From aabe39fadb3d9b64cb1dd5c3506338f9e9997c30 Mon Sep 17 00:00:00 2001 From: Matt Briggs Date: Wed, 20 Jan 2021 15:24:09 -0800 Subject: [PATCH] use cargo deny to check dependency licenses --- Makefile | 5 +++++ integ/deny.toml | 38 ++++++++++++++++++++++++++++++++++++++ updater/deny.toml | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 integ/deny.toml create mode 100644 updater/deny.toml diff --git a/Makefile b/Makefile index b8d35b0..4f7d681 100644 --- a/Makefile +++ b/Makefile @@ -30,3 +30,8 @@ fetch-sdk: # fetches and loads the image we use to build the updater docker imag else \ echo "${BUILDER_IMAGE} is already loaded"; \ fi + +.PHONY: check-licenses +check-licenses: + cd updater && cargo deny check licenses + cd integ && cargo deny check licenses diff --git a/integ/deny.toml b/integ/deny.toml new file mode 100644 index 0000000..076b573 --- /dev/null +++ b/integ/deny.toml @@ -0,0 +1,38 @@ +[licenses] +unlicensed = "deny" + +# Deny licenses unless they are specifically listed here +copyleft = "deny" +allow-osi-fsf-free = "neither" +default = "deny" + +# We want really high confidence when inferring licenses from text +confidence-threshold = 0.93 + +# Licenses that are allowed but unused are commented out to silence warnings +allow = [ + "Apache-2.0", + #"BSD-2-Clause", + "BSD-3-Clause", + "BSL-1.0", + #"CC0-1.0", + #"ISC", + "MIT", + # OpenSSL", + "Unlicense", + "Zlib" +] + +[[licenses.clarify]] +name = "ring" +expression = "MIT AND ISC AND OpenSSL" +license-files = [ + { path = "LICENSE", hash = 0xbd0eed23 }, +] + +[[licenses.clarify]] +name = "webpki" +expression = "ISC" +license-files = [ + { path = "LICENSE", hash = 0x001c7e6c }, +] diff --git a/updater/deny.toml b/updater/deny.toml new file mode 100644 index 0000000..14ebcbf --- /dev/null +++ b/updater/deny.toml @@ -0,0 +1,38 @@ +[licenses] +unlicensed = "deny" + +# Deny licenses unless they are specifically listed here +copyleft = "deny" +allow-osi-fsf-free = "neither" +default = "deny" + +# We want really high confidence when inferring licenses from text +confidence-threshold = 0.93 + +# Licenses that are allowed but unused are commented out to silence warnings +allow = [ + "Apache-2.0", + #"BSD-2-Clause", + "BSD-3-Clause", + "BSL-1.0", + #"CC0-1.0", + "ISC", + "MIT", + "OpenSSL", + "Unlicense", + "Zlib" +] + +[[licenses.clarify]] +name = "ring" +expression = "MIT AND ISC AND OpenSSL" +license-files = [ + { path = "LICENSE", hash = 0xbd0eed23 }, +] + +[[licenses.clarify]] +name = "webpki" +expression = "ISC" +license-files = [ + { path = "LICENSE", hash = 0x001c7e6c }, +]