Add license reporting and "vcpkg license-report" command. #1514
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Also introduce adapt_to_string to help with the several to_string overload pairs.
Drive by fix debug printing claiming that telemetry was not a string and that malformed git commit shas were not strings.
… building a package never prints usage.
…eady installed' message, --head warning, and merging the 'green success' message into the total elapsed time part.
…nstalled in this invocation are printed, and a separate license-report command that prints all information known in the installed tree.
|
Implementation and tests must cover the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This work is primarily at the request of @walbourn , related: microsoft/vcpkg#31770
This PR adds a new command to help the the XBox customers @walbourn was trying to help.
vcpkg license-reportprints the SPDX licenses from the SBOM of all installed packages.This PR also prints the SPDX licenses for all packages which are being installed for a given install command. It does not print the licenses for already installed packages or dependencies of already installed packages. The existing dependency planner does not recurse into that, and we don't necessarily have the ports for that available anyway. If there's serious demand for this, we could consider doing it for manifest mode since there we know we have all the ports available at install time, but given that this solves @walbourn 's problem I'm not inclined to add it without substantial user feedback that it's something they need.
Resolves microsoft/vcpkg#10812
Some of the 'core infrastructure' work herein was done because I originally intended to record license status information in the installed database. Unfortunately, existing copies of vcpkg didn't record license information in the installed database, and doing this was going to be a breaking change to the on disk format. Moreover, it wouldn't work with ports that had been previously binary cached. This made the change controversial internally and we were not sure we were going to be able to do it. @ras0219-msft pointed out though that we record this information in the SBOMs already, so as long as it's a recent though package build to have an SBOM, we already had the information we needed.
This change is large and has independently reviewable subcomponents, so I'm going to split out sub-reviews.