search

EmbarkStudios / cargo-about

📜 Cargo plugin to generate list of all licenses for a crate 🦀
http://embark.rs
Apache License 2.0
550 stars 32 forks source link

Very confusing error about licensing requirements #199

Closed ilyvion closed 2 years ago

ilyvion commented 2 years ago

Describe the bug I'm trying to run cargo about generate on a library that uses ring indirectly, and I'm being met by a rather confusing error message:

❯ cargo about generate about.hbs > license.html
2022-07-23 11:30:00.6617877 +00:00:00 [WARN] crate 'ring 0.16.20' doesn't have a license field
error: failed to satisfy license requirements
   ┌─ C:\Users\alexs\.cargo\registry\src\github.com-1ecc6299db9ec823\ring-0.16.20\Cargo.toml:28:13
   │
28 │ license = "(GPL-1.0-or-later AND OpenSSL AND OpenSSL OR (BSD-3-Clause OR GPL-1.0-or-later)) AND (ISC) AND (ISC AND MIT AND NOASSERTION AND OpenSSL) AND (MIT) AND (NOASSERTION) AND (NOASSERTION AND OpenSSL) AND (OpenSSL) AND (OpenSSL AND OpenSSL OR (BSD-3-Clause OR (GPL-1.0-or-later OR GPL-2.0-only))) AND (OpenSSL AND OpenSSL OR (BSD-3-Clause OR GPL-1.0-or-later))"
   │             ----------------     -------     -------                     ----------------                                  -----------     -------                 -----------       -----------     -------       -------       -------     -------                      ----------------    ------------         -------     -------                     ----------------

I say it's confusing, because 1) just above it says "ring 0.16.20 doesn't have a license field" and 2) Despite this, it manages to produce a license field from somewhere, but it's definitely not @ ring-0.16.20\Cargo.toml:28:13 because 28:13 is

[package.metadata.docs.rs]
            ^ Here

To Reproduce Steps to reproduce the behavior:

  1. Run cargo init
  2. Add ring = "0.16" as a dependency in Cargo.toml
  3. Run cargo about init
  4. Run cargo about generate
  5. Get error above
  6. Check the source linked to and see that it's pointing on something entirely different than the provided error span.

Expected behavior I feel like this error could do with some improvement. I have absolutely no idea what this error is talking about, because it's pointing to the wrong file, and I don't know which one it actually printed an excerpt from.

Jake-Shadle commented 2 years ago

When a crate doesn't specify a license field, cargo-about must assemble one, which it does by ANDing all detected licenses together as the most conservative option. The toml line numbers are for a synthesized cargo.toml that doesn't actually exist on disk. I'd recommend using the ring workaround to avoid this problem https://embarkstudios.github.io/cargo-about/cli/generate/config.html#the-workarounds-field-optional

ilyvion commented 2 years ago

Thanks for the link to the workaround.

I disagree that the issue is "completed" as the error message could definitely do with some improvement over reporting an error as though it is on a specific line:column in a real file on disk while actually being in a synthesized, in-memory buffer, but it's your project, not mine, I suppose.