From ca7f5d2f9598c81b1fe4cf5ea50d435ff7d929e4 Mon Sep 17 00:00:00 2001 From: Stefan Kamphausen Date: Sun, 20 May 2018 22:35:17 +0200 Subject: [PATCH] Working prototype for license normalization --- build.boot | 2 +- resources/license-normalizations.edn | 28 +++++++++++++++++ src/de/clojure_buch/boot_attribution.clj | 39 +++++++++++++++++++----- 3 files changed, 60 insertions(+), 9 deletions(-) create mode 100644 resources/license-normalizations.edn diff --git a/build.boot b/build.boot index 26a1f0f..9c2e5e9 100644 --- a/build.boot +++ b/build.boot @@ -16,7 +16,7 @@ ;; Now, boot (set-env! :source-paths #{"src/"} - ;; resource-paths + :resource-paths #{"resources/"} :dependencies (into runtime-deps test-deps) ) diff --git a/resources/license-normalizations.edn b/resources/license-normalizations.edn new file mode 100644 index 0000000..00756b2 --- /dev/null +++ b/resources/license-normalizations.edn @@ -0,0 +1,28 @@ +;; Keys are taken from SPDX. Values are sets or vactors of variations +;; found in real-world examples. + +;; All comparisons will be done case insensitively at runtime. +{"Apache-2.0" + ["Apache 2" + "Apache 2.0 License" + "Apache License" + "Apache License 2.0" + "Apache License Version 2.0" + "Apache License, Version 2.0" + "Apache Software License - Version 2.0" + "ASF 2.0"] + + "EPL-1.0" + ["Eclipse Public License" + "Eclipse Public License 1.0" + "Eclipse Public License v1.0" + "Eclipse Public License - v 1.0" + "EPL"] + + "LGPL" + ["GNU Lesser General Public Licence" + "GNU Lesser General Public License" + "GNU Lesser General Public License, Version 2.1" + "GNU Lesser Public License" + "GNU Library or Lesser General Public License"] + } diff --git a/src/de/clojure_buch/boot_attribution.clj b/src/de/clojure_buch/boot_attribution.clj index cc66640..31df219 100644 --- a/src/de/clojure_buch/boot_attribution.clj +++ b/src/de/clojure_buch/boot_attribution.clj @@ -1,6 +1,8 @@ (ns de.clojure-buch.boot-attribution {:boot/export-tasks true} (:require [clojure.java.io :as io] + [clojure.edn :as edn] + [clojure.string :as string] [clojure.xml :as xml] [boot.core :as boot :refer [deftask]] [boot.pod :as pod] @@ -52,19 +54,21 @@ (catch Throwable _ nil))) -(defn- library-attributions [the-dep strategies] +(defn- library-attributions + [the-dep strategies lnormalizer] (let [[lib vers jar] (unfold-dep the-dep)] (util/info "Resolving POM for %s %s %s\n" lib vers jar) (some (fn resolve-license-for [strategy] - (resolve-licenses strategy jar)) + (->> jar + (resolve-licenses strategy) + (map lnormalizer))) strategies))) ;; FIXME: want more strategies: ;; - find a LICENSE(.txt) or similar ;; - Grep in a README(.md,txt,org) (def ^:private license-strategies - [::pom - ::unknown]) + [::pom ::unknown]) ;; FIXME @@ -72,10 +76,10 @@ (let [[lib vers jar] (unfold-dep the-dep)] "NYI")) -(defn all-attributions [deps] +(defn all-attributions [deps strategies lnormalizer] (for [dep deps] {:dep dep - :licenses (library-attributions dep license-strategies) + :licenses (library-attributions dep strategies lnormalizer) :copyrights (copyright-attributions dep)})) @@ -83,10 +87,29 @@ (pod/resolve-dependencies env)) +(defn- make-license-normalizer [norms] + (let [lookup + (into {} + (for [[lic alt-names] norms + an alt-names] + {(string/lower-case an) lic}))] + (fn license-normalizer [license] + (if-let [normalized + (lookup (string/lower-case license))] + normalized + license)))) + +(defn- license-normalizer [] + (-> + (io/resource "license-normalizations.edn") + slurp + edn/read-string + make-license-normalizer)) (defn repl-test [] - (-> (all-deps (boot/get-env)) - all-attributions)) + (all-attributions (all-deps (boot/get-env)) + license-strategies + (license-normalizer)))