Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix license issues from reuse lint #81

Closed
vilvo opened this issue Feb 17, 2023 · 2 comments
Closed

Fix license issues from reuse lint #81

vilvo opened this issue Feb 17, 2023 · 2 comments
Assignees
@jenninikko
Labels
documentation Improvements or additions to documentation

Comments

@vilvo
Copy link
Contributor

vilvo commented Feb 17, 2023 

          > fyi @henrirosten

This is definitely better than no check at all, but notice that there is a tool already that checks the project's compliance for REUSE. pkgs.reuse is also available in nixpkgs. Although, manually running reuse lint for Ghaf project indicates a large number of issues, which we should resolve first if we would start using pkgs.reuse instead of the scripts in this PR.

Maybe we'll start with @mikatammi's scritps and possibly gradually move to reuse lint compliance later?

For reference, issues currently reported by reuse lint:

ghaf$ nix-shell -p reuse --run "reuse lint"
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/LICENSE.Apache-2.0, resolving to LICENSE.Apache-2. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/LICENSE.CC-BY-SA-4.0, resolving to LICENSE.CC-BY-SA-4. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse._util - ERROR - Could not parse 'Apache-2.0" && exit 1)'
reuse.project - ERROR - 'scripts/spdx_nix_checker/check_file' holds an SPDX expression that cannot be parsed, skipping the file
# BAD LICENSES

'LICENSE.Apache-2' found in:
* LICENSES/LICENSE.Apache-2.0

'LICENSE.CC-BY-SA-4' found in:
* LICENSES/LICENSE.CC-BY-SA-4.0


# MISSING LICENSES

'Apache-2.0' found in:
* CONTRIBUTING.md
* README.md
* docs/doc.nix
* flake.nix
* hydrajobs.nix
* microvmConfigurations/netvm/default.nix
* modules/development/authentication.nix
* modules/development/intel-nuc-getty.nix
* modules/development/nix.nix
* modules/development/packages.nix
* modules/development/ssh.nix
* modules/graphics/weston.nix
* modules/hardware/nvidia-jetson-orin.nix
* modules/host/default.nix
* modules/host/microvm.nix
* modules/host/networking.nix
* targets/common-debug.nix
* targets/common-release.nix
* targets/common.nix
* targets/default.nix
* targets/intel-nuc.nix
* targets/nvidia-jetson-orin-flash-script.nix
* targets/nvidia-jetson-orin.nix
* targets/vm.nix

'CC-BY-SA-4.0' found in:
* CONTRIBUTING.md
* README.md
* docs/README.md
* docs/src/appendices/contributing_general.md
* docs/src/appendices/glossary.md
* docs/src/architecture/adr/minimal-host.md
* docs/src/architecture/adr.md
* docs/src/architecture/architecture.md
* docs/src/build_config/build_configurations.md
* docs/src/build_config/cross_compilation.md
* docs/src/build_config/passthrough/nvidia_agx_pt_uart.md
* docs/src/build_config/passthrough/passthrough.md
* docs/src/build_config/reference_implementations.md
* docs/src/index.md
* docs/src/research/passthrough/ethernet.md
* docs/src/research/research.md
* docs/src/scs/basics.md
* docs/src/scs/patching-automation.md
* docs/src/scs/pki.md
* docs/src/scs/sbom.md
* docs/src/scs/scs.md
* docs/src/scs/slsa-framework.md
* docs/src/technologies/technologies.md


# UNUSED LICENSES

The following licenses are not used:
* LICENSE.Apache-2
* LICENSE.CC-BY-SA-4


# MISSING COPYRIGHT AND LICENSING INFORMATION

The following files have no copyright and licensing information:
* .git-blame-ignore-revs
* .github/workflows/doc.yml
* .gitignore
* docs/book.toml
* docs/src/SUMMARY.md
* docs/src/architecture/adr/template.md
* docs/src/img/autopatching.drawio.png
* docs/src/img/ca_implementation.drawio.png
* docs/src/img/overview.png
* docs/src/img/threat_processing.drawio.png
* docs/src/img/threat_processing_1serv.drawio.png
* docs/src/img/threat_processing_2serv.drawio.png
* docs/src/research/passthrough/imx8qm-mek_conn-guest.dts
* docs/src/research/passthrough/imx8qm-mek_conn-host.dts
* docs/style_guide.md
* flake.lock
* scripts/spdx_nix_checker/check_file

The following files have no licensing information:
* .github/workflows/fmt-check.yml
* scripts/spdx_nix_checker/check_all


# SUMMARY

* Bad licenses: LICENSE.Apache-2, LICENSE.CC-BY-SA-4
* Deprecated licenses:
* Licenses without file extension:
* Missing licenses: Apache-2.0, CC-BY-SA-4.0
* Unused licenses: LICENSE.Apache-2, LICENSE.CC-BY-SA-4
* Used licenses: Apache-2.0, CC-BY-SA-4.0
* Read errors: 0
* Files with copyright information: 47 / 64
* Files with license information: 45 / 64

Unfortunately, your project is not compliant with version 3.0 of the REUSE Specification :-(

Originally posted by @henrirosten in #79 (comment)
@vilvo
Copy link
Contributor Author

vilvo commented Feb 17, 2023

@jenninikko please let me know if you need help with reuse lint but let’s fix the debt of issues and then enable automated checks for PRs as @henrirosten proposed. That will provide extended coverage of automated checks over @mikatammi ’s gha PR for simple license check

@jenninikko jenninikko added the documentation Improvements or additions to documentation label Jul 4, 2023
@brianmcgillion
Copy link
Collaborator

REUSE has been in use for some time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jenninikko jenninikko

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vilvo @brianmcgillion @jenninikko