From da637b83877b4ec3f054d787d68b90c8fa7a8b41 Mon Sep 17 00:00:00 2001 From: Robert Huitl Date: Tue, 2 May 2023 01:06:37 +0200 Subject: [PATCH 1/3] Use Ubuntu 22.04 (Jammy) for Docker image * Use Python3 by default, Python2 is no longer available * Ignore "dep" tests for Go for now as "dep" is no longer available --- Dockerfile | 106 +++++++++--------- .../features/package_managers/dep_spec.rb | 2 +- lib/license_finder/package_managers/pip.rb | 2 +- lib/license_finder/scanner.rb | 2 +- 4 files changed, 53 insertions(+), 59 deletions(-) diff --git a/Dockerfile b/Dockerfile index bc956c86d..dcd0c5d32 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,14 @@ -FROM ubuntu:bionic +FROM ubuntu:jammy WORKDIR /tmp # Versioning -ENV PIP_INSTALL_VERSION 19.0.2 ENV PIP3_INSTALL_VERSION 20.0.2 ENV GO_LANG_VERSION 1.17.13 ENV MAVEN_VERSION 3.6.0 ENV SBT_VERSION 1.3.3 ENV GRADLE_VERSION 5.6.4 ENV RUBY_VERSION 3.2.2 -ENV MIX_VERSION 2.0 ENV COMPOSER_ALLOW_SUPERUSER 1 # programs needed for building @@ -29,7 +27,7 @@ RUN add-apt-repository ppa:git-core/ppa && \ apt -q update && apt install -y git && rm -rf /var/lib/apt/lists/* # install nodejs -RUN curl -sL https://deb.nodesource.com/setup_17.x | bash - && \ +RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - && \ apt -q update && apt install -y nodejs && rm -rf /var/lib/apt/lists/* # install yarn @@ -61,10 +59,9 @@ RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \ mv rebar3 /usr/local/bin/rebar3 # install and update python and python-pip -RUN apt -q update && apt install -y python python-pip python3-pip && \ +RUN apt -q update && apt install -y python3-pip && \ rm -rf /var/lib/apt/lists/* && \ - python3 -m pip install pip==$PIP3_INSTALL_VERSION --upgrade && \ - python -m pip install pip==$PIP_INSTALL_VERSION --upgrade --force + python3 -m pip install pip==$PIP3_INSTALL_VERSION --upgrade # install maven RUN curl -O https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \ @@ -74,7 +71,7 @@ RUN curl -O https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binarie # install sbt RUN mkdir -p /usr/local/share/sbt-launcher-packaging && \ - curl --progress \ + curl \ --retry 3 \ --retry-delay 15 \ --location "https://github.com/sbt/sbt/releases/download/v${SBT_VERSION}/sbt-${SBT_VERSION}.tgz" \ @@ -107,13 +104,11 @@ RUN mkdir /gopath && \ go install github.com/kardianos/govendor@latest && \ go clean -cache -#install rvm and glide and godep +#install rvm and glide RUN apt-add-repository -y ppa:rael-gc/rvm && \ - add-apt-repository -y ppa:masterminds/glide && \ apt -q update && apt install -y rvm && \ /usr/share/rvm/bin/rvm install --default $RUBY_VERSION &&\ - apt install -y glide && \ - apt install -y go-dep && \ + apt install -y golang-glide && \ rm -rf /var/lib/apt/lists/* # install trash @@ -137,10 +132,7 @@ ENV LC_ALL=en_US.UTF-8 RUN curl https://sh.rustup.rs -sSf | bash -ls -- -y --profile minimal #install mix -RUN wget https://packages.erlang-solutions.com/erlang-solutions_${MIX_VERSION}_all.deb && \ - dpkg -i erlang-solutions_${MIX_VERSION}_all.deb && \ - rm -f erlang-solutions_${MIX_VERSION}_all.deb && \ - apt -q update && apt install -y esl-erlang && rm -rf /var/lib/apt/lists/* +RUN apt -q update && apt install -y erlang && rm -rf /var/lib/apt/lists/* # Install Elixir WORKDIR /tmp/elixir-build RUN git clone https://github.com/elixir-lang/elixir.git @@ -149,7 +141,7 @@ RUN make && make install WORKDIR / # install conan -RUN apt -q update && apt install -y python-dev && rm -rf /var/lib/apt/lists/* && \ +RUN apt -q update && apt install -y python3-dev && rm -rf /var/lib/apt/lists/* && \ pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \ --ignore-installed requests --ignore-installed chardet \ --ignore-installed urllib3 \ @@ -160,17 +152,17 @@ RUN apt -q update && apt install -y python-dev && rm -rf /var/lib/apt/lists/* && # install NuGet (w. mono) # https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools#macoslinux RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF &&\ - echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list &&\ + echo "deb https://download.mono-project.com/repo/ubuntu stable-focal main" | tee /etc/apt/sources.list.d/mono-official-stable.list &&\ apt -q update && apt install -y mono-complete && rm -rf /var/lib/apt/lists/* &&\ curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\ curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe" # install dotnet core -RUN wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb &&\ +RUN wget -q https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb &&\ dpkg -i packages-microsoft-prod.deb &&\ rm packages-microsoft-prod.deb &&\ apt -q update &&\ - apt install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1 &&\ + apt install -y dotnet-sdk-6.0 dotnet-sdk-7.0 &&\ rm -rf /var/lib/apt/lists/* # install Composer @@ -178,7 +170,7 @@ RUN wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsof # https://serverfault.com/questions/949991/how-to-install-tzdata-on-a-ubuntu-docker-image ENV TZ=GMT RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\ - echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu bionic main" | tee /etc/apt/sources.list.d/php.list &&\ + echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu jammy main" | tee /etc/apt/sources.list.d/php.list &&\ export DEBIAN_FRONTEND=noninteractive &&\ apt -q update && apt install -y php7.4-cli && rm -rf /var/lib/apt/lists/* &&\ EXPECTED_COMPOSER_INSTALLER_CHECKSUM="$(curl --silent https://composer.github.io/installer.sig)" &&\ @@ -201,53 +193,36 @@ RUN \ (echo; echo "yes") | sh "${conda_installer}" # install Swift Package Manager -# Based on https://github.com/apple/swift-docker/blob/main/5.3/ubuntu/18.04/Dockerfile +# Based on https://github.com/apple/swift-docker/blob/main/5.8/ubuntu/22.04/Dockerfile # The GPG download steps has been modified. Keys are now on LF repo and copied instaad of downloaded. # Refer to https://swift.org/download/#using-downloads in the Linux section on how to download the keys RUN apt -q update && apt -q install -y \ - libatomic1 \ - libcurl4 \ - libxml2 \ - libedit2 \ - libsqlite3-0 \ - libc6-dev \ binutils \ - libgcc-5-dev \ - libstdc++-5-dev \ - zlib1g-dev \ - libpython2.7 \ - tzdata \ git \ + unzip \ + gnupg2 \ + libc6-dev \ + libcurl4-openssl-dev \ + libedit2 \ + libgcc-9-dev \ + libpython3-dev \ + libsqlite3-0 \ + libstdc++-9-dev \ + libxml2-dev \ + libz3-dev \ pkg-config \ + python3-lldb-13 \ + tzdata \ + zlib1g-dev \ && rm -r /var/lib/apt/lists/* -#install flutter -ENV FLUTTER_HOME=/root/flutter -RUN git config --global --add safe.directory /root/flutter -RUN curl -o flutter_linux_2.8.1-stable.tar.xz https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.8.1-stable.tar.xz \ - && tar xf flutter_linux_2.8.1-stable.tar.xz \ - && mv flutter ${FLUTTER_HOME} \ - && rm flutter_linux_2.8.1-stable.tar.xz - -ENV PATH=$PATH:${FLUTTER_HOME}/bin:${FLUTTER_HOME}/bin/cache/dart-sdk/bin -RUN flutter doctor -v \ - && flutter update-packages \ - && flutter precache -# Accepting all licences -RUN yes | flutter doctor --android-licenses -v -# Creating Flutter sample projects to put binaries in cache fore each template type -RUN flutter create --template=app ${TEMP}/app_sample \ - && flutter create --template=package ${TEMP}/package_sample \ - && flutter create --template=plugin ${TEMP}/plugin_sample - - # pub 4096R/ED3D1561 2019-03-22 [SC] [expires: 2023-03-23] # Key fingerprint = A62A E125 BBBF BB96 A6E0 42EC 925C C1CC ED3D 1561 # uid Swift 5.x Release Signing Key Date: Sun, 9 Jul 2023 13:16:22 +0100 Subject: [PATCH 2/3] [Fixed] Ensure licenses are recognised by `spdx_id` The recognition of licenses named by their SPDX ID is currently inconsistent; for some licenses the ID is included as an alternative name, but for some it is not. This leads to inconsistent behaviour, as seen in issue #984. Changing the matching logic to check the SPDX ID will make this more consistent and intuitive. This fixes #984 --- lib/license_finder/license.rb | 2 +- lib/license_finder/license/definitions.rb | 22 +- .../license/definitions_spec.rb | 406 ++++++++++++++++-- spec/lib/license_finder/license_spec.rb | 2 +- 4 files changed, 375 insertions(+), 57 deletions(-) diff --git a/lib/license_finder/license.rb b/lib/license_finder/license.rb index 7d9978c11..324306e03 100644 --- a/lib/license_finder/license.rb +++ b/lib/license_finder/license.rb @@ -85,7 +85,7 @@ def unrecognized_matcher? attr_reader :short_name, :pretty_name, :other_names, :spdx_id, :matcher def names - ([short_name, pretty_name] + other_names).uniq + ([short_name, pretty_name, spdx_id] + other_names).uniq end end diff --git a/lib/license_finder/license/definitions.rb b/lib/license_finder/license/definitions.rb index ac2d6b803..46a87ba40 100644 --- a/lib/license_finder/license/definitions.rb +++ b/lib/license_finder/license/definitions.rb @@ -46,12 +46,9 @@ def build_unrecognized(name) def apache1_1 License.new( short_name: 'Apache1_1', - pretty_name: 'Apache 1.1', spdx_id: 'Apache-1.1', - other_names: [ - 'Apache-1.1', - 'The Apache Software License, Version 1.1' - ], + pretty_name: 'Apache 1.1', + other_names: ['Apache Software License, Version 1.1'], url: 'http://www.apache.org/licenses/LICENSE-1.1.txt' ) end @@ -59,10 +56,9 @@ def apache1_1 def apache2 License.new( short_name: 'Apache2', - pretty_name: 'Apache 2.0', spdx_id: 'Apache-2.0', + pretty_name: 'Apache 2.0', other_names: [ - 'Apache-2.0', 'Apache Software License', 'Apache License 2.0', 'Apache License Version 2.0', @@ -83,7 +79,7 @@ def bsd License.new( short_name: 'BSD', spdx_id: 'BSD-4-Clause', - other_names: ['BSD4', 'bsd-old', '4-clause BSD', 'BSD-4-Clause', 'BSD 4-Clause', 'BSD License'], + other_names: ['BSD4', 'bsd-old', '4-clause BSD', 'BSD 4-Clause', 'BSD License'], url: 'http://en.wikipedia.org/wiki/BSD_licenses#4-clause_license_.28original_.22BSD_License.22.29' ) end @@ -118,7 +114,6 @@ def eclipse1 spdx_id: 'EPL-1.0', pretty_name: 'Eclipse Public License 1.0', other_names: [ - 'EPL-1.0', 'EPL 1.0', 'Eclipse Public License - v 1.0' ], @@ -167,7 +162,6 @@ def lgpl2_1 spdx_id: 'LGPL-2.1-only', pretty_name: 'GNU Lesser General Public License version 2.1', other_names: [ - 'LGPL-2.1-only', 'LGPL 2.1', 'LGPL v2.1', 'GNU Lesser General Public License 2.1' @@ -191,7 +185,7 @@ def mit License.new( short_name: 'MIT', spdx_id: 'MIT', - other_names: ['Expat', 'MIT license', 'MIT License', 'The MIT License (MIT)'], + other_names: ['Expat', 'MIT license', 'MIT License (MIT)'], url: 'http://opensource.org/licenses/mit-license', matcher: matcher ) @@ -213,7 +207,6 @@ def mpl1_1 spdx_id: 'MPL-1.1', pretty_name: 'Mozilla Public License 1.1', other_names: [ - 'MPL-1.1', 'Mozilla Public License, Version 1.1', 'Mozilla Public License version 1.1' ], @@ -235,7 +228,6 @@ def mpl2 spdx_id: 'MPL-2.0', pretty_name: 'Mozilla Public License 2.0', other_names: [ - 'MPL-2.0', 'Mozilla Public License, Version 2.0', 'Mozilla Public License version 2.0' ], @@ -267,7 +259,6 @@ def newbsd 'BSD-3', '3-clause BSD', '3-Clause BSD License', - 'BSD-3-Clause', 'BSD 3-Clause', 'BSD 3-Clause License', 'The 3-Clause BSD License', @@ -332,9 +323,8 @@ def simplifiedbsd other_names: [ 'FreeBSD', '2-clause BSD', - 'BSD-2-Clause', 'BSD 2-Clause', - 'The BSD 2-Clause License' + 'BSD 2-Clause License' ], url: 'http://opensource.org/licenses/bsd-license' ) diff --git a/spec/lib/license_finder/license/definitions_spec.rb b/spec/lib/license_finder/license/definitions_spec.rb index 0b545237b..2fba41a18 100644 --- a/spec/lib/license_finder/license/definitions_spec.rb +++ b/spec/lib/license_finder/license/definitions_spec.rb @@ -12,51 +12,230 @@ end end +describe LicenseFinder::License, 'Apache1.1' do + subject { described_class.find_by_name 'Apache1_1' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://www.apache.org/licenses/LICENSE-1.1.txt' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('Apache-1.1')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Apache 1.1')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('Apache Software License, Version 1.1')).to be subject + expect(described_class.find_by_name('The Apache Software License, Version 1.1')).to be subject + end +end + describe LicenseFinder::License, 'Apache2' do - it 'should be recognized' do |_e| - expect(described_class.find_by_name('Apache2').url).to be + subject { described_class.find_by_name 'Apache2' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://www.apache.org/licenses/LICENSE-2.0.txt' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('Apache-2.0')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Apache 2.0')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('Apache License')).to be subject + expect(described_class.find_by_name('Apache Software License')).to be subject + expect(described_class.find_by_name('Apache 2')).to be subject + expect(described_class.find_by_name('Apache License, Version 2.0')).to be subject + expect(described_class.find_by_name('The Apache License, Version 2.0')).to be subject + expect(described_class.find_by_name('ASL 2.0')).to be subject + expect(described_class.find_by_name('ASF 2.0')).to be subject end end describe LicenseFinder::License, 'BSD' do - it 'should be recognized' do |_e| - expect(described_class.find_by_name('BSD').url).to be + subject { described_class.find_by_name 'BSD' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://en.wikipedia.org/wiki/BSD_licenses#4-clause_license_.28original_.22BSD_License.22.29' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('BSD-4-Clause')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('bsd-old')).to be subject + expect(described_class.find_by_name('BSD 4-Clause')).to be subject + expect(described_class.find_by_name('BSD License')).to be subject + expect(described_class.find_by_name('The BSD License')).to be subject end end describe LicenseFinder::License, 'cc01' do - it 'should be recognized' do |_e| - expect(described_class.find_by_name('CC0 1.0').url).to be + subject { described_class.find_by_name 'CC01' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://creativecommons.org/publicdomain/zero/1.0' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('CC0-1.0')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('CC0 1.0 Universal')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('CC0 1.0')).to be subject + end +end + +describe LicenseFinder::License, 'CDDL1' do + subject { described_class.find_by_name 'CDDL1' } + + it 'should have correct license url' do + expect(subject.url).to be 'https://spdx.org/licenses/CDDL-1.0.html' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('CDDL-1.0')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Common Development and Distribution License 1.0')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('CDDL-1.0')).to be subject + expect(described_class.find_by_name('Common Development and Distribution License (CDDL) v1.0')).to be subject + expect(described_class.find_by_name('COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0')).to be subject + end +end + +describe LicenseFinder::License, 'EPL1' do + subject { described_class.find_by_name 'EPL1' } + + it 'should have correct license url' do + expect(subject.url).to be 'https://www.eclipse.org/legal/epl-v10.html' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('EPL-1.0')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Eclipse Public License 1.0')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('EPL 1.0')).to be subject + expect(described_class.find_by_name('Eclipse Public License - v 1.0')).to be subject end end describe LicenseFinder::License, 'GPLv2' do - it 'should be recognized' do - expect(described_class.find_by_name('GPLv2').url).to be + subject { described_class.find_by_name 'GPLv2' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://www.gnu.org/licenses/gpl-2.0.txt' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('GPL-2.0-only')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('GPL V2')).to be subject + expect(described_class.find_by_name('gpl-v2')).to be subject + expect(described_class.find_by_name('GNU GENERAL PUBLIC LICENSE Version 2')).to be subject end end describe LicenseFinder::License, 'GPLv3' do - it 'should be recognized' do - expect(described_class.find_by_name('GPLv3').url).to be + subject { described_class.find_by_name 'GPLv3' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://www.gnu.org/licenses/gpl-3.0.txt' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('GPL-3.0-only')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('GPL V3')).to be subject + expect(described_class.find_by_name('gpl-v3')).to be subject + expect(described_class.find_by_name('GNU GENERAL PUBLIC LICENSE Version 3')).to be subject end end describe LicenseFinder::License, 'ISC' do - it 'should be recognized' do - expect(described_class.find_by_name('ISC').url).to be + subject { described_class.find_by_name 'ISC' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://en.wikipedia.org/wiki/ISC_license' end end describe LicenseFinder::License, 'LGPL' do - it 'should be recognized' do - expect(described_class.find_by_name('LGPL').url).to be + subject { described_class.find_by_name 'LGPL' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://www.gnu.org/licenses/lgpl.txt' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('LGPL-3.0-only')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('LGPL-3')).to be subject + expect(described_class.find_by_name('LGPLv3')).to be subject + expect(described_class.find_by_name('LGPL-3.0')).to be subject + end +end + +describe LicenseFinder::License, 'LGPL2.1' do + subject { described_class.find_by_name 'LGPL2_1' } + + it 'should have correct license url' do + expect(subject.url).to be 'https://opensource.org/licenses/LGPL-2.1' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('LGPL-2.1-only')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('LGPL 2.1')).to be subject + expect(described_class.find_by_name('LGPL v2.1')).to be subject + expect(described_class.find_by_name('GNU Lesser General Public License 2.1')).to be subject end end describe LicenseFinder::License, 'MIT' do subject { described_class.find_by_name 'MIT' } + it 'should have correct license url' do + expect(subject.url).to be 'http://opensource.org/licenses/mit-license' + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('Expat')).to be subject + expect(described_class.find_by_name('MIT license')).to be subject + expect(described_class.find_by_name('MIT License')).to be subject + expect(described_class.find_by_name('MIT License (MIT)')).to be subject + expect(described_class.find_by_name('The MIT License (MIT)')).to be subject + end + describe '#matches_text?' do it 'should return true if the text contains the MIT url' do expect(subject).to be_matches_text 'MIT License is awesome http://opensource.org/licenses/mit-license' @@ -85,17 +264,34 @@ describe LicenseFinder::License, 'MPL1_1' do subject { described_class.find_by_name 'MPL1_1' } - it 'should be recognized' do - expect(subject).to be + it 'should have correct license url' do + expect(subject.url).to be 'https://www.mozilla.org/media/MPL/1.1/index.0c5913925d40.txt' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('MPL-1.1')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Mozilla Public License 1.1')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('Mozilla Public License, Version 1.1')).to be subject + expect(described_class.find_by_name('Mozilla Public License version 1.1')).to be subject end describe '#matches_text?' do it "should return true if the text begins with 'Mozilla Public License Version 1.1'" do expect(subject).to be_matches_text 'Mozilla Public License Version 1.1' + expect(subject).to be_matches_text 'Mozilla Public License, Version 1.1' + expect(subject).to be_matches_text 'Mozilla Public Licence Version 1.1' end it "should return false if the text beings with 'Mozilla Public License, version 2.0'" do + expect(subject).not_to be_matches_text 'Mozilla Public License version 2.0' expect(subject).not_to be_matches_text 'Mozilla Public License, version 2.0' + expect(subject).not_to be_matches_text 'Mozilla Public Licence version 2.0' end end end @@ -103,6 +299,23 @@ describe LicenseFinder::License, 'MPL2' do subject { described_class.find_by_name 'MPL2' } + it 'should have correct license url' do + expect(subject.url).to be 'https://www.mozilla.org/media/MPL/2.0/index.815ca599c9df.txt' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('MPL-2.0')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Mozilla Public License 2.0')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('Mozilla Public License, Version 2.0')).to be subject + expect(described_class.find_by_name('Mozilla Public License version 2.0')).to be subject + end + describe '#matches_text?' do it "should return true if the text begins with 'The Mozilla Public License, version 2.0'" do expect(subject).to be_matches_text 'Mozilla Public License, version 2.0' @@ -115,6 +328,34 @@ describe LicenseFinder::License, 'NewBSD' do subject { described_class.find_by_name 'NewBSD' } + it 'should have correct license url' do + expect(subject.url).to be 'http://opensource.org/licenses/BSD-3-Clause' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('BSD-3-Clause')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('New BSD')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('Modified BSD')).to be subject + expect(described_class.find_by_name('BSD3')).to be subject + expect(described_class.find_by_name('BSD 3')).to be subject + expect(described_class.find_by_name('BSD-3')).to be subject + expect(described_class.find_by_name('3-clause BSD')).to be subject + expect(described_class.find_by_name('3-Clause BSD License')).to be subject + expect(described_class.find_by_name('BSD 3-Clause')).to be subject + expect(described_class.find_by_name('BSD 3-Clause License')).to be subject + expect(described_class.find_by_name('The 3-Clause BSD License')).to be subject + expect(described_class.find_by_name('BSD 3-clause New License')).to be subject + expect(described_class.find_by_name('New BSD License')).to be subject + expect(described_class.find_by_name('BSD New license')).to be subject + expect(described_class.find_by_name('BSD Licence 3')).to be subject + end + it 'should match regardless of organization or copyright holder names' do license = <<-LICENSE Redistribution and use in source and binary forms, with or without @@ -173,20 +414,58 @@ end describe LicenseFinder::License, 'OFL' do - it 'should be recognized' do - expect(described_class.find_by_name('OFL').url).to be + subject { described_class.find_by_name 'OFL' } + + it 'should have correct license url' do + expect(subject.url).to be 'https://opensource.org/licenses/OFL-1.1' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('OFL-1.1')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('SIL OPEN FONT LICENSE Version 1.1')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('OPEN FONT LICENSE Version 1.1')).to be subject end end describe LicenseFinder::License, 'Python' do - it 'should be recognized' do - expect(described_class.find_by_name('Python').url).to be + subject { described_class.find_by_name 'Python' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://hg.python.org/cpython/raw-file/89ce323357db/LICENSE' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('PSF-2.0')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Python Software Foundation License')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('PSF')).to be subject + expect(described_class.find_by_name('PSFL')).to be subject + expect(described_class.find_by_name('PSF License')).to be subject end end describe LicenseFinder::License, 'Ruby' do subject { described_class.find_by_name 'Ruby' } + it 'should have correct license url' do + expect(subject.url).to be 'http://www.ruby-lang.org/en/LICENSE.txt' + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('ruby')).to be subject + end + describe '#matches?' do it 'should return true when the Ruby license URL is present' do expect(subject).to be_matches_text "This gem is available under the following license:\nhttp://www.ruby-lang.org/en/LICENSE.txt\nOkay?" @@ -203,39 +482,88 @@ end describe LicenseFinder::License, 'SimplifiedBSD' do - it 'should be recognized' do - expect(described_class.find_by_name('SimplifiedBSD').url).to be + subject { described_class.find_by_name 'SimplifiedBSD' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://opensource.org/licenses/bsd-license' + end + + it 'should be recognized by spdx_id' do + expect(described_class.find_by_name('BSD-2-Clause')).to be subject + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('Simplified BSD')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('FreeBSD')).to be subject + expect(described_class.find_by_name('2-clause BSD')).to be subject + expect(described_class.find_by_name('BSD 2-Clause')).to be subject + expect(described_class.find_by_name('BSD 2-Clause License')).to be subject + expect(described_class.find_by_name('The BSD 2-Clause License')).to be subject end end describe LicenseFinder::License, 'Unlicense' do - it 'should be recognized' do - expect(described_class.find_by_name('Unlicense').name).to eq('The Unlicense') - expect(described_class.find_by_name('Unlicense').url).to be + subject { described_class.find_by_name 'Unlicense' } + + it 'should have correct license url' do + expect(subject.url).to be 'https://unlicense.org/' + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('The Unlicense')).to be subject end end describe LicenseFinder::License, 'WTFPL' do - it 'should be recognized' do - expect(described_class.find_by_name('WTFPL').name).to eq('WTFPL') - expect(described_class.find_by_name('WTFPL').url).to be - expect(described_class.find_by_name('WTFPL V2').url).to be - expect(described_class.find_by_name('Do What The Fuck You Want To Public License').url).to be + subject { described_class.find_by_name 'WTFPL' } + + it 'should have correct license url' do + expect(subject.url).to be 'http://www.wtfpl.net/' + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('WTFPL V2')).to be subject + expect(described_class.find_by_name('Do What The Fuck You Want To Public License')).to be subject end end describe LicenseFinder::License, '0BSD' do - it 'should be recognized' do - expect(described_class.find_by_name('0BSD').url).to be - expect(described_class.find_by_name('Zero-Clause BSD').url).to be + subject { described_class.find_by_name '0BSD' } + + it 'should have correct license url' do + expect(subject.url).to be 'https://opensource.org/licenses/0BSD' + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('BSD Zero Clause License')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('0-Clause BSD')).to be subject + expect(described_class.find_by_name('Zero-Clause BSD')).to be subject + expect(described_class.find_by_name('BSD-0-Clause')).to be subject + expect(described_class.find_by_name('BSD-Zero-Clause')).to be subject + expect(described_class.find_by_name('BSD 0-Clause')).to be subject + expect(described_class.find_by_name('BSD Zero-Clause')).to be subject end end describe LicenseFinder::License, 'Zlib' do - it 'should be recognized' do - expect(described_class.find_by_name('Zlib').url).to be - expect(described_class.find_by_name('zlib/libpng license').url).to be - expect(described_class.find_by_name('zlib License').url).to be + subject { described_class.find_by_name 'Zlib' } + + it 'should have correct license url' do + expect(subject.url).to be 'https://opensource.org/licenses/Zlib' + end + + it 'should be recognized by pretty name' do + expect(described_class.find_by_name('zlib/libpng license')).to be subject + end + + it 'should be recognised by other names' do + expect(described_class.find_by_name('zlib License')).to be subject end it 'should match regardless of year or copyright holder names' do @@ -263,7 +591,7 @@ source distribution. LICENSE - expect(described_class.find_by_name('Zlib')).to be_matches_text license - expect(described_class.find_by_name('Zlib')).not_to be_matches_text 'SOME OTHER LICENSE' + expect(subject).to be_matches_text license + expect(subject).not_to be_matches_text 'SOME OTHER LICENSE' end end diff --git a/spec/lib/license_finder/license_spec.rb b/spec/lib/license_finder/license_spec.rb index 90ddd24f1..03760735d 100644 --- a/spec/lib/license_finder/license_spec.rb +++ b/spec/lib/license_finder/license_spec.rb @@ -13,7 +13,7 @@ module LicenseFinder it 'should create populate sub licenses for compound AND' do license = License.find_by_name('(MIT AND CC0-1.0)') expect(license.sub_licenses[0].name).to eq 'MIT' - expect(license.sub_licenses[1].name).to eq 'CC0-1.0' + expect(license.sub_licenses[1].name).to eq 'CC0 1.0 Universal' end end end From 42bed10d80e4b0e6fac1c62dd5eca2097ffc3517 Mon Sep 17 00:00:00 2001 From: Shane Lattanzio Date: Fri, 14 Jul 2023 10:46:59 -0400 Subject: [PATCH 3/3] [Deprecated] - Remove Dep package manager for jammy release --- Dockerfile | 5 +- ci/scripts/run-tests.sh | 8 +- features/features/cli/cli_spec.rb | 3 +- features/support/testing_dsl.rb | 56 ++++----- lib/license_finder/package_managers/dep.rb | 84 ++++++------- .../package_managers/go_workspace.rb | 5 +- .../package_managers/dep_spec.rb | 114 +++++++++--------- .../package_managers/go_workspace_spec.rb | 3 +- .../package_managers/pip_spec.rb | 6 +- 9 files changed, 148 insertions(+), 136 deletions(-) diff --git a/Dockerfile b/Dockerfile index dcd0c5d32..388f7562c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -107,7 +107,7 @@ RUN mkdir /gopath && \ #install rvm and glide RUN apt-add-repository -y ppa:rael-gc/rvm && \ apt -q update && apt install -y rvm && \ - /usr/share/rvm/bin/rvm install --default $RUBY_VERSION &&\ + /usr/share/rvm/bin/rvm install --default $RUBY_VERSION && \ apt install -y golang-glide && \ rm -rf /var/lib/apt/lists/* @@ -199,12 +199,11 @@ RUN \ RUN apt -q update && apt -q install -y \ binutils \ git \ - unzip \ gnupg2 \ libc6-dev \ - libcurl4-openssl-dev \ libedit2 \ libgcc-9-dev \ + libcurl4-openssl-dev \ libpython3-dev \ libsqlite3-0 \ libstdc++-9-dev \ diff --git a/ci/scripts/run-tests.sh b/ci/scripts/run-tests.sh index 84368ade3..19a37e745 100755 --- a/ci/scripts/run-tests.sh +++ b/ci/scripts/run-tests.sh @@ -11,7 +11,13 @@ pushd "$PROJECT_ROOT" DISABLE_BINARY="--disable-binary" fi - rvm install --default $RUBY_VERSION_UNDER_TEST $DISABLE_BINARY + # This is needed for 2.7 but also works for 2.6. For 2.6, you can also downgrade the openssl version to 1.1.1l-1ubuntu1.4 in the dockerfile with allowing downgrades for apt install -y libssl-dev=1.1.1l-1ubuntu1.4 + if [[ $RUBY_VERSION_UNDER_TEST == "2.6.10" || $RUBY_VERSION_UNDER_TEST == "2.7.8" ]]; then + OPEN_SSL_FLAG="--with-openssl-dir=/usr/share/rvm/usr/" + rvm pkg install openssl + fi + + rvm install --default $RUBY_VERSION_UNDER_TEST $DISABLE_BINARY $OPEN_SSL_FLAG ruby --version export GOPATH=$HOME/go diff --git a/features/features/cli/cli_spec.rb b/features/features/cli/cli_spec.rb index 085fdeee8..d6d9b1c02 100644 --- a/features/features/cli/cli_spec.rb +++ b/features/features/cli/cli_spec.rb @@ -49,7 +49,8 @@ expect(developer).to be_receiving_exit_code(1) end - specify 'displays an error if symlink to potential license file is dangling' do + # Dep has been deprecated since 2020 + xspecify 'displays an error if symlink to potential license file is dangling' do project = LicenseFinder::TestingDSL::BrokenSymLinkDepProject.create ENV['GOPATH'] = "#{project.project_dir}/gopath_dep" developer.run_license_finder('gopath_dep/src/foo-dep') diff --git a/features/support/testing_dsl.rb b/features/support/testing_dsl.rb index 222e04c53..727c4f77f 100644 --- a/features/support/testing_dsl.rb +++ b/features/support/testing_dsl.rb @@ -425,34 +425,34 @@ def shell_out(command) end end - class DepProject < Project - def add_dep - clone('gopath_dep') - end - - def install - orig_gopath = ENV['GOPATH'] - ENV['GOPATH'] = "#{project_dir}/gopath_dep" - shell_out('dep ensure') - ENV['GOPATH'] = orig_gopath - end - - def shell_out(command) - ProjectDir.new(Paths.project.join('gopath_dep', 'src', 'foo-dep')).shell_out(command) - end - end - - class BrokenSymLinkDepProject < Project - def add_dep - clone('gopath_dep') - end - - def install; end - - def shell_out(command) - ProjectDir.new(Paths.project.join('gopath_dep', 'src', 'foo-dep')).shell_out(command) - end - end + # class DepProject < Project + # def add_dep + # clone('gopath_dep') + # end + # + # def install + # orig_gopath = ENV['GOPATH'] + # ENV['GOPATH'] = "#{project_dir}/gopath_dep" + # shell_out('dep ensure') + # ENV['GOPATH'] = orig_gopath + # end + # + # def shell_out(command) + # ProjectDir.new(Paths.project.join('gopath_dep', 'src', 'foo-dep')).shell_out(command) + # end + # end + # + # class BrokenSymLinkDepProject < Project + # def add_dep + # clone('gopath_dep') + # end + # + # def install; end + # + # def shell_out(command) + # ProjectDir.new(Paths.project.join('gopath_dep', 'src', 'foo-dep')).shell_out(command) + # end + # end class GovendorProject < Project def add_dep diff --git a/lib/license_finder/package_managers/dep.rb b/lib/license_finder/package_managers/dep.rb index d48557681..8aec63cd1 100644 --- a/lib/license_finder/package_managers/dep.rb +++ b/lib/license_finder/package_managers/dep.rb @@ -1,43 +1,45 @@ # frozen_string_literal: true -require 'tomlrb' - -module LicenseFinder - class Dep < PackageManager - def possible_package_paths - [project_path.join('Gopkg.lock')] - end - - def current_packages - toml = Tomlrb.load_file(detected_package_path) - projects = toml['projects'] - - return [] if projects.nil? - - projects.map do |project| - GoPackage.from_dependency({ - 'ImportPath' => project['name'], - 'InstallPath' => project_path.join('vendor', project['name']), - 'Rev' => project['revision'], - 'Homepage' => repo_name(project['name']) - }, nil, true) - end - end - - def repo_name(name) - name.split('/')[0..2].join('/') - end - - def self.takes_priority_over - Go15VendorExperiment - end - - def prepare_command - 'dep ensure -vendor-only' - end - - def package_management_command - 'dep' - end - end -end +# Dep has been deprecated since 2020 +# +# require 'tomlrb' +# +# module LicenseFinder +# class Dep < PackageManager +# def possible_package_paths +# [project_path.join('Gopkg.lock')] +# end +# +# def current_packages +# toml = Tomlrb.load_file(detected_package_path) +# projects = toml['projects'] +# +# return [] if projects.nil? +# +# projects.map do |project| +# GoPackage.from_dependency({ +# 'ImportPath' => project['name'], +# 'InstallPath' => project_path.join('vendor', project['name']), +# 'Rev' => project['revision'], +# 'Homepage' => repo_name(project['name']) +# }, nil, true) +# end +# end +# +# def repo_name(name) +# name.split('/')[0..2].join('/') +# end +# +# def self.takes_priority_over +# Go15VendorExperiment +# end +# +# def prepare_command +# 'dep ensure -vendor-only' +# end +# +# def package_management_command +# 'dep' +# end +# end +# end diff --git a/lib/license_finder/package_managers/go_workspace.rb b/lib/license_finder/package_managers/go_workspace.rb index 82d2e465a..f3b2c7d17 100644 --- a/lib/license_finder/package_managers/go_workspace.rb +++ b/lib/license_finder/package_managers/go_workspace.rb @@ -51,11 +51,12 @@ def possible_package_paths def active? return false if @strict_matching + # Dep has been deprecated since 2020 godep = LicenseFinder::GoDep.new(project_path: Pathname(project_path)) - dep = LicenseFinder::Dep.new(project_path: Pathname(project_path)) # go workspace is only active if GoDep wasn't. There are some projects # that will use the .envrc and have a Godep folder as well. - !!(!godep.active? && !dep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path))) + # !!(!godep.active? && !dep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path))) + !!(!godep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path))) end private diff --git a/spec/lib/license_finder/package_managers/dep_spec.rb b/spec/lib/license_finder/package_managers/dep_spec.rb index 8ad996e69..52fc1998d 100644 --- a/spec/lib/license_finder/package_managers/dep_spec.rb +++ b/spec/lib/license_finder/package_managers/dep_spec.rb @@ -1,58 +1,60 @@ # frozen_string_literal: true -require 'spec_helper' -require 'fakefs/spec_helpers' - -module LicenseFinder - describe Dep do - it_behaves_like 'a PackageManager' - describe '#current_packages' do - subject { Dep.new(project_path: Pathname('/app'), logger: double(:logger, active: nil)) } - let(:content) do - FakeFS.without do - fixture_from('gopkg.lock') - end - end - - it 'returns the packages described by Gopkg.lock' do - FakeFS do - FileUtils.mkdir_p '/app' - File.write('/app/Gopkg.lock', content) - expect(subject.current_packages.length).to eq 3 - - expect(subject.current_packages.first.name).to eq 'github.com/Bowery/prompt' - expect(subject.current_packages.first.version).to eq '0f1139e9a1c74b57ccce6bdb3cd2f7cd04dd3449' - - expect(subject.current_packages[1].name).to eq 'github.com/dchest/safefile' - expect(subject.current_packages[1].version).to eq '855e8d98f1852d48dde521e0522408d1fe7e836a' - - expect(subject.current_packages.last.name).to eq 'golang.org/x/sys' - expect(subject.current_packages.last.version).to eq 'ebfc5b4631820b793c9010c87fd8fef0f39eb082' - end - end - - context 'the package does not have any projects in its toml' do - before do - allow(Tomlrb).to receive(:load_file).and_return({}) - end - - it 'should return an empty array' do - expect(subject.current_packages).to eq([]) - end - end - end - - describe '.prepare_command' do - subject { Dep.new(project_path: Pathname('/app'), logger: double(:logger, active: nil)) } - it 'returns the correct prepare method' do - expect(subject.prepare_command).to eq('dep ensure -vendor-only') - end - end - - describe '.package_management_command' do - it 'returns the correct package management command' do - expect(subject.package_management_command).to eq('dep') - end - end - end -end +# Dep has been deprecated since 2020 + +# require 'spec_helper' +# require 'fakefs/spec_helpers' +# +# module LicenseFinder +# describe Dep do +# it_behaves_like 'a PackageManager' +# describe '#current_packages' do +# subject { Dep.new(project_path: Pathname('/app'), logger: double(:logger, active: nil)) } +# let(:content) do +# FakeFS.without do +# fixture_from('gopkg.lock') +# end +# end +# +# it 'returns the packages described by Gopkg.lock' do +# FakeFS do +# FileUtils.mkdir_p '/app' +# File.write('/app/Gopkg.lock', content) +# expect(subject.current_packages.length).to eq 3 +# +# expect(subject.current_packages.first.name).to eq 'github.com/Bowery/prompt' +# expect(subject.current_packages.first.version).to eq '0f1139e9a1c74b57ccce6bdb3cd2f7cd04dd3449' +# +# expect(subject.current_packages[1].name).to eq 'github.com/dchest/safefile' +# expect(subject.current_packages[1].version).to eq '855e8d98f1852d48dde521e0522408d1fe7e836a' +# +# expect(subject.current_packages.last.name).to eq 'golang.org/x/sys' +# expect(subject.current_packages.last.version).to eq 'ebfc5b4631820b793c9010c87fd8fef0f39eb082' +# end +# end +# +# context 'the package does not have any projects in its toml' do +# before do +# allow(Tomlrb).to receive(:load_file).and_return({}) +# end +# +# it 'should return an empty array' do +# expect(subject.current_packages).to eq([]) +# end +# end +# end +# +# describe '.prepare_command' do +# subject { Dep.new(project_path: Pathname('/app'), logger: double(:logger, active: nil)) } +# it 'returns the correct prepare method' do +# expect(subject.prepare_command).to eq('dep ensure -vendor-only') +# end +# end +# +# describe '.package_management_command' do +# it 'returns the correct package management command' do +# expect(subject.package_management_command).to eq('dep') +# end +# end +# end +# end diff --git a/spec/lib/license_finder/package_managers/go_workspace_spec.rb b/spec/lib/license_finder/package_managers/go_workspace_spec.rb index ff24fb793..86cd3d71a 100644 --- a/spec/lib/license_finder/package_managers/go_workspace_spec.rb +++ b/spec/lib/license_finder/package_managers/go_workspace_spec.rb @@ -258,7 +258,8 @@ module LicenseFinder end end - context 'when dep is present' do + # Dep has been deprecated since 2020 + xcontext 'when dep is present' do let(:godep) { instance_double(LicenseFinder::GoDep, active?: false) } let(:dep) { instance_double(LicenseFinder::Dep, active?: true) } diff --git a/spec/lib/license_finder/package_managers/pip_spec.rb b/spec/lib/license_finder/package_managers/pip_spec.rb index 3ff469a30..c0e7917d9 100644 --- a/spec/lib/license_finder/package_managers/pip_spec.rb +++ b/spec/lib/license_finder/package_managers/pip_spec.rb @@ -48,7 +48,7 @@ module LicenseFinder context 'using default python version (python2)' do it 'should call pip install with the requirements file' do - expect(SharedHelpers::Cmd).to receive(:run).with('pip2 install -r requirements.txt') + expect(SharedHelpers::Cmd).to receive(:run).with('pip3 install -r requirements.txt') .and_return([dependency_json, '', cmd_success]) pip.prepare end @@ -57,7 +57,7 @@ module LicenseFinder let(:pip) { Pip.new(project_path: Pathname(root), pip_requirements_path: @user_provided_requirements) } it 'should use the provided requirements file' do - expect(SharedHelpers::Cmd).to receive(:run).with("pip2 install -r #{@user_provided_requirements}") + expect(SharedHelpers::Cmd).to receive(:run).with("pip3 install -r #{@user_provided_requirements}") .and_return([dependency_json, '', cmd_success]) pip.prepare end @@ -141,7 +141,7 @@ def stub_pypi(name, version, response) it 'fails to find a required distribution' do stderr = 'some-error' - command = "python #{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} some-file.txt" + command = "python3 #{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} some-file.txt" expected_error_message = "LicenseFinder command '#{command}' failed:\n\t#{stderr}" allow(LicenseFinder::SharedHelpers::Cmd).to receive(:run).with(command).and_return(['', stderr, status])