Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/alfresco/third-party-license-overrides
Overrides for licenses of third party libraries used in Alfresco software.
https://github.com/alfresco/third-party-license-overrides
Last synced: 6 days ago
JSON representation
Overrides for licenses of third party libraries used in Alfresco software.
- Host: GitHub
- URL: https://github.com/alfresco/third-party-license-overrides
- Owner: Alfresco
- Created: 2021-05-26T09:03:43.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-08-29T13:03:33.000Z (3 months ago)
- Last Synced: 2024-08-29T14:29:53.282Z (3 months ago)
- Language: Python
- Size: 212 KB
- Stars: 1
- Watchers: 80
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: licenseMerges.txt
Awesome Lists containing this project
README
# third-party-license-overrides
Centralised overrides for licenses of third party libraries used in Alfresco software. By centralising this informaton
then corrections to license information can benefit all projects.
Currently the project is designed to be used with the [license-maven-plugin](https://www.mojohaus.org/license-maven-plugin/).
---
**Note that this project is public to allow it to be easily accessed from local and CI builds.**
---
> ⚠ **NOTE:**
> After updating this repository, give it a few minutes before re-running a build that was previously failing due to a forbidden or unknown license, as it takes some time for the raw GitHub files cache to be invalidated.
# Licence allow list
The `includeLicenses.txt` file is a centralized list of licences allowed for use in Alfresco software. The format
of the file is one license per line, and they should be arranged in alphabetical order for ease of maintenance.
In future we may need more than one of these files as e.g. GPL licenses are allowed in certain products, provided
we have had legal approval.
# Licences merging
The `licenseMerges.txt` file contains the canonical form for various licenses. Where possible we have used the
[SPDX short identifier](https://spdx.org/licenses/) as the canonical form. The names for licenses are given in a
`|`-separated list, with the canonical form at the start of the list. The licenses should be sorted alphabetically by
canonical form. For example:
```
CPL-1.0|CPL|Common Public License
```
# License overrides
The `override-THIRD-PARTY.properties` file contains corrections to the automatically identified licenses where the
plugin has made a mistake. The format of this file is:
```
# URL to evidence for license choice
[groupId]--[artifactId]--[version]=[licenseChoice]
```
For example:
```
# https://sourceforge.net/projects/acegisecurity/
org.acegisecurity--acegi-security--0.8.2_patched=Apache-2.0
```
If multiple licenses are available for a third party library then only a single library should be included in this file
conforming to the preferences here:
https://alfresco.atlassian.net/wiki/spaces/TECH/pages/248284005/Open+Source+Licenses+-+Approval+Matrix
The libraries should be sorted alphabetically to make it easy to find them. Where possible the SPDX short identifier
should be used for the license.
# Usage
Example configuration for this will look like:
```
2.1.0
...
...
org.codehaus.mojo
license-maven-plugin
${license-maven-plugin.version}
third-party-licenses
add-third-party
generate-resources
true
provided,test
^(org\.alfresco|com\.alfresco|org\.activiti|org\.gytheio).*
true
https://raw.githubusercontent.com/Alfresco/third-party-license-overrides/master/includedLicenses.txt
https://raw.githubusercontent.com/Alfresco/third-party-license-overrides/master/licenseMerges.txt
https://raw.githubusercontent.com/Alfresco/third-party-license-overrides/master/override-THIRD-PARTY.properties
```
In particular note the reference to this project in the `overrideUrl` tag.
To download the plugin then it may be necessary to also add the Alfresco plugin repository:
```
alfresco-internal-plugin
Alfresco Internal Repository
https://artifacts.alfresco.com/nexus/content/groups/public
```
In order to also use the plugin to enforce the Alfrecso license header has been added to the top of Java files then a second execution and a dependency can be included:
```
...
check-licenses
compile
check-file-header
false
Alfresco Software Limited
true
true
classpath://alfresco
${licenseName}
src
**/*.java
**/*.jsp
org.alfresco
alfresco-license-headers
1.0
...
```
# Automated license file ordering
The script `licenceSorter.py` will automatically sort the three configuration files in this repository. This will make
it easier to find libraries and to check for consistency between different versions of the same library. The same
script will be run as part of the build and the build will fail if a file is not sorted correctly.
This project uses [pre-commit](https://pre-commit.com/) to automatically run the sorting script before commits. To
install pre-commit on your system see the [instructions here](https://pre-commit.com/#installation). Once you have
pre-commit installed then you can enable it for this repository by running the following command in your local clone:
```pre-commit install```
# CSV Generation for Customer Releases
We provide customers with third party license information in CSV format (or sometimes xls). To convert the THIRD-PARTY.txt files
into CSV files then this project includes a Python utility. This can be used with a command like:
```
./thirdPartyLicenseCSVCreator.py --version 3.0.0 --project ~/projects/alfresco-elasticsearch-connector/
```
More detailed help information can be obtained with:
```
./thirdPartyLicenseCSVCreator.py --help
```