Merge pull request #147 from cbgbt/add-licenses

Include licenses of dependencies in Docker image
bottlerocket-os · Feb 3, 2022 · 5d37a33 · 5d37a33
2 parents a15a340 + f2dc348
commit 5d37a33
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,6 +15,14 @@ RUN cargo install --offline --locked --target ${UNAME_ARCH}-bottlerocket-linux-m
     cargo install --offline --locked --target ${UNAME_ARCH}-bottlerocket-linux-musl --path /src/apiserver --root /src/apiserver && \
     cargo install --offline --locked --target ${UNAME_ARCH}-bottlerocket-linux-musl --path /src/controller --root /src/controller
 
+# Gather licenses of dependencies
+RUN /usr/libexec/tools/bottlerocket-license-scan \
+    --clarify /src/clarify.toml \
+    --spdx-data /usr/libexec/tools/spdx-data \
+    --out-dir /licenses \
+    cargo --offline --locked /src/Cargo.toml
+
+
 FROM scratch
 # Copy CA certificates store
 COPY --from=build /etc/ssl /etc/ssl
@@ -25,5 +33,16 @@ COPY --from=build /src/apiserver/bin/apiserver ./
 COPY --from=build /src/agent/bin/agent ./
 COPY --from=build /src/controller/bin/controller ./
 
+# Copy license data
+COPY --from=build /src/COPYRIGHT /src/LICENSE-MIT /src/LICENSE-APACHE /licenses/bottlerocket-update-operator/
+# Direct rust dependencies of the update-operator
+COPY --from=build /licenses /licenses
+# Build dependencies from the Bottlerocket SDK
+COPY --from=build \
+    /usr/share/licenses/bottlerocket-sdk-musl \
+    /usr/share/licenses/rust \
+    /usr/share/licenses/openssl \
+    /licenses/bottlerocket-sdk/
+
 # Expose apiserver port
 EXPOSE 8080
diff --git a/clarify.toml b/clarify.toml
@@ -5,3 +5,69 @@ expression = "MIT AND BSD-3-Clause"
 license-files = [
     { path = "LICENSE", hash = 0xcdf3ae00 },
 ]
+
+[clarify.crossbeam-channel]
+expression = "(MIT OR Apache-2.0) AND BSD-2-Clause AND CC-BY-3.0"
+license-files = [
+    { path = "LICENSE-APACHE", hash = 0x24b54f4b },
+    { path = "LICENSE-MIT", hash = 0xbc436f08 },
+    { path = "LICENSE-THIRD-PARTY", hash =0x847bf39 },
+]
+
+[clarify.regex]
+expression = "MIT OR Apache-2.0"
+license-files = [
+    { path = "LICENSE-APACHE", hash = 0x24b54f4b },
+    { path = "LICENSE-MIT", hash = 0xb755395b },
+]
+skip-files = [
+    "src/testdata/LICENSE", # we aren't using the test data
+]
+
+[clarify.regex-automata]
+expression = "Unlicense OR MIT"
+license-files = [
+    { path = "LICENSE-MIT", hash = 0x616d8a83 },
+    { path = "UNLICENSE", hash = 0x87b84020 },
+]
+skip-files = [
+    # these licenses apply to the test data, which we don't distribute,
+    "data/tests/fowler/LICENSE",
+    "data/fowler-tests/LICENSE",
+    # this file describes what licenses apply to the sources, and when they apply
+    "COPYING"
+]
+
+[clarify.regex-syntax]
+expression = "(MIT OR Apache-2.0) AND Unicode-DFS-2016"
+license-files = [
+    { path = "LICENSE-APACHE", hash = 0x24b54f4b },
+    { path = "LICENSE-MIT", hash = 0xb755395b },
+    { path = "src/unicode_tables/LICENSE-UNICODE", hash = 0xa7f28b93 },
+]
+
+[clarify.typenum]
+expression = "MIT OR Apache-2.0"
+license-files = [
+    { path = "LICENSE-APACHE", hash = 0x91d5a0a7 },
+    { path = "LICENSE-MIT", hash = 0xb9f15462 },
+    { path = "LICENSE", hash = 0xa4618a29 },
+]
+
+[clarify.zstd-sys]
+# The zstd-sys crate's license is listed as MIT or Apache2
+#
+# zstd-sys compiles zstd as a static library.
+#
+# zstd's README file states:
+# "Zstandard is dual-licensed under BSD and GPLv2."
+expression = "(MIT OR Apache-2.0) AND (BSD-2-Clause OR GPL-2.0)"
+license-files = [
+    { path = "LICENSE", hash = 0xa237d234 },
+    { path = "zstd/COPYING", hash = 0x96841aa4 },
+    { path = "zstd/LICENSE", hash = 0x79cda15 },
+]
+skip-files = [
+    # Files under zstd/build are for IDE integrations, and are unused.
+    "zstd/build/LICENSE"
+]