From 97a3da2f3e8162ce5679f4480a777dfff44d26fc Mon Sep 17 00:00:00 2001 From: Sean Busbey Date: Tue, 2 Aug 2016 00:54:50 -0500 Subject: [PATCH 1/2] HBASE-16318 consistently use the correct name for 'Apache License, Version 2.0' --- .../src/main/resources/META-INF/LICENSE.vm | 2 +- .../src/main/resources/supplemental-models.xml | 891 ++++++++++++++++++++- pom.xml | 11 + 3 files changed, 876 insertions(+), 28 deletions(-) diff --git a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm index 54f53fd..8e5c9fe 100644 --- a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm +++ b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm @@ -1624,7 +1624,7 @@ ${dep.scm.url} #thrift_license() #end ## Note that this will fail the build if we don't have a license. update supplemental-models. -#if( !(${dep.licenses[0].name.contains("Apache Software License, Version 2.0")}) ) +#if( !(${dep.licenses[0].name.contains("Apache License, Version 2.0")}) ) #if( ${dep.licenses[0].name.contains("CDDL")} ) #if( ${dep.licenses[0].name.contains("1.0")} ) #set($aggregated = $cddl_1_0.add($dep)) diff --git a/hbase-resource-bundle/src/main/resources/supplemental-models.xml b/hbase-resource-bundle/src/main/resources/supplemental-models.xml index 2f94226..d1ef951 100644 --- a/hbase-resource-bundle/src/main/resources/supplemental-models.xml +++ b/hbase-resource-bundle/src/main/resources/supplemental-models.xml @@ -36,7 +36,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -54,7 +54,25 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-beanutils + commons-beanutils-core + + + The Apache Software Foundation + http://www.apache.org/ + + + + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -64,12 +82,533 @@ under the License. - com.github.stephenc.findbugs - findbugs-annotations + com.github.stephenc.findbugs + findbugs-annotations + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.code.gson + gson + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.guava + guava + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.inject + guice + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.google.inject.extensions + guice-servlet + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + com.lmax + disruptor + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-cli + commons-cli + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-codec + commons-codec + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-configuration + commons-configuration + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-daemon + commons-daemon + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-digester + commons-digester + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-el + commons-el + Apache Commons El + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-fileupload + commons-fileupload + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-io + commons-io + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-lang + commons-lang + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-logging + commons-logging + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-net + commons-net + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + + org.apache.hadoop + hadoop-annotations + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-auth + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-client + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-common + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-hdfs + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-mapreduce-client-app + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-mapreduce-client-common + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-mapreduce-client-core + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-mapreduce-client-jobclient + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-mapreduce-client-shuffle + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-yarn-api + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-yarn-client + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-yarn-common + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.hadoop + hadoop-yarn-server-common + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + + org.apache.httpcomponents + httpclient + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.httpcomponents + httpcore + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + io.netty + netty-all + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + commons-httpclient + commons-httpclient + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + javax.inject + javax.inject + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.mortbay.jetty + jetty-util + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + log4j + log4j - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -78,12 +617,12 @@ under the License. - org.apache.httpcomponents - httpclient + org.apache.avro + avro - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -92,12 +631,12 @@ under the License. - org.apache.httpcomponents - httpcore + org.apache.commons + commons-compress - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -106,12 +645,12 @@ under the License. - io.netty - netty-all + org.apache.commons + commons-math - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -120,12 +659,12 @@ under the License. - commons-httpclient - commons-httpclient + org.apache.commons + commons-math3 - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -134,12 +673,292 @@ under the License. - org.mortbay.jetty - jetty-util + org.apache.curator + curator-client + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.curator + curator-framework + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.curator + curator-recipes + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.api + api-asn1-api + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.api + api-util + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.server + apacheds-i18n + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.directory.server + apacheds-kerberos-codec + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.htrace + htrace-core + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.thrift + libthrift + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.xmlgraphics + batik-css + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.xmlgraphics + batik-ext + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.apache.xmlgraphics + batik-util + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-core-asl + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-jaxrs + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-mapper-asl + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.codehaus.jackson + jackson-xc + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.xerial.snappy + snappy-java + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + tomcat + jasper-compiler + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + tomcat + jasper-runtime + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + xml-apis + xml-apis + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + xml-apis + xml-apis-ext - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -154,7 +973,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -168,7 +987,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -182,7 +1001,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -196,7 +1015,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -210,7 +1029,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -224,7 +1043,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -238,7 +1057,7 @@ under the License. - The Apache Software License, Version 2.0 + Apache License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo @@ -1195,4 +2014,22 @@ Copyright (c) 2007-2011 The JRuby project + + + xalan + xalan + + + The Apache Software Foundation + http://www.apache.org/ + + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + diff --git a/pom.xml b/pom.xml index 6051ba5..2515dd8 100644 --- a/pom.xml +++ b/pom.xml @@ -49,6 +49,17 @@ http://hbase.apache.org 2007 + + + + Apache License, Version 2.0 + https://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + hbase-resource-bundle hbase-server -- 2.7.2 From c46df77164eee6cec020b80333b10813d168e89c Mon Sep 17 00:00:00 2001 From: Sean Busbey Date: Tue, 2 Aug 2016 00:53:53 -0500 Subject: [PATCH 2/2] HBASE-16318 fail build while rendering velocity template if dependency license isn't in whitelist. --- .../src/main/resources/META-INF/LICENSE.vm | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm index 8e5c9fe..31e508f 100644 --- a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm +++ b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm @@ -1558,6 +1558,10 @@ You can redistribute it and/or modify it under either the terms of the GPL #set($jruby = false) ## track hadoops #set($hadoop = false) +## Whitelist of licenses that it's safe to not aggregate as above. +## Note that this doesn't include ALv2 or the aforementioned aggregate +## license mentions. +#set($non_aggregate_fine = [ 'Public Domain', 'New BSD license', 'BSD license', 'Mozilla Public License Version 2.0' ]) ## include LICENSE sections for anything not under ASL2.0 #foreach( ${dep} in ${projects} ) ## if there are no licenses we'll fail the build later, so @@ -1646,6 +1650,34 @@ ${dep.scm.url} This product includes ${dep.name} licensed under the ${dep.licenses[0].name}. ${dep.licenses[0].comments} +#if(!(${non_aggregate_fine.contains($dep.licenses[0].name)})) +Please check ^^^^^^^^^^^^ this License for acceptability here: + +https://www.apache.org/legal/resolved + +If it is okay, then update the list named 'non_aggregate_fine' in the LICENSE.vm file. +If it isn't okay, then revert the change that added the dependency. + +More info on the dependency: + +${dep.groupId} +${dep.artifactId} +${dep.version} + +maven central search +g:${dep.groupId} AND a:${dep.artifactId} AND v:${dep.version} + +project website +${dep.url} +project source +${dep.scm.url} + +## fail the template. If you're looking at the source LICENSE.vm +## file based on a stacktrace or exception message, you need to find +## the generated LICENSE file that has the actual dependency info printed. +#set($empty = []) +${empty[0]} +#end #end #end #end -- 2.7.2