I recently rebuilt below to apply a security update, but noticed that it does not specify its package license correctly. The rust-below package produces a statically linked binary, shipped in the "below" subpackage. However, the package's License tag does not reflect the fact that a lot of code from different crates with different licenses is included. To determine the list of crate licenses, you can use the following steps: - run a mock build with "--without check" (so test-only dependencies are not installed) - inspect the list of rust-*-devel packages that are installed in the buildroot for their licenses For example, running this script in a "mock shell" after a build with "--without check" prints the sorted list of crate licenses: for i in $(rpm -qa | grep "rust-.*-devel"); do rpm -q $i --qf "%{LICENSE}\n"; done | sort | uniq You can look at ripgrep for an example how packages handle this: https://src.fedoraproject.org/rpms/rust-ripgrep/blob/rawhide/f/rust-ripgrep.spec#_32 If you want a per-crate license breakdown, you can install "dnf-utils" into the mock chroot, and run this command instead: dnf repoquery --cacheonly "rust-*-devel" --installed --qf "# %{LICENSE}: %{source_name} %{version}" You can look at python-launcher as an example of a package that includes the detailed breakdown: https://src.fedoraproject.org/rpms/rust-python-launcher/blob/rawhide/f/rust-python-launcher.spec#_67 The downside of including the detailed breakdown is that it needs to be updated every time the package is built, while the simplified list is usually pretty static, unless some dependencies change. ================================================================================ Output of the license helper scripts for below 0.4.1 against current rawhide are pasted below. Either way, the correct License tag for the "-n %{crate}" subpackage of rust-below should be something like this (if you resolve all "or" choices where you're don't actually have a choice because of other components' licenses): License: ASL 2.0 and BSD and MIT Note that this License tag should only be included in the "-n %{crate}" subpackage. The "ASL 2.0" License tag for the source package is still correct. ================================================================================ Output of bash script for below 0.4.1 ("simplified license breakdown"): ASL 2.0 ASL 2.0 or Boost ASL 2.0 or MIT BSD BSD or MIT or ASL 2.0 LGPLv2 or BSD MIT MIT or ASL 2.0 MPLv2.0 or MIT or ASL 2.0 Unlicense or MIT ================================================================================ Output of dnf repoquery for below 0.4.1 ("detailed license breakdown"): # ASL 2.0 or Boost: rust-ryu 1.0.9 # ASL 2.0 or MIT: rust-autocfg 1.0.1 # ASL 2.0 or MIT: rust-cexpr 0.6.0 # ASL 2.0 or MIT: rust-fnv 1.0.7 # ASL 2.0 or MIT: rust-lock_api 0.4.5 # ASL 2.0 or MIT: rust-parking_lot 0.11.2 # ASL 2.0 or MIT: rust-parking_lot_core 0.8.5 # ASL 2.0 or MIT: rust-peeking_take_while 0.1.2 # ASL 2.0 or MIT: rust-proc-macro-crate 1.1.0 # ASL 2.0 or MIT: rust-rustc-hash 1.1.0 # ASL 2.0 or MIT: rust-signal-hook 0.3.13 # ASL 2.0 or MIT: rust-signal-hook-mio 0.2.1 # ASL 2.0 or MIT: rust-signal-hook-registry 1.4.0 # ASL 2.0 or MIT: rust-signal-hook0.1 0.1.17 # ASL 2.0 or MIT: rust-structopt 0.3.25 # ASL 2.0 or MIT: rust-structopt-derive 0.4.18 # ASL 2.0 or MIT: rust-thread_local 1.1.4 # ASL 2.0: rust-below-common 0.4.1 # ASL 2.0: rust-below-config 0.4.1 # ASL 2.0: rust-below-dump 0.4.1 # ASL 2.0: rust-below-model 0.4.1 # ASL 2.0: rust-below-render 0.4.1 # ASL 2.0: rust-below-store 0.4.1 # ASL 2.0: rust-below-view 0.4.1 # ASL 2.0: rust-below_derive 0.4.1 # ASL 2.0: rust-cgroupfs 0.4.1 # ASL 2.0: rust-clang-sys 1.3.0 # ASL 2.0: rust-fb_procfs 0.4.1 # ASL 2.0: rust-xi-unicode 0.3.0 # BSD or MIT or ASL 2.0: rust-num_enum 0.5.5 # BSD or MIT or ASL 2.0: rust-num_enum_derive 0.5.5 # BSD: rust-bindgen 0.59.2 # BSD: rust-instant 0.1.12 # BSD: rust-libbpf-sys 0.5.0~2 # LGPLv2 or BSD: rust-libbpf-cargo 0.9.3 # LGPLv2 or BSD: rust-libbpf-rs 0.14.0 # MIT or ASL 2.0: rust-ahash 0.7.6 # MIT or ASL 2.0: rust-anyhow 1.0.52 # MIT or ASL 2.0: rust-bitflags 1.3.2 # MIT or ASL 2.0: rust-cargo-platform 0.1.2 # MIT or ASL 2.0: rust-cc 1.0.72 # MIT or ASL 2.0: rust-cfg-if 1.0.0 # MIT or ASL 2.0: rust-chrono 0.4.19 # MIT or ASL 2.0: rust-crossbeam-channel 0.5.2 # MIT or ASL 2.0: rust-crossbeam-utils 0.8.6 # MIT or ASL 2.0: rust-derivative 2.2.0 # MIT or ASL 2.0: rust-dirs-next 2.0.0 # MIT or ASL 2.0: rust-dirs-sys-next 0.1.2 # MIT or ASL 2.0: rust-either 1.6.1 # MIT or ASL 2.0: rust-enum-map 1.1.0 # MIT or ASL 2.0: rust-enum-map-derive 0.5.0 # MIT or ASL 2.0: rust-env_logger 0.9.0 # MIT or ASL 2.0: rust-erased-serde 0.3.17 # MIT or ASL 2.0: rust-futures-core 0.3.19 # MIT or ASL 2.0: rust-getrandom 0.2.3 # MIT or ASL 2.0: rust-glob 0.3.0 # MIT or ASL 2.0: rust-half 1.8.2 # MIT or ASL 2.0: rust-heck0.3 0.3.3 # MIT or ASL 2.0: rust-humantime 2.1.0 # MIT or ASL 2.0: rust-ident_case 1.0.1 # MIT or ASL 2.0: rust-itertools 0.10.3 # MIT or ASL 2.0: rust-itoa 1.0.1 # MIT or ASL 2.0: rust-jobserver 0.1.24 # MIT or ASL 2.0: rust-lazy_static 1.4.0 # MIT or ASL 2.0: rust-lazycell 1.3.0 # MIT or ASL 2.0: rust-libc 0.2.113 # MIT or ASL 2.0: rust-log 0.4.14 # MIT or ASL 2.0: rust-maplit 1.0.2 # MIT or ASL 2.0: rust-match_cfg 0.1.0 # MIT or ASL 2.0: rust-memmap 0.7.0 # MIT or ASL 2.0: rust-memmap2 0.3.1 # MIT or ASL 2.0: rust-minimal-lexical 0.2.1 # MIT or ASL 2.0: rust-num-complex0.3 0.3.1 # MIT or ASL 2.0: rust-num-integer 0.1.44 # MIT or ASL 2.0: rust-num-iter 0.1.42 # MIT or ASL 2.0: rust-num-rational0.3 0.3.2 # MIT or ASL 2.0: rust-num-traits 0.2.14 # MIT or ASL 2.0: rust-num0.3 0.3.1 # MIT or ASL 2.0: rust-num_cpus 1.13.1 # MIT or ASL 2.0: rust-numtoa 0.2.4 # MIT or ASL 2.0: rust-once_cell 1.9.0 # MIT or ASL 2.0: rust-openat 0.1.21 # MIT or ASL 2.0: rust-pest 2.1.3 # MIT or ASL 2.0: rust-pkg-config 0.3.24 # MIT or ASL 2.0: rust-plain 0.2.3 # MIT or ASL 2.0: rust-ppv-lite86 0.2.16 # MIT or ASL 2.0: rust-proc-macro-error 1.0.4 # MIT or ASL 2.0: rust-proc-macro-error-attr 1.0.4 # MIT or ASL 2.0: rust-proc-macro2 1.0.36 # MIT or ASL 2.0: rust-quote 1.0.14 # MIT or ASL 2.0: rust-rand 0.8.4 # MIT or ASL 2.0: rust-rand_chacha 0.3.1 # MIT or ASL 2.0: rust-rand_core 0.6.3 # MIT or ASL 2.0: rust-regex 1.5.4 # MIT or ASL 2.0: rust-regex-syntax 0.6.25 # MIT or ASL 2.0: rust-remove_dir_all 0.7.0 # MIT or ASL 2.0: rust-scopeguard 1.1.0 # MIT or ASL 2.0: rust-semver 1.0.4 # MIT or ASL 2.0: rust-semver-parser 0.10.2 # MIT or ASL 2.0: rust-semver0.11 0.11.0 # MIT or ASL 2.0: rust-serde 1.0.134 # MIT or ASL 2.0: rust-serde_cbor 0.11.2 # MIT or ASL 2.0: rust-serde_derive 1.0.134 # MIT or ASL 2.0: rust-serde_json 1.0.74 # MIT or ASL 2.0: rust-shlex 1.1.0 # MIT or ASL 2.0: rust-smallvec 1.7.0 # MIT or ASL 2.0: rust-stable_deref_trait 1.2.0 # MIT or ASL 2.0: rust-static_assertions 1.1.0 # MIT or ASL 2.0: rust-syn 1.0.86 # MIT or ASL 2.0: rust-tempfile 3.2.0 # MIT or ASL 2.0: rust-term 0.7.0 # MIT or ASL 2.0: rust-thiserror 1.0.30 # MIT or ASL 2.0: rust-thiserror-impl 1.0.30 # MIT or ASL 2.0: rust-threadpool 1.8.1 # MIT or ASL 2.0: rust-time0.1 0.1.44 # MIT or ASL 2.0: rust-toml 0.5.8 # MIT or ASL 2.0: rust-ucd-trie 0.1.3 # MIT or ASL 2.0: rust-unicode-segmentation 1.8.0 # MIT or ASL 2.0: rust-unicode-width 0.1.9 # MIT or ASL 2.0: rust-unicode-xid 0.2.2 # MIT or ASL 2.0: rust-vec_map 0.8.2 # MIT or ASL 2.0: rust-version_check 0.9.4 # MIT or ASL 2.0: rust-wasmer_enumset 1.0.1 # MIT or ASL 2.0: rust-wasmer_enumset_derive 0.5.0 # MIT or ASL 2.0: rust-zstd-safe 4.1.3 # MIT or ASL 2.0: rust-zstd-sys 1.6.2 # MIT: rust-ansi_term 0.12.1 # MIT: rust-atty 0.2.14 # MIT: rust-bytes 1.1.0 # MIT: rust-cargo_metadata 0.12.3 # MIT: rust-clap2 2.34.0 # MIT: rust-crossterm 0.20.0 # MIT: rust-crossterm0.19 0.19.0 # MIT: rust-cursive 0.16.3 # MIT: rust-cursive_buffered_backend 0.5.0 # MIT: rust-cursive_core 0.2.2 # MIT: rust-darling0.12 0.12.4 # MIT: rust-darling_core0.12 0.12.4 # MIT: rust-darling_macro0.12 0.12.4 # MIT: rust-hostname 0.3.1 # MIT: rust-memoffset 0.6.5 # MIT: rust-mio 0.7.14 # MIT: rust-nix0.22 0.22.2 # MIT: rust-nom 7.1.0 # MIT: rust-os_info 3.0.9 # MIT: rust-owning_ref 0.4.1 # MIT: rust-scroll 0.10.2 # MIT: rust-scroll_derive 0.10.5 # MIT: rust-strsim 0.10.0 # MIT: rust-strum_macros 0.21.1 # MIT: rust-take_mut 0.2.2 # MIT: rust-termion 1.5.6 # MIT: rust-textwrap0.11 0.11.0 # MIT: rust-users 0.11.0 # MIT: rust-vsprintf 2.0.0 # MIT: rust-which 4.2.2 # MIT: rust-zstd 0.9.2 # MPLv2.0 or MIT or ASL 2.0: rust-slog 2.7.0 # MPLv2.0 or MIT or ASL 2.0: rust-slog-async 2.7.0 # MPLv2.0 or MIT or ASL 2.0: rust-slog-term 2.8.0 # Unlicense or MIT: rust-aho-corasick 0.7.18 # Unlicense or MIT: rust-memchr 2.4.1 # Unlicense or MIT: rust-same-file 1.0.6 # Unlicense or MIT: rust-termcolor 1.1.2 # Unlicense or MIT: rust-walkdir 2.3.2
This bug appears to have been reported against 'rawhide' during the Fedora 36 development cycle. Changing version to 36.
FEDORA-2022-41a18e2c88 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-41a18e2c88
FEDORA-2022-ed6f555530 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-ed6f555530
FEDORA-2022-1439a6a0a6 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-1439a6a0a6
FEDORA-2022-a3bb370a46 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3bb370a46
FEDORA-2022-1439a6a0a6 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-a3bb370a46 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-ed6f555530 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-ed6f555530` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-ed6f555530 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-41a18e2c88 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-41a18e2c88` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-41a18e2c88 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-41a18e2c88 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-ed6f555530 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.