tidy: Better license checks. #69443
tidy: Better license checks. #69443
Conversation
|
(rust_highfive has picked a reviewer for you, use r? to override) |
rust-highfive
added
the
S-waiting-on-review
src/tools/tidy/src/deps.rs
Outdated
| ]; | ||
|
|
||
| /// These are the root crates that are part of the runtime. The licenses for | ||
| /// these and all their dependencies *must not* be in the exception list. | ||
| const RUNTIME_CRATES: &[&str] = &["std", "core", "alloc", "panic_abort", "panic_unwind"]; |
There was a problem hiding this comment.
I am assuming libtest is not really considered the "runtime" in the same vein as std is, but I can add it if people think it should. It adds a number of dependencies, but they are all permissively licensed.
There was a problem hiding this comment.
I think this should include libtest, particularly as it might be linked in for e.g. black_box even in non-test executables.
There was a problem hiding this comment.
Sure. It can always be revisited if someone wants to add an exception, it's probably better to be safer here. (although black_box is in core now, right?)
Just FYI for anyone curious, test adds the following dependencies:
- getopts
- proc_macro
- rustc-std-workspace-std
- term
- test
- unicode-width
There was a problem hiding this comment.
I would add test as a runtime crate just to be on the conservative side. test will still be linked at runtime, (while procmacro etc. won't). Even if it is just in the test binary, it might still be confusing that the Rust compiler produces binaries with different license checking guarantees.
| // Build dependencies *shouldn't* matter unless they do some kind of | ||
| // codegen. For now we'll assume they don't. |
There was a problem hiding this comment.
I could change this to include build deps if people think it should. That is, should we restrict the licenses of build deps of libstd in case they inject code into the resulting crate?
src/tools/tidy/src/deps.rs
Outdated
| "winapi-util", | ||
| "winapi-x86_64-pc-windows-gnu", | ||
| "wincolor", | ||
| "hermit-abi", |
There was a problem hiding this comment.
Since we're changing the whole list anyway, mind sorting it while we're at it?
| // This package doesn't declare a license expression. Manual | ||
| // inspection of the license file is necessary, which appears | ||
| // to be BSD-3-Clause. | ||
| assert!(pkg.license.is_none()); |
There was a problem hiding this comment.
cc @cramertj (?) -- could we get this populated perhaps?
|
cc @skade |
|
I'm going to r? @skade here since they've been involved with license work |
|
r+ I'm okay with this, with the comment that I posted above: #69443 (comment). This probably merits its own ticket and shouldn't be discussed in a comment section, it's rather unclear what the story there should be. Is test part of the runtime or not? Thanks for the patch, @ehuss |
|
@bors r=skade,Mark-Simulacrum I've done my best to also check the implementation, and it looks correct to me. |
|
📌 Commit 432bec14aefc3c23b4d4a4c8d8fb873eb6da9c81 has been approved by |
bors
added
S-waiting-on-bors
Removed in rust-lang#69247 while this PR was waiting to merge.
|
📌 Commit ed0158d has been approved by |
…mulacrum tidy: Better license checks. This implements some improvements to the license checks in tidy: * Use `cargo_metadata` instead of parsing vendored crates. This allows license checks to run without vendoring enabled, and allows the checks to run on PR builds. * Check for stale entries. * Check that the licenses for exceptions are what we think they are. * Verify exceptions do not leak into the runtime. Closes rust-lang#62618 Closes rust-lang#62619 Closes rust-lang#63238 (I think) There are some substantive changes here. The follow licenses have changed from the original comments: * openssl BSD+advertising clause to Apache-2.0 * pest MPL2 to MIT/Apache-2.0 * smallvec MPL2 to MIT/Apache-2.0 * clippy lints MPL2 to MIT OR Apache-2.0
…mulacrum tidy: Better license checks. This implements some improvements to the license checks in tidy: * Use `cargo_metadata` instead of parsing vendored crates. This allows license checks to run without vendoring enabled, and allows the checks to run on PR builds. * Check for stale entries. * Check that the licenses for exceptions are what we think they are. * Verify exceptions do not leak into the runtime. Closes rust-lang#62618 Closes rust-lang#62619 Closes rust-lang#63238 (I think) There are some substantive changes here. The follow licenses have changed from the original comments: * openssl BSD+advertising clause to Apache-2.0 * pest MPL2 to MIT/Apache-2.0 * smallvec MPL2 to MIT/Apache-2.0 * clippy lints MPL2 to MIT OR Apache-2.0
Rollup of 9 pull requests Successful merges: - #69036 (rustc: don't resolve Instances which would produce malformed shims.) - #69443 (tidy: Better license checks.) - #69814 (Smaller and more correct generator codegen) - #69929 (Regenerate tables for Unicode 13.0.0) - #69959 (std: Don't abort process when printing panics in tests) - #69969 (unix: Set a guard page at the end of signal stacks) - #70005 ([rustdoc] Improve visibility for code blocks warnings) - #70088 (Use copy bound in atomic operations to generate simpler MIR) - #70095 (Implement -Zlink-native-libraries) Failed merges: r? @ghost
Rollup of 9 pull requests Successful merges: - #68941 (Properly handle Spans that reference imported SourceFiles) - #69036 (rustc: don't resolve Instances which would produce malformed shims.) - #69443 (tidy: Better license checks.) - #69814 (Smaller and more correct generator codegen) - #69929 (Regenerate tables for Unicode 13.0.0) - #69959 (std: Don't abort process when printing panics in tests) - #69969 (unix: Set a guard page at the end of signal stacks) - #70005 ([rustdoc] Improve visibility for code blocks warnings) - #70088 (Use copy bound in atomic operations to generate simpler MIR) Failed merges: r? @ghost
This implements some improvements to the license checks in tidy:
cargo_metadatainstead of parsing vendored crates. This allows license checks to run without vendoring enabled, and allows the checks to run on PR builds.Closes #62618
Closes #62619
Closes #63238 (I think)
There are some substantive changes here. The follow licenses have changed from the original comments: