#datadog #license #config-file #3rdparty

app dd-rust-license-tool

A tool for creating the LICENSE-3rdparty.csv file for DataDog open-source Rust projects

4 stable releases

1.0.3 Apr 10, 2024
1.0.2 Sep 28, 2023
1.0.1 Jul 19, 2023
1.0.0 Jul 18, 2023

#48 in Development tools

Download history 525/week @ 2024-07-30 598/week @ 2024-08-06 521/week @ 2024-08-13 674/week @ 2024-08-20 591/week @ 2024-08-27 706/week @ 2024-09-03 607/week @ 2024-09-10 555/week @ 2024-09-17 727/week @ 2024-09-24 860/week @ 2024-10-01 810/week @ 2024-10-08 873/week @ 2024-10-15 854/week @ 2024-10-22 851/week @ 2024-10-29 850/week @ 2024-11-05 822/week @ 2024-11-12

3,534 downloads per month

MIT license

21KB
404 lines

Datadog Rust License Tool

This project houses a tool for creating the LICENSE-3rdparty.csv file from Rust projects. This file is required by the Datadog standards for releasing open source code.

Usage

  1. Install the tool using cargo: cargo install dd-rust-license-tool

  2. In your project directory, create the licenses list file with: dd-rust-license-tool write.

  3. In your CI workflow, check that the licenses list file is up to date with: dd-rust-license-tool check.

Configuration

The license tool loads a configuration file at startup that may contain overrides or supplementary data for packages. This can be useful where a crate does not supply either a homepage or repository URL, or is missing an explicit license. The filename of this configuration file defaults to license-tool.toml but can be overridden with the --config command-line option.

Example:

[overrides]
# These crates do not specify a homepage in their metadata.

"openssl-macros" = { origin = "https://github.com/sfackler/rust-openssl" }
"serde_nanos" = { origin = "https://github.com/caspervonb/serde_nanos" }

# `zerocopy` et al don't specify their licenses in the metadata, but the file contains the 2-clause
# BSD terms. These should use versioned identifiers, as they could change from version to version
# and so need to be reviewed after each version bump.

"zerocopy-0.6.1" = { license = "BSD-2-Clause" }
"zerocopy-derive-0.3.2" = { license = "BSD-2-Clause" }

There are other existing projects that come close to providing the data required for the above file. However, none of them scan the actual license or source files within the projects, which is required to produce the "copyright" field in the file, so all of them would require this as a follow-on step. Most also do not report the repository from which the crate came from, so we would need to parse the cargo metadata output anyways. None have options to output into CSV, and so additionally require a post-processing step.

cargo-about

Has integrated license validity checking.

cargo-bundle-licenses

Similar kind of tool to this one, with all the limitations above.

cargo-deny

Groups all results on the licenses rather than listing all the licenses per dependency, making it impossible to generate an accurate CSV listing.

cargo-license

Limitations as above.

extrude-licenses

Is just a wrapper for cargo-license, so has all its limitations.

Dependencies

~7–9.5MB
~157K SLoC