Page MenuHomeFreeBSD

Remove LEGAL and (support in) related tools.
ClosedPublic

Authored by rene on Apr 30 2021, 6:59 PM.

Details

Summary

LEGAL is badly maintained, LEGALlint notices quite a number of ports
which mismatch their line in LEGAL.

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

rene requested review of this revision.Apr 30 2021, 6:59 PM

Did you check that for each port in LEGAL, the port has a license that disallows dist-mirror?

In D30061#674688, @mat wrote:

Did you check that for each port in LEGAL, the port has a license that disallows dist-mirror?

No, this was just about removing LEGAL itself. Must all mentions ports disalow dist-mirror?

  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Allow to pass LEGAL as a parameter to checklicense.sh
  • Regenerate dist-mirror.txt after D30010
dist-mirror.txt
1 ↗(On Diff #88740)

Mmmm, this does not seems right:

❯ make -C emulators/atari800/ debug-license
===>  License GPLv2 ROM accepted by the user
===>  License does not allow mirroring distribution files
===>  License does not allow selling distribution files
===>  License does not allow mirroring pre-build packages
===>  License does not allow selling pre-build packages
===>  License allows being auto-accepted
dist-mirror.txt
1 ↗(On Diff #88740)

Hmm, so it skipped the ROM part? I didn't know about debug-license though, might be interesting to do a run of the LEGAL ports on that target too.

ports-mgmt/portlint/src/portlint.pl
3451–3452

This should more like error out saying "DON'T USE THAT, USE THE LICENSE FRAMEWORK" ;-)

dist-mirror.txt
1 ↗(On Diff #88740)

The good thing with debug-license is that it will tell you what the final license permissions of the port are, it will already have processed them depending on what LICENSE_COMB says.

  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Allow to pass LEGAL as a parameter to checklicense.sh
  • Regenerate dist-mirror.txt after D30010
  • checklicense.sh: rework to parse debug-license [1]
  • dist-mirror: regenerate after new checklicense.sh and ports rebase.
rene marked 2 inline comments as done.May 13 2021, 9:55 AM
  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Allow to pass LEGAL as a parameter to checklicense.sh
  • Regenerate dist-mirror.txt after D30010
  • checklicense.sh: rework to parse debug-license [1]
  • dist-mirror: regenerate after new checklicense.sh and ports rebase.
  • Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
  • Regenerate dist-mirror.txt
  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Allow to pass LEGAL as a parameter to checklicense.sh
  • Regenerate dist-mirror.txt after D30010
  • checklicense.sh: rework to parse debug-license [1]
  • dist-mirror: regenerate after new checklicense.sh and ports rebase.
  • Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
  • Regenerate dist-mirror.txt
  • Tools/scripts/checklicense.sh: anonimize an unused variable.
  • Tools/scripts/checklicense.sh: check against LICENSE_DISTFILES_* ...
  • dist-mirror.txt: regenerate
  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Allow to pass LEGAL as a parameter to checklicense.sh
  • Regenerate dist-mirror.txt after D30010
  • checklicense.sh: rework to parse debug-license [1]
  • dist-mirror: regenerate after new checklicense.sh and ports rebase.
  • Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
  • Regenerate dist-mirror.txt
  • Tools/scripts/checklicense.sh: anonimize an unused variable.
  • math/giacxcas: restrict RESTRICTED_FILES to giac_* only
  • dist-mirror.txt: regenerate

Some more findings:

OK, restrictions only (correctly) in non-default cases:

  • security/vpnc -> RESTRICTED_FILES= /LEGAL -> vpnc-* -> only if OPENSSL option is set

false positive?

  • audio/linuxsampler -> RESTRICTED_FILES= /LEGAL -> linuxsampler-*
  • biology/clustalw -> RESTRICTED_FILES= /LEGAL -> clustalw-*
  • cad/gmsh -> RESTRICTED_FILES= /LEGAL -> gmsh-*
  • java/java3d -> RESTRICTED_FILES= /LEGAL -> java3d-sdk-*-linux-i386* (LEGAL says "no distribution" but LICENSE is BSD2CLAUSE GPLv2)
  • mail/ezmlm-idx -> RESTRICTED_FILES= /LEGAL -> ezmlm-* (LEGAL: djb, LICENSE: GPLv2)
  • math/tetgen -> RESTRICTED_FILES= /LEGAL -> taetgen-* (LEGAL: acedemic/personal use only, LICENSE: AGPLv3, source: AGPLv3 or commercial license)

cannot set RESTRICTED_FILES because port has dist-mirror:

  • archivers/lha -> RESTRICTED_FILES= /LEGAL -> lha-114i.tar.gz (needs fix?)
  • devel/raknet -> RESTRICTED_FILES= /LEGAL -> RakNet-* (special exception for FreeBSD, works as intended)
  • dns/djbdns -> RESTRICTED_FILES= /LEGAL -> djbdns* (djb, works as intended)
  • editors/komodo-edit -> RESTRICTED_FILES= /LEGAL -> komodo-* (LEGAL says "No distribution allowed", so no dist-mirror/dist-sell, but online EULA does not mention that)
  • japanese/font-ricty -> RESTRICTED_FILES= /LEGAL -> ricty-* (LEGAL says "Redistribution not allowed", so no dist-mirror/dist-sell, but online license is fine with that)
  • mail/ezmlm -> RESTRICTED_FILES= /LEGAL -> ezmlm-* (djb, works as intended)
  • mail/qtools -> RESTRICTED_FILES= /LEGAL -> qtools-* (djb, works as intended)
  • mail/serialmail -> RESTRICTED_FILES= /LEGAL -> serialmail-* (djb, works as intended)
  • math/djbfft -> RESTRICTED_FILES= /LEGAL -> djbfft-* (djb, works as intended)
  • net/zerotier -> RESTRICTED_FILES= /LEGAL -> zerotier-* (needs fix?)

Ports not mentioned in the last comment are either mentioned in LEGAL but do not have dist-mirror set or are mentioned in LEGAL and have matching output in $(make -V RESTRICTED_FILES)

we should do this. years ago I spent some time making sure that LEGAL and various ports matched in prep for removing this file. In practice, its poorly maintained and the ports are canonical

This revision is now accepted and ready to land.Jun 6 2021, 12:35 AM

So I think only archivers/lha and net/zerotier need to be adjusted?

  • archivers/lha (dinoex@) : remove dist-* from LICENSE_PERMS= dist-mirror dist-sell auto-accept ? Although pkg-mirror and pkg-sell are already excluded.
  • net/zerotier (dch@): "no SaaS or government use" according to LEGAL, but our license framework cannot encode this.

I'm not entirely clear what I'm being asked to do here, but:

  • net/zerotier has a clear pkg-message explaining the license details
  • in practical terms, unless you're setting up a direct competitor to zerotier-as-a-service this is an ALV2 license

and from that perspective, this output makes sense:

make -C net/zerotier debug-license
===>  License BUSINESS MIT PD accepted by the user
===>  License allows mirroring distribution files
===>  License allows selling distribution files
===>  License allows mirroring pre-built packages
===>  License allows selling pre-build packages
===>  License allows being auto-accepted
In D30061#689094, @dch wrote:

I'm not entirely clear what I'm being asked to do here, but:

Mostly give your opinion as maintainer of zerotier :)

  • net/zerotier has a clear pkg-message explaining the license details
  • in practical terms, unless you're setting up a direct competitor to zerotier-as-a-service this is an ALV2 license

and from that perspective, this output makes sense:

make -C net/zerotier debug-license
===>  License BUSINESS MIT PD accepted by the user
===>  License allows mirroring distribution files
===>  License allows selling distribution files
===>  License allows mirroring pre-built packages
===>  License allows selling pre-build packages
===>  License allows being auto-accepted

OK, so nothing needs to be done here.

ports-mgmt/portlint/src/portlint.pl
3451–3452

I'm not sure we should have a warning like this unless there's an action. Since they wouldn't need to touch LEGAL anymore, I think we can leave this whole block out.

  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Allow to pass LEGAL as a parameter to checklicense.sh
  • Regenerate dist-mirror.txt after D30010
  • checklicense.sh: rework to parse debug-license [1]
  • dist-mirror: regenerate after new checklicense.sh and ports rebase.
  • Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
  • Regenerate dist-mirror.txt
  • Tools/scripts/checklicense.sh: anonimize an unused variable.
  • math/giacxcas: restrict RESTRICTED_FILES to giac_* only
  • dist-mirror.txt: regenerate
  • ports-mgmt/portlint: remove the entire former LEGAL block.
This revision now requires review to proceed.Jun 7 2021, 9:08 PM
rene marked 2 inline comments as done.Jun 7 2021, 9:08 PM

Looks good from a portlint standpoint. I can commit this to my local repo, and then update portlint when ready.

This revision is now accepted and ready to land.Jun 7 2021, 9:24 PM

Looks good from a portlint standpoint. I can commit this to my local repo, and then update portlint when ready.

Sure, if that is easier for you. I think this review is mostly ready to land, @mat ?

  • Add list of ports with dist-mirror in their license.
  • Make temporary script executable.
  • Allow to pass LEGAL as a parameter to checklicense.sh
  • Regenerate dist-mirror.txt after D30010
  • checklicense.sh: rework to parse debug-license [1]
  • dist-mirror: regenerate after new checklicense.sh and ports rebase.
  • Show RESTRICTED_FILES and the "dist" column for each port in LEGAL
  • Regenerate dist-mirror.txt
  • Tools/scripts/checklicense.sh: anonimize an unused variable.
  • math/giacxcas: restrict RESTRICTED_FILES to giac_* only
  • dist-mirror.txt: regenerate
  • ports-mgmt/portlint: remove the entire former LEGAL block.
  • cleanup: remove temporary files used for analysis.
This revision now requires review to proceed.Jun 11 2021, 1:36 PM
In D30061#689423, @rene wrote:

Looks good from a portlint standpoint. I can commit this to my local repo, and then update portlint when ready.

Sure, if that is easier for you. I think this review is mostly ready to land, @mat ?

Yeah. I have a couple of other portlint changes I'll commit at the same time.

This revision is now accepted and ready to land.Jun 11 2021, 1:39 PM