gemterms 0.1.0

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/MIT-LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Jon Williams
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,37 @@
+# Gemterms
+Checks the licensing of your Gemfile.
+
+## Status
+
+This is an early release. It's functional, but I'll be adding more useful
+utilities soon.
+
+## Installation and Usage
+
+To install, simply grab the gem:
+
+    gem install gemterms
+
+Change a project directory with a Gemfile (e.g. Your Rails v3+ project) and
+type:
+
+    gemterms report
+
+This will output a list (known) licenses for your gems. For more
+information and options, run gemterms with the --help option:
+    
+    gemterms --help
+ 
+## Use of this Software
+
+This tool is based upon a number of heuristics and guesses. It should not 
+be treated as legal advice. The MIT-LICENSE.txt really applies here.
+
+Help is more than welcome. Use the usual Fork, Pull Request approach to 
+contribute. In particular, it's good to get additional licenses and
+compatabilities.
+
+## License
+MIT Licensed. See MIT-LICENSE.txt for more information.
+
+Thanks, [@jonathannen](http://twitter.com/jonathannen).

data/Rakefile

@@ -0,0 +1,9 @@
+require 'rake/testtask'
+require 'bundler/gem_tasks'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/bin/gemterms

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require 'gemterms'
+require 'gemterms/gem_runner'
+Gemterms::GemRunner.new(ARGV)

data/compatability.yml

@@ -0,0 +1,395 @@
+licenses:
+  references:
+    A: "http://opensource.org/licenses/alphabetical"
+    B: "http://www.gnu.org/licenses/licenses.html"
+    1: "http://www.ruby-lang.org/en/about/license.txt"
+    2: "http://www.gnu.org/licenses/license-list.html#WTFPL"
+    3: "http://www.gnu.org/licenses/license-list.html#apache2"
+    4: "http://www.gnu.org/licenses/license-list.html#ArtisticLicense2"
+    5: "http://www.gnu.org/licenses/license-list.html#ModifiedBSD"
+    6: "http://www.gnu.org/licenses/license-list.html#FreeBSD"
+    7: "http://www.gnu.org/licenses/license-list.html#boost"
+    8: "http://www.gnu.org/licenses/license-list.html#Expat"
+
+  # Special cases
+  #*: "http://opensource.org/faq#public-domain"
+  "Public Domain":
+    name: "United States Public Domain"
+    unknown: true
+
+  # Top Level Classifications
+  "GNU Software":
+    name: "GNU Software Licenses"
+    unknown: true
+    uri: "http://www.gnu.org/licenses/licenses.html"
+
+  "OSI Approved":
+    name: "Open Source Initiative License"
+    unknown: true
+
+  "Proprietary":
+    name: "Proprietary License"
+    unknown: true
+
+  "Unknown":
+    name: "Not supplied, unknown or unclassified License"
+    unknown: true
+
+  # OSI Approved Licenses
+  "AFL-3.0":
+    A: "OSI Approved"
+    name: "Academic Free License 3.0"
+    uri: "http://opensource.org/licenses/AFL-3.0"
+  "AGPL-3.0":
+    A: "OSI Approved"
+    B: "GNU Software"
+    name: "Affero GNU Public License"
+    uri: "http://opensource.org/licenses/AGPL-3.0"
+  "APL-1.0":
+    A: "OSI Approved"
+    name: "Adaptive Public License"
+    uri: "http://opensource.org/licenses/APL-1.0"
+  "Apache-2.0":
+    A: "OSI Approved"
+    3: "GPL-3.0"
+    name: "Apache License 2.0"
+    uri: "http://opensource.org/licenses/Apache-2.0"
+  "APSL-2.0":
+    A: "OSI Approved"
+    name: "Apple Public Source License"
+    uri: "http://opensource.org/licenses/APSL-2.0"
+  "Artistic-2.0":
+    A: "OSI Approved"
+    4: ["GPL-2.0", "GPL-3.0"]
+    name: "Artistic license 2.0"
+    uri: "http://opensource.org/licenses/Artistic-2.0"
+  "AAL":
+    A: "OSI Approved"
+    name: "Attribution Assurance Licenses"
+    uri: "http://opensource.org/licenses/AAL"
+  "BSD-3-Clause":
+    A: "OSI Approved"
+    5: ["GPL-2.0", "GPL-3.0"]
+    name: "BSD 3-Clause \"New\" or \"Revised\" License"
+    uri: "http://opensource.org/licenses/BSD-3-Clause"
+  "BSD-2-Clause":
+    A: "OSI Approved"
+    6: ["GPL-2.0", "GPL-3.0"]
+    name: "BSD 2-Clause \"Simplified\" or \"FreeBSD\" License"
+    uri: "http://opensource.org/licenses/BSD-2-Clause"
+  "BSL-1.0":
+    A: "OSI Approved"
+    7: ["GPL-2.0", "GPL-3.0"]
+    name: "Boost Software License"
+    uri: "http://opensource.org/licenses/BSL-1.0"
+  "CATOSL-1.1":
+    A: "OSI Approved"
+    name: "Computer Associates Trusted Open Source License 1.1"
+    uri: "http://opensource.org/licenses/CATOSL-1.1"
+  "CDDL-1.0":
+    A: "OSI Approved"
+    name: "Common Development and Distribution License 1.0"
+    uri: "http://opensource.org/licenses/CDDL-1.0"
+  "CPAL-1.0":
+    A: "OSI Approved"
+    name: "Common Public Attribution License 1.0"
+    uri: "http://opensource.org/licenses/CPAL-1.0"
+  "CUA-OPL-1.0":
+    A: "OSI Approved"
+    name: "CUA Office Public License Version 1.0"
+    uri: "http://opensource.org/licenses/CUA-OPL-1.0"
+  "EUDatagrid":
+    A: "OSI Approved"
+    name: "EU DataGrid Software License"
+    uri: "http://opensource.org/licenses/EUDatagrid"
+  "EPL-1.0":
+    A: "OSI Approved"
+    name: "Eclipse Public License 1.0"
+    uri: "http://opensource.org/licenses/EPL-1.0"
+  "ECL-2.0":
+    A: "OSI Approved"
+    name: "Educational Community License, Version 2.0"
+    uri: "http://opensource.org/licenses/ECL-2.0"
+  "EFL-2.0":
+    A: "OSI Approved"
+    name: "Eiffel Forum License V2.0"
+    uri: "http://opensource.org/licenses/EFL-2.0"
+  "Entessa":
+    A: "OSI Approved"
+    name: "Entessa Public License"
+    uri: "http://opensource.org/licenses/Entessa"
+  "EUPL-1.1":
+    A: "OSI Approved"
+    name: "European Union Public License, Version 1.1"
+    uri: "http://opensource.org/licenses/EUPL-1.1"
+  "Fair":
+    A: "OSI Approved"
+    name: "Fair License"
+    uri: "http://opensource.org/licenses/Fair"
+  "Frameworx-1.0":
+    A: "OSI Approved"
+    name: "Frameworx License"
+    uri: "http://opensource.org/licenses/Frameworx-1.0"
+  "AGPL-3.0":
+    A: "OSI Approved"
+    B: "GNU Software"
+    name: "GNU Affero General Public License v3"
+    uri: "http://opensource.org/licenses/AGPL-3.0"
+  "GPL-2.0":
+    A: "OSI Approved"
+    B: "GNU Software"
+    name: "GNU General Public License version 2.0"
+    uri: "http://opensource.org/licenses/GPL-2.0"
+  "GPL-3.0":
+    A: "OSI Approved"
+    B: "GNU Software"
+    name: "GNU General Public License version 3.0"
+    uri: "http://opensource.org/licenses/GPL-3.0"
+  "LGPL-2.1":
+    A: "OSI Approved"
+    B: "GNU Software"
+    name: "GNU Library or \"Lesser\" General Public License version 2.1"
+    uri: "http://opensource.org/licenses/LGPL-2.1"
+  "LGPL-3.0":
+    A: "OSI Approved"
+    B: "GNU Software"
+    name: "GNU Library or \"Lesser\" General Public License version 3.0"
+    uri: "http://opensource.org/licenses/LGPL-3.0"
+  "HPND":
+    A: "OSI Approved"
+    name: "Historical Permission Notice and Disclaimer"
+    uri: "http://opensource.org/licenses/HPND"
+  "IPL-1.0":
+    A: "OSI Approved"
+    name: "IBM Public License 1.0"
+    uri: "http://opensource.org/licenses/IPL-1.0"
+  "IPA":
+    A: "OSI Approved"
+    name: "IPA Font License"
+    uri: "http://opensource.org/licenses/IPA"
+  "ISC":
+    A: "OSI Approved"
+    name: "ISC License"
+    uri: "http://opensource.org/licenses/ISC"
+  "LPPL-1.3c":
+    A: "OSI Approved"
+    name: "LaTeX Project Public License 1.3c"
+    uri: "http://opensource.org/licenses/LPPL-1.3c"
+  "LPL-1.02":
+    A: "OSI Approved"
+    name: "Lucent Public License Version 1.02"
+    uri: "http://opensource.org/licenses/LPL-1.02"
+  "MirOS":
+    A: "OSI Approved"
+    name: "MirOS Licence"
+    uri: "http://opensource.org/licenses/MirOS"
+  "MS-PL":
+    A: "OSI Approved"
+    name: "Microsoft Public License"
+    uri: "http://opensource.org/licenses/MS-PL"
+  "MS-RL":
+    A: "OSI Approved"
+    name: "Microsoft Reciprocal License"
+    uri: "http://opensource.org/licenses/MS-RL"
+  "MIT":
+    A: "OSI Approved"
+    8: ["GPL-2.0", "GPL-3.0"]
+    name: "MIT license"
+    uri: "http://opensource.org/licenses/MIT"
+  "Motosoto":
+    A: "OSI Approved"
+    name: "Motosoto License"
+    uri: "http://opensource.org/licenses/Motosoto"
+  "MPL-2.0":
+    A: "OSI Approved"
+    name: "Mozilla Public License 2.0"
+    uri: "http://opensource.org/licenses/MPL-2.0"
+  "Multics":
+    A: "OSI Approved"
+    name: "Multics License"
+    uri: "http://opensource.org/licenses/Multics"
+  "NASA-1.3":
+    A: "OSI Approved"
+    name: "NASA Open Source Agreement 1.3"
+    uri: "http://opensource.org/licenses/NASA-1.3"
+  "NTP":
+    A: "OSI Approved"
+    name: "NTP License"
+    uri: "http://opensource.org/licenses/NTP"
+  "Naumen":
+    A: "OSI Approved"
+    name: "Naumen Public License"
+    uri: "http://opensource.org/licenses/Naumen"
+  "NGPL":
+    A: "OSI Approved"
+    name: "Nethack General Public License"
+    uri: "http://opensource.org/licenses/NGPL"
+  "Nokia":
+    A: "OSI Approved"
+    name: "Nokia Open Source License"
+    uri: "http://opensource.org/licenses/Nokia"
+  "NPOSL-3.0":
+    A: "OSI Approved"
+    name: "Non-Profit Open Software License 3.0"
+    uri: "http://opensource.org/licenses/NPOSL-3.0"
+  "OCLC-2.0":
+    A: "OSI Approved"
+    name: "OCLC Research Public License 2.0"
+    uri: "http://opensource.org/licenses/OCLC-2.0"
+  "OFL-1.1":
+    A: "OSI Approved"
+    name: "Open Font License 1.1"
+    uri: "http://opensource.org/licenses/OFL-1.1"
+  "OGTSL":
+    A: "OSI Approved"
+    name: "Open Group Test Suite License"
+    uri: "http://opensource.org/licenses/OGTSL"
+  "OSL-3.0":
+    A: "OSI Approved"
+    name: "Open Software License 3.0"
+    uri: "http://opensource.org/licenses/OSL-3.0"
+  "PHP-3.0":
+    A: "OSI Approved"
+    name: "PHP License 3.0"
+    uri: "http://opensource.org/licenses/PHP-3.0"
+  "PostgreSQL":
+    A: "OSI Approved"
+    name: "The PostgreSQL License"
+    uri: "http://opensource.org/licenses/PostgreSQL"
+  "Python-2.0":
+    A: "OSI Approved"
+    name: "Python License"
+    uri: "http://opensource.org/licenses/Python-2.0"
+  "CNRI-Python":
+    A: "OSI Approved"
+    name: "CNRI Python license"
+    uri: "http://opensource.org/licenses/CNRI-Python"
+  "QPL-1.0":
+    A: "OSI Approved"
+    name: "Q Public License"
+    uri: "http://opensource.org/licenses/QPL-1.0"
+  "RPSL-1.0":
+    A: "OSI Approved"
+    name: "RealNetworks Public Source License V1.0"
+    uri: "http://opensource.org/licenses/RPSL-1.0"
+  "RPL-1.5":
+    A: "OSI Approved"
+    name: "Reciprocal Public License 1.5"
+    uri: "http://opensource.org/licenses/RPL-1.5"
+  "RSCPL":
+    A: "OSI Approved"
+    name: "Ricoh Source Code Public License"
+    uri: "http://opensource.org/licenses/RSCPL"
+  "SimPL-2.0":
+    A: "OSI Approved"
+    name: "Simple Public License 2.0"
+    uri: "http://opensource.org/licenses/SimPL-2.0"
+  "Sleepycat":
+    A: "OSI Approved"
+    name: "Sleepycat License"
+    uri: "http://opensource.org/licenses/Sleepycat"
+  "SPL-1.0":
+    A: "OSI Approved"
+    name: "Sun Public License 1.0"
+    uri: "http://opensource.org/licenses/SPL-1.0"
+  "Watcom-1.0":
+    A: "OSI Approved"
+    name: "Sybase Open Watcom Public License 1.0"
+    uri: "http://opensource.org/licenses/Watcom-1.0"
+  "NCSA":
+    A: "OSI Approved"
+    name: "University of Illinois/NCSA Open Source License"
+    uri: "http://opensource.org/licenses/NCSA"
+  "VSL-1.0":
+    A: "OSI Approved"
+    name: "Vovida Software License v. 1.0"
+    uri: "http://opensource.org/licenses/VSL-1.0"
+  "W3C":
+    A: "OSI Approved"
+    name: "W3C License"
+    uri: "http://opensource.org/licenses/W3C"
+  "WXwindows":
+    A: "OSI Approved"
+    name: "wxWindows Library License"
+    uri: "http://opensource.org/licenses/WXwindows"
+  "Xnet":
+    A: "OSI Approved"
+    name: "X.Net License"
+    uri: "http://opensource.org/licenses/Xnet"
+  "ZPL-2.0":
+    A: "OSI Approved"
+    name: "Zope Public License 2.0"
+    uri: "http://opensource.org/licenses/ZPL-2.0"
+  "Zlib":
+    A: "OSI Approved"
+    name: "zlib/libpng license"
+    uri: "http://opensource.org/licenses/Zlib"
+
+  
+  # Other Licenses
+  "Ruby":
+    1: "BSD-2-Clause"
+    name: "Ruby License"
+    uri: "http://www.ruby-lang.org/en/about/license.txt"
+
+  "WTFPL":
+    2: ["!GPL-2.0", "GPL-3.0"]
+    #@todo "!Public Domain"
+    name: "Do What The Fuck You Want To Public License"
+    uri: "http://www.wtfpl.net/about/"
+
+  # References used in gem specifications of RubyGems. This is free-form, so
+  # tends to have a lot of variation. This maps directly to the "known"
+  # formats. 
+  #
+  # Modifying these values:
+  # - If the mapping is ambiguous, choose the most restrictive form. For 
+  # example, "BSD" maps to the 3-Clause BSD.
+  #
+  # - If the mapping is not completely clear, add a bang "!" on the beginning
+  # to generate a warning.
+  rubygems:
+    "MIT":                  "MIT"
+    "LGPLv2":               "!LGPL-2.1"
+    "BSD":                  "BSD-3-Clause"
+    "Apache License 2.0":   "Apache-2.0"
+    "BSD-2-Clause":         "BSD-2-Clause"
+    "Ruby":                 "Ruby"
+    "APLv2":                "!Apache-2.0"
+    "Apache-2.0":           "Apache-2.0"
+    "GPL-3":                "GPL-3.0"
+    "Apache License Version 2.0": "Apache-2.0"
+    "GPL-V2+":              "GPL-3.0"
+    "Ruby's":               "Ruby"
+    "Apache 2.0":           "GPL-3.0"
+    "Artistic 2.0":         "Artistic-2.0"
+    "LGPL-2":               "!LGPL-2.1"
+    "GPLv3":                "GPL-3.0"
+    "BSD + MPL 1.1/GPL 2.0/LGPL 2.1": ["BSD-3-Clause", "GPL-2.0", "LGPL-2.1"]
+    "WTFPL":                "WTFPL"
+    "LGPL-3":               "LGPL-3.0"
+    "GPL":                  "!GPL-3.0"
+    "Ruby or LGPLv3+":      ["Ruby", "LGPL-3.0"]
+    "New BSD":              "BSD-3-Clause"
+    "MIT-LICENSE":          "MIT"
+    "Public Domain":        "Public Domain"
+    "LGPLv2.1":             "LGPL-2.1"
+    "GPL-2":                "GPL-2.0"
+    "GPLv2+":               "GPL-2.0"
+    "GPLv2":                "GPL-2.0"
+    "Ruby 1.8":             "Ruby"
+    "MIT License":          "MIT"
+    "BSD-3-Clause":         "BSD-2-Clause"
+    "Apache v2":            "Apache-2.0"
+    "LGPL v2.1":            "LGPL-2.1"
+    "GPL-2 or later":       "GPLv2"
+    "2-clause BSD-style license": "BSD-2-Clause"
+    "Apache Software License 2.0": "Apache-2.0"
+    "Ruby License":         "Ruby"
+    "LGPL-2.0+":            "LGPL-2.1"
+    "GNU GPL v2":           "GPL-2.0"
+    "LGPLv3":               "LGPL-3.0"
+    "BSD-3":                "BSD-3-Clause"
+    "LGPLv2.1 or later":    "LGPL-2.1"
+    "Ruby's and PSFL (lib/test/unit/diff.rb)": ["Ruby", "!Python-2.0"]
+    "2-clause BSDL":        "BSD-2-Clause"

data/gemterms.gemspec

@@ -0,0 +1,19 @@
+Gem::Specification.new do |s|
+  s.name        = 'gemterms'
+  s.version     = '0.1.0'
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ['Jon Williams']
+  s.email       = ['jon@jonathannen.com']
+  s.homepage    = 'https://github.com/jonathannen/gemterms'
+  s.summary     = 'Checks the licensing of your Gemfile.'
+  s.description = 'Scans Gemfiles to see what licenses are in use.'
+
+  s.license = "MIT"
+
+  s.files         = `git ls-files`.split($/)
+  s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.require_paths = ["lib"]
+
+  s.add_runtime_dependency 'bundler', '>= 1.0.10'
+end

data/lib/gemterms.rb

@@ -0,0 +1,5 @@
+module Gemterms
+end
+
+require 'gemterms/license'
+require 'gemterms/project'

data/lib/gemterms/gem_filer.rb

@@ -0,0 +1,143 @@
+require 'rubygems'
+require 'bundler'
+require 'time'
+require 'gemterms/ruby_gems'
+
+module Gemterms
+  
+  # Accepts a Gemfile and Gemfile.lock to produce a <tt>Gemterm::Project</tt> 
+  # based upon the rubygems defined. Can output statistics on that basis.
+  class GemFiler
+    attr_accessor :disable_api, :use_remotes
+    attr_reader :bundle, :project
+
+    def initialize(licenser)
+      @licenser = licenser
+      @use_remotes = @disable_api = false
+    end
+
+    def read_bundle
+      # Read the Bundle from the Gem and Lockfiles
+      Bundler.settings[:frozen] = true
+      @bundle = Bundler::Dsl.evaluate(@gemfile, @lockfile, {})
+    end
+
+    def read_bundle_specs
+      read_bundle
+      missing = []
+      @specs = bundle.resolve.materialize(bundle.dependencies, missing)
+
+      # Happy path - all the specs are available locally.
+      if missing.length == 0
+        # Use requested specs instead. This is due to the fact that
+        # bundler cleverly excludes itself. However, if it's an explicit
+        # spec we want to evaluate it's licence too (ps. It's MIT)
+        @specs = bundle.requested_specs
+        return true
+      end
+      
+      # If we can, try and get the additional gem data from RubyGem sources
+      # (typically https://rubygems.org). Otherwise give the user a warning.
+      if use_remotes
+puts "Sourcing gem information from gem sources. This may take some time."
+        read_bundle
+        @specs = bundle.resolve_remotely!
+      else
+        # @todo This path will be missing bundler - if it was supplied.
+        puts missing.length == 1 ? "The following gem isn't installed:" : "The following gems aren't installed:"
+        puts <<-INST
+  #{missing.map { |s| s.full_name } * ', '}
+
+We cannot report on uninstalled gems. You can use `bundle install` to install.
+Alternatively, if you run with the `--use-remotes` option, gemterms will use 
+your RubyGem sources to load gem metadata (note, this will be slower).
+
+INST
+      end
+    end
+
+    def process(gemfile, lockfile)
+      @gemfile = gemfile
+      @lockfile = lockfile
+      @project = Project.new
+
+      read_bundle_specs
+      load_specs
+      @project
+    end
+
+    protected
+
+    def load_specs
+      # @todo Do we include *all* dependencies of a given gem here? Technically
+      # they are not in use, but they are linked to the gem. Maybe one for
+      # --very-strict mode
+      @sources = {}
+      @specs.each do |spec|
+        spec = spec.__materialize__ if Bundler::LazySpecification == spec
+        @project << load_spec_as_component(spec)
+      end
+      puts "\n\n" if @sources.length > 0
+      @project
+    end
+
+    def load_spec_as_component(spec)
+      if spec.licenses.nil? || spec.licenses == []
+        licenses = []
+        if (spec.source.class == Bundler::Source::Rubygems) && !disable_api 
+          puts "Getting missing license data from gem source (use --disable-api to skip) " if @sources.length == 0
+          STDOUT.print(".") & STDOUT.flush
+          licenses = rubygem_licences_from_spec(spec)
+        end
+      else
+        licenses = spec.licenses
+      end
+      component = Component.new(spec.name, spec.version, @licenser.rubygem_licenses(licenses))
+    end
+
+    # Iterates over the remotes in the spec, using the API to access rubygem
+    # data. If a particular remote ever fails, it's not tried again.
+    # 
+    # @param [ Gem::Specification ] spec The specification to source
+    # @return [ Array<String> ] the array of license strings (can be empty)
+    def rubygem_licences_from_spec(spec)
+      # Try every remote until we (hopefully) get a result
+      licenses = spec.source.remotes.each do |remote|
+        begin
+          source = @sources[remote]
+          next if source == :unavailable
+          @sources[remote] = source = RubyGems.new(remote) if source.nil?
+          licenses = rubygem_licenses_from_versions(spec, source)
+          return licenses unless licenses.nil?
+        rescue SourceUnavailableError => sae
+          @sources[source] = :unavailable
+          nil
+        end
+      end
+      []
+    end
+
+    def rubygem_licenses_from_versions(spec, source)
+      versions = source.versions(spec.name)
+
+      # Try for an exact match. If this has license information, we'll use it.
+      version = versions.detect { |v| v["number"] == spec.version.to_s }
+      licenses = version.nil? ? nil : version["licenses"]
+
+      # Try for any later version. e.g. Rails 4 is marked as MIT licensed,
+      # but earlier versions aren't. We assume MIT for the earlier versions.
+      # @todo this should be disabled when a --strict mode is introduced.
+      if licenses.nil? || licenses == []
+        version = versions.detect do |v| 
+          (Gem::Version.new(v["number"]) > spec.version) && 
+            !v["licenses"].nil? && v["licenses"].length > 0
+        end
+        licenses = version.nil? ? nil : version["licenses"] 
+      end
+      
+      licenses
+    end
+
+  end
+
+end

data/lib/gemterms/gem_runner.rb

@@ -0,0 +1,96 @@
+require 'gemterms/gem_filer'
+require 'gemterms/runner'
+
+module Gemterms
+
+  # Command line utility for running reports on Bundler (Gemfile) based
+  # projects. Think includes Rails v3+ projects.
+  class GemRunner < Runner
+    attr_reader :no_remote
+
+    def gemfiles(args)
+      @gemfile = args.shift || "./Gemfile"
+      @lockfile = args.shift || "./Gemfile.lock"
+      errors = []
+      errors << "Couldn't file '#{@gemfile}'." unless File.exists?(@gemfile)
+      errors << "Couldn't file '#{@lockfile}'." unless File.exists?(@lockfile)
+      if errors.length > 0
+        puts "#{errors * ' '} Run 'gemterms --help' if you need more information."
+        exit -1
+      end
+    end
+
+    def initialize(args)
+      super('gem', 'gems')
+      return if standard_commands(args)
+
+      filer = GemFiler.new(licenser)
+      filer.disable_api = @disable_api = !!args.delete("--disable-api")
+      filer.use_remotes = @use_remotes = !!args.delete("--use-remotes")
+
+      case (args.shift || 'report')
+      when 'report'
+        gemfiles(args)
+        @project = filer.process(@gemfile, @lockfile)
+        commentary = "This is from the #{counter(filer.bundle.dependencies.length)} listed in your Gemfile, plus any dependencies."
+        stats(commentary)
+        ruler && license_breakdown
+
+        unlicensed = @project.count_unlicensed
+        ruler && no_remote_instructions(unlicensed) if no_remote && (unlicensed > 0)
+      end
+    end
+
+    # Instructions when there is missing license information, but the user
+    # has specified --disable-api - preventing remote license sources being used.
+    def no_remote_instructions(unlicensed)
+      puts <<-INST
+There is no license defined for #{counter(unlicensed)}. You are running with the `--disable-api`
+option. If you remove this option, gemterms will attempt to use RubyGems and 
+other sources for license information.
+INST
+      true
+    end
+
+    # Show usage instructions
+    def usage
+      puts <<-USAGE
+Usage:
+
+  gemterms
+    Equivalent to `gemfile report` below.
+
+  gemterms --help
+    Outputs these usage instructions.
+  
+  gemterms list-licenses
+    Outputs a list of licenses that are referenced by this tool. This list is
+    in the form "<name> [<code>]". You can use the code to look up licenses.
+
+  gemterms report [options] [GEMFILE] [LOCKFILE]
+    Produces a report on license usage.
+
+  gemterms show-license <code>
+    Shows the details for the license given the code. e.g. Try the code
+    Ruby for details of the ruby license. See also "list-licenses" above.
+
+Options:
+  GEMFILE and LOCKFILE will default to your current directory. Generally you'll
+  run gemterms from your Rails (or similar project) directory and omit these
+  arguments.
+
+  --disable-api
+    If the gem metadata isn't complete, gemterms seeks additional information
+    from the source (e.g. RubyGems) API. This option disables that feature.
+
+  --use-remotes
+    If gem metadata is not available, gemterms will use the gem sources (e.g
+    https://rubygems.org).
+
+USAGE
+      true
+    end
+
+  end
+
+end

data/lib/gemterms/license.rb

@@ -0,0 +1,108 @@
+require 'yaml'
+
+module Gemterms
+
+  # An actual license in the system. For example an MIT License, or BSD
+  # 3-Clause License.
+  class License
+    attr_accessor :unknown
+    attr_reader :classified, :compatible, :code, :name, :uri
+    alias :unknown? :unknown
+    
+    def initialize(code, data)
+      @code = code || "Unknown"
+      @name = data.delete("name")
+      @uri = data.delete("uri")
+
+      @classified = []
+      @compatible = []
+      @unknown = false
+    end  
+
+    def inspect 
+      "#<License code=#{code} name='#{name}' uri=#{uri} compat_count=#{@compatible.length}>"
+    end
+
+    def mark_classified(*args)
+      @classified << args
+    end
+
+    #license, fer, warning = false
+    def mark_compatible(*args)
+      @compatible << args
+    end
+
+    def to_s
+      "#{name} [#{code}]"
+    end
+
+  end
+
+  class Licensing
+    attr_reader :licenses, :references, :unknown_license
+
+    UNKNOWN_LICENSE_CODE = "Unknown"
+
+    def[](code)
+      licenses[code] || @unknown_license
+    end
+
+    def initialize(filename = nil)
+      filename ||= File.join(File.dirname(__FILE__), '..', '..', 'compatability.yml')
+      load(filename)
+    end
+
+    def inspect
+      "#<Licensing licence_count=#{@licenses.length}>"
+    end
+
+    # @param [ String, Array ] term_or_terms The terms provided in the license 
+    # or licenses portion of the rubygem specification.
+    #
+    # @return [ Array<License> ] The given licenses.
+    def rubygem_licenses(term_or_terms)
+      return [unknown_license] if term_or_terms == []      
+      values = term_or_terms.respond_to?(:map) ? term_or_terms : [term_or_terms.to_s]
+      values = values.map { |v| @rubygems[v.to_s] || "Unknown" }
+      values.map { |v| self[v] }
+    end
+
+    protected
+
+    def load(filename)
+      data = YAML.load(File.read(filename))["licenses"]
+      
+      @references = data.delete("references")
+      @rubygems = data.delete("rubygems")
+
+      @licenses = data.inject({}) { |memo,(code, element)| memo[code] = License.new(code, element); memo }
+      @unknown_license = self[UNKNOWN_LICENSE_CODE]
+      @unknown_license.unknown = true
+
+      data.each do |code,element|
+        target = self[code]
+        element.each do |ref, value|
+          next unless ref.to_s[0] =~ /[A-Z0-9]/
+          names = value.respond_to?(:each) ? value : [value.to_s]
+          compat = ref.to_i.to_s == ref.to_s
+          names.each do |name|
+            name.strip!
+            warning = name[0] == "!"
+            name = name[1..-1] if warning
+            raise "Compatability file '#{filename}' lists a compatability with '#{UNKNOWN_LICENSE_CODE}'. This is not allowed." if name == UNKNOWN_LICENSE_CODE
+            peer = @licenses[name]
+            raise "Compatability file '#{filename}' references License coded '#{name}', but it is not specified elsewhere in the file." if peer.nil?
+
+            if compat
+              target.mark_compatible(peer, ref, warning)
+            else
+              target.mark_classified(peer, ref, warning)
+            end
+          end
+        end
+      end
+
+    end
+
+  end
+end

data/lib/gemterms/project.rb

@@ -0,0 +1,71 @@
+module Gemterms
+
+  # A licenced component that is part of an overall project.
+  class Component
+    attr_reader :licenses, :name, :version
+
+    def initialize(name, version, licenses)
+      @name = name
+      @version = version
+      @licenses = licenses
+    end
+
+    # @return [ true, false ] if this component has at least one "known"
+    # license
+    def licensed?
+      !@licenses.nil? && @licenses.detect { |l| !l.unknown }
+    end
+
+    # @return [ true, false ] if this component has at least two "known"
+    # licenses.
+    def multiple?
+      !@licenses.nil? && (@licenses.count { |l| !l.unknown } > 1)
+    end
+
+  end
+
+  # A collection of components to be evaluated as a set.
+  class Project
+    attr_reader :components
+
+    def <<(component)
+      @components << component
+    end
+
+    # @return [ int ] number of components in the project
+    def count
+      @components.length
+    end
+
+    # @return [ int ] count of components in this projects that have "Unknown"
+    # licenses
+    def count_unlicensed
+      @components.count { |c| c.licensed? }
+    end
+
+    def components_for_license(license)
+      @components.select { |c| c.licenses.include?(license) }
+    end
+
+    def initialize
+      @components = []
+    end
+
+    def licenses(include_unknown = true)
+      result = @components.map { |c| c.licenses }.flatten
+      result.reject! { |l| l.unknown? } unless include_unknown
+      result
+    end
+
+    # @param [ true, false ] include_unknown If true, unknown licenses are 
+    # included in the returned list. Defaults to true.
+    #
+    # @return [ Array<License> ] array of unique licenses in use by this 
+    # project.
+    def unique_licenses(include_unknown = true)
+      self.licenses.uniq
+    end
+
+  end
+
+end

data/lib/gemterms/ruby_gems.rb

@@ -0,0 +1,49 @@
+require 'net/http'
+require 'yaml'
+
+# Front for RubyGems
+class SourceUnavailableError < StandardError; end
+class RubyGems
+  attr_reader :uri
+  
+  def data(name)
+    YAML.load(self.get("/api/v1/gems/#{name}.yaml"))
+  end
+
+  def initialize(uri)
+    @connection = nil
+    @uri = uri.kind_of?(URI::Generic) ? uri : URI(uri.to_s)
+  end
+  
+  # May raise SourceUnavailableError if the source can't be accessed
+  def get(path, data={}, content_type='application/x-www-form-urlencoded')
+    begin
+      request = Net::HTTP::Get.new(path)
+      request.add_field 'Connection', 'keep-alive'
+      request.add_field 'Keep-Alive', '30'
+      request.add_field 'User-Agent', 'github.com/jonathannen/gemfresh'
+      response = connection.request request
+      response.body  
+    rescue StandardError => se
+      # For now we assume this is an unavailable repo
+      raise SourceUnavailableError.new(se.message)
+    end
+  end
+
+  # @param [ String ] name The name of the gem to access.
+  #
+  # @return [ Hash ] version data for the given named gem
+  def versions(name)
+    YAML.load(self.get("/api/v1/versions/#{name}.yaml"))
+  end
+
+  private
+  # A persistent connection
+  def connection
+    return @connection unless @connection.nil?
+    @connection = Net::HTTP.new self.uri.host, self.uri.port
+    @connection.use_ssl = (uri.scheme == 'https')
+    @connection.start 
+    @connection
+  end
+end

data/lib/gemterms/runner.rb

@@ -0,0 +1,152 @@
+require 'gemterms'
+
+# Generic command-line runner for processing projects of licenced 
+# components. Generally you'll use a specialisation of this, such as
+# the <tt>Gemterms::GemFiler</tt> class.
+class Gemterms::Runner
+  attr_reader :component_name, :component_plural, :licenser, :project
+
+  def all_licenses
+    @licenser.licenses
+  end
+
+  def banner
+    puts <<-BANNER
+Thanks for using gemterms. Please read the README.md and MIT-LICENCE.txt 
+available at https://github.com/jonathannen/gemterms. It contains important 
+information about the usage of this tool.
+BANNER
+    true
+  end
+
+  def counter(count)
+    count == 1 ? "1 #{component_name}" : "#{count} #{component_plural}"
+  end
+
+  # component_name, component_plural
+  def initialize(*args)
+    @component_name, @component_plural = *args
+    @licenser = Gemterms::Licensing.new 
+    @verbose = true
+    banner && ruler
+  end
+
+  def license_breakdown
+    puts <<-INST
+Following are your #{component_plural} listed by license. Any #{component_plural} listed with a '*' 
+have multiple licenses.
+
+INST
+    unknown_last(project.unique_licenses).each do |license|
+      puts "== #{license}"
+      components = project.components_for_license(license).sort_by { |c| c.name.downcase }
+      names = components.map do |c| 
+        "#{c.multiple? ? '*' : ''}#{c.name}"
+      end
+      puts names * ', '
+      puts ""
+    end
+    # puts ls.inspect
+    # ls = projectall_licenses.
+    # puts "Break it on down"
+    true
+  end
+
+  def list_licenses
+    count = @licenser.licenses.values.count
+    ruler
+    unknown_last(all_licenses.values).each do |l|
+      puts "#{l.name} [#{l.code}]"
+    end
+    ruler
+    puts "#{count} licence#{count == 1 ? '' : 's'} defined."
+    true
+  end
+
+  def ruler
+    puts ""
+    true
+  end    
+
+  def show_license(arg)
+    if arg.nil?
+      puts <<-INST
+Please specify a licence code (e.g. GPL-2.0) when getting license details. You 
+can get a list of licenses and codes with the `list-licenses` command. Use 
+the --help command for more information.
+INST
+      return true
+    end
+
+    l = @licenser[arg]
+    if l.unknown?
+      puts <<-INST
+The given code '#{arg}' doesn't map to a known license. You can get a list of 
+licenses and codes with the `list-licenses` command. Use the --help command for
+more information.
+INST
+      return true
+    end
+
+    puts "#{l.name} [#{l.code}]"
+    puts l.uri
+    puts ""
+
+    if l.compatible.length > 0
+      puts "This license is compatiable with:"
+      l.compatible.group_by { |p, ref, warn| ref }.each do |ref, vals|
+        puts "  Based on reference [#{ref}] #{@licenser.references[ref]}"
+        vals.each { |p, ref, warn| puts "  - #{p.name} [#{p.code}]" }
+      end
+    else
+      puts <<-INST
+This license is not listed as being compatible with any licenses. This doesn't 
+mean it's true, just that the are no mappings. See the site  
+https://github.com/jonathannen/gemterms for more details and how you can help.
+INST
+    end
+
+    if l.classified.length > 0
+      puts "\nThis license is classified as:"
+      l.classified.group_by { |p, ref, warn| ref }.each do |ref, vals|
+        puts "  Based on reference [#{ref}] #{@licenser.references[ref]}"
+        vals.each { |p, ref, warn| puts "  - #{p.name} [#{p.code}]" }
+      end
+    end
+
+    puts ""
+    true
+  end
+
+
+  # Runs the standard commands if possible. This includes things like
+  # listing licenses and the such.
+  def standard_commands(args)
+    return usage if args.delete('--help')
+    case args.first
+    when "list-licenses" then list_licenses
+    when "show-license" then show_license(args[1])
+    else
+      false
+    end
+  end
+
+  def stats(commentary = nil)
+    ns = counter(project.count)
+    lg = counter(project.components.select { |c| c.licensed? }.count)
+    ul = project.unique_licenses(false).count
+    puts "Ok. Your project has #{ns} listed."
+    puts commentary unless commentary.nil?
+    puts "There is an explict license for #{lg}. There #{ul == 1 ? "is 1 unique license" : "#{ul} unique licenses"} referenced."
+    true
+  end
+
+  protected
+
+  # @param [ Array<License> ] list The list of licenses to process.
+  # @return [ Array<License> ] The list with unknown licenses at the end.
+  def unknown_last(list)
+    list.partition { |l| !l.unknown? }.flatten.each
+  end
+
+end

data/test/test_compat.rb

@@ -0,0 +1,8 @@
+require 'test/unit'
+require 'gemterms'
+require 'gemterms/gem_runner'
+
+class CompatTest < Test::Unit::TestCase
+ 
+
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: gemterms
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Jon Williams
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-07-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.10
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.10
+description: Scans Gemfiles to see what licenses are in use.
+email:
+- jon@jonathannen.com
+executables:
+- gemterms
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- MIT-LICENSE.txt
+- README.md
+- Rakefile
+- bin/gemterms
+- compatability.yml
+- gemterms.gemspec
+- lib/gemterms.rb
+- lib/gemterms/gem_filer.rb
+- lib/gemterms/gem_runner.rb
+- lib/gemterms/license.rb
+- lib/gemterms/project.rb
+- lib/gemterms/ruby_gems.rb
+- lib/gemterms/runner.rb
+- test/test_compat.rb
+homepage: https://github.com/jonathannen/gemterms
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Checks the licensing of your Gemfile.
+test_files:
+- test/test_compat.rb