-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't issue clarification for unpublished workspace crate retrieved via git #453
Comments
This could be fixed, but I am disinclined to do that because what you attempting to do is not a good idea. You are trying to use a source file for the license, so not only is it not an actual license file, but rather just has the license header, and would mean any source changes, even those completely unrelated to the license, would need to be reflected in the changed hash in the deny config. I'd really recommend doing what every open source project does and putting your license file(s) in the root directory of your crate and either point to it with |
Hi Jake, thanks for your quick reply!
Unfortunately, the As it relates to bugs, though, there are actually at least two (and perhaps the second is more significant; if you want me to add a second issue, please LMK):
[1] https://github.com/zotero/citeproc-rs/blob/master/LICENSE.md |
Ahh, apologies, I thought I saw your profile in the contributors list but maybe I just imagined that.
This issue would be mitigated by #390, as in this particular case where a license does exist, but it's just improperly located but still available via git, it can by dynamically retrieved and checked versus needing source changes, though source changes are ultimately the best option since it improves things for everyone. |
I just realized this was resolved in #533, the clarification can provide any path it wishes as long as it is contained in the package source. |
Describe the bug
Cargo deny cannot locate files by path in the
license-files.path
section of[[licenses.clarify]]
for crates retrieved via "git" (instead of a registry) which exist within a workspaceAs an example, we will use the
citeproc-rs
library which is unpublished in a registry, but available here: https://github.com/zotero/citeproc-rs/To Reproduce
Use this
Cargo.toml
:Use this
deny.toml
:run
cargo deny check licenses
(note that I also tested
path = "crates/db/src/cite.rs"
which also fails as below)Expected behavior
I expect citeproc-db to report that it's found the license file , although the hash is wrong.
Instead, it reports that it's unable to locate the file:
Device:
cargo deny version 0.12.2
Additional Context:
As a side note, I couldn't find a "license" file by path in a local dependency that was specified by
path
, either, and assume it's related to the same bug (or my same mistake)The text was updated successfully, but these errors were encountered: