Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: cargo-deny misrecognizes Apache-2.0 without appendix as Pixar license #625

Closed
itegulov opened this issue Mar 6, 2024 · 1 comment · Fixed by #626
Closed

Bug: cargo-deny misrecognizes Apache-2.0 without appendix as Pixar license #625

itegulov opened this issue Mar 6, 2024 · 1 comment · Fixed by #626
Labels
bug Something isn't working

Comments

@itegulov
Copy link

itegulov commented Mar 6, 2024

Describe the bug

It seems like after #617 cargo-deny started reporting Apache-2.0 without appendix as Pixar. 0.14.13 and below are unaffected.

To reproduce

  1. git clone https://github.com/itegulov/cargo-deny-issue
  2. cargo install [email protected]
  3. cargo deny check and observe:
2024-03-06 03:43:54 [WARN] unable to find a config path, falling back to default config
error[rejected]: failed to satisfy license requirements
  ┌─ cargo-deny-issue 0.1.0 (path+file:///Users/itegulov/Work/cargo-deny-issue):5:15
  │
4 │ license = ""
  │            - license expression was not specified
5 │ files-expr = "Pixar"
  │               ^^^^^
  │               │
  │               license expression retrieved via LICENSE-APACHE
  │               rejected: license was not explicitly allowed
  │
  = cargo-deny-issue v0.1.0

advisories ok, bans ok, licenses FAILED, sources ok

cargo-deny version

Starting from 0.14.14

What OS were you running cargo-deny on?

MacOS

Additional context

No response

@itegulov itegulov added the bug Something isn't working label Mar 6, 2024
@Jake-Shadle
Copy link
Member

License detection is not exact, the Pixar license was added in the 3.23 version and is almost identical to the Apache-2.0 license text, so I guess I'll have to add an exception for this particular license since I assume this will be a common error.

Jake-Shadle added a commit that referenced this issue Mar 6, 2024
The Pixar license is an almost exact copy of Apache-2.0, but doesn't
actually have enough changes compared to the Apache-2.0 license to be
fuzzy matched if the apache license text has the appendix at the end
removed (eg, doesn't even have Pixar in the title), so this PR just adds
a workaround specifically for this case.

Resolves: #625
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants