license_scout 0.1.3 → 1.0.0

data/lib/license_scout/version.rb

@@ -16,5 +16,5 @@
 #
 
 module LicenseScout
-  VERSION = "0.1.3"
+  VERSION = "1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: license_scout
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 1.0.0
 platform: ruby
 authors:
 - Serdar Sutay
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-15 00:00:00.000000000 Z
+date: 2018-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi-yajl
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: toml-rb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +122,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: chefstyle
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: berkshelf
   requirement: !ruby/object:Gem::Requirement
@@ -130,19 +158,20 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
-- ".travis.yml"
-- Gemfile
 - LICENSE
 - README.md
-- Rakefile
-- appveyor.yml
-- bin/config_to_json
 - bin/license_scout
+- bin/rebar_lock_json
+- erl_src/rebar_lock_json/README.md
+- erl_src/rebar_lock_json/rebar.config
+- erl_src/rebar_lock_json/rebar.lock
+- erl_src/rebar_lock_json/src/rebar_lock_json.app.src
+- erl_src/rebar_lock_json/src/rebar_lock_json.erl
 - lib/license_scout.rb
+- lib/license_scout/canonical_licenses/BSD-2-Clause.txt
+- lib/license_scout/canonical_licenses/BSD-3-Clause.txt
 - lib/license_scout/canonical_licenses/BSD-4-Clause.txt
+- lib/license_scout/canonical_licenses/Chef-MLSA.txt
 - lib/license_scout/canonical_licenses/ISC.txt
 - lib/license_scout/canonical_licenses/MIT.txt
 - lib/license_scout/collector.rb
@@ -153,7 +182,10 @@ files:
 - lib/license_scout/dependency_manager/bundler.rb
 - lib/license_scout/dependency_manager/bundler/LICENSE.md
 - lib/license_scout/dependency_manager/bundler/_bundler_script.rb
-- lib/license_scout/dependency_manager/cpan.rb
+- lib/license_scout/dependency_manager/cpanm.rb
+- lib/license_scout/dependency_manager/dep.rb
+- lib/license_scout/dependency_manager/glide.rb
+- lib/license_scout/dependency_manager/godep.rb
 - lib/license_scout/dependency_manager/json/README.md
 - lib/license_scout/dependency_manager/manual.rb
 - lib/license_scout/dependency_manager/npm.rb
@@ -172,6 +204,7 @@ files:
 - lib/license_scout/license_file_analyzer/templates/BSD-3-Clause-alt-format.txt
 - lib/license_scout/license_file_analyzer/templates/BSD-3-Clause.txt
 - lib/license_scout/license_file_analyzer/templates/BSD.txt
+- lib/license_scout/license_file_analyzer/templates/Chef-MLSA.txt
 - lib/license_scout/license_file_analyzer/templates/EPLICENSE.txt
 - lib/license_scout/license_file_analyzer/templates/GPL-2.0.txt
 - lib/license_scout/license_file_analyzer/templates/GPL-3.0.txt
@@ -187,7 +220,6 @@ files:
 - lib/license_scout/overrides.rb
 - lib/license_scout/reporter.rb
 - lib/license_scout/version.rb
-- license_scout.gemspec
 homepage: https://github.com/chef/license_scout
 licenses:
 - Apache-2.0
@@ -208,7 +240,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.6
+rubygems_version: 2.7.4
 signing_key: 
 specification_version: 4
 summary: Discovers license files of a project's dependencies.

data/.gitignore

@@ -1,9 +0,0 @@
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/

data/.rspec

@@ -1,3 +0,0 @@
---color
---require spec_helper
---exclude-pattern spec/fixtures/**/*

data/.rubocop.yml

@@ -1,4 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.2
-  Excludes:
-    - spec/fixtures/**/*

data/.travis.yml

@@ -1,11 +0,0 @@
-language: ruby
-sudo: false
-
-# do not run expensive spec tests on PRs, only on branches
-branches:
-  only:
-  - master
-
-before_install: gem install bundler
-rvm:
-  - 2.1

data/Gemfile

@@ -1,24 +0,0 @@
-#
-# Copyright:: Copyright 2016, Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-source "https://rubygems.org"
-
-gemspec
-
-group(:development, :test) do
-  gem "chefstyle", git: "https://github.com/chef/chefstyle.git", branch: "master"
-end

data/Rakefile

@@ -1,39 +0,0 @@
-#
-# Copyright:: Copyright 2016, Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-task default: :test
-
-desc "Run specs"
-RSpec::Core::RakeTask.new(:spec) do |spec|
-  spec.pattern = "spec/**/*_spec.rb"
-end
-
-begin
-  require "chefstyle"
-  require "rubocop/rake_task"
-  RuboCop::RakeTask.new(:style) do |task|
-    task.options += ["--display-cop-names", "--no-color"]
-  end
-rescue LoadError
-  puts "chefstyle/rubocop is not available.  gem install chefstyle to do style checking."
-end
-
-desc "Run all tests"
-task test: [:style, :spec]

data/appveyor.yml

@@ -1,19 +0,0 @@
-os: Windows Server 2012 R2
-platform:
-  - x64
-
-skip_tags: true
-branches:
-  only:
-    - master
-
-install:
-  - set PATH=C:\Ruby22\bin;%PATH%
-  - appveyor DownloadFile http://curl.haxx.se/ca/cacert.pem -FileName C:\cacert.pem
-  - set SSL_CERT_FILE=C:\cacert.pem
-
-build_script:
-  - bundle install || bundle install || bundle install
-
-test_script:
-  - bundle exec rake spec

data/lib/license_scout/dependency_manager/cpan.rb

@@ -1,322 +0,0 @@
-#
-# Copyright:: Copyright 2016, Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-require "rexml/document"
-
-require "ffi_yajl"
-require "psych"
-require "mixlib/shellout"
-
-require "license_scout/dependency_manager/base"
-require "license_scout/net_fetcher"
-require "license_scout/exceptions"
-require "license_scout/dependency"
-
-module LicenseScout
-  module DependencyManager
-    class CPAN < Base
-
-      class CPANDependency
-
-        LICENSE_TYPE_MAP = {
-          "perl_5"      => "Perl-5",
-          "perl"        => "Perl-5",
-          "apache_2_0"  => "Apache-2.0",
-          "artistic_2"  => "Artistic-2.0",
-          "gpl_3"       => "GPL-3.0",
-        }.freeze
-
-        attr_reader :module_name
-        attr_reader :dist
-        attr_reader :version
-        attr_reader :cpanfile
-
-        attr_reader :license_files
-        attr_reader :license
-
-        attr_reader :cache_root
-
-        attr_reader :overrides
-
-        def initialize(module_name:, dist:, version:, cpanfile:, cache_root:, overrides:)
-          @module_name = module_name
-          @dist = dist
-          @version = version
-          @cpanfile = cpanfile
-          @cache_root = cache_root
-          @overrides = overrides
-
-          @deps_list = nil
-
-          @license = nil
-          @license_files = []
-        end
-
-        def desc
-          "#{module_name} in #{dist} (#{version}) [#{license}]"
-        end
-
-        def to_dep
-          Dependency.new(
-            # we use dist for the name because there can be multiple modules in
-            # a dist, but the dist is the unit of packaging and licensing
-            dist,
-            version,
-            license,
-            license_files,
-            "perl_cpan"
-          )
-        end
-
-        def collect_licenses
-          ensure_cached
-          Dir.mktmpdir do |tmpdir|
-            FileUtils.cp(distribution_fullpath, tmpdir)
-            Dir.chdir(tmpdir) do
-              untar!
-              distribution_unpack_fullpath = File.join(tmpdir, distribution_unpack_relpath)
-              collect_licenses_in(distribution_unpack_fullpath)
-            end
-          end
-        end
-
-        def ensure_cached
-          cache_path = File.join(dist_cache_root, cpanfile)
-
-          # CPAN download URL is like:
-          # http://www.cpan.org/authors/id/R/RJ/RJBS/Sub-Install-0.928.tar.gz
-          # cpanfile is like:
-          # R/RJ/RJBS/Sub-Install-0.928.tar.gz
-          unless File.exist?(cache_path)
-
-            url = "http://www.cpan.org/authors/id/#{cpanfile}"
-            tmp_path = NetFetcher.cache(url)
-
-            FileUtils.mkdir_p(File.dirname(cache_path))
-            FileUtils.cp(tmp_path, cache_path)
-
-          end
-        end
-
-        def distribution_filename
-          File.basename(cpanfile)
-        end
-
-        def distribution_unpack_relpath
-          # Most packages have tar.gz extension but some have .tgz like
-          # IO-Pager-0.36.tgz
-          [".tar.gz", ".tgz"].each do |ext|
-            if distribution_filename.end_with?(ext)
-              return File.basename(distribution_filename, ext)
-            end
-          end
-        end
-
-        def distribution_fullpath
-          File.join(dist_cache_root, cpanfile)
-        end
-
-        # Untar the distribution.
-        #
-        # NOTE: On some platforms, you only get a usable version of tar as
-        # `gtar`, and on windows, symlinks break a lot of stuff. We (Chef
-        # Software) currently only use perl in server products, which we only
-        # build for a handful of Linux distros, so this is sufficient.
-        def untar!
-          s = Mixlib::ShellOut.new("tar zxf #{distribution_filename}")
-          s.run_command
-          s.error!
-          s.stdout
-        end
-
-        def collect_licenses_in(unpack_path)
-          collect_license_info_in(unpack_path)
-          collect_license_files_info_in(unpack_path)
-        end
-
-        def collect_license_info_in(unpack_path)
-          # Notice that we use "dist" as the dependency name
-          # See #to_dep for details.
-          @license = overrides.license_for("perl_cpan", dist, version) || begin
-            metadata = if File.exist?(meta_json_in(unpack_path))
-                         slurp_meta_json_in(unpack_path)
-                       elsif File.exist?(meta_yaml_in(unpack_path))
-                         slurp_meta_yaml_in(unpack_path)
-                       end
-
-            if metadata && metadata.key?("license")
-              given_type = Array(metadata["license"]).reject { |l| l == "unknown" }.first
-              normalize_license_type(given_type)
-            end
-          end
-        end
-
-        def collect_license_files_info_in(unpack_path)
-          override_license_files = overrides.license_files_for("perl_cpan", dist, version)
-
-          license_files = if override_license_files.empty?
-                            find_license_files_in(unpack_path)
-                          else
-                            override_license_files.resolve_locations(unpack_path)
-                          end
-
-          license_files.each do |f|
-            @license_files << cache_license_file(f)
-          end
-        end
-
-        # Copy license file to the cache. We unpack the CPAN dists in a tempdir
-        # and throw it away after we've inspected the contents, so we need to
-        # put the license file somewhere it can be copied from later.
-        def cache_license_file(unpacked_file)
-          basename = File.basename(unpacked_file)
-          license_cache_path = File.join(license_cache_root, "#{dist}-#{basename}")
-          FileUtils.mkdir_p(license_cache_root)
-          FileUtils.cp(unpacked_file, license_cache_path)
-          # In some cases, the license files get unpacked with 0444
-          # permissions which could make a re-run fail on the `cp` step.
-          FileUtils.chmod(0644, license_cache_path)
-          license_cache_path
-        end
-
-        def slurp_meta_yaml_in(unpack_path)
-          Psych.safe_load(File.read(meta_yaml_in(unpack_path)))
-        end
-
-        def slurp_meta_json_in(unpack_path)
-          FFI_Yajl::Parser.parse(File.read(meta_json_in(unpack_path)))
-        end
-
-        def license_cache_root
-          File.join(cache_root, "cpan-licenses")
-        end
-
-        def dist_cache_root
-          File.join(cache_root, "cpan-dists")
-        end
-
-        def normalize_license_type(given_type)
-          LICENSE_TYPE_MAP[given_type] || given_type
-        end
-
-        def meta_json_in(unpack_path)
-          File.join(unpack_path, "META.json")
-        end
-
-        def mymeta_json_in(unpack_path)
-          File.join(unpack_path, "MYMETA.json")
-        end
-
-        def meta_yaml_in(unpack_path)
-          File.join(unpack_path, "META.yml")
-        end
-
-        def find_license_files_in(unpack_path)
-          Dir["#{unpack_path}/*"].select do |f|
-            CPAN::POSSIBLE_LICENSE_FILES.include?(File.basename(f))
-          end
-        end
-
-      end
-
-      def initialize(*args, &block)
-        super
-        @dependencies = nil
-      end
-
-      def name
-        "perl_cpan"
-      end
-
-      def dependencies
-        return @dependencies if @dependencies
-        @dependencies = deps_list.map do |d|
-          d.collect_licenses
-          d.to_dep
-        end
-      end
-
-      def deps_list
-        return @deps_list if @deps_list
-
-        xml_doc = REXML::Document.new(dependency_graph_xml)
-
-        root = xml_doc.root
-
-        deps = root.get_elements("//dependency")
-
-        @deps_list = []
-
-        deps.each do |dep|
-          dep_module_name = dep.get_text("module").to_s
-          next if dep_module_name == module_name
-          @deps_list << CPANDependency.new(
-            module_name: dep_module_name,
-            dist: dep.get_text("dist").to_s,
-            version: dep.get_text("distversion").to_s,
-            cpanfile: dep.get_text("cpanfile").to_s,
-            cache_root: options.cpan_cache,
-            overrides: options.overrides
-          )
-        end
-
-        @deps_list
-      end
-
-      def dependency_graph_xml
-        @dependency_graph_xml ||=
-          begin
-            dependency_graph_xml_file = NetFetcher.cache(dependency_graph_url)
-            raw_xml = File.read(dependency_graph_xml_file)
-            FileUtils.rm_f(dependency_graph_xml_file)
-            raw_xml
-          end
-      end
-
-      # NOTE: there's no SSL version available. Take care handling any
-      # data/code referenced in responses from this site.
-      def dependency_graph_url
-        "http://deps.cpantesters.org/?xml=1;module=#{module_name};perl=5.24.0;os=any%20OS;pureperl=0"
-      end
-
-      # Infers the module name from the directory name. For Chef Server, the
-      # two perl packages we use are:
-      # * "App-Sqitch-VERSION" => "App::Sqitch"
-      # * "DBD-Pg-VERSION" => "DBD::Pg"
-      #
-      # NOTE: Distributions may contain multiple modules that would each have
-      # their own dependency graphs and it's possible to get a perl project
-      # that doesn't obey this convention (e.g., if you git clone it). But this
-      # meets our immediate needs.
-      def module_name
-        File.basename(project_dir).split("-")[0...-1].join("::")
-      end
-
-      # NOTE: it's possible that projects won't have a META.yml, but the two
-      # that we care about for Chef Server do have one. As of 2015, 84% of perl
-      # distribution packages have one: http://neilb.org/2015/10/18/spotters-guide.html
-      def detected?
-        File.exist?(meta_yml_path)
-      end
-
-      def meta_yml_path
-        File.join(project_dir, "META.yml")
-      end
-
-    end
-  end
-end

data/license_scout.gemspec

@@ -1,54 +0,0 @@
-#
-# Copyright:: Copyright 2016, Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-lib = File.expand_path("../lib", __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "license_scout/version"
-
-Gem::Specification.new do |spec|
-  spec.name          = "license_scout"
-  spec.version       = LicenseScout::VERSION
-  spec.authors       = [ "Serdar Sutay" ]
-  spec.email         = [ "serdar@chef.io" ]
-  spec.license       = "Apache-2.0"
-
-  spec.summary       = "Discovers license files of a project's dependencies."
-  spec.description   = "Discovers license files of a project's dependencies."
-  spec.homepage      = "https://github.com/chef/license_scout"
-
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "bin"
-  spec.executables   = %w{license_scout}
-  spec.require_paths = %w{lib}
-
-  spec.add_dependency "ffi-yajl",         "~> 2.2"
-  spec.add_dependency "mixlib-shellout",  "~> 2.2"
-
-  spec.add_development_dependency "bundler", "~> 1.12"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec"
-  spec.add_development_dependency "pry"
-  spec.add_development_dependency "rb-readline"
-
-  # We do not have berkshelf as a dependency because some of its dependencies
-  # can not be installed on uncommon platforms like Solaris which we need to
-  # support. If a project needs to collect license information for a berkshelf
-  # project it needs to include it seperately in its gem bundle. We have a nice
-  # error message when they do not. But we add berkshelf as a development
-  # dependency so that we can run our tests.
-  spec.add_development_dependency "berkshelf", "~> 4.3"
-end