Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't work with AGPL-1.0-open #58

Closed
hamaluik opened this issue Feb 18, 2020 · 4 comments
Closed

Doesn't work with AGPL-1.0-open #58

hamaluik opened this issue Feb 18, 2020 · 4 comments
Labels
bug Something isn't working dependencies Pull requests that update a dependency file

Comments

@hamaluik
Copy link

hamaluik commented Feb 18, 2020
edited

The AGPL-1.0-open license causes everything to fail (and I don't know what is using this license as cargo lichking and cargo license aren't listing it anywhere). If I include "AGPL-1.0-only" in the list of accepted licenses, cargo about spits out an error:

$ cargo about generate about.hbs > license.html
2020-02-18 16:52:09 [ERROR] 'AGPL-1.0-only' is not a valid SPDX licensee: AGPL-1.0-open
^^^^^^^^^^^^^ unknown term for key `accepted` at line 1 column 1

If I change that to AGPL-1.0 (as suggested by https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#gnu-licenses), I get:

$ cargo about generate about.hbs > license.html
2020-02-18 16:53:11 [ERROR] Crate 'app': These licenses [AGPL-1.0-only], could not be satisfied with the following accepted licenses [Apache-2.0, MIT, CC0-1.0, MIT, BSD-2-Clause, BSD-3-Clause, MPL-2.0, ISC, Zlib, Unlicense, 0BSD, BSL-1.0, CC-BY-3.0, OpenSSL, AGPL-1.0]

This is being run in a workspace root. The app is the main binary of the project, and isn't currently licensed (I have set publish = false and license-file = "LICENSE" in the crate's Cargo.toml) (I know this is incompatible with AGPL-1.0, but again as far as I can tell, nothing is using AGPL-1.0 anyway).

(edit note I typed AGPL-1.0-open, but that was a mistake and it should have been AGPL-1.0-only, the issue remains however)
@hamaluik hamaluik changed the title Doesn Doesn't work with AGPL-1.0-open Feb 18, 2020
@Jake-Shadle Jake-Shadle added bug Something isn't working dependencies Pull requests that update a dependency file labels Feb 18, 2020
@Jake-Shadle
Copy link
Member

So the first problem is that AGPL-1.0-open is as it says, a license that doesn't exist in the SPDX License List, the only way to add licenses that aren't in that list is to use LicenseRef-<id>.

The second one is a bug, but that will be fixed by publishing a new version, as the GPL* licenses have some additional handling in later versions of the spdx crate. There's a bit more info here if you're interested.

You could try installing cargo about from source w/ cargo install -f --git https://github.com/EmbarkStudios/cargo-about.git to see if works better for you until we can push a new release.

@hamaluik
Copy link
Author

hamaluik commented Feb 18, 2020
edited

Thanks!. Something that could also potentially help in situations like this is reporting the dependency tree about what is using an offending license (or even just the offending crate, and I can look it up using cargo tree or examining the lock file).

@Jake-Shadle
Copy link
Member

Yah, that would be a quite easy feature to add as we already do that for cargo-deny which shares some of the same underlying code.

@Jake-Shadle
Copy link
Member

This should have been fixed by an update to the spdx crate, I just forgot about this issue. Please reopen if this is not the case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hamaluik @Jake-Shadle