ci-license-scan: Fixups from d/copyright are not handled properly

Affected images versions

all

Background

The script ci-license-scan uses scan-copyrights to create a license/copyright report for each file in a project. When license or copyright cannot be found by the scanner, ci-license-scan uses the information in debian/copyright to fill the gaps. These are called fixups.

Unfortunately this process is not accurrate and has some issues:

• Produces files entries duplicates
• Can potentially provide not accurate information

Reproducibility

How often the issue is hit when repeating the test and changing nothing (same device, same image, etc.)?

Put the ✅ in the most appropriate entry:

1. always
2. ✅ often, but not always
3. rarely

Impact of bug

Report are noise and in some cases can be accurate.

Attachments

Add further information about the environment in the form of attachments here. Attach plain text files from log output (from journalctl, systemctl, …) or long backtraces as attached files. If adding comments on the log is required create a new snippet and add the link to it here.

Screenshots and videos are usually useful for graphic issues.

Root cause

The way the fixups are applied [here] created new entries with multiple instance of the same file.

Outcomes

• apertis-docker-images!296 (merged)
• apertis-docker-images!297 (merged)

Management data

This section is for management only, it should be the last one in the description.

/cc @andrunko @em @sagar @sudarshan @wlozano

Phabricator link: https://phabricator.apertis.org/T9931