Fetch packages' licenses at build time

[arnaldo2792]

Issue number:
N / A

Description of changes:

There are packages to which multiple licenses apply, depending on who distributes the software. For said packages, the licenses are fetched at build time when the Licenses.toml configuration file is present. The fetched licenses are stored in the licenses folder, used to retrieve the license of the special packages while they are built.

When the Licenses.toml file and the licenses folder are provided, they are copied to the build directory of the package. If either path is missing, empty configurations are provided. Packages that use the Licenses.toml file to retrieve their licensing information, will fail the build, since it is expected that the user will provide said configurations.

TODO:

• Update BUILDING.md to document Licenses.toml

Testing done:

• With Licenses.toml:

[package]
spdx-id = "LicenseRef-<PACKAGE-LICENSE>"
licenses = [
  { path = "LicensesRef-<PACKAGE-LICENSE>.pdf", license-url = "<url-to-remote-license>" }
]

And with a spec file as follows:

%global spdx_id %(bottlerocket-license-tool -l $PWD/rpmbuild/BUILD/Licenses.toml spdx-id <package>)
%global license_file %(bottlerocket-license-tool -l $PWD/rpmbuild/BUILD/Licenses.toml path <package> -p ./licenses)

# ...

License: %{spdx_id}

# ...
%files <package>
%license %{license_file}

Verified the built rpm used the correct configurations

• Verified licenses files from Licenses.toml are retrieved and stored in licenses
• Verified the build doesn't fail for packages that don't use Licenses.toml
• Verified the build fails for packages that use Licenses.toml, and this is missing

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[arnaldo2792]

Forced push includes:

• Skip license fetch if BUILDSYS_UPSTREAM_LICENSE_FETCH is false
• Always attempt to create licenses folder, and skip license fetch when Licenses.toml doesn't exist
• Addressed feedback in documentation

[arnaldo2792]

Forced push addresses feedback

[arnaldo2792]

Forced push fixes commit message

[arnaldo2792]

Forced push includes the BUILDSYS_LICENSES_CONFIG_PATH env variable, used to copy the Licenses.toml to the root sources' directory.

fetch-licenses on  fetch-licenses [$] ❯ rm Licenses.toml

fetch-licenses on  fetch-licenses [$] ❯ cargo make fetch-licenses -e BUILDSYS_UPSTREAM_LICENSE_FETCH=true -e BUILDSYS_LICENSES_CONFIG_PATH=$HOME/Licenses.toml
[cargo-make] INFO - cargo make 0.32.17
[cargo-make] INFO - Build File: Makefile.toml
[cargo-make] INFO - Task: fetch-licenses
[cargo-make] INFO - Profile: development
[cargo-make] INFO - Running Task: setup
[cargo-make] INFO - Running Task: setup-build
[cargo-make] INFO - Running Task: fetch-sdk
[cargo-make] INFO - Running Task: fetch-toolchain
[cargo-make] INFO - Running Task: fetch-sources
[cargo-make] INFO - Running Task: fetch-vendored
[cargo-make] INFO - Running Task: fetch-licenses
[cargo-make] INFO - Build Done in 3.50 seconds.

fetch-licenses on  fetch-licenses [$] ❯ test -f Licenses.toml; and echo "Exists"
Exists