search

tiiuae / ghaf

TII SSRC Secure Technologies: Ghaf Framework
https://tiiuae.github.io/ghaf/
Apache License 2.0
27 stars 56 forks source link

Fix license issues from reuse lint #81

Open vilvo opened 1 year ago

vilvo commented 1 year ago 
          > fyi @henrirosten

This is definitely better than no check at all, but notice that there is a tool already that checks the project's compliance for REUSE. pkgs.reuse is also available in nixpkgs. Although, manually running reuse lint for Ghaf project indicates a large number of issues, which we should resolve first if we would start using pkgs.reuse instead of the scripts in this PR.

Maybe we'll start with @mikatammi's scritps and possibly gradually move to reuse lint compliance later?

For reference, issues currently reported by reuse lint:

ghaf$ nix-shell -p reuse --run "reuse lint"
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/LICENSE.Apache-2.0, resolving to LICENSE.Apache-2. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/LICENSE.CC-BY-SA-4.0, resolving to LICENSE.CC-BY-SA-4. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
reuse._util - ERROR - Could not parse 'Apache-2.0" && exit 1)'
reuse.project - ERROR - 'scripts/spdx_nix_checker/check_file' holds an SPDX expression that cannot be parsed, skipping the file
# BAD LICENSES

'LICENSE.Apache-2' found in:
* LICENSES/LICENSE.Apache-2.0

'LICENSE.CC-BY-SA-4' found in:
* LICENSES/LICENSE.CC-BY-SA-4.0

# MISSING LICENSES

'Apache-2.0' found in:
* CONTRIBUTING.md
* README.md
* docs/doc.nix
* flake.nix
* hydrajobs.nix
* microvmConfigurations/netvm/default.nix
* modules/development/authentication.nix
* modules/development/intel-nuc-getty.nix
* modules/development/nix.nix
* modules/development/packages.nix
* modules/development/ssh.nix
* modules/graphics/weston.nix
* modules/hardware/nvidia-jetson-orin.nix
* modules/host/default.nix
* modules/host/microvm.nix
* modules/host/networking.nix
* targets/common-debug.nix
* targets/common-release.nix
* targets/common.nix
* targets/default.nix
* targets/intel-nuc.nix
* targets/nvidia-jetson-orin-flash-script.nix
* targets/nvidia-jetson-orin.nix
* targets/vm.nix

'CC-BY-SA-4.0' found in:
* CONTRIBUTING.md
* README.md
* docs/README.md
* docs/src/appendices/contributing_general.md
* docs/src/appendices/glossary.md
* docs/src/architecture/adr/minimal-host.md
* docs/src/architecture/adr.md
* docs/src/architecture/architecture.md
* docs/src/build_config/build_configurations.md
* docs/src/build_config/cross_compilation.md
* docs/src/build_config/passthrough/nvidia_agx_pt_uart.md
* docs/src/build_config/passthrough/passthrough.md
* docs/src/build_config/reference_implementations.md
* docs/src/index.md
* docs/src/research/passthrough/ethernet.md
* docs/src/research/research.md
* docs/src/scs/basics.md
* docs/src/scs/patching-automation.md
* docs/src/scs/pki.md
* docs/src/scs/sbom.md
* docs/src/scs/scs.md
* docs/src/scs/slsa-framework.md
* docs/src/technologies/technologies.md

# UNUSED LICENSES

The following licenses are not used:
* LICENSE.Apache-2
* LICENSE.CC-BY-SA-4

# MISSING COPYRIGHT AND LICENSING INFORMATION

The following files have no copyright and licensing information:
* .git-blame-ignore-revs
* .github/workflows/doc.yml
* .gitignore
* docs/book.toml
* docs/src/SUMMARY.md
* docs/src/architecture/adr/template.md
* docs/src/img/autopatching.drawio.png
* docs/src/img/ca_implementation.drawio.png
* docs/src/img/overview.png
* docs/src/img/threat_processing.drawio.png
* docs/src/img/threat_processing_1serv.drawio.png
* docs/src/img/threat_processing_2serv.drawio.png
* docs/src/research/passthrough/imx8qm-mek_conn-guest.dts
* docs/src/research/passthrough/imx8qm-mek_conn-host.dts
* docs/style_guide.md
* flake.lock
* scripts/spdx_nix_checker/check_file

The following files have no licensing information:
* .github/workflows/fmt-check.yml
* scripts/spdx_nix_checker/check_all

# SUMMARY

* Bad licenses: LICENSE.Apache-2, LICENSE.CC-BY-SA-4
* Deprecated licenses:
* Licenses without file extension:
* Missing licenses: Apache-2.0, CC-BY-SA-4.0
* Unused licenses: LICENSE.Apache-2, LICENSE.CC-BY-SA-4
* Used licenses: Apache-2.0, CC-BY-SA-4.0
* Read errors: 0
* Files with copyright information: 47 / 64
* Files with license information: 45 / 64

Unfortunately, your project is not compliant with version 3.0 of the REUSE Specification :-(

Originally posted by @henrirosten in https://github.com/tiiuae/ghaf/issues/79#issuecomment-1434630656

vilvo commented 1 year ago

@jenninikko please let me know if you need help with reuse lint but let’s fix the debt of issues and then enable automated checks for PRs as @henrirosten proposed. That will provide extended coverage of automated checks over @mikatammi ’s gha PR for simple license check