Support ClearlyDefined as a source of license information for third-party content
I decided to take the output from ORT and run it through the Eclipse Dash License Tool.
Here's what I did:
$ wget https://ort-vm1.eclipse.org/files/che_202204041504/analyzer-result.json -O - | grep -Poh "(?<=\")NPM:\S*(?=\")" | sed -E -e "s/NPM::([^:]+):(.*)/npm\/npmjs\/-\/\1\/\2/" -e "s/NPM:([^:]+):([^:]+):(.+)/npm\/npmjs\/\1\/\2\/\3/" | java -jar /gitroot/dash/org.eclipse.dash.licenses/core/target/org.eclipse.dash.licenses-0.0.1-SNAPSHOT.jar - -project ecd.che -review -token <Wayne's GitLab Token>
I basically just blindly grabbed the analyzer's result file and mindlessly grepped out the IDs of the content (gives me a list of 427 entries). I then use sed
to convert from ORT IDs to ClearlyDefined IDs and then pipe the lot into the Eclipse Dash License Tool. I'm pretty sure that I'm sending too much to the license tool, but it should just ignore the ones that it's okay with anyway...
The Eclipse Dash License Tool compares the contents against the Eclipse Foundation's IP Database and ClearlyDefined. It only found three entries for which it could not resolve approved license information. By including the -review
option, I pumped the three entries into IPLab issues:
The Eclipse Dash License Tool backend has resolved two of them. One of them appears to be Eclipse Che content. I'll have to sort out what to do with that.
The really interesting part is that the Eclipse Dash License Tool resolves 202 of them via ClearlyDefined.
Note that the build that adds this content to our database is broken and these changes won't be fed back into the system until after that's fixed. I've opened an "infrazilla" (internal to the EF) issue to track the resolution.