license_finder 6.2.0 → 6.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9346290d1b6444834799d917362604ab2b8c8cf02c798fa0125d48e2e96b185e
-  data.tar.gz: 46d7563db0baaf8506c295a14f2872ea72a0f3ba9a96577a7265b74c38026899
+  metadata.gz: 72f85b1c33a4f69a87b10788685debd163e13cc60b428ce9854849ff55567531
+  data.tar.gz: 14b067eae3f53784d3d4a5c4b341c73f604f63b9c4eaf7b68a98e90bdf7728fb
 SHA512:
-  metadata.gz: c18721d86285f2cc2ad05ab0e72f615ceefe001607427bedc1ab19cd83f7bbc7ca1a9fa6d5b8925e96438cec68f0be7dfdb243c6f7e43680bea33fa1b4046120
-  data.tar.gz: 64775a9d8d417fbe9b2a10fcb094e0040268c18a69997b4c2367e8869090b0213e153f7dae3d9fb2641f90bc29694db7e2dfadd357e8e5adb80835ebec7e9bad
+  metadata.gz: '087049b7a0d7b1ada765f6904f66add3048b0a8e0aaef4c75333d139ddde2337f56ac37dc4852a6e23ccd7855d501cacac59c6c97213bbea375282c8300c2355'
+  data.tar.gz: 3d52fc85d19980ff405e25f8f18c1cea20649ed90fa8aad2f236a62e78ec691e60dfa4f9651fa3f77898f7ad5924df75a0ca49c3c692bc9e16dd30a4d9d332e8

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+# [6.3.0] / 2020-05-06
+
+### Added
+* OFL License - [d475bbb1](https://github.com/pivotal/LicenseFinder/commit/d475bbb1380e217f154f262caaa73c12f5b9792b) - Sven Dunemann
+* WTFPL License - [ec629170](https://github.com/pivotal/LicenseFinder/commit/ec6291702c28789a33478041dbf6524d603c12ff) - Sven Dunemann
+
+* Find the install path for sbt, cargo and composer [#171649609] - [0d525cbf](https://github.com/pivotal/LicenseFinder/commit/0d525cbf5208db5a977f2f3d922d07b5ea6a8b16) 
+
+### Changed
+* Bump PHP version to 7.3 - [1c3c3271](https://github.com/pivotal/LicenseFinder/commit/1c3c3271b977a6c8d24e4159a6b8098a51086522) 
+* Remove +compatible in Go package versions [#171754392] - [5cba5801](https://github.com/pivotal/LicenseFinder/commit/5cba5801f4f276482f01bfeea46fde0dbbcce7b1) 
+
 # [6.2.0] / 2020-04-07
 
 ### Fixed
@@ -824,3 +836,4 @@ Bugfixes:
 [6.1.0]: https://github.com/pivotal/LicenseFinder/compare/v6.0.0...v6.1.0
 [6.1.2]: https://github.com/pivotal/LicenseFinder/compare/v6.1.0...v6.1.2
 [6.2.0]: https://github.com/pivotal/LicenseFinder/compare/v6.1.2...v6.2.0
+[6.3.0]: https://github.com/pivotal/LicenseFinder/compare/v6.2.0...v6.3.0

data/Dockerfile

@@ -38,10 +38,12 @@ RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - && \
 RUN npm install -g bower && \
     echo '{ "allow_root": true }' > /root/.bowerrc
 
-# install jdk 11
+# install jdk 12
 RUN curl -L -o openjdk12.tar.gz https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz && \
     tar xvf openjdk12.tar.gz && \
-    sudo mv jdk-12.0.2 /opt/
+    rm openjdk12.tar.gz && \
+    sudo mv jdk-12.0.2 /opt/ && \
+    sudo rm /opt/jdk-12.0.2/lib/src.zip
 ENV JAVA_HOME=/opt/jdk-12.0.2
 ENV PATH=$PATH:$JAVA_HOME/bin
 RUN java -version
@@ -51,8 +53,8 @@ RUN apt-get install -y python rebar
 
 # install and update python-pip
 RUN apt-get install -y python-pip python3-pip && \
-    pip2 install --upgrade pip==$PIP_INSTALL_VERSION  && \
-    pip3 install --upgrade pip==$PIP3_INSTALL_VERSION
+    pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION  && \
+    pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
 
 # install maven
 RUN curl -O https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \
@@ -95,7 +97,8 @@ RUN mkdir /gopath && \
   go get github.com/Masterminds/glide && \
   go get github.com/kardianos/govendor && \
   go get github.com/golang/dep/cmd/dep && \
-  go get -u github.com/rancher/trash
+  go get -u github.com/rancher/trash && \
+  go clean -cache
 
 # Fix the locale
 RUN apt-get install -y locales
@@ -123,11 +126,14 @@ RUN bash -lc "gem update --system && gem install bundler"
 
 # install conan
 RUN apt-get install -y python-dev && \
-	pip install --ignore-installed six --ignore-installed colorama --ignore-installed requests --ignore-installed chardet --ignore-installed urllib3 --upgrade setuptools && \
-    pip install -Iv conan==1.11.2
+	pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
+	    --ignore-installed requests --ignore-installed chardet \
+	    --ignore-installed urllib3 \
+	    --upgrade setuptools && \
+    pip install --no-cache-dir -Iv conan==1.11.2
 
 # install Cargo
-RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --profile minimal
 
 # install NuGet (w. mono)
 # https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools#macoslinux
@@ -139,15 +145,17 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E03280
   echo "alias nuget=\"mono /usr/local/bin/nuget.exe\"" >> ~/.bash_aliases
 
 # install dotnet core
+WORKDIR /tmp
 RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb &&\
   sudo dpkg -i packages-microsoft-prod.deb &&\
+  rm packages-microsoft-prod.deb &&\
   sudo apt-get update &&\
   sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0
 
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
     echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\
     apt-get update &&\
-    apt-get install -y php7.1-cli &&\
+    apt-get install -y php7.3-cli &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
     php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
     php composer-setup.php &&\
@@ -156,7 +164,7 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
 
 # install license_finder
 COPY . /LicenseFinder
-RUN bash -lc "cd /LicenseFinder && bundle install -j4 && rake install"
+RUN bash -lc "cd /LicenseFinder && bundle config set no-cache 'true' && bundle install -j4 && rake install"
 
 WORKDIR /
 

data/VERSION

@@ -1 +1 @@
-6.2.0
+6.3.0

data/ci/pipelines/release.yml.erb

@@ -164,7 +164,7 @@ jobs:
   - put: dockerhub
     tags: ["private-worker"]
     params:
-      build: lf-git
+      build: lf-git-changed
       tag: version/version.txt
       tag_as_latest: true
   - put: lf-git

data/lib/license_finder/license/definitions.rb

@@ -21,9 +21,11 @@ module LicenseFinder
           mit,
           mpl2,
           newbsd,
+          ofl,
           python,
           ruby,
-          simplifiedbsd
+          simplifiedbsd,
+          wtfpl
         ]
       end
 
@@ -234,6 +236,17 @@ module LicenseFinder
         )
       end
 
+      def ofl
+        License.new(
+          short_name: 'OFL',
+          pretty_name: 'SIL OPEN FONT LICENSE Version 1.1',
+          other_names: [
+            'OPEN FONT LICENSE Version 1.1'
+          ],
+          url: 'https://opensource.org/licenses/OFL-1.1'
+        )
+      end
+
       def python
         License.new(
           short_name: 'Python',
@@ -277,6 +290,17 @@ module LicenseFinder
           url: 'http://opensource.org/licenses/bsd-license'
         )
       end
+
+      def wtfpl
+        License.new(
+          short_name: 'WTFPL',
+          pretty_name: 'Do What The Fuck You Want To Public License',
+          other_names: [
+            'WTFPL V2'
+          ],
+          url: 'http://www.wtfpl.net/'
+        )
+      end
     end
   end
 end

data/lib/license_finder/license/templates/OFL.txt

@@ -0,0 +1,91 @@
+This Font Software is licensed under the SIL Open Font License, Version 1.1.
+This license is copied below, and is also available with a FAQ at:
+http://scripts.sil.org/OFL
+
+
+-----------------------------------------------------------
+SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
+-----------------------------------------------------------
+
+PREAMBLE
+The goals of the Open Font License (OFL) are to stimulate worldwide
+development of collaborative font projects, to support the font creation
+efforts of academic and linguistic communities, and to provide a free and
+open framework in which fonts may be shared and improved in partnership
+with others.
+
+The OFL allows the licensed fonts to be used, studied, modified and
+redistributed freely as long as they are not sold by themselves. The
+fonts, including any derivative works, can be bundled, embedded,
+redistributed and/or sold with any software provided that any reserved
+names are not used by derivative works. The fonts and derivatives,
+however, cannot be released under any other type of license. The
+requirement for fonts to remain under this license does not apply
+to any document created using the fonts or their derivatives.
+
+DEFINITIONS
+"Font Software" refers to the set of files released by the Copyright
+Holder(s) under this license and clearly marked as such. This may
+include source files, build scripts and documentation.
+
+"Reserved Font Name" refers to any names specified as such after the
+copyright statement(s).
+
+"Original Version" refers to the collection of Font Software components as
+distributed by the Copyright Holder(s).
+
+"Modified Version" refers to any derivative made by adding to, deleting,
+or substituting -- in part or in whole -- any of the components of the
+Original Version, by changing formats or by porting the Font Software to a
+new environment.
+
+"Author" refers to any designer, engineer, programmer, technical
+writer or other person who contributed to the Font Software.
+
+PERMISSION & CONDITIONS
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of the Font Software, to use, study, copy, merge, embed, modify,
+redistribute, and sell modified and unmodified copies of the Font
+Software, subject to the following conditions:
+
+1) Neither the Font Software nor any of its individual components,
+in Original or Modified Versions, may be sold by itself.
+
+2) Original or Modified Versions of the Font Software may be bundled,
+redistributed and/or sold with any software, provided that each copy
+contains the above copyright notice and this license. These can be
+included either as stand-alone text files, human-readable headers or
+in the appropriate machine-readable metadata fields within text or
+binary files as long as those fields can be easily viewed by the user.
+
+3) No Modified Version of the Font Software may use the Reserved Font
+Name(s) unless explicit written permission is granted by the corresponding
+Copyright Holder. This restriction only applies to the primary font name as
+presented to the users.
+
+4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
+Software shall not be used to promote, endorse or advertise any
+Modified Version, except to acknowledge the contribution(s) of the
+Copyright Holder(s) and the Author(s) or with their explicit written
+permission.
+
+5) The Font Software, modified or unmodified, in part or in whole,
+must be distributed entirely under this license, and must not be
+distributed under any other license. The requirement for fonts to
+remain under this license does not apply to any document created
+using the Font Software.
+
+TERMINATION
+This license becomes null and void if any of the above conditions are
+not met.
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
+OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
+OTHER DEALINGS IN THE FONT SOFTWARE.

data/lib/license_finder/license/templates/WTFPL.txt

@@ -0,0 +1,14 @@
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.
+

data/lib/license_finder/package_managers/bundler.rb

@@ -42,8 +42,6 @@ module LicenseFinder
     attr_reader :ignored_groups
 
     def definition
-      # DI
-      ENV['BUNDLE_PATH'] = project_path.to_s
       ENV['BUNDLE_GEMFILE'] = "#{project_path}/#{gemfile}"
 
       @definition ||= ::Bundler::Definition.build(detected_package_path, lockfile_path, nil)

data/lib/license_finder/package_managers/cargo.rb

@@ -6,7 +6,8 @@ module LicenseFinder
   class Cargo < PackageManager
     def current_packages
       cargo_output.map do |package|
-        CargoPackage.new(package, logger: logger)
+        path = Dir.glob("#{Dir.home}/.cargo/registry/src/**/#{package['name']}-#{package['version']}").first
+        CargoPackage.new(package, logger: logger, install_path: path)
       end
     end
 

data/lib/license_finder/package_managers/composer.rb

@@ -12,7 +12,11 @@ module LicenseFinder
 
     def current_packages
       dependency_list.map do |name, dependency|
-        ComposerPackage.new(name, dependency['version'], spec_licenses: dependency['license'])
+        path_command = "composer show #{name} -P"
+        stdout, _stderr, status = Dir.chdir(project_path) { Cmd.run(path_command) }
+
+        path = status.success? ? stdout.split(' ').last : ''
+        ComposerPackage.new(name, dependency['version'], spec_licenses: dependency['license'], install_path: path)
       end
     end
 

data/lib/license_finder/package_managers/go_modules.rb

@@ -21,12 +21,10 @@ module LicenseFinder
     end
 
     def current_packages
-      info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -m -mod=vendor -f '{{.Path}},{{.Version}},{{.Dir}}' all")
-      packages_info = info_output.split("\n")
       packages = packages_info.map do |package|
         name, version, install_path = package.split(',')
-        read_package(install_path, name, version)
-      end
+        read_package(install_path, name, version) if install_path.to_s != ''
+      end.compact
       packages.reject do |package|
         Pathname(package.install_path).cleanpath == Pathname(project_path).cleanpath
       end
@@ -34,6 +32,13 @@ module LicenseFinder
 
     private
 
+    def packages_info
+      info_output, stderr, _status = Cmd.run("GO111MODULE=on go list -m -mod=vendor -f '{{.Path}},{{.Version}},{{.Dir}}' all")
+      info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -m -f '{{.Path}},{{.Version}},{{.Dir}}' all") if stderr =~ Regexp.compile("can't compute 'all' using the vendor directory")
+
+      info_output.split("\n")
+    end
+
     def sum_files?
       sum_file_paths.any?
     end

data/lib/license_finder/package_managers/sbt.rb

@@ -30,7 +30,9 @@ module LicenseFinder
             'version' => version,
             'licenses' => [{ 'name' => row['License'] }]
           }
-          SbtPackage.new(spec, logger: logger, include_groups: @include_groups)
+
+          path = File.join("#{Dir.home}/.ivy2/cache", "#{spec['groupId']}/#{spec['artifactId']}")
+          SbtPackage.new(spec, logger: logger, include_groups: @include_groups, install_path: path)
         end
       end
 

data/lib/license_finder/packages/go_package.rb

@@ -13,7 +13,7 @@ module LicenseFinder
         name = hash['ImportPath']
         install_path = hash['InstallPath']
         install_path ||= install_path(prefix.join(name))
-        version = full_version ? hash['Rev'] : hash['Rev'][0..6]
+        version = full_version ? hash['Rev'].gsub('+incompatible', '') : hash['Rev'][0..6]
         homepage = hash['Homepage']
         new(name, version, install_path: install_path, package_manager: 'Go', homepage: homepage)
       end

data/lib/license_finder/packages/maven_package.rb

@@ -10,7 +10,8 @@ module LicenseFinder
         name,
         spec['version'],
         options.merge(
-          spec_licenses: Array(spec['licenses']).map { |l| l['name'] }
+          spec_licenses: Array(spec['licenses']).map { |l| l['name'] },
+          groups: Array(spec['groupId'])
         )
       )
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 6.2.0
+  version: 6.3.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-07 00:00:00.000000000 Z
+date: 2020-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -392,9 +392,11 @@ files:
 - lib/license_finder/license/templates/MIT.txt
 - lib/license_finder/license/templates/MPL2.txt
 - lib/license_finder/license/templates/NewBSD.txt
+- lib/license_finder/license/templates/OFL.txt
 - lib/license_finder/license/templates/Python.txt
 - lib/license_finder/license/templates/Ruby.txt
 - lib/license_finder/license/templates/SimplifiedBSD.txt
+- lib/license_finder/license/templates/WTFPL.txt
 - lib/license_finder/license/text.rb
 - lib/license_finder/license_aggregator.rb
 - lib/license_finder/logger.rb
@@ -498,7 +500,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.3
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.