From 7ee1042a8393563b4d7655b8bc2d4a77564b91b5 Mon Sep 17 00:00:00 2001
From: Owen Nichols <34043438+onichols-pivotal@users.noreply.github.com>
Date: Tue, 5 May 2020 09:53:01 -0700
Subject: [PATCH] GEODE-8039: update incorrect versions in LICENSE (#5018)
* GEODE-8039: update incorrect versions in LICENSE
* add license review as part of the release process and RC pipeline
* fix wrapping and capitalization so that binary license is a superset of source license
---
LICENSE | 86 ++---
.../src/test/resources/expected-pom.xml | 6 +
.../plugins/DependencyConstraints.groovy | 1 +
dev-tools/release/README.md | 1 +
dev-tools/release/deploy_rc_pipeline.sh | 25 ++
dev-tools/release/license_review.sh | 362 ++++++++++++++++++
geode-assembly/src/main/dist/LICENSE | 138 ++++---
geode-assembly/src/main/dist/NOTICE | 58 ---
gradle/java.gradle | 2 +-
9 files changed, 528 insertions(+), 151 deletions(-)
create mode 100755 dev-tools/release/license_review.sh
diff --git a/LICENSE b/LICENSE
index 0dc431d44108..d6b1c8d18810 100644
--- a/LICENSE
+++ b/LICENSE
@@ -219,43 +219,43 @@ Apache Geode bundles the following files under the BSD 3-Clause License:
- ANSIBuffer (http://jline.sourceforge.net/apidocs/jline/ANSIBuffer.html),
Copyright (c) 2002-2007 Marc Prud'hommeaux.
- - jQuery Sparklines v2.0 (http://omnipotent.net/jquery.sparkline/), Copyright
- (c) 2012 Splunk Inc.
- - Protocol Buffers (https://github.com/google/protobuf), Copyright (c) 2014
- Google Inc.
+ - jQuery Sparklines v2.0 (http://omnipotent.net/jquery.sparkline/),
+ Copyright (c) 2012 Splunk Inc.
+ - Protocol Buffers (https://github.com/google/protobuf), Copyright (c)
+ 2014 Google Inc.
All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation and/or
-other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its contributors
-may be used to endorse or promote products derived from this software without
-specific prior written permission.
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+contributors may be used to endorse or promote products derived from this
+software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
---------------------------------------------------------------------------
The MIT License (http://opensource.org/licenses/mit-license.html)
---------------------------------------------------------------------------
-Apache Geode bundles the following files under the MIT license:
+Apache Geode bundles the following files under the MIT License:
- HTML5 Shiv vpre3.5 (https://github.com/aFarkas/html5shiv), Copyright
(c) 2014 Alexander Farkas (aFarkas)
@@ -280,8 +280,6 @@ Apache Geode bundles the following files under the MIT license:
Foundation and other contributors, http://jquery.org
- jScrollPane (http://jscrollpane.kelvinluck.com/), Copyright (c) 2010
Kelvin Luck
- - matchMedia() polyfill (https://github.com/paulirish/matchMedia.js),
- Copyright (c) 2012 Scott Jehl
- MooTools (http://mootools.net), Copyright (c) 2006-2015 Valerio
Proietti,
- Sizzle.js (http://sizzlejs.com/), Copyright (c) 2011, The Dojo Foundation
@@ -312,7 +310,6 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
-
---------------------------------------------------------------------------
The MX4J License (http://mx4j.sourceforge.net/docs/ch01s06.html)
---------------------------------------------------------------------------
@@ -354,19 +351,20 @@ are met:
nor may "MX4J" appear in their name, without prior written
permission of Simone Bordet.
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE MX4J CONTRIBUTORS
-BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE MX4J
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+This software consists of voluntary contributions made by many
+individuals on behalf of the MX4J project. For more information on
+MX4J, please see the MX4J website (http://mx4j.sourceforge.net/).
---------------------------------------------------------------------------
Public Domain
diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index 671abfeed408..8e3bbcb6d6bc 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -145,6 +145,12 @@
3.0.11
compile
+
+ com.sun.mail
+ javax.mail
+ 1.6.2
+ compile
+
com.sun.xml.bind
jaxb-impl
diff --git a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index b1413752ccf2..eae28bd1088f 100644
--- a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++ b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -101,6 +101,7 @@ class DependencyConstraints implements Plugin {
api(group: 'com.nimbusds', name:'nimbus-jose-jwt', version:'8.11')
api(group: 'com.sun.activation', name: 'javax.activation', version: '1.2.0')
api(group: 'com.sun.istack', name: 'istack-commons-runtime', version: '3.0.11')
+ api(group: 'com.sun.mail', name: 'javax.mail', version: '1.6.2')
api(group: 'com.sun.xml.bind', name: 'jaxb-impl', version: '2.3.2')
api(group: 'com.tngtech.archunit', name:'archunit-junit4', version: '0.12.0')
api(group: 'com.zaxxer', name: 'HikariCP', version: '3.4.2')
diff --git a/dev-tools/release/README.md b/dev-tools/release/README.md
index 98f641b4653e..3ebc8778b129 100644
--- a/dev-tools/release/README.md
+++ b/dev-tools/release/README.md
@@ -9,6 +9,7 @@ These scripts are intended to be run from the parent directory of your geode dev
Overview of scripts:
+license_review.sh: compares versions with a previous release and/or checks that all bundled dependencies are noted in appropriate LICENSE file
create_support_branches.sh: cuts support/x.y from develop for all projects and walks you through creating pipelines and setting version numbers
set_copyright.sh updates the copyright year
set_versions.sh: updates files that need to contain the version number planned for the next release from this support branch
diff --git a/dev-tools/release/deploy_rc_pipeline.sh b/dev-tools/release/deploy_rc_pipeline.sh
index 2666585a9ab4..c8ab3f7adfeb 100755
--- a/dev-tools/release/deploy_rc_pipeline.sh
+++ b/dev-tools/release/deploy_rc_pipeline.sh
@@ -537,6 +537,31 @@ jobs:
else
echo All good
fi
+ - name: verify-license
+ serial: true
+ plan:
+ - aggregate:
+ - get: geode
+ trigger: true
+ - task: validate
+ timeout: 1h
+ config:
+ image_resource:
+ type: docker-image
+ source:
+ repository: openjdk
+ tag: 8
+ inputs:
+ - name: geode
+ platform: linux
+ run:
+ path: /bin/bash
+ args:
+ - -ec
+ - |
+ set -e
+ FULL_VERSION=$(cd geode && git describe --tags | sed -e 's#^rel/v##')
+ geode/dev-tools/release/license_review.sh -v $FULL_VERSION
EOF
fly -t concourse.apachegeode-ci.info-main login --team-name main --concourse-url https://concourse.apachegeode-ci.info/
fly -t concourse.apachegeode-ci.info-main set-pipeline -p apache-support-${VERSION_MM//./-}-rc -c $PIPEYML
diff --git a/dev-tools/release/license_review.sh b/dev-tools/release/license_review.sh
new file mode 100755
index 000000000000..a595f8ce5894
--- /dev/null
+++ b/dev-tools/release/license_review.sh
@@ -0,0 +1,362 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+usage() {
+ echo "Usage: license_review.sh -v version_number_or_tgz [-p previous_version_number_or_tgz]"
+ echo " -v The #.#.#.RC# or #.#.# version number to review -or- a path or URL to .tgz -or- 'HEAD'"
+ echo " -p The #.#.#.RC# or #.#.# version number to compare against -or- a path or URL to .tgz"
+ echo " -n No license check (useful if you just want the version comparison)"
+ echo " -s No source license check (just check the binary license)"
+ exit 1
+}
+
+
+while getopts ":v:p:ns" opt; do
+ case ${opt} in
+ v )
+ NEW_VERSION=$OPTARG
+ ;;
+ p )
+ OLD_VERSION=$OPTARG
+ ;;
+ n )
+ SKIP_LICENSES=true
+ ;;
+ s )
+ SKIP_SRC_LICENSE=true
+ ;;
+ \? )
+ usage
+ ;;
+ esac
+done
+
+if [ -z "${NEW_VERSION}" ] ; then
+ usage
+fi
+
+WORKSPACE=$(PWD)/license_tmp
+DOWNLOAD=${WORKSPACE}/download
+EXTRACT=${WORKSPACE}/extracted
+mkdir -p ${DOWNLOAD}
+mkdir -p ${EXTRACT}
+root=$0
+root=${root%/dev-tools*}
+
+if [ "$NEW_VERSION" = "HEAD" ] ; then
+ licFromWs=true
+ rm -Rf $root/geode-assembly/build/distributions
+fi
+
+
+function resolve() {
+ [ -n "$1" ] || return
+ spec=$1
+ suffix=$2
+ if [ "HEAD" = "$spec" ] ; then
+ [ "${suffix}" = "-src" ] && target=srcDistTar || target=distTar
+ (cd $root && ./gradlew ${target} 1>&2)
+ spec=$root/geode-assembly/build/distributions/$(cd $root/geode-assembly/build/distributions && ls -t | grep apache-geode-.*-SNAPSHOT${suffix}.tgz | tail -1)
+ [ -r "$spec" ] || echo "Build not found: $spec" 1>&2
+ [ -r "$spec" ]
+ fi
+
+ if [[ $spec =~ ^([0-9]+\.[0-9]+\.[0-9]+)\.(RC[0-9]+)$ ]]; then
+ mmp=$(echo $spec | sed 's/.RC.*//')
+ #bare RC version -> RC url
+ spec=https://dist.apache.org/repos/dist/dev/geode/${spec}/apache-geode-${mmp}${suffix}.tgz
+ elif [[ $spec =~ ^([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
+ #bare released version -> release url
+ spec=https://downloads.apache.org/geode/${spec}/apache-geode-${spec}${suffix}.tgz
+ elif echo "$spec" | grep -q '^http.*tgz$' ; then
+ #tgz url
+ echo "$spec" | grep -q -- "${suffix}.tgz$" || return
+ elif [ -r "$spec" ] && echo "$spec" | grep -q 'tgz$' ; then
+ #tgz file present locally
+ echo "$spec" | grep -q -- "${suffix}.tgz$" || return
+ else
+ #unsupported
+ return
+ fi
+
+ #download if url (and not already downloaded)
+ if echo "$spec" | grep -q '^http.*tgz$' ; then
+ filename=$(echo $spec | sed 's#.*/##')
+ [ -r ${DOWNLOAD}/$filename ] || curl -L "$spec" > ${DOWNLOAD}/$filename
+ spec=${DOWNLOAD}/$filename
+ fi
+
+ #extract it (if not already extracted)
+ dirname=$(echo $spec | sed -e 's#.*/##' -e 's#.tgz$##')
+ [ "${licFromWs}" = "true" ] && rm -Rf ${EXTRACT}/$dirname
+ [ -d ${EXTRACT}/$dirname ] || tar xzf $spec -C ${EXTRACT}
+ [ -d ${EXTRACT}/$dirname ] && echo ${EXTRACT}/$dirname
+}
+
+NEW_DIR=$(resolve $NEW_VERSION)
+
+if [ -z "${NEW_DIR}" ] || [ ! -d "${NEW_DIR}" ] ; then
+ usage
+fi
+
+if [ "${licFromWs}" = "true" ] && ! [ "$SKIP_LICENSES" = "true" ] && ! [ "$SKIP_SRC_LICENSE" = "true" ] ; then
+ NEW_SRC_DIR=$(resolve $NEW_VERSION -src)
+fi
+
+function banner() {
+ echo ""
+ echo "$@" | sed 's/./=/g'
+ echo "$@"
+ echo "$@" | sed 's/./=/g'
+}
+
+function listJarsInWar() {
+ war=$1
+ jar tvf $war | awk '/.jar$/{print "'"$war"'/"$8}'
+}
+
+function extractLicense() {
+ war=$1
+ rm -Rf tmpl
+ mkdir tmpl
+ cd tmpl
+ jar xf ../$war META-INF/LICENSE
+ cd ..
+ cp tmpl/META-INF/LICENSE $2
+ rm -Rf tmpl
+}
+
+function generateList() {
+ dir=$1
+ banner "Listing 3rd-party deps in ${dir##*/}"
+
+ #also extract geode jar licenses for later checking
+ (cd $dir; find . -name '*.jar' | egrep '(geode|gfsh)-' | sort | sed 's#^./##' | while read geodejar ; do
+ extractLicense $geodejar ${geodejar%.jar}.LICENSE
+ done)
+
+ echo "**** ${dir##*/} jars ****" | tr '[:lower:]-' '[:upper:] ' > $dir/report1
+ (cd $dir; find . -name '*.jar' | grep -v geode- | grep -v gfsh- | sort | sed 's#^./##' | tee -a report1)
+
+ echo "**** ${dir##*/} wars ****" | tr '[:lower:]-' '[:upper:] ' > $dir/report2
+ (cd $dir; find . -name '*.war' | sort | sed 's#^./##' | while read war ; do
+ listJarsInWar $war | sed 's#-[v0-9][-0-9.SNAPSHOT]*[.]#.#' | sort
+ extractLicense $war ${war%.war}.LICENSE
+ done | tee -a report2)
+}
+
+generateList $NEW_DIR
+if [ -n "${OLD_VERSION}" ] ; then
+ OLD_DIR=$(resolve $OLD_VERSION)
+ generateList $OLD_DIR
+
+ banner "Diffing 3rd-party deps changes from ${OLD_DIR##*/} to ${NEW_DIR##*/}"
+ for REPORT in report1 report2 ; do
+ diff -y -W $(tput cols) $OLD_DIR/$REPORT $NEW_DIR/$REPORT | grep '[<|>]'
+ done
+fi
+
+[ "$SKIP_LICENSES" = "true" ] && exit 0
+
+banner "Checking that all binary licenses are identical"
+sizes=$(find $NEW_DIR -name '*LICENSE' | xargs wc -c | grep -v total | awk '{print $1}' | sort -u | wc -l)
+if [ $sizes -gt 1 ] ; then
+ echo "NOT all LICENSES are the same:"
+ (cd $NEW_DIR; find * -name '*LICENSE' | xargs wc -c | grep -v total | sort)
+ result=1
+else
+ echo "All Good!"
+fi
+
+function isApache2() {
+ apache="HikariCP
+accessors-smart
+byte-buddy
+classmate
+commons-beanutils
+commons-codec
+commons-collections
+commons-digester
+commons-fileupload
+commons-io
+commons-lang3
+commons-logging
+commons-math3
+commons-modeler
+commons-text
+commons-validator
+content-type
+error_prone_annotations
+failureaccess
+fastutil
+findbugs-annotations
+geo
+guava
+grumpy-
+httpclient
+httpcore
+j2objc-annotations
+jackson-
+jcip-annotations
+jna
+json-path
+json-smart
+jsr305
+jetty-
+jgroups
+jna-
+lang-tag
+listenablefuture
+log4j-
+lucene-
+mapstruct
+micrometer-core
+netty-all
+nimbus-jose-jwt
+oauth2-oidc-sdk
+rmiio
+shiro-
+snappy
+spring-
+springfox-
+swagger-annotations
+swagger-models"
+ echo "$1" | egrep -q "(mx4j-remote|jaxb-api|$(echo -n "$apache" | tr '\n' '|'))"
+}
+function shortenDep() {
+ echo "$1" | sed \
+ -e 's/-api//' \
+ -e 's/-impl//' \
+ -e 's/-java//' \
+ -e 's/shiro-.*/shiro-*/' \
+ -e 's/jackson-.*/shiro-*/' \
+ -e 's/jetty-.*/jetty-*/' \
+ -e 's/jna-.*/jna-*/' \
+ -e 's/lucene-.*/lucene-*/' \
+ -e 's/log4j-.*/log4j-*/' \
+ -e 's/mx4j-.*/mx4j*/' \
+ -e 's/spring-.*/spring-*/' \
+ -e 's/springfox-.*/springfox-*/'
+}
+for REPORT in report1 report2 ; do
+ [ "$REPORT" = "report1" ] && topic=JAR || topic=WAR
+ if [ "${licFromWs}" = "true" ] ; then
+ LICENSE=${root}/geode-assembly/src/main/dist/LICENSE
+ else
+ [ "$REPORT" = "report1" ] && LICENSE=${NEW_DIR}/LICENSE || LICENSE=${NEW_DIR}/tools/Pulse/$(cd ${NEW_DIR}/tools/Pulse; ls | grep LICENSE)
+ fi
+ LICENSE=${LICENSE#./}
+ banner "Comparing $topic dep versions in ${NEW_DIR##*/} to $LICENSE"
+ rm -f missing-$REPORT apache-$REPORT
+ touch missing-$REPORT apache-$REPORT
+ tail -n +2 $NEW_DIR/$REPORT | sed -e 's#.*/##' -e 's/.jar//' | sed 's/-\([0-9]\)/ \1/' | sort -u | grep -v '^ra$' | while read dep ver; do
+ if isApache2 $dep ; then
+ echo $dep $ver >> apache-$REPORT
+ else
+ echo $(shortenDep $dep) $ver
+ fi
+ done | sort -u | while read dep ver ; do
+ if grep -qi "${dep//-/.}.*$ver" $LICENSE ; then
+ echo "$dep $ver Found (and version matches)"
+ elif grep -qi $dep $LICENSE ; then
+ match="$(grep -i $dep $LICENSE | grep -v License | head -1)"
+ if echo $match | grep -q '[0-9][0-9]*[.][0-9][0-9]*' ; then
+ echo "$dep FOUND WITH A DIFFERENT VERSION, PLEASE UPDATE TO $ver:" >> missing-$REPORT
+ echo "$match" >> missing-$REPORT
+ else
+ echo "$dep $ver probably found (without version):"
+ echo "$match"
+ fi
+ else
+ echo "$LICENSE FAILS TO MENTION $dep v$ver" >> missing-$REPORT
+ fi
+ done
+ echo $(wc -l < apache-$REPORT) "deps are licensed under Apache 2.0 (no need to mention individually)"
+ rm apache-$REPORT
+ if [ $(wc -l < missing-$REPORT) -eq 0 ] ; then
+ echo "All Good!"
+ else
+ cat missing-$REPORT
+ rm missing-$REPORT
+ result=1
+ fi
+done
+
+function checkMissing() {
+ rm -f missing
+ touch missing
+ grep '^ - ' | sed -e 's/^ - //' -e 's/, .*//' -e 's/ (.*//' -e 's/s* v.*//' -e 's/ /.?/g' | while read f; do
+ if (cd ${root} && git grep -Eqi "$f" -- ':!LICENSE' ':!**/LICENSE' ':!NOTICE' ':!**/NOTICE') ; then
+ true
+ #echo "${f//\?/} found"
+ else
+ echo "${f//\?/} appears to be unused. Please remove from $1" >> missing
+ fi
+ done
+ if [ $(wc -l < missing) -eq 0 ] ; then
+ echo "All Good!"
+ rm missing
+ else
+ cat missing
+ rm missing
+ return 1
+ fi
+}
+
+if [ "${licFromWs}" = "true" ] ; then
+ banner "Checking that binary license is a superset of src license"
+ SLICENSE=${root}/LICENSE
+ BLICENSE=${root}/geode-assembly/src/main/dist/LICENSE
+ if diff $SLICENSE $BLICENSE | grep -q '^<' ; then
+ echo $(diff $SLICENSE $BLICENSE | grep '^<' | wc -l) "lines appear in $SLICENSE that were not found in $BLICENSE."
+ echo "Please ensure the binary license is a strict superset of the source license."
+ echo "(diff $SLICENSE $BLICENSE)"
+ result=1
+ else
+ echo "All Good!"
+ fi
+
+ banner "Checking that binary license is correct"
+ if diff -q ${BLICENSE} ${NEW_DIR}/LICENSE ; then
+ echo "All Good!"
+ else
+ echo "Incorrect LICENSE in binary distribution"
+ echo "Expected:" $(wc -c ${BLICENSE})
+ echo "Actual:" $(wc -c ${NEW_DIR}/LICENSE)
+ fi
+
+ if ! [ "$SKIP_SRC_LICENSE" = "true" ] ; then
+ banner "Checking that source license is correct"
+ if diff -q ${SLICENSE} ${NEW_SRC_DIR}/LICENSE ; then
+ echo "All Good!"
+ else
+ echo "Incorrect LICENSE in source distribution"
+ echo "Expected:" $(wc -c ${SLICENSE})
+ echo "Actual:" $(wc -c ${NEW_SRC_DIR}/LICENSE)
+ fi
+
+ banner "Checking references in source license"
+ cat $SLICENSE | checkMissing $SLICENSE
+
+ banner "Checking references in binary license"
+ cat $SLICENSE $SLICENSE $BLICENSE | sort | uniq -u | checkMissing $BLICENSE
+ fi
+fi
+
+exit $result
diff --git a/geode-assembly/src/main/dist/LICENSE b/geode-assembly/src/main/dist/LICENSE
index 2277ac3d6d87..4d153fcee46d 100644
--- a/geode-assembly/src/main/dist/LICENSE
+++ b/geode-assembly/src/main/dist/LICENSE
@@ -221,8 +221,10 @@ Apache Geode bundles the following files under the BSD 3-Clause License:
Copyright (c) 2002-2007 Marc Prud'hommeaux.
- Antlr v2.7.7 (http://www.antlr.org), Copyright (c) 2012 Terrence Parr
and Sam Harwell
- - ClassGraph v4.0.6 (https://github.com/classgraph/classgraph), Copyright (c)
- 2015 Luke Hutchison
+ - ASM v5.0.4 (https://asm.ow2.io) Copyright (c) 2000-2011 INRIA, France
+ Telecom
+ - ClassGraph v4.8.68 (https://github.com/classgraph/classgraph), Copyright
+ (c) 2019 Luke Hutchison
- JLine v2.12 (http://jline.sourceforge.net), Copyright (c) 2002-2006,
Marc Prud'hommeaux
- jQuery Sparklines v2.0 (http://omnipotent.net/jquery.sparkline/),
@@ -261,17 +263,18 @@ POSSIBILITY OF SUCH DAMAGE.
The CDDL Version 1.1 (https://javaee.github.io/glassfish/LICENSE)
---------------------------------------------------------------------------
-Apache Geode bundles the following file under the Common Development and
+Apache Geode bundles the following files under the Common Development and
Distribution License:
- - jaxb-istack-commons v2.2 (https://javaee.github.io/jaxb-istack-commons/)
+ - activation v1.1.0
+ (https://www.oracle.com/java/technologies/java-beans-activation.html)
- javax.activation v1.2.0
(https://www.oracle.com/technetwork/java/javase/jaf-135115.html)
- javax.mail v1.6.2 (http://www.oracle.com/)
- javax.resource v 1.7.1 (https://glassfish.java.net/)
- javax.servlet v3.1.0 (https://glassfish.java.net/)
- javax.transaction v1.3 (https://glassfish.java.net/)
- - jaxb v2.3.1 (https://javaee.github.io/jaxb-v2/)
+ - jaxb v2.3.2 (https://javaee.github.io/jaxb-v2/)
1. Definitions.
@@ -1019,17 +1022,56 @@ exception to your version of the library, but you are not obligated to
do so. If you do not wish to do so, delete this exception statement
from your version.
+---------------------------------------------------------------------------
+The EDL 1.0 License (http://www.eclipse.org/org/documents/edl-v10.php)
+---------------------------------------------------------------------------
+
+Apache Geode bundles the following file under the EDL 1.0 License:
+
+ - istack-commons-runtime v3.0.11
+
+Eclipse Distribution License - v 1.0
+
+Copyright (c) 2007, Eclipse Foundation, Inc. and its licensors.
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+Neither the name of the Eclipse Foundation, Inc. nor the names of its
+contributors may be used to endorse or promote products derived from this
+software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
---------------------------------------------------------------------------
The MIT License (http://opensource.org/licenses/mit-license.html)
---------------------------------------------------------------------------
-Apache Geode bundles the following files under the MIT license:
+Apache Geode bundles the following files under the MIT License:
- - Animal Sniffer Annotations v1.17
- (https://www.mojohaus.org/animal-sniffer/source-repository.html)
- Copyright (c) 2009 codehaus.org
- - Checker Qual 2.5.2 (https://checkerframework.org), Copyright (c)
+ - Checker Qual v2.10.0 (https://checkerframework.org), Copyright (c)
2004-present by the Checker Framework developers
+ - HTML5 Shiv vpre3.5 (https://github.com/aFarkas/html5shiv), Copyright
+ (c) 2014 Alexander Farkas (aFarkas)
- JavaScript InfoVis Toolkit v2.0.1 (http://philogb.github.io/jit/),
Copyright (c) 2011 Sencha Inc.
- JOpt Simple (http://pholser.github.io/jopt-simple/), Copyright (c)
@@ -1053,14 +1095,12 @@ Apache Geode bundles the following files under the MIT license:
Foundation and other contributors, http://jquery.org
- jScrollPane (http://jscrollpane.kelvinluck.com/), Copyright (c) 2010
Kelvin Luck
- - matchMedia() polyfill (https://github.com/paulirish/matchMedia.js),
- Copyright (c) 2012 Scott Jehl
- MooTools (http://mootools.net), Copyright (c) 2006-2015 Valerio
Proietti,
- Normalize.css v2.1.0 (https://necolas.github.io/normalize.css/),
Copyright (c) Nicolas Gallagher and Jonathan Neal
- - SLF4J API v1.7.21 (http://www.slf4j.org), Copyright (c) 2004-2013 QOS.ch
- - sizzle.js (http://sizzlejs.com/), Copyright (c) 2011, The Dojo Foundation
+ - Sizzle.js (http://sizzlejs.com/), Copyright (c) 2011, The Dojo Foundation
+ - SLF4J API v1.7.30 (http://www.slf4j.org), Copyright (c) 2004-2017 QOS.ch
- Split.js (https://github.com/nathancahill/Split.js), Copyright (c)
2015 Nathan Cahill
- TableDnD v0.5 (https://github.com/isocra/TableDnD), Copyright (c) 2012
@@ -1092,7 +1132,7 @@ DEALINGS IN THE SOFTWARE.
The MX4J License (http://mx4j.sourceforge.net/docs/ch01s06.html)
---------------------------------------------------------------------------
-Apache Geode bundles the following file under the MX4J license:
+Apache Geode bundles the following files under the MX4J License:
- MX4JModelMBean.java (http://mx4j.sourceforge.net)
- MX4J v3.0.1 (http://mx4j.sourceforge.net), Copyright (c) MX4J
@@ -1102,42 +1142,44 @@ Version 1.0
Copyright (c) 2001-2004 by the MX4J contributors. All rights reserved.
Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
+modification, are permitted provided that the following conditions
+are met:
-1. Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-3. The end-user documentation included with the redistribution, if any,
-must include the following acknowledgment:
- "This product includes software developed by the MX4J project
- (http://mx4j.sourceforge.net)."
-Alternately, this acknowledgment may appear in the software itself, if and
-wherever such third-party acknowledgments normally appear.
-
-4. The name "MX4J" must not be used to endorse or promote products derived
-from this software without prior written permission.
-
-For written permission, please contact biorn_steedom [at] users [dot]
-sourceforge [dot] net
-
-5. Products derived from this software may not be called "MX4J", nor may
-"MX4J" appear in their name, without prior written permission of Simone
-Bordet.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
-EVENT SHALL THE MX4J CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+3. The end-user documentation included with the redistribution,
+ if any, must include the following acknowledgment:
+ "This product includes software developed by the
+ MX4J project (http://mx4j.sourceforge.net)."
+ Alternately, this acknowledgment may appear in the software itself,
+ if and wherever such third-party acknowledgments normally appear.
+
+4. The name "MX4J" must not be used to endorse or promote
+ products derived from this software without prior written
+ permission.
+ For written permission, please contact
+ biorn_steedom [at] users [dot] sourceforge [dot] net
+
+5. Products derived from this software may not be called "MX4J",
+ nor may "MX4J" appear in their name, without prior written
+ permission of Simone Bordet.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE MX4J
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many
individuals on behalf of the MX4J project. For more information on
diff --git a/geode-assembly/src/main/dist/NOTICE b/geode-assembly/src/main/dist/NOTICE
index 0cb1d7ac65e0..216a4cede63f 100644
--- a/geode-assembly/src/main/dist/NOTICE
+++ b/geode-assembly/src/main/dist/NOTICE
@@ -23,64 +23,6 @@ commons-codec
contains test data from http://aspell.net/test/orig/batch0.tab.
Copyright (C) 2002 Kevin Atkinson (kevina@gnu.org)
-commons-math3
-
- The inverse error function implementation in the Erf class is based on CUDA
- code developed by Mike Giles, Oxford-Man Institute of Quantitative Finance,
- and published in GPU Computing Gems, volume 2, 2010.
-
- The BracketFinder (package org.apache.commons.math3.optimization.univariate)
- and PowellOptimizer (package org.apache.commons.math3.optimization.general)
- classes are based on the Python code in module "optimize.py" (version 0.5)
- developed by Travis E. Oliphant for the SciPy library (http://www.scipy.org/)
- Copyright © 2003-2009 SciPy Developers.
-
- The LinearConstraint, LinearObjectiveFunction, LinearOptimizer,
- RelationShip, SimplexSolver and SimplexTableau classes in package
- org.apache.commons.math3.optimization.linear include software developed by
- Benjamin McCann (http://www.benmccann.com) and distributed with
- the following copyright: Copyright 2009 Google Inc.
-
- This product includes software developed by the
- University of Chicago, as Operator of Argonne National
- Laboratory.
- The LevenbergMarquardtOptimizer class in package
- org.apache.commons.math3.optimization.general includes software
- translated from the lmder, lmpar and qrsolv Fortran routines
- from the Minpack package
- Minpack Copyright Notice (1999) University of Chicago. All rights reserved
-
- The GraggBulirschStoerIntegrator class in package
- org.apache.commons.math3.ode.nonstiff includes software translated
- from the odex Fortran routine developed by E. Hairer and G. Wanner.
- Original source copyright:
- Copyright (c) 2004, Ernst Hairer
-
- The EigenDecompositionImpl class in package
- org.apache.commons.math3.linear includes software translated
- from some LAPACK Fortran routines. Original source copyright:
- Copyright (c) 1992-2008 The University of Tennessee. All rights reserved.
-
- The MersenneTwister class in package org.apache.commons.math3.random
- includes software translated from the 2002-01-26 version of
- the Mersenne-Twister generator written in C by Makoto Matsumoto and Takuji
- Nishimura. Original source copyright:
- Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
- All rights reserved
-
- The LocalizedFormatsTest class in the unit tests is an adapted version of
- the OrekitMessagesTest class from the orekit library distributed under the
- terms of the Apache 2 licence. Original source copyright:
- Copyright 2010 CS Systèmes d'Information
-
- The HermiteInterpolator class and its corresponding test have been imported from
- the orekit library distributed under the terms of the Apache 2 licence. Original
- source copyright:
- Copyright 2010-2012 CS Systèmes d'Information
-
- The creation of the package "o.a.c.m.analysis.integration.gauss" was inspired
- by an original code donated by Sébastien Brisard.
-
This product includes software developed by the MX4J
project (http://mx4j.sourceforge.net).
diff --git a/gradle/java.gradle b/gradle/java.gradle
index c3898a489dd3..c43d01a4ed27 100644
--- a/gradle/java.gradle
+++ b/gradle/java.gradle
@@ -73,7 +73,7 @@ gradle.taskGraph.whenReady({ graph ->
}
}
jar.metaInf {
- from("$rootDir/LICENSE")
+ from("$rootDir/geode-assembly/src/main/dist/LICENSE")
if (jar.source.filter({ it.name.contains('NOTICE') }).empty) {
from("$rootDir/NOTICE")
}