license-maven-plugin icon indicating copy to clipboard operation
license-maven-plugin copied to clipboard

Published 20 hours ago verified publisher icon mojohaus

Override the identified during license-check

Open danielwegener opened this issue 7 years ago • 4 comments

As discussed in #59 it is sometimes necessary to override the license for a certain dependency. The fix created for #59 however does this only for the license-report. This overwrite should also be applied during license checks.

Example:

I get the following error (with <failIfWarning> is true):

[WARNING] There are 1 forbidden licenses used:
[WARNING] License CDDL + GPLv2 with classpath exception used by 1 dependencies:
 -javax.transaction API (javax.transaction:javax.transaction-api:1.2 - http://jta-spec.java.net)

Now I have created the file my-proj/src/license/override-THIRD-PARTY.properties with the following content:

# original: CDDL + GPLv2 with classpath exception
javax.transaction--javax.transaction-api--1.2=BSD-3-Clause

... with my project pom has an whitelist entry for BSD-3-Clause:

<configuration>
 <includedLicenses>
   <includedLicense>BSD-3-Clause</includedLicense>

However, the build still fails with the same error as shown above. I'd expect it not to fail.

danielwegener avatar Mar 02 '17 09:03 danielwegener

aggregate-add-third-party goal also would benefit from ability to override wrong/incomplete licenses

solomax avatar Jul 03 '17 09:07 solomax

As said by @solomax , add-third-party and aggregate-add-third-party mojo use this mecanism, could you give us a little project that prove the defect @danielwegener , thanks.

tchemit avatar Aug 21 '17 20:08 tchemit

defect-77.tar.gz

Mini project attached.

Run mvn install on it.

  • It has a single dependency with license "Apache License, Version 2.0" (merged as AL v2 just to have small strings but it's the same without merges).
  • It define a license override for its only dependency to dual "OVERRIDDEN" and "UNKNOWN"
  • It accept only "OVERRIDDEN" licenses

Expected path should be:

"Apache License, Version 2.0" -> (merge) "AL v2" -> (override) OVERRIDDEN -> (check included) ok in whitelist.

But real path is: "Apache License, Version 2.0" -> (merge) "AL v2" -> (check included) not in whitelist!!!

If failIfWarning is false the process continue and you'll find (OVERRIDDEN) (UNKNOWN) in the third party file as expected

diegosalvi avatar Dec 14 '17 13:12 diegosalvi

@danielwegener which mojos is this targeting?

It would be welcome to transform the attached project into an integration test under https://github.com/mojohaus/license-maven-plugin/tree/master/src/it

ppalaga avatar Jan 04 '19 14:01 ppalaga