Bug 1542826 - Add BSD-3-Clause license to about:license and whitelist sha1 which uses it. r=froydnj,mhoye
☠☠ backed out by cffeafe28a45 ☠ ☠
authorKartikaya Gupta <kgupta@mozilla.com>
Tue, 23 Apr 2019 19:56:09 +0000
changeset 470551 5118d628ec890f6dada7e16c1ac60d0d56a43483
parent 470550 5744891efeefbe21a8ad96e860b5b2da39d354f4
child 470552 a02e469be7b353670593dc7ca2db4595cb01b30a
push id35908
push useraciure@mozilla.com
push dateWed, 24 Apr 2019 04:28:40 +0000
treeherdermozilla-central@c9f0730a57a6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj, mhoye
bugs1542826
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1542826 - Add BSD-3-Clause license to about:license and whitelist sha1 which uses it. r=froydnj,mhoye Differential Revision: https://phabricator.services.mozilla.com/D28355
python/mozbuild/mozbuild/vendor_rust.py
toolkit/content/license.html
--- a/python/mozbuild/mozbuild/vendor_rust.py
+++ b/python/mozbuild/mozbuild/vendor_rust.py
@@ -141,16 +141,20 @@ Please commit or stash these changes bef
     # competent to review licensing minutiae.
 
     # Licenses for code used at runtime. Please see the above comment before
     # adding anything to this list.
     RUNTIME_LICENSE_WHITELIST = [
         'Apache-2.0',
         'Apache-2.0 WITH LLVM-exception',
         'BSD-2-Clause',
+        # BSD-3-Clause is ok, but packages using it must be added to the
+        # appropriate section of about:licenses. To encourage people to remember
+        # to do that, we do not whitelist the license itself and we require the
+        # packages to be added to RUNTIME_LICENSE_PACKAGE_WHITELIST below.
         'CC0-1.0',
         'ISC',
         'MIT',
         'MPL-2.0',
         'Unlicense',
     ]
 
     # Licenses for code used at build time (e.g. code generators). Please see the above
@@ -159,31 +163,39 @@ Please commit or stash these changes bef
         'BSD-3-Clause': [
             'adler32',
             'bindgen',
             'fuchsia-zircon',
             'fuchsia-zircon-sys',
         ]
     }
 
+    # This whitelist should only be used for packages that use an acceptable
+    # license, but that also need to explicitly mentioned in about:license.
+    RUNTIME_LICENSE_PACKAGE_WHITELIST = {
+        'BSD-3-Clause': [
+            'sha1',
+        ]
+    }
+
     # This whitelist should only be used for packages that use a
     # license-file and for which the license-file entry has been
     # reviewed.  The table is keyed by package names and maps to the
     # sha256 hash of the license file that we reviewed.
     #
     # As above, it is insufficient to have additions to this whitelist
     # reviewed solely by a build peer; any additions must be checked by
     # somebody competent to review licensing minutiae.
     RUNTIME_LICENSE_FILE_PACKAGE_WHITELIST = {
         # MIT
         'deque': '6485b8ed310d3f0340bf1ad1f47645069ce4069dcc6bb46c7d5c6faf41de1fdb',
     }
 
     @staticmethod
-    def runtime_license(license_string):
+    def runtime_license(package, license_string):
         """Cargo docs say:
         ---
         https://doc.rust-lang.org/cargo/reference/manifest.html
 
         This is an SPDX 2.1 license expression for this package.  Currently
         crates.io will validate the license provided against a whitelist of
         known license and exception identifiers from the SPDX license list
         2.4.  Parentheses are not currently supported.
@@ -195,29 +207,32 @@ Please commit or stash these changes bef
         But I have no idea how you can meaningfully AND licenses, so
         we will abort if that is detected. We'll handle `/` and OR as
         equivalent and approve is any is in our approved list."""
 
         if re.search(r'\s+AND', license_string):
             return False
 
         license_list = re.split(r'\s*/\s*|\s+OR\s+', license_string)
-        if any(license in VendorRust.RUNTIME_LICENSE_WHITELIST for license in license_list):
-            return True
+        for license in license_list:
+            if license in VendorRust.RUNTIME_LICENSE_WHITELIST:
+                return True
+            if package in VendorRust.RUNTIME_LICENSE_PACKAGE_WHITELIST.get(license, []):
+                return True
         return False
 
     def _check_licenses(self, vendor_dir):
         LICENSE_LINE_RE = re.compile(r'\s*license\s*=\s*"([^"]+)"')
         LICENSE_FILE_LINE_RE = re.compile(r'\s*license[-_]file\s*=\s*"([^"]+)"')
 
         def verify_acceptable_license(package, license):
             self.log(logging.DEBUG, 'package_license', {},
                      'has license {}'.format(license))
 
-            if not self.runtime_license(license):
+            if not self.runtime_license(package, license):
                 if license not in self.BUILDTIME_LICENSE_WHITELIST:
                     self.log(logging.ERROR, 'package_license_error', {},
                             '''Package {} has a non-approved license: {}.
 
     Please request license review on the package's license.  If the package's license
     is approved, please add it to the whitelist of suitable licenses.
     '''.format(package, license))
                     return False
--- a/toolkit/content/license.html
+++ b/toolkit/content/license.html
@@ -70,16 +70,17 @@
       <li><a href="about:license#apache">Apache License 2.0</a></li>
       <li><a href="about:license#apache-llvm">Apache License 2.0 with LLVM exception</a></li>
       <li><a href="about:license#apple">Apple License</a></li>
       <li><a href="about:license#apple-mozilla">Apple/Mozilla NPRuntime License</a></li>
       <li><a href="about:license#arm">ARM License</a></li>
       <li><a href="about:license#babel">Babel License</a></li>
       <li><a href="about:license#babylon">Babylon License</a></li>
       <li><a href="about:license#bincode">bincode License</a></li>
+      <li><a href="about:license#bsd3clause">BSD-3-Clause License</a></li>
       <li><a href="about:license#bspatch">bspatch License</a></li>
       <li><a href="about:license#byteorder">byteorder License</a></li>
       <li><a href="about:license#cairo">Cairo Component Licenses</a></li>
       <li><a href="about:license#chromium">Chromium License</a></li>
       <li><a href="about:license#codemirror">CodeMirror License</a></li>
       <li><a href="about:license#cubic-bezier">cubic-bezier License</a></li>
       <li><a href="about:license#d3">D3 License</a></li>
       <li><a href="about:license#dagre-d3">Dagre-D3 License</a></li>
@@ -2889,16 +2890,56 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE F
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 </pre>
 
 
     <hr>
 
+    <h1><a id="bsd3clause"></a>BSD-3-Clause License</h1>
+
+    <p>This license applies to files in the following directories:
+    <ul>
+        <li><code>third_party/rust/sha1</code></li>
+    </ul>
+    See the individual LICENSE files for copyright owners.</p>
+
+<pre>
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+
+    * The names of the contributors may not be used to endorse or
+      promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+</pre>
+
+    <hr>
+
     <h1><a id="bspatch"></a>bspatch License</h1>
 
     <p>This license applies to the files
     <code>toolkit/mozapps/update/updater/bspatch/bspatch.cpp</code> and
     <code>toolkit/mozapps/update/updater/bspatch/bspatch.h</code>.
     </p>
 
 <pre>