Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 694792 - [TRACKER] Missing LICENSE entries for Go ebuilds
Summary: [TRACKER] Missing LICENSE entries for Go ebuilds
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo Quality Assurance Team
URL:
Whiteboard:
Keywords:
Depends on: 694708 694894 694898 694906 695212 695214 695236 695240 695278 695284 695286 695290 695292 695300 695304 695310 694356 694382 694384 694386 694390 694392 694690 694702 694704 694706 694710 694712 694720 694724 694728 694794 694890 694892 694904 694908 694910 695216 695218 695220 695222 695224 695226 695228 695230 695232 695234 695238 695242 695244 695246 695276 695280 695282 695288 695294 695296 695298 695302 695306 695308 699274
Blocks:
  Show dependency tree
 
Reported: 2019-09-18 12:33 UTC by Michał Górny
Modified: 2020-05-12 13:57 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-18 12:33:09 UTC
Opening this tracker mostly as a single point of reference for how to fix missing LICENSE entries.

I've been using dev-util/ninka to help me recognize the missing licenses.  The most effective way is:

$ ebuild foo-1.ebuild unpack
$ cd /tmp/portage/whatever/work
$ find '(' -name '*LICEN[SC]E*' -o -name '*COPYING*' ')' -exec ninka {} ';' |& tee ninka
$ cut -d';' -f2 ninka | sort -u

This outputs all recognized licenses.  If there's UNKNOWN on the list, you gotta read them separately:

$ grep '^[^;]*;UNKNOWN' ninka | cut -d';' -f1 | xargs $EDITOR


Mapping from ninka terms to Gentoo terms:

Apache-2 → Apache-2.0
BSD3 → BSD
MIToldwithoutSellandNoDocumentationRequi → ISC (with 'and/or' → 'and')
MITX11BSDvar → ISC
spdxBSD2 → BSD-2
spdxBSD3 → BSD
spdxMIT → MIT

Multiple entries indicate that the license in question appears multiple time in the file.

Note that this is only very dumb process.  You still have to figure out how licenses apply, i.e. some packages may have multiple LICENSE* files and you have to figure if it's AND or OR.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-18 12:38:34 UTC
A generic note on license compatibility: if the packages vendors any dependency whose license is LGPL and GPL (and does not include explicit linking exception on top), then the package must be LGPL/GPL as well.  This is something that needs to be reported upstream.  Feel free to ping me for help.
Comment 2 Konstantin (Qrator Labs) 2019-11-13 13:17:53 UTC
https://github.com/google/go-licenses
Comment 3 Holger Hoffstätte 2019-12-02 12:43:25 UTC
(In reply to Konstantin (Qrator Labs) from comment #2)
> https://github.com/google/go-licenses

This is great. To get the list of transitively used licenses:
$go-licenses csv github.com/user/project | awk -F ',' '{print $NF}' | sort | uniq
Comment 4 Konstantin (Qrator Labs) 2019-12-11 19:03:27 UTC
should www-apps/grafana-bin also be considered?
Comment 5 Konstantin (Qrator Labs) 2020-04-26 05:12:24 UTC
I've made a pull request to add this tool to portage tree

https://github.com/gentoo/gentoo/pull/15508
Comment 6 Larry the Git Cow gentoo-dev 2020-05-12 13:57:55 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09efbf4ed38ffb300545cb132cd313d4943c8010

commit 09efbf4ed38ffb300545cb132cd313d4943c8010
Author:     Konstantin Podshumok <kpp.live+signed@gmail.com>
AuthorDate: 2020-04-25 01:35:05 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-05-12 13:57:08 +0000

    dev-go/licenseclassifier: new ebuild
    
    I find this tool very helpful for managing LICENSE in different
    ebuilds. Just run identify_license on any file - just a source
    code or COPYING/LICENSE file. It also can be built against
    licenses in /var/db/repos/gentoo/licenses, but this is not yet
    implemented in this commit.
    
    Bug: https://bugs.gentoo.org/694792
    Bug: https://bugs.gentoo.org/694790
    Signed-off-by: Konstantin Podshumok <kpp.live+signed@gmail.com>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-go/licenseclassifier/Manifest                  | 12 ++++
 .../licenseclassifier-0_pre20200402.ebuild         | 84 ++++++++++++++++++++++
 dev-go/licenseclassifier/metadata.xml              | 22 ++++++
 3 files changed, 118 insertions(+)