From b66d995e6fd9da3db571eae9d355bf06188880ff Mon Sep 17 00:00:00 2001 From: Jan Werner <105367074+janjwerner-confluent@users.noreply.github.com> Date: Mon, 4 Dec 2023 16:20:40 -0500 Subject: [PATCH] remove licenses of removed libraries, update the license checker (#15446) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Licenses file contains several licenses for outdated libraries. In this PR we remove licenses for no longer used components. This change is purely cosmetic / cleans up the license database. The candidates were designated by reviewing the output of the license check script and comparing it against the depdency tree. - Minor fix to license check tool to fail more gracefully when the license of used dependency is not listed as known, as well as fix not to fail on multi licensed components when at least one of the licenses is accepted. --------- Co-authored-by: Xavier Léauté --- distribution/bin/check-licenses.py | 15 +- licenses.yaml | 635 +---------------------------- 2 files changed, 19 insertions(+), 631 deletions(-) diff --git a/distribution/bin/check-licenses.py b/distribution/bin/check-licenses.py index d03cd796a27..cf6e7e35b66 100755 --- a/distribution/bin/check-licenses.py +++ b/distribution/bin/check-licenses.py @@ -202,8 +202,19 @@ class DependencyReportParser(HTMLParser): def set_license(self, data): if data.upper().find("GPL") < 0: - if self.license != 'Apache License version 2.0': - self.license = self.compatible_license_names[data] + # Check if the license assosciated with the component is acccepted + # set_license() will pick the first acceptable license + # this fixes issue where a multi-licensed component + # could override accepted license with not accepted one + # e.g., EPL / GPL for logback-core + if self.license not in self.compatible_license_names: + try: + self.license = self.compatible_license_names[data] + except KeyError: + print("Unsupported license: " + data) + print("For:" + self.group_id + " " + self.artifact_id + " in: "+ self.druid_module_name) + else: + print(self.group_id + " " + self.artifact_id + " in: " + self.druid_module_name + " with: " + self.license + " ignoring " + data) def print_log_to_stderr(string): diff --git a/licenses.yaml b/licenses.yaml index 4230ed6c9c7..50fc89b7c61 100644 --- a/licenses.yaml +++ b/licenses.yaml @@ -15,6 +15,8 @@ # specific language governing permissions and limitations # under the License. +--- + name: conjunctive normal form conversion code, a variance aggregator algorithm, and Bloom filter adapted from Apache Hive version: license_category: source @@ -217,33 +219,6 @@ notice: | --- -name: Esri Geometry API for Java -license_category: binary -module: java-core -license_name: Apache License version 2.0 -version: 2.2.0 -libraries: - - com.esri.geometry: esri-geometry-api - ---- - -name: ClassMate -license_category: binary -module: java-core -license_name: Apache License version 2.0 -version: 1.1.0 -libraries: - - com.fasterxml: classmate -notices: - - classmate: | - Java ClassMate library was originally written by Tatu Saloranta (tatu.saloranta@iki.fi) - - Other developers who have contributed code are: - - * Brian Langel - ---- - name: Jackson license_category: binary module: java-core @@ -817,15 +792,6 @@ libraries: --- -name: org.objenesis objenesis -license_category: binary -module: extensions/druid-pac4j -license_name: Apache License version 2.0 -version: 3.0.1 -libraries: - - org.objenesis: objenesis - ---- name: com.nimbusds lang-tag license_category: binary @@ -937,16 +903,6 @@ libraries: --- -name: io.sundr builder-annotations -license_category: binary -module: extensions/druid-kubernetes-extensions -license_name: Apache License version 2.0 -version: 0.22.0 -libraries: - - io.sundr: builder-annotations - ---- - name: com.squareup.okio okio license_category: binary module: extensions/druid-kubernetes-extensions @@ -1067,25 +1023,6 @@ libraries: --- -name: io.sundr resourcecify-annotations -license_category: binary -module: extensions/druid-kubernetes-extensions -license_name: Apache License version 2.0 -version: 0.22.0 -libraries: - - io.sundr: resourcecify-annotations - ---- - -name: io.sundr sundr-codegen -license_category: binary -module: extensions/druid-kubernetes-extensions -license_name: Apache License version 2.0 -version: 0.22.0 -libraries: - - io.sundr: sundr-codegen - ---- name: org.bouncycastle bcprov-jdk15on license_category: binary @@ -1127,16 +1064,6 @@ libraries: --- -name: io.sundr sundr-core -license_category: binary -module: extensions/druid-kubernetes-extensions -license_name: Apache License version 2.0 -version: 0.22.0 -libraries: - - io.sundr: sundr-core - ---- - name: com.squareup.okhttp3 logging-interceptor license_category: binary module: extensions/druid-kubernetes-extensions @@ -1617,16 +1544,6 @@ libraries: --- -name: ASM Based Accessors Helper Used By JSON Smart -license_category: binary -module: java-core -license_name: Apache License version 2.0 -version: 1.2 -libraries: - - net.minidev: accessors-smart - ---- - name: JSON Small and Fast Parser license_category: binary module: java-core @@ -1775,7 +1692,6 @@ notice: | http://www.itl.nist.gov/div897/ctg/sql_form.htm - ========================================================================= @@ -1815,20 +1731,6 @@ notice: | --- -name: Apache HttpClient -license_category: binary -module: java-core -license_name: Apache License version 2.0 -version: 4.5.10 -libraries: - - org.apache.httpcomponents: httpclient -notices: - - httpclient: | - Apache HttpClient - Copyright 1999-2017 The Apache Software Foundation - ---- - name: Apache HttpClient license_category: binary module: java-core @@ -1843,20 +1745,6 @@ notices: --- -name: Apache HttpClient -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 4.5.2 -libraries: - - org.apache.httpcomponents: httpclient -notices: - - httpclient: | - Apache HttpClient - Copyright 1999-2016 The Apache Software Foundation - ---- - name: Apache HttpCore license_category: binary module: java-core @@ -2198,16 +2086,6 @@ notice: | --- -name: Hibernate Validator Engine -license_category: binary -module: java-core -license_name: Apache License version 2.0 -version: 5.2.5.Final -libraries: - - org.hibernate: hibernate-validator - ---- - name: Kerby license_category: binary module: java-core @@ -2422,7 +2300,7 @@ name: Objenesis license_category: binary module: java-core license_name: Apache License version 2.0 -version: 2.6 +version: 3.3 libraries: - org.objenesis: objenesis @@ -2506,74 +2384,6 @@ libraries: --- -name: Guava -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 11.0.2 -libraries: - - com.google.guava: guava - ---- - -name: Nimbus JOSE+JWT -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 4.41.1 -libraries: - - com.nimbusds: nimbus-jose-jwt - ---- - -name: OkHttp -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 2.4.0 -libraries: - - com.squareup.okhttp: okhttp - ---- - -name: Okio -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.4.0 -libraries: - - com.squareup.okio: okio - ---- - -name: Apache Commons BeanUtils -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.7.0 -libraries: - - commons-beanutils: commons-beanutils -notices: - - commons-beanutils: | - This product includes software developed by - The Apache Software Foundation (http://www.apache.org/). - ---- - -name: Apache Commons BeanUtils -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.8.0 -libraries: - - commons-beanutils: commons-beanutils-core -notices: - - common-beanutils-core: | - Apache Commons BeanUtils - Copyright 2000-2008 The Apache Software Foundation - ---- - name: Apache Commons Codec license_category: binary module: hadoop-client @@ -2594,20 +2404,6 @@ notices: --- -name: Apache Commons Configuration -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.6 -libraries: - - commons-configuration: commons-configuration -notices: - - commons-configuration: | - Apache Commons Configuration - Copyright 2001-2008 The Apache Software Foundation - ---- - name: Apache Commons Digester license_category: binary module: hadoop-client @@ -2733,138 +2529,6 @@ notices: file. --- -name: Netty -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 3.6.2.Final -libraries: - - io.netty: netty -notices: - - netty: | - == - The Netty Project - ================= - - Please visit the Netty web site for more information: - - * http://netty.io/ - - Copyright 2011 The Netty Project - - The Netty Project licenses this file to you under the Apache License, - version 2.0 (the "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - - Also, please refer to each LICENSE..txt file, which is located in - the 'license' directory of the distribution file, for the license terms of the - components that this product depends on. - - ------------------------------------------------------------------------------- - This product contains the extensions to Java Collections Framework which has - been derived from the works by JSR-166 EG, Doug Lea, and Jason T. Greene: - - * LICENSE: - * license/LICENSE.jsr166y.txt (Public Domain) - * HOMEPAGE: - * http://gee.cs.oswego.edu/cgi-bin/viewcvs.cgi/jsr166/ - * http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbosscache/experimental/jsr166/ - - This product contains a modified version of Robert Harder's Public Domain - Base64 Encoder and Decoder, which can be obtained at: - - * LICENSE: - * license/LICENSE.base64.txt (Public Domain) - * HOMEPAGE: - * http://iharder.sourceforge.net/current/java/base64/ - - This product contains a modified version of 'JZlib', a re-implementation of - zlib in pure Java, which can be obtained at: - - * LICENSE: - * license/LICENSE.jzlib.txt (BSD Style License) - * HOMEPAGE: - * http://www.jcraft.com/jzlib/ - - This product optionally depends on 'Protocol Buffers', Google's data - interchange format, which can be obtained at: - - * LICENSE: - * license/LICENSE.protobuf.txt (New BSD License) - * HOMEPAGE: - * http://code.google.com/p/protobuf/ - - This product optionally depends on 'SLF4J', a simple logging facade for Java, - which can be obtained at: - - * LICENSE: - * license/LICENSE.slf4j.txt (MIT License) - * HOMEPAGE: - * http://www.slf4j.org/ - - This product optionally depends on 'Apache Commons Logging', a logging - framework, which can be obtained at: - - * LICENSE: - * license/LICENSE.commons-logging.txt (Apache License 2.0) - * HOMEPAGE: - * http://commons.apache.org/logging/ - - This product optionally depends on 'Apache Log4J', a logging framework, - which can be obtained at: - - * LICENSE: - * license/LICENSE.log4j.txt (Apache License 2.0) - * HOMEPAGE: - * http://logging.apache.org/log4j/ - - This product optionally depends on 'JBoss Logging', a logging framework, - which can be obtained at: - - * LICENSE: - * license/LICENSE.jboss-logging.txt (GNU LGPL 2.1) - * HOMEPAGE: - * http://anonsvn.jboss.org/repos/common/common-logging-spi/ - - This product optionally depends on 'Apache Felix', an open source OSGi - framework implementation, which can be obtained at: - - * LICENSE: - * license/LICENSE.felix.txt (Apache License 2.0) - * HOMEPAGE: - * http://felix.apache.org/ - - This product optionally depends on 'Webbit', a Java event based - WebSocket and HTTP server: - - * LICENSE: - * license/LICENSE.webbit.txt (BSD License) - * HOMEPAGE: - * https://github.com/joewalnes/webbit - ---- - -name: Apache Log4j -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.2.17 -libraries: - - log4j: log4j -notices: - - log4j: | - Apache log4j - Copyright 2007 The Apache Software Foundation ---- - name: JSON Small and Fast Parser license_category: binary module: druid-pac4j @@ -2949,7 +2613,7 @@ notices: name: JTS license_category: binary module: java-core -license_name: Eclipse Distribution License 1.0 +license_name: Eclipse Public License 2.0 version: 1.19.0 libraries: - org.locationtech.jts: jts-core @@ -2957,33 +2621,11 @@ libraries: notices: - jts-core: | The JTS Topology Suite is a Java library for creating and manipulating vector geometry. - Eclipse Distribution License 1.0 + Eclipse Distribution License 1.0 / Eclipse Public License 2.0 - jts-io-common: | - Eclipse Distribution License 1.0 + Eclipse Distribution License 1.0 / Eclipse Public License 2.0 --- -name: Apache Avro -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.7.4 -libraries: - - org.apache.avro: avro -notices: - - avro: | - Apache Avro - Copyright 2009-2013 The Apache Software Foundation ---- - -name: Apache Directory -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.0.0-M20 -libraries: - - org.apache.directory.api: api-asn1-api - ---- name: Apache Directory license_category: binary @@ -2999,73 +2641,6 @@ notices: --- -name: Apache Directory Server -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 2.0.0-M15 -libraries: - - org.apache.directory.server: apacheds-i18n - - org.apache.directory.server: apacheds-kerberos-codec -notices: - - apacheds-i18n: | - ApacheDS I18n - Copyright 2003-2013 The Apache Software Foundation - - apacheds-kerberos-codec: | - ApacheDS Protocol Kerberos Codec - Copyright 2003-2013 The Apache Software Foundation - ---- - -name: Apache HTrace -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 4.0.1-incubating -libraries: - - org.apache.htrace: htrace-core4 -notices: - - htrace-core4: | - htrace-core4 - Copyright 2015 The Apache Software Foundation - ---- - -name: Apache Zookeeper -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 3.4.6 -libraries: - - org.apache.zookeeper: zookeeper -notices: - - zookeeper: | - Apache ZooKeeper - Copyright 2009-2012 The Apache Software Foundation - ---- - -name: Apache Curator -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 2.7.1 -libraries: - - org.apache.curator: curator-client - - org.apache.curator: curator-framework - - org.apache.curator: curator-recipes -notices: - - curator-client: | - Curator Client - Copyright 2011-2015 The Apache Software Foundation - - curator-framework: | - Curator Framework - Copyright 2011-2015 The Apache Software Foundation - - curator-recipes: | - Curator Recipes - Copyright 2011-2015 The Apache Software Foundation - ---- name: components from Jackson license_category: binary @@ -3084,55 +2659,6 @@ notice: | For additional credits (generally to people who reported problems) see CREDITS file. ---- - -name: Jetty -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 6.1.26 -libraries: - - org.mortbay.jetty: jetty-sslengine - - org.mortbay.jetty: jetty-util -notice: | - ============================================================== - Jetty Web Container - Copyright 1995-2009 Mort Bay Consulting Pty Ltd - ============================================================== - - The Jetty Web Container is Copyright Mort Bay Consulting Pty Ltd - unless otherwise noted. It is dual licensed under the apache 2.0 - license and eclipse 1.0 license. Jetty may be distributed under - either license. - - The javax.servlet package used was sourced from the Apache - Software Foundation and is distributed under the apache 2.0 - license. - ---- - -name: snappy-java -license_category: binary -module: hadoop-client -license_name: Apache License version 2.0 -version: 1.0.4.1 -libraries: - - org.xerial.snappy: snappy-java -notices: - - snappy-java: | - This product includes software developed by Google - Snappy: http://code.google.com/p/snappy/ (New BSD License) - - - This library containd statically linked libstdc++. This inclusion is allowed by - "GCC RUntime Library Exception" - http://gcc.gnu.org/onlinedocs/libstdc++/manual/license.html - - == Contributors == - * Tatu Saloranta - * Providing benchmark suite - * Alec Wysoker - * Performance and memory usage improvement --- @@ -3163,16 +2689,6 @@ libraries: --- -name: com.github.pjfanning jersey-json -license_category: binary -module: druid-kerberos -license_name: CDDL 1.1 -version: 1.20 -libraries: - - com.github.pjfanning: jersey-json - ---- - name: org.codehaus.woodstox stax2-api license_category: binary version: 4.2.1 @@ -3462,16 +2978,6 @@ libraries: --- -name: Jersey -license_category: binary -module: extensions/druid-avro-extensions -license_name: CDDL 1.1 -version: 1.19.4 -libraries: - - com.sun.jersey: jersey-json - ---- - name: jaxb license_category: binary module: extensions/druid-avro-extensions @@ -3547,18 +3053,6 @@ libraries: --- -name: xmlenc -license_category: binary -module: extensions/druid-hdfs-storage -license_name: BSD-3-Clause License -version: 0.52 -copyright: Ernst de Haan -license_file_path: licenses/bin/xmlenc.BSD3 -libraries: - - xmlenc: xmlenc - ---- - name: Apache Kafka version: 3.6.0 license_category: binary @@ -3594,15 +3088,6 @@ notices: --- -name: snappy-java -license_category: binary -module: extensions/druid-kafka-indexing-service -license_name: Apache License version 2.0 -version: 1.1.8.4 -libraries: - - org.xerial.snappy: snappy-java - ---- name: Apache Parquet license_category: binary @@ -3744,19 +3229,6 @@ libraries: --- -name: SLF4J API -version: 1.7.10 -license_category: binary -module: hadoop-client -license_name: MIT License -copyright: QOS.ch -license_file_path: licenses/bin/slf4j.MIT -libraries: - - org.slf4j: slf4j-api - - org.slf4j: slf4j-log4j12 - ---- - name: JNI binding for Zstd license_category: binary module: java-core @@ -3808,18 +3280,6 @@ additional_license_statement: except src/google/protobuf/stubs/atomicops_interna --- -name: JLine -license_category: binary -module: java-core -license_name: BSD-3-Clause License -version: 0.9.94 -copyright: Marc Prud'hommeaux -license_file_path: licenses/bin/jline.BSD3 -libraries: - - jline: jline - ---- - name: ANTLR 4 Runtime license_category: binary module: java-core @@ -3897,17 +3357,6 @@ libraries: --- -name: LevelDB JNI -license_category: binary -module: hadoop-client -license_name: BSD-3-Clause License -version: 1.8 -copyright: FuseSource Corp. -license_file_path: licenses/bin/leveldb-jni.BSD3 -libraries: - - org.fusesource.leveldbjni: leveldbjni-all - ---- name: Paranamer license_category: binary @@ -4070,18 +3519,6 @@ libraries: --- -name: Expression Language 3.0 -license_category: binary -module: java-core -license_name: CDDL 1.1 -version: 3.0.0 -copyright: Oracle and/or its affiliates. -license_file_path: licenses/bin/javax.CDDL11 -libraries: - - org.glassfish: javax.el - ---- - name: JAXB Runtime license_category: binary module: java-core @@ -4200,18 +3637,6 @@ libraries: --- -name: stax-api -license_category: binary -module: hadoop-client -license_name: CDDL 1.1 -version: 1.0-2 -copyright: Oracle and/or its affiliates. -license_file_path: licenses/bin/javax.CDDL11 -libraries: - - javax.xml.stream: stax-api - ---- - name: jsp-api license_category: binary module: hadoop-client @@ -4350,16 +3775,6 @@ libraries: --- -name: XZ -license_category: binary -module: hadoop-client -license_name: Public Domain -version: 1.0 -libraries: - - org.tukaani: xz - ---- - name: Apache ORC libraries license_category: binary module: extensions/druid-orc-extensions @@ -4528,33 +3943,6 @@ notices: --- -name: Metrics Core Library -license_category: binary -module: extensions/kafka-extraction-namespace -license_name: Apache License version 2.0 -version: 2.2.0 -libraries: - - com.yammer.metrics: metrics-core -notices: - - metrics-core: | - Metrics - Copyright 2010-2013 Coda Hale and Yammer, Inc., 2014-2017 Dropwizard Team - - This product includes software developed by Coda Hale and Yammer, Inc. ---- - -name: JOpt Simple -license_category: binary -module: extensions/kafka-extraction-namespace -license_name: MIT License -copyright: Paul R. Holser, Jr. -version: 3.2 -license_file_path: licenses/bin/jopt-simple.MIT -libraries: - - net.sf.jopt-simple: jopt-simple - ---- - name: Scala Library license_category: binary module: extensions/kafka-extraction-namespace @@ -4829,17 +4217,6 @@ libraries: --- -name: Scala Library -license_category: binary -version: 2.11.12 -module: druid-ranger-security -license_name: BSD-3-Clause License -libraries: - - org.scala-lang: scala-library -copyright: LAMP/EPFL and Lightbend, Inc. - ---- - name: snappy-java license_category: binary version: 1.1.10.4