Add function "has_binary_license" to check if a file has a
non-permissive license contains one. PBL is not recognized by scancode,
causing it to be flagged as a non-permissive license. CI doesn't allow
any non-permissive licenses, although, files flageed as SPDX are
allowed. Workaround causes all files with a valid PBL to be flagged as
missing an SPDX.
Add condition in "has_spdx_text_in_scancode_output" to ignore any spdx
identifier with "unknown" in the name. Scancode erroneously matches PBL
to matched_rule.identifer "spdx-license-identifier: unknown-spdx". This
prevents the workaround from working.
Add function "has_binary_license" to check if a file has a non-permissive license contains one. PBL is not recognized by scancode,
causing it to be flagged as a non-permissive license. CI doesn't allow
any non-permissive licenses, although, files flageed as SPDX are
allowed. Workaround causes all files with a valid PBL to be flagged as
missing an SPDX.
Add condition in "has_spdx_text_in_scancode_output" to ignore any spdx
identifier with "unknown" in the name. Scancode erroneously matches PBL to matched_rule.identifer "spdx-license-identifier: unknown-spdx". This prevents the workaround from working.
SPDX are not yet done in our codebase. We suggest them to be present but 3rd party
drivers have not yet been updated. The check as it was causes problems when updating
3rd party drivers (red flags in the PR).
Proper fix will be to clean up SPDX id in the codebase.
ScanCode can possibly return many licenses found for a single file scanned.
This commit ensures that the file is not reported as lacking a permissive license
if at least one license found in it is permissive.
Previously the script was reporting an issue if it found at least one license
in a file that was not permissive.
Additionally catch more errors and provide specific details about failures.
Provide unitest.
Remove code block from license_check that evalutes whether a files
licenses are permissive and that there is a SPDX notice. Scancode
sometimes incorrectly attributes a single license notice to permissive
and non-permissive licenses. Removed code block results in many false
positives because it labels any file that has a "non-permissive" license
as such even when there is a permissive license.
Add function spdx_check to scancode-evaluate.py to improve analysis of
copyright and license notice tests.
Master branch contains lot of missing SPDX identifiers, we will clean them up but this will take some time. In the meantime, we should not increase the license missing files. Each PR will report if there is no license issue or positive number reported as Github status. Travis won't fail if there are issues. This will highlight the issues that anyone can fix.
As soon as master is clean, we can fix set_status and revert part of this commit.
The goal: check license offenders in pull request
This is similar to what astyle does in Travis. We get list of files being changed. Because scancode does not support list of files being scanned but rather a file or directory, we copy files to SCANCODE folder. Execute scancode license check in this folder and check for offenders.
The rules there are: code files must have a license and SDPX identifier. If they don't, we print these and ask for review.
It functions nicely there is just one workaround needed. SPDX is not always 100 percent correctly found, therefore we recheck file if no SPDX manually in the script. This proves to remove false positives.
Harrison Mutai
Martin Kojtal
Hugues Kamba