From c846a9612899206fb1f8a04d65e342013e090f22 Mon Sep 17 00:00:00 2001 From: Enrico Olivelli Date: Sat, 26 Oct 2019 23:12:04 +0200 Subject: [PATCH] MNG-6771 Fix license issues on binary distribution - Start fixing the template for LICENSE file - Have consistent naming for LICENSE file and final jars by removing 'classifier' from the name of jars - Introduce a script to check for license, from Apache BookKeeper project, original author ivank@apache.org --- .../appended-resources/META-INF/LICENSE.vm | 11 +- apache-maven/src/main/assembly/component.xml | 1 + dev/check-binary-license | 117 ++++++++++++++++++ 3 files changed, 122 insertions(+), 7 deletions(-) create mode 100755 dev/check-binary-license diff --git a/apache-maven/src/main/appended-resources/META-INF/LICENSE.vm b/apache-maven/src/main/appended-resources/META-INF/LICENSE.vm index bf36fa7cd64..6f95b96cdd6 100644 --- a/apache-maven/src/main/appended-resources/META-INF/LICENSE.vm +++ b/apache-maven/src/main/appended-resources/META-INF/LICENSE.vm @@ -22,21 +22,18 @@ Apache Maven includes a number of components and libraries with separate copyright notices and license terms. Your use of those components are subject to the terms and conditions of the following licenses: ## -#set ( $apacheLicenseNames = [ "Apache License, Version 2.0", "The Apache Software License, Version 2.0", - "ASLv2", "Apache Public License 2.0", "Apache 2.0" ] ) +#set ( $apacheMavenGroupIds = [ "org.apache.maven", "org.apache.maven.wagon", "org.apache.maven.resolver", + "org.apache.maven.shared" ] ) #set ( $MITLicenseNames = [ "MIT License", "MIT license", "The MIT License" ] ) #foreach ( $project in $projects ) #**##foreach ( $license in $project.licenses) -#* *##if ( !$apacheLicenseNames.contains( $license.name ) ) +#* *##set ( $groupId = $project.artifact.groupId ) +#* *##if ( !$apacheMavenGroupIds.contains( $groupId ) ) #* *##set ( $artId = $project.artifact.artifactId ) #* *##set ( $url = $license.url ) #* *##set ( $spdx = false ) #* *##set ( $includeLicense = true ) #* *### -#* *##if ( $project.artifact.artifactId == "jcl-over-slf4j" ) -#* *### jcl-over-slf4j is Apache 2.0, even if its pom says MIT -#* *##set ( $includeLicense = false ) -#* *##end #* *##if ( $license.name == "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0" ) #* *##set ( $spdx = 'CDDL-1.0' ) #* *##end diff --git a/apache-maven/src/main/assembly/component.xml b/apache-maven/src/main/assembly/component.xml index 56b3f0b65fe..b7e7c2263d6 100644 --- a/apache-maven/src/main/assembly/component.xml +++ b/apache-maven/src/main/assembly/component.xml @@ -29,6 +29,7 @@ under the License. false lib + ${artifact.artifactId}-${artifact.version}.${artifact.extension} org.codehaus.plexus:plexus-classworlds diff --git a/dev/check-binary-license b/dev/check-binary-license new file mode 100755 index 00000000000..8e599021a61 --- /dev/null +++ b/dev/check-binary-license @@ -0,0 +1,117 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Script to check licenses on a binary tarball. +# It extracts the list of bundled jars, the NOTICE, and the LICENSE +# files. It checked that every non-maven jar bundled is mentioned in the +# LICENSE file. It checked that all jar files mentioned in NOTICE and +# LICENSE are actually bundled. + +# all error fatal +set -e + +TARBALL="$1" +if [ -z $TARBALL ]; then + echo "Usage: $0 " + exit -1 +fi + +TAR='tar' +unamestr=`uname` +if [[ "$unamestr" == 'Linux' ]]; then + TAR='tar --wildcards' +fi + +JARS=$(${TAR} -tf $TARBALL '*.jar' | sed 's!.*/!!' | sort) +LICENSEPATH=$(${TAR} -tf $TARBALL | awk '/^[^\/]*\/LICENSE/') +LICENSE=$(${TAR} -O -xf $TARBALL "$LICENSEPATH") +NOTICEPATH=$(${TAR} -tf $TARBALL | awk '/^[^\/]*\/NOTICE/') +NOTICE=$(${TAR} -O -xf $TARBALL $NOTICEPATH) +LICENSEJARS=$(echo "$LICENSE" | sed -nE 's!.*lib/(.*\.jar).*!\1!gp') +NOTICEJARS=$(echo "$NOTICE" | sed -nE 's!.*lib/(.*\.jar).*!\1!gp') + +LINKEDINLICENSE=$(echo "$LICENSE" | sed -nE 's!.*(lib/[[:graph:]]*.license).*!\1!gp' | sed 's!\.$!!' | sed 's/lib[/]//g') +# errors not fatal +set +e + +# this can error if there's no deps directory in tarball, we still want to continue with checks +BUNDLEDLICENSES=$(${TAR} -tf $TARBALL '*.license' | sed 's!^[^/]*/!!' | sed 's/lib[/]//g' | grep -v /$) +EXIT=0 + +# Check all bundled jars are mentioned in LICENSE +for J in $JARS; do + echo $J | grep -q "^maven" + if [ $? == 0 ]; then + continue + fi + echo $J | grep -q "^wagon" + if [ $? == 0 ]; then + continue + fi + + echo "$LICENSE" | grep -q $J + if [ $? != 0 ]; then + echo $J unaccounted for in LICENSE + EXIT=1 + fi +done + +# Check all jars mentioned in LICENSE are bundled +for J in $LICENSEJARS; do + echo "$JARS" | grep -q $J + if [ $? != 0 ]; then + echo $J mentioned in LICENSE, but not bundled + EXIT=2 + fi +done + +# Check all jars mentioned in NOTICE are bundled +for J in $NOTICEJARS; do + echo "$JARS" | grep -q $J + if [ $? != 0 ]; then + echo $J mentioned in NOTICE, but not bundled + EXIT=3 + fi +done + +# Check all linked LICENSE files are in tarball +for L in $LINKEDINLICENSE; do + echo "$BUNDLEDLICENSES" | grep -q $L + if [ $? != 0 ]; then + echo $L linked from LICENSE, but not found in tarball + EXIT=4 + fi +done + +# Check all LICENSE files bundled are linked from LICENSE +for L in $BUNDLEDLICENSES; do + echo "$LINKEDINLICENSE" | grep -q $L + if [ $? != 0 ]; then + echo $L bundled, but not linked from LICENSE + EXIT=5 + fi +done + +if [ $EXIT != 0 ]; then + echo + echo "It looks like there are issues with the LICENSE/NOTICE (error $EXIT)". + echo See http://bookkeeper.apache.org/community/licensing for details on how to fix. +fi + +exit $EXIT +