Skip to content

Commit

Permalink
Add an SPDX file to the repository to streamline license and security…
Browse files Browse the repository at this point in the history
… reviews by user organizations (JuliaLang#42102)

* Add an SPDX file to the repository. 
* New script contrib/updateSPDX.jl .  Ran the script to update the SPDX file.
  • Loading branch information
SamuraiAku authored and LilithHafner committed Feb 22, 2022
1 parent 63debed commit f4da8c2
Show file tree
Hide file tree
Showing 3 changed files with 633 additions and 1 deletion.
2 changes: 1 addition & 1 deletion THIRDPARTY.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ own licenses:

- [LIBUNWIND](https://github.com/libunwind/libunwind/blob/master/LICENSE) [MIT]
- [LIBUV](https://github.com/JuliaLang/libuv/blob/julia-uv2-1.39.0/LICENSE) [MIT]
- [LLVM](https://releases.llvm.org/6.0.0/LICENSE.TXT) [UIUC]
- [LLVM](https://releases.llvm.org/12.0.1/LICENSE.TXT) [APACHE 2.0 with LLVM Exception]
- [UTF8PROC](https://github.com/JuliaStrings/utf8proc) [MIT]

Julia's `stdlib` uses the following external libraries, which have their own licenses:
Expand Down
31 changes: 31 additions & 0 deletions contrib/updateSPDX.jl
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# SPDX-License-Identifier: MIT
# This file is a part of Julia. License is MIT: https://julialang.org/license
#
# Run this script with each new Julia release to update "../julia.spdx.json"

using UUIDs
using Dates
using JSON
using TimeZones
using DataStructures

spdxDocument= "../julia.spdx.json"
spdxData= JSON.parsefile(spdxDocument; dicttype=OrderedDict{String, Any})

# At the moment we can only update a few items automatically with each release.
# These are the crucial elements to make a new version of the SPDX file.
# Any other changes (ex. Adding or removing of external dependencies, updating copyright text, etc.) must be performed manually
spdxData["documentNamespace"]= "https://julialang.org/spdxdocs/julia-spdx-" * string(uuid4())
spdxData["creationInfo"]["created"]= Dates.format(now(tz"UTC"), "yyyy-mm-ddTHH:MM:SS") * "Z"

for pkg in spdxData["packages"]
if pkg["SPDXID"] == "SPDXRef-JuliaMain"
pkg["versionInfo"]= readline("../VERSION")
pkg["downloadLocation"]= "git+https://github.com/JuliaLang/julia.git@v" * pkg["versionInfo"]
break
end
end

open(spdxDocument, "w") do f
JSON.print(f, spdxData, 4)
end
Loading

0 comments on commit f4da8c2

Please sign in to comment.