| Summary: | cargo.eclass needs to include a BIG FAT WARNING about LICENSE | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Michał Górny <mgorny> |
| Component: | Eclasses | Assignee: | Gentoo Rust Project <rust> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | navi, randy |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=694790 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Michał Górny
2019-09-15 07:49:58 UTC
most rust packages are created using cargo ebuild, it collects and writes down all crates and creates a template ebuild, but it's outdated and not maintained https://github.com/cardoe/cargo-ebuild cardoe has his packages reassigned recently. I have a fork that works with new openssl support. https://github.com/gyakovlev/cargo-ebuild?organization=gyakovlev&organization=gyakovlev The original and the fork are not in the tree, but I can import my fork to ::gentoo and make it create ebuild template with warning. Maybe I can extract licenses from all the crates and put them in the template. What I can do is add a warning in a eclass, but not sure where exactly and how to check if licenses contain only single entry (check for spaces maybe?). Also repoman could check it, but I don't know it's internals yet. Here's a cheap hack that can help:
$ find -name 'Cargo.toml' -exec grep -h license {} + | sort -u
Note that sometimes people are using different spelling for the same things but I think you can cover most of it using a short list. Note that some of the packages use '/' and 'OR, and some have 'AND', so don't be too lax.
There are also a few instances of license-file that require manual check.
mgorny: wrt those rust crate licenses, I think only direct dependency licenses should be listed. so if foo requires a,b,c and a requires x,y,z should I really add x,y,z licenses to ebuild? (In reply to Georgy Yakovlev from comment #3) > mgorny: wrt those rust crate licenses, I think only direct dependency > licenses should be listed. so if foo requires a,b,c and a requires x,y,z > should I really add x,y,z licenses to ebuild? Since all crates are bundled as part of the ebuild, you should list all. (In reply to Georgy Yakovlev from comment #1) > most rust packages are created using cargo ebuild, it collects and writes > down all crates and creates a template ebuild, but it's outdated and not > maintained > > https://github.com/cardoe/cargo-ebuild > > cardoe has his packages reassigned recently. > > I have a fork that works with new openssl support. > https://github.com/gyakovlev/cargo- > ebuild?organization=gyakovlev&organization=gyakovlev I definitely still maintain the project. It's passively maintained as there's not much to do. Never seen an issue reported by you or received an email about you so I couldn't have possibly fixed any issues you've had. Your fork is 1 commit head and 10 behind my version. I'm glad to take any improvements you've got. (In reply to Michał Górny from comment #2) > Here's a cheap hack that can help: > > $ find -name 'Cargo.toml' -exec grep -h license {} + | sort -u > > Note that sometimes people are using different spelling for the same things > but I think you can cover most of it using a short list. Note that some of > the packages use '/' and 'OR, and some have 'AND', so don't be too lax. > > There are also a few instances of license-file that require manual check. At ebuild generation time the entire sources to all dependent crates is not available locally. |