From df170833ad9f5d31c81587e45cf70979c5759791 Mon Sep 17 00:00:00 2001 From: Sean Busbey Date: Tue, 2 Aug 2016 00:54:50 -0500 Subject: [PATCH 1/2] HBASE-16318 consistently use the correct name for 'Apache License, Version 2.0' --- .../src/main/resources/META-INF/LICENSE.vm | 2 +- .../src/main/resources/supplemental-models.xml | 669 ++++++++++++++++++++- pom.xml | 11 + 3 files changed, 666 insertions(+), 16 deletions(-) diff --git a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm index 54f53fd..8e5c9fe 100644 --- a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm +++ b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm @@ -1624,7 +1624,7 @@ ${dep.scm.url} #thrift_license() #end ## Note that this will fail the build if we don't have a license. update supplemental-models. -#if( !(${dep.licenses[0].name.contains("Apache Software License, Version 2.0")}) ) +#if( !(${dep.licenses[0].name.contains("Apache License, Version 2.0")}) ) #if( ${dep.licenses[0].name.contains("CDDL")} ) #if( ${dep.licenses[0].name.contains("1.0")} ) #set($aggregated = $cddl_1_0.add($dep)) diff --git a/hbase-resource-bundle/src/main/resources/supplemental-models.xml b/hbase-resource-bundle/src/main/resources/supplemental-models.xml index 2f94226..5d45a44 100644 --- a/hbase-resource-bundle/src/main/resources/supplemental-models.xml +++ b/hbase-resource-bundle/src/main/resources/supplemental-models.xml @@ -36,7 +36,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -54,7 +54,25 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-beanutils + commons-beanutils-core + + + The Apache Software Foundation + http://www.apache.org/ + + + + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -69,7 +87,232 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.code.gson + gson + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.guava + guava + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.inject + guice + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.inject.extensions + guice-servlet + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.lmax + disruptor + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-cli + commons-cli + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-codec + commons-codec + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-configuration + commons-configuration + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-daemon + commons-daemon + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-digester + commons-digester + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-el + commons-el + Apache Commons El + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-fileupload + commons-fileupload + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-io + commons-io + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-lang + commons-lang + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-logging + commons-logging + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-net + commons-net + + + + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -83,7 +326,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -97,7 +340,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -111,7 +354,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -125,7 +368,21 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + javax.inject + javax.inject + + + + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -139,7 +396,371 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + log4j + log4j + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.avro + avro + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.commons + commons-compress + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.commons + commons-math + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.commons + commons-math3 + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.curator + curator-client + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.curator + curator-framework + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.curator + curator-recipes + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.api + api-asn1-api + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.api + api-util + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.server + apacheds-i18n + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.server + apacheds-kerberos-codec + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.htrace + htrace-core + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.thrift + libthrift + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.xmlgraphics + batik-css + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.xmlgraphics + batik-ext + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.xmlgraphics + batik-util + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-core-asl + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-jaxrs + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-mapper-asl + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-xc + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.xerial.snappy + snappy-java + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + tomcat + jasper-compiler + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + tomcat + jasper-runtime + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + xml-apis + xml-apis + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + xml-apis + xml-apis-ext + + + + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -154,7 +775,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -168,7 +789,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -182,7 +803,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -196,7 +817,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -210,7 +831,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -224,7 +845,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -238,7 +859,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -1195,4 +1816,22 @@ Copyright (c) 2007-2011 The JRuby project + + + xalan + xalan + + + The Apache Software Foundation + http://www.apache.org/ + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + diff --git a/pom.xml b/pom.xml index 6051ba5..2515dd8 100644 --- a/pom.xml +++ b/pom.xml @@ -49,6 +49,17 @@ http://hbase.apache.org 2007 + + + + Apache License, Version 2.0 + https://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + hbase-resource-bundle hbase-server -- 2.7.2 From 0dd3eb03284525bc1f4e34965024fc676e1cb171 Mon Sep 17 00:00:00 2001 From: Sean Busbey Date: Tue, 2 Aug 2016 00:53:53 -0500 Subject: [PATCH 2/2] HBASE-16318 fail build while rendering velocity template if dependency license isn't in whitelist. --- .../src/main/resources/META-INF/LICENSE.vm | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm index 8e5c9fe..31e508f 100644 --- a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm +++ b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm @@ -1558,6 +1558,10 @@ You can redistribute it and/or modify it under either the terms of the GPL #set($jruby = false) ## track hadoops #set($hadoop = false) +## Whitelist of licenses that it's safe to not aggregate as above. +## Note that this doesn't include ALv2 or the aforementioned aggregate +## license mentions. +#set($non_aggregate_fine = [ 'Public Domain', 'New BSD license', 'BSD license', 'Mozilla Public License Version 2.0' ]) ## include LICENSE sections for anything not under ASL2.0 #foreach( ${dep} in ${projects} ) ## if there are no licenses we'll fail the build later, so @@ -1646,6 +1650,34 @@ ${dep.scm.url} This product includes ${dep.name} licensed under the ${dep.licenses[0].name}. ${dep.licenses[0].comments} +#if(!(${non_aggregate_fine.contains($dep.licenses[0].name)})) +Please check ^^^^^^^^^^^^ this License for acceptability here: + +https://www.apache.org/legal/resolved + +If it is okay, then update the list named 'non_aggregate_fine' in the LICENSE.vm file. +If it isn't okay, then revert the change that added the dependency. + +More info on the dependency: + +${dep.groupId} +${dep.artifactId} +${dep.version} + +maven central search +g:${dep.groupId} AND a:${dep.artifactId} AND v:${dep.version} + +project website +${dep.url} +project source +${dep.scm.url} + +## fail the template. If you're looking at the source LICENSE.vm +## file based on a stacktrace or exception message, you need to find +## the generated LICENSE file that has the actual dependency info printed. +#set($empty = []) +${empty[0]} +#end #end #end #end -- 2.7.2