7:25 p.m.
Hi!
cargo has the "cargo-license" command that will find all licenses for
a project's dependencies.
Is there something similar to use when packaging for Fedora?
Such a tool would find fewer dependencies and possibly fewer licenses,
since "cargo license" picks up, e.g., winapi dependencies, which are
irrelevant to Fedora.
Thanks for any help you can give me,
- mulhern
--
The question with me is not whether you have a right to render your
people miserable, but whether it is not your interest to make them
happy. It is not what a lawyer tells me what I may do, but what
humanity, reason and justice tell me I ought to to do. Is a politic
act the worse for being a generous one? Is no concession proper but
that which is made from your want of right to keep what you grant? -
Edmund Burke, "Conciliation with America", 1775
12:30 a.m.
I'm using https://pagure.io/fedora-rust/rust2rpm/blob/main/f/tools/fedora-helper.py
for that purpose. The --help generated by that script should be self
explanatory. Please change f35 to f37 in the script though (I'll
submit PR for that next week, or you are also welcome to do so).
On Sat, Feb 26, 2022 at 2:25 AM the Mulhern <amulhern(a)redhat.com> wrote:
Hi!
cargo has the "cargo-license" command that will find all licenses for
a project's dependencies.
Is there something similar to use when packaging for Fedora?
Such a tool would find fewer dependencies and possibly fewer licenses,
since "cargo license" picks up, e.g., winapi dependencies, which are
irrelevant to Fedora.
Thanks for any help you can give me,
- mulhern
--
The question with me is not whether you have a right to render your
people miserable, but whether it is not your interest to make them
happy. It is not what a lawyer tells me what I may do, but what
humanity, reason and justice tell me I ought to to do. Is a politic
act the worse for being a generous one? Is no concession proper but
that which is made from your want of right to keep what you grant? -
Edmund Burke, "Conciliation with America", 1775
_______________________________________________
Rust mailing list -- rust(a)lists.fedoraproject.org
To unsubscribe send an email to rust-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/rust@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
--
— Igor Raits.
2:32 p.m.
On Sat, Feb 26, 2022 at 2:25 AM the Mulhern <amulhern(a)redhat.com> wrote:
Hi!
cargo has the "cargo-license" command that will find all licenses for
a project's dependencies.
Is there something similar to use when packaging for Fedora?
Such a tool would find fewer dependencies and possibly fewer licenses,
since "cargo license" picks up, e.g., winapi dependencies, which are
irrelevant to Fedora.
Thanks for any help you can give me,
The simplest equivalent is probably to do:
1. run a mock build with "--without check" so dev-dependencies are not pulled
in
2. start a "mock shell" inside the chroot after a successful build
3. run a simple shell script like this one:
for i in $(rpm -qa | grep "rust-.*-devel"); do
rpm -q $i --qf "%{LICENSE}\n";
done | sort | uniq
This will give you a list of licenses of all crate dependencies that
were pulled in for your build.
This will not include test-only dependencies (since the mock build was
run with "--without check"), but it might contain licenses of cargo
build-dependencies that are used for proc-macros or build scripts -
but this is the best you can do for now (the python script linked by
Igor has the same limitations).
I think to properly analyze which crates actually get compiled and
linked into the final binary, we would need to parse the crate
dependency tree (including resolving optional dependencies and enabled
features etc.) ourselves, and exclude build-only and test-only
dependencies. Of course, dependency resolution algorithms like that
are not trivial, which is why nobody wrote a program that does this
yet.
Fabio
789
days inactive
789
days old
2 comments
3 participants
participants (3)
-
Fabio Valentini -
Igor Raits -
the Mulhern