search

tomchavakis / nuget-license

.NET Core tool to print or save all the licenses of a project
Apache License 2.0
280 stars 83 forks source link

Infinite loop on transitive run #208

Open ChristianGalla opened 7 months ago

ChristianGalla commented 7 months ago

Hi,

when I used the tool in version 2.7.1 in a GitHub action, it got stuck in an infinite loop: GitHub Action

Not working command:

dotnet-project-licenses -i AutoStartConfirmLib -o AutoStartConfirmLib\Licenses -t --timeout 60 -e -c -f AutoStartConfirmLib\Licenses -u --outfile Licenses.txt

On my local Windows 10 machine this is working fine, so I assume there is some issue regarding the runner windows-latest maybe in combination with the nuget cache.

Repeating verbose output:

2024-03-30T13:25:27.8544213Z Package 'NETStandard.Library', version requirement 1.6.1 resolved to version 1.6.1 from local cache
2024-03-30T13:25:27.8546358Z Package 'NETStandard.Library', version 1.6.1 does not contain nuspec in local cache (C:\Users\runneradmin\.nuget\packages\netstandard.library\1.6.1\netstandard.library.nuspec)
2024-03-30T13:25:27.8548085Z Package 'NETStandard.Library', version requirement 1.6.1 resolved to version 1.6.1 from NuGet server
2024-03-30T13:25:27.8648385Z Successfully received https://api.nuget.org/v3-flatcontainer/netstandard.library/1.6.1/netstandard.library.nuspec
2024-03-30T13:25:27.8650659Z Package 'Microsoft.NETCore.Platforms', version requirement 1.1.0 resolved to version 3.1.0 from local cache
2024-03-30T13:25:27.8652551Z Microsoft.NETCore.Platforms, version requirement 1.1.0 obtained from request cache.
2024-03-30T13:25:27.8654211Z Package 'System.Collections', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8655217Z System.Collections, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8656338Z Package 'System.Diagnostics.Debug', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8657421Z System.Diagnostics.Debug, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8658583Z Package 'System.Diagnostics.Tools', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8659654Z System.Diagnostics.Tools, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8660775Z Package 'System.Globalization', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8661800Z System.Globalization, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8662812Z Package 'System.IO', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8663588Z System.IO, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8664327Z Package 'System.Linq', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8665028Z System.Linq, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8665800Z Package 'System.Linq.Expressions', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8666548Z System.Linq.Expressions, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8667367Z Package 'System.Net.Primitives', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8668117Z System.Net.Primitives, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8668905Z Package 'System.ObjectModel', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8669621Z System.ObjectModel, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8670379Z Package 'System.Reflection', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8671064Z System.Reflection, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8671881Z Package 'System.Reflection.Extensions', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8672700Z System.Reflection.Extensions, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8673552Z Package 'System.Reflection.Primitives', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8674339Z System.Reflection.Primitives, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8675214Z Package 'System.Resources.ResourceManager', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8676690Z System.Resources.ResourceManager, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8677535Z Package 'System.Runtime', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8678231Z System.Runtime, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8679047Z Package 'System.Runtime.Extensions', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8679937Z System.Runtime.Extensions, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8680770Z Package 'System.Text.Encoding', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8681505Z System.Text.Encoding, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8682346Z Package 'System.Text.Encoding.Extensions', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8683190Z System.Text.Encoding.Extensions, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8684094Z Package 'System.Text.RegularExpressions', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8684912Z System.Text.RegularExpressions, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8685726Z Package 'System.Threading', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8686421Z System.Threading, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8687201Z Package 'System.Threading.Tasks', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8687949Z System.Threading.Tasks, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8688778Z Package 'System.Xml.ReaderWriter', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8689951Z System.Xml.ReaderWriter, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8690914Z Package 'System.Xml.XDocument', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8691658Z System.Xml.XDocument, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8692485Z Package 'Microsoft.NETCore.Platforms', version requirement 1.1.0 resolved to version 3.1.0 from local cache
2024-03-30T13:25:27.8693298Z Microsoft.NETCore.Platforms, version requirement 1.1.0 obtained from request cache.
2024-03-30T13:25:27.8694180Z Package 'System.Collections.Concurrent', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8695000Z System.Collections.Concurrent, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8695874Z Package 'System.Diagnostics.Tracing', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8696666Z System.Diagnostics.Tracing, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8697492Z Package 'System.IO.Compression', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8698231Z System.IO.Compression, version requirement 4.3.0 obtained from request cache.
2024-03-30T13:25:27.8699001Z Package 'System.Net.Http', version requirement 4.3.0 resolved to version 4.3.0 from local cache
2024-03-30T13:25:27.8700166Z Package 'System.Net.Http', version 4.3.0 does not contain nuspec in local cache (C:\Users\runneradmin\.nuget\packages\system.net.http\4.3.0\system.net.http.nuspec)
2024-03-30T13:25:27.8701297Z Package 'System.Net.Http', version requirement 4.3.0 resolved to version 4.3.0 from NuGet server
2024-03-30T13:25:27.8743096Z Successfully received https://api.nuget.org/v3-flatcontainer/system.net.http/4.3.0/system.net.http.nuspec
2024-03-30T13:25:27.8744654Z Package 'System.Diagnostics.DiagnosticSource', version requirement 4.3.0 resolved to version 5.0.0 from local cache
2024-03-30T13:25:27.8747577Z Package 'System.Runtime.CompilerServices.Unsafe', version requirement 5.0.0 resolved to version 5.0.0 from local cache
2024-03-30T13:25:27.8749151Z System.Runtime.CompilerServices.Unsafe, version requirement 5.0.0 obtained from request cache.
2024-03-30T13:25:27.8750279Z Package 'System.Memory', version requirement 4.5.4 resolved to version 4.5.4 from local cache
2024-03-30T13:25:27.8751678Z Package 'System.Memory', version 4.5.4 does not contain nuspec in local cache (C:\Users\runneradmin\.nuget\packages\system.memory\4.5.4\system.memory.nuspec)
2024-03-30T13:25:27.8753137Z Package 'System.Memory', version requirement 4.5.4 resolved to version 4.5.4 from NuGet server
2024-03-30T13:25:27.8838940Z Successfully received https://api.nuget.org/v3-flatcontainer/system.memory/4.5.4/system.memory.nuspec
2024-03-30T13:25:27.8840793Z Package 'System.Buffers', version requirement 4.5.1 resolved to version 4.5.1 from local cache
2024-03-30T13:25:27.8841871Z System.Buffers, version requirement 4.5.1 obtained from request cache.
2024-03-30T13:25:27.8843117Z Package 'System.Runtime.CompilerServices.Unsafe', version requirement 4.5.3 resolved to version 4.5.3 from local cache
2024-03-30T13:25:27.8844276Z System.Runtime.CompilerServices.Unsafe, version requirement 4.5.3 obtained from request cache.
2024-03-30T13:25:27.8845409Z Package 'System.Numerics.Vectors', version requirement 4.5.0 resolved to version 4.5.0 from local cache
2024-03-30T13:25:27.8847421Z Package 'System.Numerics.Vectors', version 4.5.0 does not contain nuspec in local cache (C:\Users\runneradmin\.nuget\packages\system.numerics.vectors\4.5.0\system.numerics.vectors.nuspec)
2024-03-30T13:25:27.8849069Z Package 'System.Numerics.Vectors', version requirement 4.5.0 resolved to version 4.5.0 from NuGet server
2024-03-30T13:25:27.8969210Z Successfully received https://api.nuget.org/v3-flatcontainer/system.numerics.vectors/4.5.0/system.numerics.vectors.nuspec
2024-03-30T13:25:27.8971142Z Package 'NETStandard.Library', version requirement 1.6.1 resolved to version 1.6.1 from local cache
2024-03-30T13:25:27.8972963Z Package 'NETStandard.Library', version 1.6.1 does not contain nuspec in local cache (C:\Users\runneradmin\.nuget\packages\netstandard.library\1.6.1\netstandard.library.nuspec)
2024-03-30T13:25:27.8974919Z Package 'NETStandard.Library', version requirement 1.6.1 resolved to version 1.6.1 from NuGet server
2024-03-30T13:25:27.9059958Z Successfully received https://api.nuget.org/v3-flatcontainer/netstandard.library/1.6.1/netstandard.library.nuspec

When removing the -t option, the program is working fine, but a transitive export usually is required to be license compliant.

bbrooks2626 commented 4 months ago

I have this same issue with the same version of dotnet-project-licenses using -t option. I don't know the answer, but I'm surprised nobody has commented yet.

I tried clearing my nuget cache with dotnet nuget locals all --clear followed by restoring with dotnet restore but it had no effect unfortunately. You might try that, maybe it will work for you.

sensslen commented 4 months ago

Unfortunately this project is currently dead. I did write a new version that provides similar functionality over here: https://github.com/sensslen/nuget-license. Would you mind checking whether this version resolves your issue? It is using the microsoft implementation to determine project dependencies in contrast to the version you use....

ChristianGalla commented 4 months ago

@sensslen thanks. I have already validated your fork, but unfortunately, currently, for me your tool is not a sufficient alternative because of the following reasons:

I am not a lawyer, but in many licenses, for example in the MIT license there is something like the following paragraph: "The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software."

My interpretation is that software that uses such a library must deliver the license in the original format. Listing of the URLs is not enough. In comparison to nuget-license, the tool dotnet-project-licenses provides an easy option to download and save all licenses as harmless text files in a folder that is easy to publish and to create a combined text file that is easy to embed in an application.

sensslen commented 4 months ago

@ChristianGalla I'm fully aware that nuget-license does not provide all the functionality this project provides yet. However it already provides the ability to download the licenses that are specified by a download url (in HTML format though). Downloading the licenses specified by a SPDX identifier should be straight forward using licenses.nuget.org. Feel free to work on a PulRequest or a feature proposal over at nuget-license.