Skip to content
This repository has been archived by the owner on Feb 14, 2022. It is now read-only.

Fix license checks #170

Closed
wants to merge 5 commits into from
Closed

Fix license checks #170

wants to merge 5 commits into from

Conversation

TBBle
Copy link

@TBBle TBBle commented Nov 15, 2020
edited

This fixes the wwhrd-based license checks which are currently failed by the CI pipeline even when nothing new is vendored.

Fixes: #169

Summary of changes:

  • Fixed naming of BSD-2-Clause and BSD-3-Clause licenses due to change in underlying library in wwhrd
  • Added ISC to license allow-list now that wwhrd can distinguish it from 0BSD
  • Removed no-longer-needed exceptions, either for no-longer-used libraries, or where wwhrd now detects the license correctly
  • Documented the remaining exceptions as to why they are exceptions:
    • Two libraries have not been revendored since fixes were made to allow license-checkers to detect them correctly
    • One library is inlined into another library, and because it's an old copy of one of the above two, is mis-detected with the inlining library's license.
Changes obsoleted by improvements to wwhrd after I started this work. Mostly this was janitorial (BSD licenses were misnamed, a few libraries were not detected correctly by wwhrd and needed exceptions, and some exceptions had been left behind after their usage was removed).

I also filed frapposelli/wwhrd#40 for the go-spew misdetection in wwhrd.

The most significant change is explicit acceptance of MPL-2.0-no-copyleft-exception and requisite blacklisting of GPL-2.0+, LGPL-2.1+ and AFGPL-3.0+. This is due to usage of github.com/hashicorp/golang-lru/simplelru. There is an open issue (hashicorp/golang-lru#62) requesting the license be changed to MPL-2.0 but no apparent action has been taken.

@TBBle TBBle mentioned this pull request Nov 15, 2020
Closed
@codecov-io
Copy link

codecov-io commented Nov 15, 2020
edited

Codecov Report

Merging #170 (63a1d4a) into master (bb840f8) will increase coverage by 0.61%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #170      +/-   ##
==========================================
+ Coverage   65.02%   65.63%   +0.61%     
==========================================
  Files          90       90              
  Lines       10958     9990     -968     
==========================================
- Hits         7125     6557     -568     
+ Misses       3537     3148     -389     
+ Partials      296      285      -11
Impacted Files Coverage Δ
api/compose/v1alpha3/composefile_stack_types.go 60.00% <0.00%> (-11.43%) ⬇️
internal/check/check.go 60.00% <0.00%> (-6.67%) ⬇️
internal/controller/resourceupdater.go 49.39% <0.00%> (-6.16%) ⬇️
internal/requestaddons/skipvalidation.go 76.92% <0.00%> (-4.33%) ⬇️
internal/registry/stackregistry.go 67.27% <0.00%> (-4.16%) ⬇️
internal/registry/scale.go 50.74% <0.00%> (-3.80%) ⬇️
api/compose/impersonation/impersonationconfig.go 71.42% <0.00%> (-3.58%) ⬇️
api/client/clientset/clientset.go 23.40% <0.00%> (-3.39%) ⬇️
internal/controller/stacklistener.go 68.08% <0.00%> (-3.07%) ⬇️
.../clientset/typed/compose/v1beta2/compose_client.go 52.17% <0.00%> (-3.00%) ⬇️
... and 79 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 291b01c...63a1d4a. Read the comment docs.

@TBBle
Copy link
Author

TBBle commented Nov 15, 2020

Codecov Report

Merging #170 (b279cbd) into master (bb840f8) will increase coverage by 0.61%.

I didn't change any code. Go home Codecov, you're drunk. ^_^

olivierlemasle
olivierlemasle approved these changes Nov 15, 2020
View reviewed changes
Copy link

@olivierlemasle olivierlemasle left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! 👍

.wwhrd.yml Outdated Show resolved Hide resolved
@TBBle
Copy link
Author

TBBle commented Nov 15, 2020
edited

Hmm. CI failure in ci/circleci: images task was surely not related to changes to the .wwhrd.yaml:

Step 24/51 : RUN curl -fLO https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl &&   chmod +x ./kubectl &&   mv ./kubectl /bin/kubectl
 ---> Running in 6097ee50fe12
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0  0 44.5M    0  132k    0     0   893k      0  0:00:51 --:--:--  0:00:51  887k 90 44.5M   90 40.2M    0     0  71.9M      0 --:--:-- --:--:-- --:--:-- 71.8M
curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104
The command '/bin/sh -c curl -fLO https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl &&   chmod +x ./kubectl &&   mv ./kubectl /bin/kubectl' returned a non-zero code: 56
make: *** [docker.Makefile:73: dockereng/kube-compose-controller] Error 56

The previous CI pipeline passed.

@TBBle TBBle mentioned this pull request Dec 19, 2020
Closed
@TBBle TBBle force-pushed the fix_license_checks branch 4 times, most recently from f5f448d to 521ba3d Compare December 19, 2020 14:36
@TBBle
Fix incorrect BSD license naming
6ff91b7 
The list of accepted licenses incorrectly referred to the BSD-2-Clause
as the FreeBSD license, and the BSD-3-Clause as the NewBSD license.

See https://spdx.org/licenses/BSD-3-Clause and
https://spdx.org/licenses/BSD-2-Clause respectively.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
@TBBle
Remove exceptions for no-longer-used libraries
85d3b07 
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
@TBBle
Remove exceptions for correctly-detected libraries
01e2982 
This adds ISC to the whitelist, as it was not able to be detected by
old versions of wwhrd, and was included in the exceptions list.

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
@TBBle
Copy link
Author

TBBle commented Dec 19, 2020
edited

I've reworked this PR after improvements in wwhrd (see frapposelli/wwhrd#43) to use a template-based matcher instead of a hash-based matcher. We end up with much fewer exceptions and misdetections.

This has also clarified that https://github.com/hashicorp/golang-lru does not invoke the "no-copyleft-exception" clause of the MPL-2.0 license; this was a misdetection in the older version of wwhrd, probably because the hash was matching the "no-copyleft-exception" text in the license's Exhibit B.

@TBBle
Update goautoneg license details
9f5c79e 
This is the same package, previously hosted on bitbucket.org and now on
github.com.

In both cases, there's only a single source file vendored, which
contains the license inline.

wwhrd doesn't detect this, and in one case picks up the license of the
vendoring package instead.

This has since been fixed upstream, although that won't help the ancient
version inlined into prometheus/common.

See munnerz/goautoneg#1

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
@TBBle
Update go-digest license details
63a1d4a 
This is a misdetection, since fixed upstream in go-digest.

See opencontainers/go-digest#37

Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
@chris-crone
Copy link
Member

Hi! Thanks for your PR! Unfortunately we're no longer maintaining this repository so I will close this issue.

@chris-crone chris-crone closed this Feb 5, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@olivierlemasle olivierlemasle olivierlemasle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Configure license checker
4 participants
@TBBle @codecov-io @chris-crone @olivierlemasle