HBASE-16318 fail build while rendering velocity template if dependency license isn't in whitelist.
Signed-off-by: Andrew Purtell <apurt...@apache.org> Amended for branch-1.1 to add 'Mozilla Public License Version 1.1' to the set of allowable non-bundled licenses. Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/efe57b19 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/efe57b19 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/efe57b19 Branch: refs/heads/0.98 Commit: efe57b1962780ee3fd04778f4f1f3a2dacbc2a1c Parents: 0f45512 Author: Sean Busbey <bus...@apache.org> Authored: Tue Aug 2 00:53:53 2016 -0500 Committer: Sean Busbey <bus...@apache.org> Committed: Wed Aug 17 14:52:07 2016 -0700 ---------------------------------------------------------------------- .../src/main/resources/META-INF/LICENSE.vm | 32 ++++++++++++++++++++ 1 file changed, 32 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/efe57b19/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm ---------------------------------------------------------------------- diff --git a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm index e046222..4f98ef5 100644 --- a/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm +++ b/hbase-resource-bundle/src/main/resources/META-INF/LICENSE.vm @@ -1558,6 +1558,10 @@ You can redistribute it and/or modify it under either the terms of the GPL #set($jruby = false) ## track hadoops #set($hadoop = false) +## Whitelist of licenses that it's safe to not aggregate as above. +## Note that this doesn't include ALv2 or the aforementioned aggregate +## license mentions. +#set($non_aggregate_fine = [ 'Public Domain', 'New BSD license', 'BSD license', 'Mozilla Public License Version 2.0', 'Mozilla Public License Version 1.1' ]) ## include LICENSE sections for anything not under ASL2.0 #foreach( ${dep} in ${projects} ) #if(${debug-print-included-work-info.equalsIgnoreCase("true")}) @@ -1638,6 +1642,34 @@ ${dep.scm.url} This product includes ${dep.name} licensed under the ${dep.licenses[0].name}. ${dep.licenses[0].comments} +#if(!(${non_aggregate_fine.contains($dep.licenses[0].name)})) +Please check ^^^^^^^^^^^^ this License for acceptability here: + +https://www.apache.org/legal/resolved + +If it is okay, then update the list named 'non_aggregate_fine' in the LICENSE.vm file. +If it isn't okay, then revert the change that added the dependency. + +More info on the dependency: + +<groupId>${dep.groupId}</groupId> +<artifactId>${dep.artifactId}</artifactId> +<version>${dep.version}</version> + +maven central search +g:${dep.groupId} AND a:${dep.artifactId} AND v:${dep.version} + +project website +${dep.url} +project source +${dep.scm.url} + +## fail the template. If you're looking at the source LICENSE.vm +## file based on a stacktrace or exception message, you need to find +## the generated LICENSE file that has the actual dependency info printed. +#set($empty = []) +${empty[0]} +#end #end #end #end