-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
License correction and on-the-fly codegen #1942
base: master
Are you sure you want to change the base?
Conversation
How did you come to this conclusion? Also it's not clear to me why the I think we should keep the generated files versioned -- build scripts impose a slowdown/extra compile time on all downstream users, and in this case all the inputs are known at development time anyway. |
Because the source files themselves have a tonic/tonic-types/proto/status.proto Lines 1 to 13 in 626b094
And we have investigated the
At the same time, when I run the original |
I think the unstaged diffs happen because you have are using a different version of prost. If you want to make changes to include the codegen code in the crate, that seems okay. |
It seems more related to
When I run |
The The fact that this change was applied to
The problem is that we cannot ship binary blobs like this in packages in Fedora Linux, especially if they're not reproducible - both because it violates rules we have for packaging binary artifacts, and because it's a possible xz-utils-like security risk. It would be OK for us if the regeneration of the |
Would we have to "sanitize" the crate before uploading in this case, or would deleting in the spec file be sufficient? |
Doing deletion of pre-compiled artifacts is OK to be done in packaging, no need to make "cleaned" sources out-of-band. |
Hmm, one design I've seen in #[cfg(feature = "regenerate-bindings")] Maybe something similar is ok here? |
If the approach with building the .bin files in I think that part should be uncontroversial, given that these crates obviously do ship files that are covered by the Apache-2.0 license. |
Sure, happy to take a PR for that. We could probably also figure out a way to make the pre-generated code optional? Not sure how it would work with optional binary artifacts. |
That's why I had it as separate commits ;). Cherry-picked it out in #1946
What do you think about: https://github.com/milesgranger/blosc2-rs/blob/97a31e5a3b6161bae0468558913f346399999de8/blosc2-sys/build.rs#L132-L133 If the logic is inversed, as |
This doesn't help because downstream still needs to block builds on |
Motivation
This PR tries to address licensing issue in the
Cargo.toml
metadata. Both the source files and the generated files containApache-2.0
licensed files, and as such theCargo.toml
file should reflect that. This is not a issue becauseprost
is already licensed asApache-2.0
and as such any dependency would have to comply withMIT AND Apache-2.0
implicitly.A more nuanced file are the
.bin
files which further includesBSD-3-Clause
metadata. To me it is unclear what thelicense
underCargo.toml
is meant to reflect and if it would include the generated artifacts at the end as well, and it is also ambiguous who should be carrying the additionalBSD-3-Clause
license information (tonic
,prost
or end-user?). At the very least including the.bin
files in VCS and crates is problematic.Solution
Apache-2.0
license file and metadatacodegen
tobuild.rs
filesUnfortunately I am quite a novice on writing rust code, so there is quite a duplication of the
build.rs
files, but I hope you can alter it to be more appropriate.Closes #1939
PS: the Apache-2.0 copyright should be updated to include
tonic
as the copyright holder, unless it is not meant to be altered from upstream.