fix: surface license text for clarified LicenseRef-* identifiers#303
Open
ruffsl wants to merge 1 commit into
Open
fix: surface license text for clarified LicenseRef-* identifiers#303ruffsl wants to merge 1 commit into
ruffsl wants to merge 1 commit into
Conversation
`generate.rs`'s per-license iteration treated the two `LicenseItem`
variants asymmetrically. The `Spdx { id, .. }` arm filters
`krate_license.license_files` for entries whose recorded expression
matches the SPDX id and uses the file's text. The `Other(..)` arm
unconditionally emitted `log::warn!("{license} has no license file
for crate '{}'")` and never looked at `license_files` at all.
That meant clarifications targeting a `LicenseRef-*` identifier
(e.g. `[<crate>.clarify]` with `license =
"LicenseRef-Slint-Royalty-free-2.0"` and a `[[<crate>.clarify.files]]`
pointing at the bundled license file) ran successfully — `apply_
clarification` populated `license_files` correctly, the DEBUG log
confirmed `applying clarification expression '...'` — but the
generated bundle had an empty section header for the LicenseRef
license and the warning still surfaced. There was no way to make
the bundle complete without falling back to a Handlebars-side
template hack.
The `Other` arm now mirrors the `Spdx` arm's filter:
- Iterate `license_files`, keep entries whose `license_expr`
contains a `LicenseItem::Other` matching the outer LicenseRef
(compared via `LicenseRef::PartialEq`, which honors both the
optional `doc_ref` and the `lic_ref`).
- For text-bearing files, push a `License` entry using the
LicenseRef's `Display` form for both `name` and `id`.
- Emit the existing warning only when no match is found. There's
no canonical-text fallback for project-specific LicenseRefs
(no equivalent of `LicenseId::text()`), so behavior in the
no-match case is unchanged from before.
The surrounding `match license.license` becomes `match
&license.license` so the new arm can bind `license_ref:
&Box<LicenseRef>` without moving out of the `LicenseReq`. The
`Spdx` arm's `id` binding becomes a reference too; the only
adjustment is dereferencing `*id` inside `evaluate`'s closure.
Concrete real-world impact: bundlers consuming Slint can now
clarify their LicenseRef-Slint-Royalty-free-2.0 election and get
the actual license text in their generated attribution, instead of
a textless section + per-crate warning. The same applies to any
project using a LicenseRef-* identifier (REUSE-compliant projects
hosted in non-SPDX-blessed corners of the ecosystem; Embark's own
about.toml example for `ring` only happens to work today because
ring's clarified license is `OpenSSL` — a real SPDX id).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Disclosure: I used LLMs to trace, fix, and check this patch while debugging semi-related warnings when using slint.
Perhaps we could also expand this if theirs interest in any REUSE-aware filename heuristic development as well.
Checklist
Description of Changes
generate.rs's per-license iteration treated the twoLicenseItemvariants asymmetrically. TheSpdx { id, .. }arm filterskrate_license.license_filesfor entries whose recorded expression matches the SPDX id and uses the file's text. TheOther(..)arm unconditionally emittedlog::warn!("{license} has no license file for crate '{}'")and never looked atlicense_filesat all.That meant clarifications targeting a
LicenseRef-*identifier (e.g.[<crate>.clarify]withlicense = "LicenseRef-Slint-Royalty-free-2.0"and a[[<crate>.clarify.files]]pointing at the bundled license file) ran successfully —apply_ clarificationpopulatedlicense_filescorrectly, the DEBUG log confirmedapplying clarification expression '...'— but the generated bundle had an empty section header for the LicenseRef license and the warning still surfaced. There was no way to make the bundle complete without falling back to a Handlebars-side template hack.The
Otherarm now mirrors theSpdxarm's filter:license_files, keep entries whoselicense_exprcontains aLicenseItem::Othermatching the outer LicenseRef (compared viaLicenseRef::PartialEq, which honors both the optionaldoc_refand thelic_ref).Licenseentry using the LicenseRef'sDisplayform for bothnameandid.LicenseId::text()), so behavior in the no-match case is unchanged from before.The surrounding
match license.licensebecomesmatch &license.licenseso the new arm can bindlicense_ref: &Box<LicenseRef>without moving out of theLicenseReq. TheSpdxarm'sidbinding becomes a reference too; the only adjustment is dereferencing*idinsideevaluate's closure.Concrete real-world impact: bundlers consuming Slint can now clarify their LicenseRef-Slint-Royalty-free-2.0 election and get the actual license text in their generated attribution, instead of a textless section + per-crate warning. The same applies to any project using a LicenseRef-* identifier (REUSE-compliant projects hosted in non-SPDX-blessed corners of the ecosystem; Embark's own about.toml example for
ringonly happens to work today because ring's clarified license isOpenSSL— a real SPDX id).Related Issues