-
Notifications
You must be signed in to change notification settings - Fork 2.6k
/
check-binary-license
executable file
·117 lines (101 loc) · 3.47 KB
/
check-binary-license
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Script to check licenses on a binary tarball.
# It extracts the list of bundled jars, the NOTICE, and the LICENSE
# files. It checked that every non-maven jar bundled is mentioned in the
# LICENSE file. It checked that all jar files mentioned in NOTICE and
# LICENSE are actually bundled.
# all error fatal
set -e
TARBALL="$1"
if [ -z $TARBALL ]; then
echo "Usage: $0 <binary-tarball>"
exit -1
fi
TAR='tar'
unamestr=`uname`
if [[ "$unamestr" == 'Linux' ]]; then
TAR='tar --wildcards'
fi
JARS=$(${TAR} -tf $TARBALL '*.jar' | sed 's!.*/!!' | sort)
LICENSEPATH=$(${TAR} -tf $TARBALL | awk '/^[^\/]*\/LICENSE/')
LICENSE=$(${TAR} -O -xf $TARBALL "$LICENSEPATH")
NOTICEPATH=$(${TAR} -tf $TARBALL | awk '/^[^\/]*\/NOTICE/')
NOTICE=$(${TAR} -O -xf $TARBALL $NOTICEPATH)
LICENSEJARS=$(echo "$LICENSE" | sed -nE 's!.*lib/(.*\.jar).*!\1!gp')
NOTICEJARS=$(echo "$NOTICE" | sed -nE 's!.*lib/(.*\.jar).*!\1!gp')
LINKEDINLICENSE=$(echo "$LICENSE" | sed -nE 's!.*(lib/[[:graph:]]*.license).*!\1!gp' | sed 's!\.$!!' | sed 's/lib[/]//g')
# errors not fatal
set +e
# this can error if there's no deps directory in tarball, we still want to continue with checks
BUNDLEDLICENSES=$(${TAR} -tf $TARBALL '*.license' | sed 's!^[^/]*/!!' | sed 's/lib[/]//g' | grep -v /$)
EXIT=0
# Check all bundled jars are mentioned in LICENSE
for J in $JARS; do
echo $J | grep -q "^maven"
if [ $? == 0 ]; then
continue
fi
echo $J | grep -q "^wagon"
if [ $? == 0 ]; then
continue
fi
echo "$LICENSE" | grep -q $J
if [ $? != 0 ]; then
echo $J unaccounted for in LICENSE
EXIT=1
fi
done
# Check all jars mentioned in LICENSE are bundled
for J in $LICENSEJARS; do
echo "$JARS" | grep -q $J
if [ $? != 0 ]; then
echo $J mentioned in LICENSE, but not bundled
EXIT=2
fi
done
# Check all jars mentioned in NOTICE are bundled
for J in $NOTICEJARS; do
echo "$JARS" | grep -q $J
if [ $? != 0 ]; then
echo $J mentioned in NOTICE, but not bundled
EXIT=3
fi
done
# Check all linked LICENSE files are in tarball
for L in $LINKEDINLICENSE; do
echo "$BUNDLEDLICENSES" | grep -q $L
if [ $? != 0 ]; then
echo $L linked from LICENSE, but not found in tarball
EXIT=4
fi
done
# Check all LICENSE files bundled are linked from LICENSE
for L in $BUNDLEDLICENSES; do
echo "$LINKEDINLICENSE" | grep -q $L
if [ $? != 0 ]; then
echo $L bundled, but not linked from LICENSE
EXIT=5
fi
done
if [ $EXIT != 0 ]; then
echo
echo "It looks like there are issues with the LICENSE/NOTICE (error $EXIT)".
echo See http://bookkeeper.apache.org/community/licensing for details on how to fix.
fi
exit $EXIT