license: curate incorrect license

erlang · Nov 22, 2024 · 1c12d7e · 1c12d7e
1 parent 93c4082
commit 1c12d7e
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 8 deletions.
diff --git a/.github/workflows/license-scanner.yaml b/.github/workflows/license-scanner.yaml
@@ -55,6 +55,7 @@ jobs:
       - name: License Compliance Check
         run: |
             pip install scancode-toolkit==32.3.0
+            scancode-reindex-licenses --additional-directory scripts/licensedetection/
             scripts/scan-code.escript --file-or-dir "${{ steps.new-files.outputs.new_files }}" \
                 --sarif results.sarif
 
@@ -86,4 +87,4 @@ jobs:
         if: ${{ !cancelled() }}
         uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # ratchet:github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: "SARIF file/results.sarif"
+          sarif_file: "SARIF file/results.sarif"
diff --git a/scripts/licensedetection/licenses/apache-2.0-or-lgpl-2.1-or-later.LICENSE b/scripts/licensedetection/licenses/apache-2.0-or-lgpl-2.1-or-later.LICENSE
@@ -0,0 +1,47 @@
+##
+## %CopyrightBegin%
+##
+## Copyright Ericsson AB 2024. All Rights Reserved.
+##
+## Licensed under the Apache License, Version 2.0 (the "License");
+## you may not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##
+##     http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+## %CopyrightEnd%
+
+---
+key: apache-2.0-or-lgpl-2.1-or-later
+short_name: Apache 2.0 OR LGPL-2.1-or-later
+name: Apache 2.0 OR LGPL 2.1 or later
+category: Permissive
+owner: Unspecified
+spdx_license_key: Apache-2.0 OR LGPL-2.1-or-later
+---
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may
+not use this file except in compliance with the License. You may obtain
+a copy of the License at <http://www.apache.org/licenses/LICENSE-2.0>
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Alternatively, you may use this file under the terms of the GNU Lesser
+General Public License (the "LGPL") as published by the Free Software
+Foundation; either version 2.1, or (at your option) any later version.
+If you wish to allow use of your version of this file only under the
+terms of the LGPL, you should delete the provisions above and replace
+them with the notice and other provisions required by the LGPL; see
+<http://www.gnu.org/licenses/>. If you do not delete the provisions
+above, a recipient may use your version of this file under the terms of
+either the Apache License or the LGPL.
diff --git a/scripts/scan-code.escript b/scripts/scan-code.escript
@@ -47,13 +47,15 @@ reviewed() ->
       <<"autoconf-simple-exception">>, <<"unicode">>, <<"tcl">>, <<"gpl-2.0 WITH classpath-exception-2.0">>,
       <<"zlib">>, <<"lgpl-2.0-plus WITH wxwindows-exception-3.1">>,
       <<"openssl-ssleay">>, <<"cc-by-sa-3.0">>, <<"cc-by-4.0">>, <<"dco-1.1">>, <<"fsf-ap">>,
-      <<"classpath-exception-2.0">>, <<"ietf-trust">> ].
+      <<"classpath-exception-2.0">>, <<"ietf-trust">>, <<"apache-2.0-or-lgpl-2.1-or-later">> ].
 
 not_approved() ->
     [<<"gpl">>, <<"gpl-3.0-plus">>, <<"gpl-2.0">>, <<"gpl-1.0-plus">>, <<"unlicense">>,
      <<"lgpl-2.0-plus">>, <<"lgpl-2.1-plus">>, <<"agpl-1.0-plus">>, <<"agpl-1.0">>,
-     <<"agpl-3.0-plus">>, <<"erlangpl-1.1">>, <<"gpl-2.0-plus">>, <<"null">>, <<"agpl-3.0">>,
-     <<"mpl-1.1">>, 'null'].
+     <<"agpl-3.0-plus">>, <<"erlangpl-1.1">>, <<"gpl-2.0-plus">>, <<"agpl-3.0">>, <<"mpl-1.1">>].
+
+no_license() ->
+    [<<"null">>, 'null'].
 
 scan_option() ->
     #{name => scan_option,
@@ -90,6 +92,7 @@ sarif_option() ->
       long => "-sarif"}.
 
 scancode(Config) ->
+    io:format("Files to scan: ~ts~n", [maps:get(file_or_dir, Config, none)]),
     ok = cp_files(Config),
     scan_folder(Config).
 
@@ -139,6 +142,7 @@ execute(Command, Config) ->
     Licenses = fetch_licenses(folder_path(Config), Json),
 
     Errors = compliance_check(Licenses),
+    io:format("Errors: ~p~n", [Errors]),
 
     maps:get(sarif, Config) =/= undefined andalso
         sarif(maps:get(sarif, Config), Errors),
@@ -147,22 +151,27 @@ execute(Command, Config) ->
     ok.
 
 compliance_check(Licenses) when is_list(Licenses) ->
-    lists:foldl(fun ({Path, License, SPDX, Copyright}, Acc) ->
+    lists:foldl(fun ({Path, License, SPDX0, Copyright}, Acc) ->
+                        SPDX = spdx_nonnull(SPDX0),
                         CopyrightResult = check_copyright(Copyright),
                         LicenseResult = compliance_check(License),
                         R = lists:foldl(fun (ok, Acc0) -> Acc0;
                                             ({error, Msg}, Acc0) -> [{SPDX, Path, Msg} | Acc0]
                                         end, [], [CopyrightResult, LicenseResult]),
                         R ++ Acc
                     end, [], Licenses);
-compliance_check('null') ->
-    {error, no_license};
 compliance_check(License) ->
-    Handler = [ {not_approved(), {error, license_not_approved}},
+    Handler = [ {no_license(), {error, no_license}},
+                {not_approved(), {error, license_not_approved}},
                 {reviewed(), {error, license_to_be_reviewed}},
                 {approved(), ok}],
     license_check(License, Handler).
 
+spdx_nonnull(null) ->
+    <<"no license/copyright">>;
+spdx_nonnull(X) ->
+    X.
+
 check_copyright([]) ->
     {error, no_copyright};
 check_copyright([#{<<"copyright">> := _} | _]) ->
@@ -289,6 +298,19 @@ error_type_to_description({no_license, _}) ->
     scancode has not found any license in this file.  To fix this,
     add a license declaration to the top of the file.
     """;
+error_type_to_description({no_copyright, _}) ->
+    ~"""
+    scancode has not found any copyright in this file.  To fix this,
+    add a copyright declaration to the top of the file.
+    """;
+error_type_to_description({license_to_be_reviewed, L}) ->
+    unicode:characters_to_binary(
+        io_lib:format(
+            """
+            The license ~ts must be reviewed manually.
+            This license is only allowed under certain
+            special circumstances.
+            """, [L]));
 error_type_to_description({license_not_recognised, L}) ->
     unicode:characters_to_binary(
         io_lib:format(