    Scanning the drive for archives:
    1 file, 5853119 bytes (5716 KiB)
    
    Extracting archive: example.rar
    ERROR: example.rar
    Can not open the file as archive
    
        
    Can't open as archive: 1
    Files: 0
    Size:       0
    Compressed: 0
@ofborg ofborg bot requested a review from 7c6f434c April 22, 2020 14:57
@alyssais alyssais merged commit 95f82e2 into NixOS:master Apr 22, 2020
@alyssais
Copy link
Member

Not sure what we should do for releases. We should either mark it as unfree, or delete the code, but either way it’s a breaking change…

@adisbladis adisbladis mentioned this pull request Apr 22, 2020
Merged
10 tasks
@peterhoeg peterhoeg mentioned this pull request May 3, 2020
Merged
10 tasks
@emilazy emilazy deleted the remove-p7zip-rar-support branch May 8, 2020 20:07
@emilazy

This comment has been minimized.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@7c6f434c 7c6f434c Awaiting requested review from 7c6f434c

Assignees
No one assigned
Labels
10.rebuild-darwin: 11-100 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@emilazy @alyssais