Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate licenses summary #188

Closed
wants to merge 10 commits into from
Closed

Generate licenses summary #188

wants to merge 10 commits into from

Conversation

clehner
Copy link
Contributor

@clehner clehner commented Aug 10, 2021
edited
Loading

Fixes #77. This adds generation of a dependency license summary, listing all of DIDKit's Rust/Cargo dependency packages and their licenses. The resulting file is intended to be included in binary distributions of DIDKit, and may be useful for other applications embedding DIDKit, e.g. https://github.com/spruceid/credible/issues/62.

The cargo tree command is used as the basis for walking the dependency tree and assembling the list of packages.

Getting the dependencies of the Rust runtime (std) is done by running cargo tree in the Rust source repo; the output of that is checked in here (licenses/std.tree) so that having Rust source is not needed when building DIDKit but only when it is desired to update this Rust toolchain dependency info.

I considered using cargo metadata instead of cargo tree, but that command does not have as many options for adjusting the results (to only include "normal" dependencies, not build or dev dependencies, and to show results for all targets) and doesn't seem to offer additional useful info. (The license file field seems to always be empty).

What is currently missing from the resulting generated license summary are the Copyright attribution lines, which are used at the top of form licenses like MIT and required to be preserved. What might need to be done to get this info is to fetch the License files from the source repos, like cargo-license-hound does, and/or include the resulting data in this repo.

  • List licenses and generate summary.
  • Integrate licenses summary into binary packages.
  • Add attributions (Copyright lines) to summary.
  • Associate Rust std cargo tree output with toolchain version?
  • Check for Apache-2.0 NOTICE files in dependencies. (Automatically?)

@clehner clehner marked this pull request as ready for review April 12, 2022 20:50
@clehner clehner added the licensing Licensing of this project and/or its dependencies label Apr 12, 2022
@CLAassistant
Copy link

CLAassistant commented Oct 27, 2022
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@sbihel
Copy link
Member

sbihel commented Oct 25, 2024

Closing old PRs

@sbihel sbihel closed this Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
licensing Licensing of this project and/or its dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

List licenses of dependencies for binary releases
3 participants
@clehner @CLAassistant @sbihel