[
https://issues.apache.org/jira/browse/CALCITE-4815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17423113#comment-17423113
]
Vladimir Sitnikov edited comment on CALCITE-4815 at 10/1/21, 6:58 AM:
----------------------------------------------------------------------
It is indeed sad that com.github.vlsi.gradle.license plugin does not show the
provenance to the dependency causing the failure, however, it can be identified
as follows:
{noformat}
./gradlew :standalone-server:dependencies -Pguava.version=29.0-jre
--configuration shaded
{noformat}
{noformat}
shaded
+--- project :core
| +--- project :metrics
| | +--- project :bom
| | | +--- com.beust:jcommander:1.72 (c)
| | | +--- com.fasterxml.jackson.core:jackson-annotations:2.10.0 (c)
| | | +--- com.fasterxml.jackson.core:jackson-core:2.10.0 (c)
| | | +--- com.fasterxml.jackson.core:jackson-databind:2.10.0 (c)
| | | +--- com.google.guava:guava:29.0-jre (c)
| | | +--- com.google.protobuf:protobuf-java:3.6.1 (c)
| | | +--- javax.servlet:javax.servlet-api:4.0.1 (c)
| | | +--- org.apache.httpcomponents:httpclient:4.5.9 (c)
| | | +--- org.apache.httpcomponents:httpcore:4.4.11 (c)
| | | +--- org.eclipse.jetty:jetty-http:9.4.42.v20210604 (c)
| | | +--- org.eclipse.jetty:jetty-security:9.4.42.v20210604 (c)
| | | +--- org.eclipse.jetty:jetty-server:9.4.42.v20210604 (c)
| | | +--- org.eclipse.jetty:jetty-util:9.4.42.v20210604 (c)
| | | +--- org.slf4j:slf4j-api:1.7.25 (c)
| | | \--- org.slf4j:slf4j-log4j12:1.7.25 (c)
| | \--- org.slf4j:slf4j-api -> 1.7.25
| +--- com.fasterxml.jackson.core:jackson-annotations -> 2.10.0
| +--- com.fasterxml.jackson.core:jackson-databind -> 2.10.0
| | +--- com.fasterxml.jackson.core:jackson-annotations:2.10.0
| | \--- com.fasterxml.jackson.core:jackson-core:2.10.0
| +--- com.google.protobuf:protobuf-java -> 3.6.1
| +--- project :bom (*)
| +--- com.fasterxml.jackson.core:jackson-core -> 2.10.0
| +--- org.apache.httpcomponents:httpclient -> 4.5.9
| | +--- org.apache.httpcomponents:httpcore:4.4.11
| | +--- commons-logging:commons-logging:1.2
| | \--- commons-codec:commons-codec:1.11
| +--- org.apache.httpcomponents:httpcore -> 4.4.11
| \--- org.slf4j:slf4j-api -> 1.7.25
+--- project :server
| +--- project :core (*)
| +--- project :metrics (*)
| +--- javax.servlet:javax.servlet-api -> 4.0.1
| +--- org.eclipse.jetty:jetty-http -> 9.4.42.v20210604
| | +--- org.eclipse.jetty:jetty-util:9.4.42.v20210604
| | \--- org.eclipse.jetty:jetty-io:9.4.42.v20210604
| | \--- org.eclipse.jetty:jetty-util:9.4.42.v20210604
| +--- org.eclipse.jetty:jetty-security -> 9.4.42.v20210604
| | \--- org.eclipse.jetty:jetty-server:9.4.42.v20210604
| | +--- javax.servlet:javax.servlet-api:3.1.0 -> 4.0.1
| | +--- org.eclipse.jetty:jetty-http:9.4.42.v20210604 (*)
| | \--- org.eclipse.jetty:jetty-io:9.4.42.v20210604 (*)
| +--- org.eclipse.jetty:jetty-server -> 9.4.42.v20210604 (*)
| +--- org.eclipse.jetty:jetty-util -> 9.4.42.v20210604
| +--- project :bom (*)
| +--- org.slf4j:slf4j-api -> 1.7.25
| \--- com.google.guava:guava -> 29.0-jre
| +--- com.google.guava:failureaccess:1.0.1
| +---
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
| +--- com.google.code.findbugs:jsr305:3.0.2
| +--- org.checkerframework:checker-qual:2.11.1
| +--- com.google.errorprone:error_prone_annotations:2.3.4
| \--- com.google.j2objc:j2objc-annotations:1.3
+--- com.beust:jcommander -> 1.72
+--- org.slf4j:slf4j-api -> 1.7.25
\--- org.slf4j:slf4j-log4j12 -> 1.7.25
+--- org.slf4j:slf4j-api:1.7.25
\--- log4j:log4j:1.2.17
{noformat}
The "offending" dependency comes from
{noformat}
| \--- com.google.guava:guava -> 29.0-jre
...
| +--- org.checkerframework:checker-qual:2.11.1
{noformat}
The thing here is as follows:
1) Calcite Avatica "standalone-server" shades dependencies, which means it
bundles them
2) checker-qual is MIT licensed, so requires to include MIT license text into
the generated standalone-server.jar
3) calcite-avatica does not have a copy of checker-qual license text, and we do
not want to keep it as it would require manual inspection of the licenses on
each and every upgrade :-/
That means we would violate checker-qual license terms if we ship the current
Calcite Avatica built with checker-qual:2.11.1
-----
I believe, the most workable solution is to make {{checker-qual}} include its
own license into the checker-qual.jar, so everybody who shades that dependency
receives the appropriate copy of the license.
I've reported the issue earlier in
https://github.com/typetools/checker-framework/issues/2798, and the license
text has been included in checker-qual 3.0.0+
was (Author: vladimirsitnikov):
It is indeed sad that com.github.vlsi.gradle.license plugin does not show the
provenance to the dependency causing the failure, however, it can be identified
as follows:
{noformat}
./gradlew :standalone-server:dependencies -Pguava.version=29.0-jre
--configuration shaded
{noformat}
{noformat}
shaded
+--- project :core
| +--- project :metrics
| | +--- project :bom
| | | +--- com.beust:jcommander:1.72 (c)
| | | +--- com.fasterxml.jackson.core:jackson-annotations:2.10.0 (c)
| | | +--- com.fasterxml.jackson.core:jackson-core:2.10.0 (c)
| | | +--- com.fasterxml.jackson.core:jackson-databind:2.10.0 (c)
| | | +--- com.google.guava:guava:29.0-jre (c)
| | | +--- com.google.protobuf:protobuf-java:3.6.1 (c)
| | | +--- javax.servlet:javax.servlet-api:4.0.1 (c)
| | | +--- org.apache.httpcomponents:httpclient:4.5.9 (c)
| | | +--- org.apache.httpcomponents:httpcore:4.4.11 (c)
| | | +--- org.eclipse.jetty:jetty-http:9.4.42.v20210604 (c)
| | | +--- org.eclipse.jetty:jetty-security:9.4.42.v20210604 (c)
| | | +--- org.eclipse.jetty:jetty-server:9.4.42.v20210604 (c)
| | | +--- org.eclipse.jetty:jetty-util:9.4.42.v20210604 (c)
| | | +--- org.slf4j:slf4j-api:1.7.25 (c)
| | | \--- org.slf4j:slf4j-log4j12:1.7.25 (c)
| | \--- org.slf4j:slf4j-api -> 1.7.25
| +--- com.fasterxml.jackson.core:jackson-annotations -> 2.10.0
| +--- com.fasterxml.jackson.core:jackson-databind -> 2.10.0
| | +--- com.fasterxml.jackson.core:jackson-annotations:2.10.0
| | \--- com.fasterxml.jackson.core:jackson-core:2.10.0
| +--- com.google.protobuf:protobuf-java -> 3.6.1
| +--- project :bom (*)
| +--- com.fasterxml.jackson.core:jackson-core -> 2.10.0
| +--- org.apache.httpcomponents:httpclient -> 4.5.9
| | +--- org.apache.httpcomponents:httpcore:4.4.11
| | +--- commons-logging:commons-logging:1.2
| | \--- commons-codec:commons-codec:1.11
| +--- org.apache.httpcomponents:httpcore -> 4.4.11
| \--- org.slf4j:slf4j-api -> 1.7.25
+--- project :server
| +--- project :core (*)
| +--- project :metrics (*)
| +--- javax.servlet:javax.servlet-api -> 4.0.1
| +--- org.eclipse.jetty:jetty-http -> 9.4.42.v20210604
| | +--- org.eclipse.jetty:jetty-util:9.4.42.v20210604
| | \--- org.eclipse.jetty:jetty-io:9.4.42.v20210604
| | \--- org.eclipse.jetty:jetty-util:9.4.42.v20210604
| +--- org.eclipse.jetty:jetty-security -> 9.4.42.v20210604
| | \--- org.eclipse.jetty:jetty-server:9.4.42.v20210604
| | +--- javax.servlet:javax.servlet-api:3.1.0 -> 4.0.1
| | +--- org.eclipse.jetty:jetty-http:9.4.42.v20210604 (*)
| | \--- org.eclipse.jetty:jetty-io:9.4.42.v20210604 (*)
| +--- org.eclipse.jetty:jetty-server -> 9.4.42.v20210604 (*)
| +--- org.eclipse.jetty:jetty-util -> 9.4.42.v20210604
| +--- project :bom (*)
| +--- org.slf4j:slf4j-api -> 1.7.25
| \--- com.google.guava:guava -> 29.0-jre
| +--- com.google.guava:failureaccess:1.0.1
| +---
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
| +--- com.google.code.findbugs:jsr305:3.0.2
| +--- org.checkerframework:checker-qual:2.11.1
| +--- com.google.errorprone:error_prone_annotations:2.3.4
| \--- com.google.j2objc:j2objc-annotations:1.3
+--- com.beust:jcommander -> 1.72
+--- org.slf4j:slf4j-api -> 1.7.25
\--- org.slf4j:slf4j-log4j12 -> 1.7.25
+--- org.slf4j:slf4j-api:1.7.25
\--- log4j:log4j:1.2.17
{noformat}
The "offending" dependency comes from
{noformat}
| \--- com.google.guava:guava -> 29.0-jre
...
| +--- org.checkerframework:checker-qual:2.11.1
{noformat}
The thing here is as follows:
1) Calcite Avatica "standalone-server" shades dependencies, which means it
bundles them
2) It means standalone-server includes checker-qual
3) checker-qual is MIT licensed, which requires to include MIT license text
into the generated standalone-server.jar
That means we would violate checker-qual license terms if we ship the current
Calcite Avatica built with checker-qual:2.11.1
-----
I believe, the most workable solution is to make {{checker-qual}} include its
own license into the checker-qual.jar, so everybody who shades that dependency
receives the appropriate copy of the license.
I've reported the issue earlier in
https://github.com/typetools/checker-framework/issues/2798, and the license
text has been included in checker-qual 3.0.0+
> Avatica's Travis fails with 'LICENSE-like files are missing' error
> ------------------------------------------------------------------
>
> Key: CALCITE-4815
> URL: https://issues.apache.org/jira/browse/CALCITE-4815
> Project: Calcite
> Issue Type: Bug
> Components: avatica
> Reporter: Julian Hyde
> Priority: Major
> Fix For: avatica-1.19.0
>
>
> Some configurations of Avatica's Travis CI job fail with the following error.
> {noformat}
> > Task :standalone-server:classes
> > Task :standalone-server:getLicenses FAILED
> > Task :server:checkstyleTest
> Build �[0;1mcalcite-avatica �[0;1;31mFAILURE�[0;1m�[0m reason:
>
> Execution �[0;1;31mfailed�[0m for task
> '�[0;1m:standalone-server:getLicenses�[0m':
> LICENSE-like files are missing
> ==============================
>
> MIT
> * org.checkerframework:checker-qual:2.11.1
>
> at
> com.github.vlsi.gradle.license.GatherLicenseTask.run(GatherLicenseTask.kt:417)
> at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:104)
> �at
> org.gradle.api.internal.project.taskfactory.StandardTaskAction.doExecute(StandardTaskAction.java:58)
> FAILURE: Build failed with an exception.
> * What went wrong:
> Execution failed for task ':standalone-server:getLicenses'.
> > LICENSE-like files are missing
> ==============================
>
> MIT
> * org.checkerframework:checker-qual:2.11.1
> {noformat}
>
> [~vlsi], Do you have any idea what's going on? Avatica doesn't even use
> checkerframework. You can see the build output (for a few days) at
> [https://app.travis-ci.com/github/julianhyde/calcite-avatica/builds/238877621].
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
