[
https://issues.apache.org/jira/browse/KAFKA-12622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John Roesler updated KAFKA-12622:
---------------------------------
Description:
In https://issues.apache.org/jira/browse/KAFKA-12602, we manually constructed a
correct license file for 2.8.0. This file will certainly become wrong again in
later releases, so we need to write some kind of script to automate a check.
It crossed my mind to automate the generation of the file, but it seems to be
an intractable problem, considering that each dependency may change licenses,
may package license files, link to them from their poms, link to them from
their repos, etc. I've also found multiple URLs listed with various delimiters,
broken links that I have to chase down, etc.
Therefore, it seems like the solution to aim for is simply: list all the jars
that we package, and print out a report of each jar that's extra or missing vs.
the ones in our `LICENSE-binary` file.
The check should be part of the release script at least, if not part of the
regular build (so we keep it up to date as dependencies change).
Here's how I do this manually right now:
{code:java}
// build the binary artifacts
$ ./gradlewAll releaseTarGz
// unpack the binary artifact $ cd core/build/distributions/
$ tar xf kafka_2.13-X.Y.Z.tgz
$ cd xf kafka_2.13-X.Y.Z
// list the packaged jars
// (you can ignore the jars for our own modules, like kafka, kafka-clients,
etc.)
$ ls libs/
// cross check the jars with the packaged LICENSE
// make sure all dependencies are listed with the right versions
$ cat LICENSE
// also double check all the mentioned license files are present
$ ls licenses {code}
was:
In https://issues.apache.org/jira/browse/KAFKA-12602, we manually constructed a
correct license file for 2.8.0. This file will certainly become wrong again in
later releases, so we need to write some kind of script to automate a check.
It crossed my mind to automate the generation of the file, but it seems to be
an intractable problem, considering that each dependency may change licenses,
may package license files, link to them from their poms, link to them from
their repos, etc. I've also found multiple URLs listed with various delimiters,
broken links that I have to chase down, etc.
Therefore, it seems like the solution to aim for is simply: list all the jars
that we package, and print out a report of each jar that's extra or missing vs.
the ones in our `LICENSE-binary` file.
Here's how I do this manually right now:
{code:java}
// build the binary artifacts
$ ./gradlewAll releaseTarGz
// unpack the binary artifact $ cd core/build/distributions/
$ tar xf kafka_2.13-X.Y.Z.tgz
$ cd xf kafka_2.13-X.Y.Z
// list the packaged jars
// (you can ignore the jars for our own modules, like kafka, kafka-clients,
etc.)
$ ls libs/
// cross check the jars with the packaged LICENSE
// make sure all dependencies are listed with the right versions
$ cat LICENSE
// also double check all the mentioned license files are present
$ ls licenses {code}
> Automate LICENCSE file validation
> ---------------------------------
>
> Key: KAFKA-12622
> URL: https://issues.apache.org/jira/browse/KAFKA-12622
> Project: Kafka
> Issue Type: Task
> Reporter: John Roesler
> Priority: Major
> Fix For: 3.0.0, 2.8.1
>
>
> In https://issues.apache.org/jira/browse/KAFKA-12602, we manually constructed
> a correct license file for 2.8.0. This file will certainly become wrong again
> in later releases, so we need to write some kind of script to automate a
> check.
> It crossed my mind to automate the generation of the file, but it seems to be
> an intractable problem, considering that each dependency may change licenses,
> may package license files, link to them from their poms, link to them from
> their repos, etc. I've also found multiple URLs listed with various
> delimiters, broken links that I have to chase down, etc.
> Therefore, it seems like the solution to aim for is simply: list all the jars
> that we package, and print out a report of each jar that's extra or missing
> vs. the ones in our `LICENSE-binary` file.
> The check should be part of the release script at least, if not part of the
> regular build (so we keep it up to date as dependencies change).
>
> Here's how I do this manually right now:
> {code:java}
> // build the binary artifacts
> $ ./gradlewAll releaseTarGz
> // unpack the binary artifact $ cd core/build/distributions/
> $ tar xf kafka_2.13-X.Y.Z.tgz
> $ cd xf kafka_2.13-X.Y.Z
> // list the packaged jars
> // (you can ignore the jars for our own modules, like kafka, kafka-clients,
> etc.)
> $ ls libs/
> // cross check the jars with the packaged LICENSE
> // make sure all dependencies are listed with the right versions
> $ cat LICENSE
> // also double check all the mentioned license files are present
> $ ls licenses {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
