I don't know how to fix this error:

$ cargo build --no-default-features
<snip>
$ cargo lichking list
warning: IANAL: This is not legal advice and is not guaranteed to be correct.
thread 'main' panicked at 'The dependency tree should be fully resolved', src/libcore/option.rs:785
note: Run with `RUST_BACKTRACE=1` for a backtrace.

How can the dependencies not be resolved? I just successfully built the program.

The code is here if you need it but will take a long time to compile.

OSX 10.9.5, rustc 1.18.0-nightly (63c77214c 2017-04-24), cargo 0.19.0-nightly (8326a3683 2017-04-19), cargo-lichking 0.4.1

Ran:

• Cargo check
• Cargo fix (--edition)
• Cargo fmt
• Cargo clippy --all

Some people have auto fmt on save in their editors. This change will make diffs smaller for them as well

Hello!

I've been working on a fork of cargo-lichking with the original intent of making a PR here with my changes. However, things have started to diverge a lot. Differences include:

• Full rewrite of discovery.rs and bundle.rs
• Many added templates and a few added licenses
• (soon) ability to serialize the thirdparty license texts to json or a text document similar to what is produced now
• (soon) ability to compare found licenses against an existing thirdparty file to check for changes / update changed sections
• Changed log levels so everything is not an error

Ideally I want a user to be able run bundle, inform them of missing licenses that they should add on their own, and then having something in CI that will check the THRIDPARTY file for changes over time.

If this sounds like more change than you are interested in OR you aren't interested in lots of activity happening here in the next month or so I intend to create a new project with a new name that solely focuses on the functionality in the bundle command, with proper attribution to cargo-lichking. It concerns me that the last commit to this project was over a year ago and there are many open PRs and issues. At the moment I lean to creating a new thing to fit my needs / iterate quickly that won't encroach on the primary check functionality here.

LMK your thoughts!

Based on an educated guess that CC0-1.0 is a public domain-like license. It's also acknowledged as compatible with GPL: https://www.gnu.org/licenses/license-list.html#CC0

The changes build upon the GPL pull request.

Would you please update the dependency on cargo to the latest version, 0.31? I'd like to package cargo-lichking for Debian and build it against cargo 0.31 so that we don't have to package an old version of cargo.

Would be nice to get license list in a way that's more immediately accessible for machine

Something like cargo lichking list --long which emits:

log-mdc : Any(MIT, Apache-2.0)
serde_derive : Any(MIT, Apache-2.0)
openssl_pkey : Apache-2.0

instead of

Any(MIT, Apache-2.0): log-mdc, serde_derive
Apache-2.0: openssl_pkey

https://github.com/ruuda/thread-id is only licensed under Apache-2.0 which fails the check as cargo-lichking is supposedly Apache-2.0/MIT. Does this actually matter at all? If so it probably matters a lot more for cargo itself since they are actually distributing binaries...

Cargo lichking with configured alternative registries does not function.

cargo lichking list warning: IANAL: This is not legal advice and is not guaranteed to be correct. error: failed to parse manifest at C:\projects\cic\master\srv\jaims\validator\Cargo.toml

Caused by: the cargo feature alternative-registries requires a nightly version of Cargo, but this is the dev channel

There is no alternative-registries feature any more, it's been stabilized at .34

(FYI: I'm poking around on how to bring it up to .41, which has lots of errors, but I have a problem in that I have to go through a corporate process before I would be allowed to do a pull request)

We use itertools as it has sorted, join and sorted_by_key. All of the places that had collect, itertools does the same in the background. And it cleans up nicely.

fixes: #59

bonus pun: We have now purged the unorder in Stratholme

Rust 1.19.0 on Ubuntu 16.04.

mshapiro:~/c/p/rust-media-libs$ cargo install cargo-lichking
    Updating registry `https://github.com/rust-lang/crates.io-index`
 Downloading cargo-lichking v0.5.4
  Installing cargo-lichking v0.5.4
 Downloading clap v2.29.2
 Downloading cargo v0.18.0
 Downloading void v1.0.2
 Downloading shell-escape v0.1.3
 Downloading env_logger v0.4.3
 Downloading flate2 v0.2.20
 Downloading git2-curl v0.7.0
 Downloading libc v0.2.36
 Downloading crossbeam v0.2.12
 Downloading log v0.3.9
 Downloading libgit2-sys v0.6.19
 Downloading glob v0.2.11
 Downloading semver v0.6.0
 Downloading serde_json v0.9.10
 Downloading num_cpus v1.8.0
 Downloading tempdir v0.3.6
 Downloading url v1.6.0
 Downloading chrono v0.2.25
 Downloading docopt v0.7.0
 Downloading serde v0.9.15
 Downloading tar v0.4.14
 Downloading curl v0.4.11
 Downloading crates-io v0.7.0
 Downloading serde_ignored v0.0.2
 Downloading fs2 v0.4.3
 Downloading git2 v0.6.11
 Downloading toml v0.3.2
 Downloading serde_derive v0.9.15
 Downloading filetime v0.1.15
 Downloading regex v0.2.5
 Downloading regex-syntax v0.4.2
 Downloading memchr v2.0.1
 Downloading utf8-ranges v1.0.0
 Downloading aho-corasick v0.6.4
 Downloading thread_local v0.3.5
 Downloading unreachable v1.0.0
 Downloading lazy_static v1.0.0
 Downloading log v0.4.1
 Downloading miniz-sys v0.1.10
 Downloading cc v1.0.4
 Downloading socket2 v0.3.1
 Downloading curl-sys v0.4.1
 Downloading libz-sys v1.0.18
 Downloading pkg-config v0.3.9
 Downloading matches v0.1.6
 Downloading percent-encoding v1.0.1
 Downloading idna v0.1.4
 Downloading unicode-normalization v0.1.5
 Downloading unicode-bidi v0.3.4
 Downloading bitflags v0.9.1
 Downloading libssh2-sys v0.2.6
 Downloading cmake v0.1.29
 Downloading semver-parser v0.7.0
 Downloading dtoa v0.4.2
 Downloading num-traits v0.1.42
 Downloading itoa v0.3.4
 Downloading rand v0.4.2
 Downloading remove_dir_all v0.3.0
 Downloading num v0.1.41
 Downloading time v0.1.39
 Downloading num-iter v0.1.34
 Downloading num-integer v0.1.35
 Downloading serde_codegen_internals v0.14.2
 Downloading openssl v0.9.23
 Downloading openssl-probe v0.1.2
 Downloading openssl-sys v0.9.24
 Downloading foreign-types v0.3.2
 Downloading foreign-types-shared v0.1.1
   Compiling itoa v0.3.4
   Compiling regex-syntax v0.4.2
   Compiling unicode-normalization v0.1.5
   Compiling rustc-serialize v0.3.24
   Compiling matches v0.1.6
   Compiling shell-escape v0.1.3
   Compiling bitflags v1.0.1
   Compiling unicode-width v0.1.4
error: expected ident, found #
   --> /home/mshapiro/.cargo/registry/src/github.com-1ecc6299db9ec823/bitflags-1.0.1/src/lib.rs:423:29
    |
423 |                               #[allow(deprecated)]
    |                               ^
    | 
   ::: /home/mshapiro/.cargo/registry/src/github.com-1ecc6299db9ec823/bitflags-1.0.1/src/example_generated.rs
    |
4   | / bitflags! {
5   | |     /// This is the same `Flags` struct defined in the [crate level example](../index.html#example).
6   | |     /// Note that this struct is just for documentation purposes only, it must not be used outside
7   | |     /// this crate.
...   |
13  | |     }
14  | | }
    | |_- in this macro invocation

error: Could not compile `bitflags`.
Build failed, waiting for other jobs to finish...
error: failed to compile `cargo-lichking v0.5.4`, intermediate artifacts can be found at `/tmp/cargo-install.hURVI9iOmvZ0`

Any suggestions?

According to https://www.gnu.org/licenses/identify-licenses-clearly.html, there will be a new syntax for FSF licenses:

• If the software is licensed only under a particular version of the license, the identifier is LICENSE-VERSION-only (e.g., GPL-3.0-only).
• If the software is licensed under a particular version of the license or any later version, the identifier is LICENSE-VERSION-or-later (e.g., GPL-3.0-or-later).

It would be nice if cargo-lichking supported this new syntax.

This little PR takes care of those major things

• updates the used dependencies
• fixes issues caused by newer deps
• fixes clippy lints
• contains the [PR #75](https://github.com/Nemo157/cargo-lichking/pull/75]
• adds the Boost BSL licence
• bumps the version number to 0.9.1

I've run lichking check on my crate and it found depencency with incompatible license. Since it is not direct dependency, I've tried to find how it comes into my project and failed. The cargo tree does not show it at all, yet lichking is able to find it.

Reproduction

My project is not public yet, but reproduction can be done on lalrpop v0.18.1. Running check tells us that arrayref is not compatible:

$ cargo lichking check
 ERROR cargo_lichking::check > lalrpop cannot include package arrayref, license BSD-2-Clause is incompatible with MIT / Apache-2.0
 ERROR cargo_lichking        > Incompatible license

Using cargo tree to find where it comes from gives nothing:

$ cargo tree | grep arrayref
... no output ...

$ cargo tree --all-features --edges all | grep arrayref
... no output ...

$ cargo tree --all-features --edges all --invert arrayref
... no output...

Since cargo tree does not see the arrayref as dependency of lalrpop project, where the lichking gets the information?

It might be good idea to introduce --verbose (or similar) parameter to check command that would display name of the crate with incompatible license together with dependency chain that lead to its inclusion into project.

https://github.com/Nemo157/cargo-lichking/blob/4cd86f04c8a17e9f6b3dc1079ef7edbc7fa584ed/src/license.rs#L119

I googled a little and BSD-2-Clause dependency seems to be redistributable as MIT (IANAL), but I cannot find clear trustable answer whether it is allowed or not.

• "BSD-new" in https://dwheeler.com/essays/floss-license-slide.html is BSD-3-Clause, but not BSD-2-Clause.
  • The page does not say anything about BSD-2-Clause.
• https://opensource.stackexchange.com/a/582 says "Especially considering that both licenses are considered compatible," but they might not be a lawyer...

cc: https://github.com/Nemo157/cargo-lichking/issues/30#issuecomment-615946785

Come to think of it exporting to some form of output like xml (or something nicer) with all the fields (including full license text) would make it easy to automatically generate any documents required by different companies compliance departments.

— @xd009642 https://github.com/Nemo157/cargo-lichking/issues/68#issue-533664940

Should be trivial to add another bundle variant that just pipes the result through serde to output a handful of popular formats (first CLI idea, cargo lichking bundle --variant serialize:toml if it's possible to easily support a key-value value like that in clap, otherwise I guess something like cargo lichking bundle --variant serialize --format toml).