Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 694792 - [TRACKER] Missing LICENSE entries for Go ebuilds
Summary: [TRACKER] Missing LICENSE entries for Go ebuilds
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo Quality Assurance Team
URL:
Whiteboard:
Keywords:
Depends on: 694356 694386 694702 694708 694712 694894 694898 694906 694908 694910 695212 695214 695216 695222 695226 695232 695236 695240 695246 695278 695284 695286 695290 695292 695296 695300 695302 695304 695310 694382 694384 694390 694392 694690 694704 694706 694710 694720 694724 694728 694794 694890 694892 694904 695218 695220 695224 695228 695230 695234 695238 695242 695244 695276 695280 695282 695288 695294 695298 695306 695308 699274
Blocks:
  Show dependency tree
 
Reported: 2019-09-18 12:33 UTC by Michał Górny
Modified: 2019-12-11 19:03 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-18 12:33:09 UTC
Opening this tracker mostly as a single point of reference for how to fix missing LICENSE entries.

I've been using dev-util/ninka to help me recognize the missing licenses.  The most effective way is:

$ ebuild foo-1.ebuild unpack
$ cd /tmp/portage/whatever/work
$ find '(' -name '*LICEN[SC]E*' -o -name '*COPYING*' ')' -exec ninka {} ';' |& tee ninka
$ cut -d';' -f2 ninka | sort -u

This outputs all recognized licenses.  If there's UNKNOWN on the list, you gotta read them separately:

$ grep '^[^;]*;UNKNOWN' ninka | cut -d';' -f1 | xargs $EDITOR


Mapping from ninka terms to Gentoo terms:

Apache-2 → Apache-2.0
BSD3 → BSD
MIToldwithoutSellandNoDocumentationRequi → ISC (with 'and/or' → 'and')
MITX11BSDvar → ISC
spdxBSD2 → BSD-2
spdxBSD3 → BSD
spdxMIT → MIT

Multiple entries indicate that the license in question appears multiple time in the file.

Note that this is only very dumb process.  You still have to figure out how licenses apply, i.e. some packages may have multiple LICENSE* files and you have to figure if it's AND or OR.
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-09-18 12:38:34 UTC
A generic note on license compatibility: if the packages vendors any dependency whose license is LGPL and GPL (and does not include explicit linking exception on top), then the package must be LGPL/GPL as well.  This is something that needs to be reported upstream.  Feel free to ping me for help.
Comment 2 Konstantin (Qrator Labs) 2019-11-13 13:17:53 UTC
https://github.com/google/go-licenses
Comment 3 Holger Hoffstätte 2019-12-02 12:43:25 UTC
(In reply to Konstantin (Qrator Labs) from comment #2)
> https://github.com/google/go-licenses

This is great. To get the list of transitively used licenses:
$go-licenses csv github.com/user/project | awk -F ',' '{print $NF}' | sort | uniq
Comment 4 Konstantin (Qrator Labs) 2019-12-11 19:03:27 UTC
should www-apps/grafana-bin also be considered?