go-licenses
go-licenses copied to clipboard
google
Help Wanted: `go-licenses csv ...` command returned incorrectly formed go-package licenses URLs (inaccessible URLs)
I've been working on a bash utility script - verify-licenses.sh that verifies licenses for the go-packages used by the upstream Kubernetes Project, against the CNCF approved list of licenses.
We ran across an issue where executing the go-licenses csv ... command against Kubernetes project repo, produced a list of incorrectly formed Licenses URLs (inaccessible URLs) for a few go-packages, where in reality, those packages have valid accessible licenses present in the project.
Below is snippet from the script logs, with name/urls of the go-packages in question. (Please find the full script logs here)
go-licenses csv --git_remote "licenses" ./...
....
....
....
github.com/Azure/go-autorest/autorest : Apache-2.0 : https://github.com/Azure/go-autorest/blob/autorest/v0.11.18/autorest/LICENSE
github.com/Azure/go-autorest/autorest/adal : Apache-2.0 : https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.13/autorest/adal/LICENSE
github.com/Azure/go-autorest/autorest/date : Apache-2.0 : https://github.com/Azure/go-autorest/blob/autorest/date/v0.3.0/autorest/date/LICENSE
github.com/Azure/go-autorest/autorest/mocks : Apache-2.0 : https://github.com/Azure/go-autorest/blob/autorest/mocks/v0.4.1/autorest/mocks/LICENSE
github.com/Azure/go-autorest/autorest/to : Apache-2.0 : https://github.com/Azure/go-autorest/blob/autorest/to/v0.4.0/autorest/to/LICENSE
github.com/Azure/go-autorest/autorest/validation : Apache-2.0 : https://github.com/Azure/go-autorest/blob/autorest/validation/v0.1.0/autorest/validation/LICENSE
github.com/Azure/go-autorest/logger : Apache-2.0 : https://github.com/Azure/go-autorest/blob/logger/v0.2.1/logger/LICENSE
github.com/Azure/go-autorest/tracing : Apache-2.0 : https://github.com/Azure/go-autorest/blob/tracing/v0.6.0/tracing/LICENSE
github.com/blang/semver/v4 : MIT : https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE
....
....
For example:
-
The license URL for package
github.com/Azure/go-autorest/autorestreturned is https://github.com/Azure/go-autorest/blob/autorest/v0.11.18/autorest/LICENSE which is inaccessible & gives a 404 response.The correct accessible URL is present at https://github.com/Azure/go-autorest/blob/autorest/v0.11.18/LICENSE
For more context/information, check the WIP PR: https://github.com/kubernetes/kubernetes/pull/109299
Help Wanted / Solution
We need help with implementing a fix/workaround for the 'go-licenses csv...' command so that it returns correctly formatted accessible URLs for go-packages that have valid licences present in their source code repository.
The problem seems identical to https://github.com/google/go-licenses/issues/73#issuecomment-1019453152.
I have an open https://github.com/google/go-licenses/pull/110 to resolve the issue.
Not sure if the PR still compiles, can you try that branch?
Why not merged yet?
- the PR adds a lot of complexities
- I was not sure whether we can assume license URLs are accessible publicly.
- No one was asking for this issue yet
Since you asked, I can try to revisit the PR.
Thanks @Bobgy for the prompt response & pointers ^.
Not sure if the PR still compiles, can you try that branch?
I'll try testing with the PR branch.