Bug: unable to allow intel/ittapi

EmbarkStudios / cargo-deny

❌ Cargo plugin for linting your dependencies 🦀

http://embark.rs

Apache License 2.0

1.62k stars 80 forks source link

Bug: unable to allow intel/ittapi #654

Closed dignifiedquire closed 2 months ago

dignifiedquire commented 2 months ago

Describe the bug

I am allowing BSD 3 Clause licenses in my project, but I have been unable to build a configuration that clarifies the license for https://github.com/intel/ittapi/ in a way that cargo deny accepts

To reproduce

Add https://github.com/intel/ittapi/ to the project and run cargo deny

cargo-deny version

0.14.20

What OS were you running cargo-deny on?

MacOS

Additional context

No response

Jake-Shadle commented 2 months ago

ittapi and ittapi-sys clearly state their license in the package manifest https://github.com/intel/ittapi/blob/e20cd6099cb9c5afee0a285781c5cc1d32412f3e/rust/ittapi/Cargo.toml#L10 so I'm not sure why a clarification is desired?

dignifiedquire commented 2 months ago

because cargo deny rejects it, even though I allowe Bsd

Jake-Shadle commented 2 months ago

Can you please show the exact error?

dignifiedquire commented 2 months ago

❯ cargo deny check
warning[accepted]: license requirements satisfied
  ┌─ registry+https://github.com/rust-lang/crates.io-index#ittapi@0.4.0:4:12
  │
4 │ license = "GPL-2.0-only OR BSD-3-Clause"
  │            ---------------------------- license expression retrieved via Cargo.toml `license`
  │
  = ittapi v0.4.0
    └── wasmtime v19.0.2
        ├── iroh-fog v0.1.0
        ├── wasi-common v19.0.2
        │   └── <source crate> v0.1.0 (*)
        ├── wasmtime-wasi v19.0.2
        │   └── <source crate> v0.1.0 (*)
        └── wiggle v19.0.2
            ├── wasi-common v19.0.2 (*)
            └── wasmtime-wasi v19.0.2 (*)

Jake-Shadle commented 2 months ago

That's not an error, it's telling you that the license requirements were satisfied. The reason it is a warning is because you have either copyleft = 'warn' or default = 'warn' in your config.

dignifiedquire commented 2 months ago

Is that enabled by default? this is my current license config

[licenses]
allow = [
      "Apache-2.0",
      "Apache-2.0 WITH LLVM-exception",
      "BSD-2-Clause",
      "BSD-3-Clause",
      "BSL-1.0", # BOSL license
      "ISC",
      "MIT",
      "Unicode-DFS-2016",
      "Zlib",
      "OpenSSL",
      "MPL-2.0", # https://fossa.com/blog/open-source-software-licenses-101-mozilla-public-license-2-0/
      "CC0-1.0",
]
clarify = [
    { name = "ring", expression = "OpenSSL", license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }] },
]

Jake-Shadle commented 2 months ago

They are enabled by default, use version = 2 to opt-in to the future breaking change that removes copyleft/default. https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-version-field-optional

dignifiedquire commented 2 months ago

I see, thanks for the clarifications!