Commit Graph

33 Commits

Author SHA1 Message Date
Michal Schorm
67f4f8bcc2 Convert MariaDB 10.11 to SPDX license style
Here follow the records of my deeds regarding the switch to the SPDX:

\# Clone the correct package
fedpkg clone mariadb10.11
\# Expand the sources and apply the SPECfile %prep section (in which e.g. unused bundled code is removed)
fedpkg prep

Now I used the 'askalono' tool on top of the resulting directory

\# I began by analyzing only the errors
askalono crawl mariadb-10.11.8/ 1>/dev/null

=========== =========== ===========
=========== =========== ===========

| mariadb-10.11.8/storage/rocksdb/rocksdb/java/jmh/LICENSE-HEADER.txt
| Error: Confidence threshold not high enough for any known license

The text says the code is licensed under both 'GPL-2.0-only' and 'Apache-2.0'
and points to the specific files in the directory tree with the full text of these licenses.

There is also file:
| mariadb-10.11.8/storage/rocksdb/rocksdb/README.md
which says:
"RocksDB is dual-licensed under both the GPLv2 (found in the COPYING file in the root directory) and Apache 2.0 License (found in the LICENSE.Apache file in the root directory).
You may select, at your option, one of the above-listed licenses."

So the correct SPDX identifier should be: '( GPL-2.0-only OR Apache-2.0 )'

There are about 1200 files licensed this way, as can bee seen with this command:
  grep -i apache -r mariadb-10.11.8

All of them are from RocksDB SE, but 3:
  mariadb-10.11.8/mysys/crc32/crc32c.cc://  COPYING file in the root directory) and Apache 2.0 License
  mariadb-10.11.8/mysys/crc32/crc32c.cc://  (found in the LICENSE.Apache file in the root directory).
  mariadb-10.11.8/mysys/crc32/crc_ppc64.h: *  b) the Apache License, Version 2.0
  mariadb-10.11.8/mysys/crc32/crc32c_ppc.h://  COPYING file in the root directory) and Apache 2.0 License
  mariadb-10.11.8/mysys/crc32/crc32c_ppc.h://  (found in the LICENSE.Apache file in the root directory).

All of the files says:
//  This source code is licensed under both the GPLv2 (found in the
//  COPYING file in the root directory) and Apache 2.0 License
//  (found in the LICENSE.Apache file in the root directory).

But the "mariadb-10.11.8/mysys/crc32/crc_ppc64.h"
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of either:
 *
 *  a) the GNU General Public License as published by the Free Software
 *     Foundation; either version 2 of the License, or (at your option)
 *     any later version, or
 *  b) the Apache License, Version 2.0

So the SPDX identified for this one particular file is '( GPL-2.0-or-later OR Apache-2.0 )'

Making the final SPDX identifier regarding the Apache licenses as follows: '( GPL-2.0-only OR Apache-2.0 ) AND ( GPL-2.0-or-later OR Apache-2.0 )'

=========== =========== ===========
=========== =========== ===========

\# Then I by analyzed everything but errors:
askalono crawl mariadb-10.11.8/ 2>/dev/null

| mariadb-10.11.8/vio/docs/COPYING.openssl
| License: OpenSSL (original text)
| Score: 0.913

Correct.
Note: the 'OpenSSL' license is actually a combination of 'OpenSSL-standalone' and 'SSLeay-standalone'
so the shorter texts would match to, but in this case, this is a full 'OpenSSL' license:
  https://spdx.org/licenses/OpenSSL.html

=========== =========== ===========
=========== =========== ===========

GPL & LGPL

There is a difference between "GPL-2.0-only" and "GPL-2.0-or-later"
  https://spdx.org/licenses/GPL-2.0-only.html
  https://spdx.org/licenses/GPL-2.0-or-later.html
I understood that the license text is identical (I've ran 'diff' on top of them to verify)
and the difference is decided by the license header present in the files containing the code itself.
This "*-only" and "*-or-later" differenciation simmilar in other versions of GPL and LGLP

Now meet this little cute monstrosity:

\# This command is supposed to:
\#  - find all occurrences of the string "Public License"
\#  - prefixed by "GNU", "Lesser", "Library", "General", each word is optional (to match both GPL and LGPL and all variants of how people write them)
\#  - while every word can have any number of any white characters - including newlines - between them (to match text wrapped between lines)
\#  - all of that followed by string "version" (to only match text mentioning the specific version)
\#  - with any characters between the first part and the "version" string
\#  - followed by a digit (to exclude any result not talking about a concrete version specifically, e.g. text around string "from time to time" in the GPL licenses)
\#  - match 3 more characters (so we catch the whole version number)
\#  - but the "version" string and number must occur no later than any dot "." or double newline (to only match text inside the license texts or license headers, but not code)
\# Once found,
\#  - and match everything until dot or double newline (for further parsing of the strings "or later" etc)
\#  - replace any newline with space (" "), so the whole above match (as well s everything else) is put on a single line
\#  - replace string "mariadb-10.11.8/" with "NEWLINEmariadb-10.11.8/", so each result is on a separate line

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g'

This command gives 3685 results (I'll be measuring the number of results with | wc -l through this whole text),
and I hope it matches all possible variants of GPL and LGPL.
We are going to further parse it to divide the results for the separate licenses.

=========== =========== ===========
=========== =========== ===========

The 'askalono crawl' tool found number of occurrences of GPL and LGPL licenses, but it does not differentiate between "*-only" and "*-or-later" variants.

| mariadb-10.11.8/wsrep-lib/COPYING
| License: GPL-3.0-only (license header)
| Score: 0.825

This file actually talks about GPLv2, not v3.

| mariadb-10.11.8/wsrep-lib/LICENSE
| License: GPL-2.0-only (original text)
| Score: 0.988
| mariadb-10.11.8/scripts/sys_schema/COPYING
| License: GPL-2.0-only (original text)
| Score: 0.988
| mariadb-10.11.8/scripts/sys_schema/LICENSE
| License: GPL-2.0-only (license header)
| Score: 0.957
| mariadb-10.11.8/plugin/server_audit/COPYING
| License: GPL-2.0-only (original text)
| Score: 0.986
| mariadb-10.11.8/plugin/test_sql_service/COPYING
| License: GPL-2.0-only (original text)
| Score: 0.986
| mariadb-10.11.8/extra/readline/COPYING
| License: GPL-2.0-only (original text)
| Score: 0.984
| mariadb-10.11.8/storage/rocksdb/rocksdb/COPYING
| License: GPL-2.0-only (original text)
| Score: 0.988
| mariadb-10.11.8/COPYING
| License: GPL-2.0-only (original text)
| Score: 0.986

These are all GPLv2.

| mariadb-10.11.8/libmariadb/COPYING.LIB
| License: LGPL-2.1-only (original text)
| Score: 0.998
| mariadb-10.11.8/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/doc/text/lgpl-2.0.txt
| License: LGPL-2.0-only (original text)
| Score: 0.996
| mariadb-10.11.8/storage/mroonga/vendor/groonga/COPYING
| License: LGPL-2.1-only (original text)
| Score: 0.997
| mariadb-10.11.8/storage/mroonga/COPYING
| License: LGPL-2.1-only (original text)
| Score: 0.997
| mariadb-10.11.8/storage/maria/libmarias3/docs/introduction/license.rst
| License: LGPL-2.1-only (original text)
| Score: 0.980
| mariadb-10.11.8/storage/maria/libmarias3/LICENSE
| License: LGPL-2.1-only (original text)
| Score: 0.998

=========== =========== ===========
=========== =========== ===========

However to make sure which licenses appears in the source code tree, we have to GREP each variant:

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 3"

retuns 16 results, from which:

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 3" | grep -i --binary-files=text -e " lesser" -e " library"

0 is LGPL
and

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 3" | grep -v -i --binary-files=text -e " lesser" -e " library"

16 is GPL

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 3" | grep -i --binary-files=text -e "later" -e " or"

16 results "GPL-3.0-or-later"
and

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 3" | grep -v -i --binary-files=text -e "later" -e " or"

0 results "GPL-3.0-only"

=========== =========== ===========
=========== =========== ===========

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2"

retuns 3669 results, from which:

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -i --binary-files=text -e " lesser" -e " library"

577 is LGPL

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -v -i --binary-files=text -e " lesser" -e " library"

3092 is GPL

=========== =========== ===========
=========== =========== ===========

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text -e "version 2" | grep -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2[ ,;\<]" -e "version 2.0"

120 is LGPL 2.0

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2[ ,;\<]"  -e "version 2.0" | grep -i --binary-files=text -e "later" -e " or "

77 is "LGPL-2.0-or-later"

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2[ ,;\<]"  -e "version 2.0" | grep -v -i --binary-files=text -e "later" -e " or "

43 is "LGPL-2.0-only"

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2\.[^0]"

457 is LGPL 2.1

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2\.[^0]" | grep -i --binary-files=text -e "later" -e " or "

132 is "LGPL-2.1-or-later"

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2\.[^0]" | grep -v -i --binary-files=text -e "later" -e " or "

325 is "LGPL-2.1-only"

=========== =========== ===========

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -v -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2[ ,;\<]" -e "version 2.[0\s]"  -e "version 2.\s"

3091 is GPL 2.0

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -v -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2[ ,;\<]" -e "version 2.[0\s]"  -e "version 2.\s"  | grep -i --binary-files=text -e "later" -e " or "

229 is "GPL-2.0-or-later"

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -v -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2[ ,;\<]" -e "version 2.[0\s]"  -e "version 2.\s" | grep -v -i --binary-files=text -e "later" -e " or "

2862 is "GPL-2.0-only"

grep -Pzoi '(?s)((GNU\s*)?(Lesser\s*)?(Library\s*)?(General\s*)?Public\s*License)(?:(?!\.\n|\n\n).)*?version\s*\d[\s\S]{0,3}(?:(?!\.\n|\n\n).)*' -r mariadb-10.11.8/ \
| sed ':a;N;$!ba;s/\n/ /g' | sed 's|mariadb-10.11.8/|\nmariadb-10.11.8/|g' \
| grep -i --binary-files=text "version 2" | grep -v -i --binary-files=text -e " lesser" -e " library" | grep -i --binary-files=text -e "version 2\.[123456789]"

1 GPL 2.1
weird ... GPL 2.1 doesn't exists, only LGPL 2.1 does
and by examining the file, it's a false positive, as the writer switched the words in way unexpected to me: "Lesser GNU General Public License, Version 2.1"

=========== =========== ===========
=========== =========== ===========

| mariadb-10.11.8/plugin/handler_socket/libhsclient/COPYRIGHT.txt
| License: BSD-3-Clause-HP (original text)
| Score: 0.919
| mariadb-10.11.8/plugin/handler_socket/perl-Net-HandlerSocket/COPYRIGHT.txt
| License: BSD-3-Clause-HP (original text)
| Score: 0.919
| mariadb-10.11.8/plugin/handler_socket/handlersocket/COPYRIGHT.txt
| License: BSD-3-Clause-HP (original text)
| Score: 0.919
| mariadb-10.11.8/libmariadb/cmake/COPYING-CMAKE-SCRIPTS
| License: BSD-3-Clause-HP (original text)
| Score: 0.937
| mariadb-10.11.8/storage/innobase/COPYING.Google
| License: BSD-3-Clause (original text)
| Score: 0.917
| mariadb-10.11.8/storage/innobase/COPYING.Percona
| License: BSD-3-Clause (original text)
| Score: 0.917
| mariadb-10.11.8/storage/rocksdb/rocksdb/LICENSE.leveldb
| License: BSD-3-Clause (original text)
| Score: 0.953

BSD-3-Clause-HP:
https://spdx.org/licenses/BSD-3-Clause-HP.html
This license is almost identical to BSD-3-Clause, but adds "patent infringement" to the disclaimer.

However after manual review, none of the licenses listed above contains the word "patent" (case insensitive)
and all seems to be just the basic "BSD-3-Clause"

=========== =========== ===========
=========== =========== ===========

| mariadb-10.11.8/storage/rocksdb/rocksdb/LICENSE.Apache
| License: Apache-2.0 (original text)
| Score: 1.000

OK

=========== =========== ===========
=========== =========== ===========

| mariadb-10.11.8/storage/rocksdb/rocksdb/docs/LICENSE-DOCUMENTATION
| License: CC-BY-4.0 (original text)
| Score: 0.995

OK

=========== =========== ===========
=========== =========== ===========

Furthermore, there are several occurrences of the BISON exception.
Please note that the SPDX upstream does not have a specific indentifier for it,
so we are using identifiers defined by Fedora project:
  https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

grep -i -e "of Bison" -r  mariadb-10.11.9

All occurences are tied to GPL-3.0-or-later, so the correct resulting identifier is:
  ( GPL-3.0-or-later WITH Bison-exception-2.2 )

=========== =========== ===========
=========== =========== ===========

At this moment I finished going through results of 'askalono' tool.
Now I used
  grep -i -e "licens" -r mariadb-10.11.8/
which yields roughly 24000 results, and go through them manually.

After first go-through, I've refined the search a bit, ignoring common occurences:

    grep -i licens -r mariadb-10.11.8/ | \
    grep -v \
    -e "//  This source code is licensed under both the GPLv2 (found in the" \
    -e "//  COPYING file in the root directory) and Apache 2.0 License" \
    -e "//  (found in the LICENSE.Apache file in the root directory)." \
    -e "// Use of this source code is governed by a BSD-style license that can be" \
    -e "// found in the LICENSE file. See the AUTHORS file for names of contributors." \
    -e "it under the terms of the GNU General Public License as published by" \
    -e "the Free Software Foundation; version 2 of the License." \
    -e "GNU General Public License for more details." \
    -e "You should have received a copy of the GNU General Public License" \
    -e "it under the terms of the GNU General Public License, version 2.0," \
    -e "but not limited to OpenSSL) that is licensed under separate terms," \
    -e "as designated in a particular file or component or in included license" \
    -e "separately licensed software that they have included with MySQL." \
    -e "GNU General Public License, version 2.0, for more details." \
    -e "License as published by the Free Software Foundation; either" \
    -e "version 2.1 of the License, or (at your option) any later version." \
    -e "Lesser General Public License for more details." \
    -e "License along with this library; if not, write to the Free Software" \
    -e "License version 2.1 as published by the Free Software Foundation." \
    -e "the terms of the GNU General Public License as published by the Free Software" \
    -e "License along with this library; if not, write to the Free" \
    -e "version 2 of the License, or (at your option) any later version." \
    -e "Library General Public License for more details." \
    -e "License along with this library; if not see <http://www.gnu.org/licenses>" \
    | grep -i licens

squeezing the results to roughly 3400 lines, for the second go through.
Even then, it is tremendously attention demanding, and likely place for oversights.

I've managed to discover the following:

=========== =========== ===========
=========== =========== ===========

grep -i -e "under the GPL 1, 2 or 3 license" -r mariadb-10.11.8/

Files:
    mariadb-10.11.8/extra/mariabackup/quicklz/quicklz.c
    mariadb-10.11.8/extra/mariabackup/quicklz/quicklz.h
states:
  "QuickLZ can be used for free under the GPL 1, 2 or 3 license"

which makes it " ( GPL-1.0-only	OR GPL-2.0-only	GPL-3.0-only ) ", since the word "later" is not used.

=========== =========== ===========
=========== =========== ===========

grep -i -e "BSD 2-Clause" -r mariadb-10.11.8/

Files:
    mariadb-10.11.8/storage/rocksdb/rocksdb/util/xxhash.cc
    mariadb-10.11.8/storage/rocksdb/rocksdb/util/xxhash.h
    mariadb-10.11.8/storage/rocksdb/rocksdb/util/xxh3p.h
has the BSD 2-Clause License, which SPDX identifier is 'BSD-2-Clause'

=========== =========== ===========
=========== =========== ===========

grep -w -e "MIT" -r mariadb-10.11.8/

File:
    mariadb-10.11.8/libmariadb/external/zlib/ucm.cmake
is licesned under MIT, which SPDX identifier is also 'MIT'.

Also text in:
    mariadb-10.11.8/storage/mroonga/vendor/groonga/README.md
specifically:
    "* License: The MIT license. See vendor/mruby-source/MITL for details."
*SUGGESTS* that all files under
  mariadb-10.11.8/storage/mroonga/vendor/groonga/vendor/mruby/*
are also licensed under MIT,
however the directory is actually named "vendor/mruby", not "vendor/mruby-source", and the "MITL" file is missing,
and the single file
    mariadb-10.11.8/storage/mroonga/vendor/groonga/vendor/mruby/CMakeLists.txt
is licensed undel LGPL 2.1,
so it would be best to ask MariaDB upstream to clarify the license.

Moreover file:
    mariadb-10.11.8/storage/maria/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/theme.css
states:
    "*  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)"
which makes it 'OFL-1.1 AND MIT'
without parenthesis, as they are licenses of two distinct files.

Files:
    mariadb-10.11.8/storage/rocksdb/rocksdb/util/murmurhash.cc
    mariadb-10.11.8/storage/rocksdb/rocksdb/util/murmurhash.h
states, after the license header of '( GPL-2.0-only OR Apache-2.0 )':
    "All code is released to the public domain. For business purposes, Murmurhash is under the MIT license."
The original website no longer exists, and "public domain" is too vague for SPDX.
However we should mark the 'MIT' license, since it's NOT up to us - package maintainer - to guess the effective license (whether the package user will use the code for business purposes or not).

=========== =========== ===========
=========== =========== ===========

 grep -w -e "CC0" -r mariadb-10.11.8/

Files:
    mariadb-10.11.8/unittest/mysys/crc32-t.c
    mariadb-10.11.8/storage/rocksdb/rocksdb/util/timer_queue_test.cc
    mariadb-10.11.8/storage/rocksdb/rocksdb/util/timer_queue.h
    mariadb-10.11.8/mysql-test/suite/innodb/include/crc32.pl
mention the CC0 license, which makes it 'CC0-1.0'

=========== =========== ===========
=========== =========== ===========

grep -i -e "PHP license" -r mariadb-10.11.8/

Files:
    mariadb-10.11.8/libmariadb/libmariadb/ma_stmt_codec.c
    mariadb-10.11.8/libmariadb/libmariadb/ma_charset.c
    mariadb-10.11.8/libmariadb/libmariadb/mariadb_stmt.c
    mariadb-10.11.8/libmariadb/libmariadb/ma_password.c
    mariadb-10.11.8/libmariadb/libmariadb/ma_loaddata.c
mention the PHP 3.0 and PHP 3.01 licenses, which makes it 'PHP-3.0 AND PHP-3.01'

=========== =========== ===========
=========== =========== ===========

grep -i -e "The authors of MySQL hereby grant" -r mariadb-10.11.8/

279 files from the command above states:
    The authors of MySQL hereby grant you an additional
    permission to link the program and your derivative works with the
    separately licensed software that they have included with MySQL.

which I have no idea how to process.

=========== =========== ===========
=========== =========== ===========

File 'storage/archive/azlib.h'
is licensed under zlib license.

=========== =========== ===========
=========== =========== ===========

Files:
  strings/dtoa.c
  libmariadb/libmariadb/ma_dtoa.c
are licensed under 'dtoa' license:
  https://spdx.org/licenses/dtoa.html

=========== =========== ===========
=========== =========== ===========

These files are licensed under FSFAP:
|  grep -i -e "medium without royalty" -r .
https://spdx.org/licenses/FSFAP.html

=========== =========== ===========
=========== =========== ===========

File 'storage/mroonga/vendor/groonga/lib/grn_ecmascript.c'
is licensed under 'blessing' license:
  https://spdx.org/licenses/blessing.html

=========== =========== ===========
=========== =========== ===========

File 'storage/connect/unzip.c'
is licensed under 'Info-ZIP' license:
  https://spdx.org/licenses/Info-ZIP.html

=========== =========== ===========
=========== =========== ===========

File 'libmysqld/lib_sql.cc'
is licensed under 'Boehm-GC' license:
  https://spdx.org/licenses/Boehm-GC.html

=========== =========== ===========
=========== =========== ===========

Files:
    mariadb-10.11.8/mysys/psi_noop.c
    mariadb-10.11.8/include/mysql/psi/psi_base.h
    mariadb-10.11.8/include/mysql/psi/psi_memory.h
States:
    Without limiting anything contained in the foregoing, this file,
    which is part of C Driver for MySQL (Connector/C), is also subject to the
    Universal FOSS Exception, version 1.0, a copy of which can be found at
    http://oss.oracle.com/licenses/universal-foss-exception.

which is IMO something that needs to be added to SPDX database.

=========== =========== ===========
=========== =========== ===========

Files like these:
    mariadb-10.11.8/storage/maria/libmarias3/tests/include.am
    mariadb-10.11.8/storage/maria/libmarias3/docs/_themes/sphinx_rtd_theme/search.html
states that they are licensed under BSD license, which text should be attached,
but the closest license file I found was GPL or LGPL.

Someone with better search-fu, or clarification from MariaDB upstream, would be welcomed.
There are other files under various types of BSD, GPL and LGPL licenses, so even if they would switch the license, we likely should have it already covered.

=========== =========== ===========
=========== =========== ===========

So the resulting "License:" field should be:

( GPL-2.0-only OR Apache-2.0 ) AND ( GPL-2.0-or-later OR Apache-2.0 ) AND BSD-2-Clause AND BSD-3-Clause AND CC-BY-4.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-or-later AND ( GPL-3.0-or-later WITH Bison-exception-2.2 ) AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OpenSSL AND MIT AND OFL-1.1 AND CC0-1.0 AND PHP-3.0 AND PHP-3.01 AND zlib AND dtoa AND FSFAP AND blessing AND Info-ZIP AND Boehm-GC

=========== =========== ===========
=========== =========== ===========

I hope I caught all of the licenses.
If that's not the case, please contribute a fix or at least report a bug against this package so we can correct it.

A detailed examination of chaotic, and on many places (at least) seemingly outdated,
file "THIRDPARTY" might be good place to start review of my work.

UPDATE:
Results of thorough review from  Ales Nezbeda <anezbeda@redhat.com> were incorporated into this commit.
2024-08-22 16:42:35 +02:00
Michal Schorm
12f4463678 [10.11.9-2] Bump release for rebuild 2024-08-20 11:17:30 +02:00
Michal Schorm
bde89949a5 Rebase to 10.11.9 2024-08-19 12:44:09 +02:00
Michal Schorm
fdbbead219 Bundle FMT library to workaround a Rawhide issue:
| /usr/include/fmt/base.h:1402:29: error: passing ‘const fmt::v11::formatter<String>’ as ‘this’ argument discards qualifiers [-fpermissive]
|  1402 |     ctx.advance_to(cf.format(*static_cast<qualified_type*>(arg), ctx));
|       |                    ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2024-08-19 12:41:15 +02:00
Michal Schorm
e6482ff21f Fixup for previous commit: "Add new systemtap-sdt-dtrace to build deps"
The Fedora change is only applicable to Fedora 41 and later.
The package does not exist on older releases and thus leads to FTBFS.
2024-08-19 12:41:09 +02:00
Lumir Balhar
f57cc19e7c Add new systemtap-sdt-dtrace to build deps
This is a part of approved Fedora change:
https://fedoraproject.org/wiki/Changes/Separate_dtrace_package

systemtap-sdt-devel will stop requiring systemtap-sdt-dtrace
and that would break the build of this package.
2024-08-19 12:41:04 +02:00
Fedora Release Engineering
a0e462ba58 Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild 2024-08-19 12:40:57 +02:00
Michal Schorm
3b5883189c Remove second bundled zlib location 2024-08-19 12:40:52 +02:00
Michal Schorm
86c6de7c05 Remove debian-only files before package build 2024-08-19 12:40:45 +02:00
Michal Schorm
4a066221f0 Sync bundled version of PCRE2 2024-08-19 12:40:37 +02:00
Michal Schorm
374e35cace Bump release for package rebuild 2024-08-19 12:40:33 +02:00
Michal Schorm
213b1ecd0c Disable all of Spider tests, because of #2291227 2024-08-19 12:22:15 +02:00
Michal Schorm
88bfe26933 Remove unused bundled code 2024-08-19 12:22:09 +02:00
Michal Schorm
ff34b7c74e Set minimal required version for several BuildRequires components
This mirror minimal versions set by upstream in CMake checks
2024-08-19 12:22:03 +02:00
Michal Schorm
d425a3ed5f Added support for various authentications algorithms
The AWS plugin returns:
-- Can't build aws_key_management - AWS SDK not available (AWS SDK has Apache 2.0 License which is not compatible with GPLv2. Set -DNOT_FOR_DISTRIBUTION=ON if you need it)

I'm not sure what is meant by that, both are free licenses.
But even with 'BuildRequires: aws-devel' the build wasn't possible
2024-08-19 12:21:58 +02:00
Michal Schorm
b433324d56 Added support for various compression algorithms 2024-08-19 12:21:52 +02:00
Michal Schorm
f0d12b9786 [SPECfile fixup] Move bits regarding clustercheck around the SPECfile, so they are only used when galera sub-package is built
Build should now work correctly for both variants:
  %bcond_without galera
  %bcond_with galera

wsrep and clustercheck bits are meant to only be packed fi galera sub-package is being built
2024-08-19 12:21:46 +02:00
Michal Schorm
f310e11ba8 Add wsrep_sst_rsync_tunnel script 2024-08-19 12:21:41 +02:00
Michal Schorm
4b708521ea Set the minimal required version of the mysql-selinux package 2024-08-19 12:21:34 +02:00
Michal Schorm
877a2d663d Rebase to 10.11.8 2024-08-19 12:21:27 +02:00
Michal Schorm
5989063293 Rebase to 10.11.7 2024-08-19 12:19:43 +02:00
Michal Schorm
10d1470801 [rpmlint fixup] mariadb10.11.spec:1: W: macro-in-comment %{name} 2024-08-19 12:19:36 +02:00
Michal Schorm
f381735532 SPECfile %files section fixup - add missing directories
Resolves: #2283500

--

Script used for checking the files inside "/usr/share/mariadb*"

| # Find directories that start with 'mariadb' under /usr/share/
| find /usr/share/ -type d -name 'mariadb*' | while read -r dir; do
|     # For each directory found, recursively find all files and directories
|     find "$dir" -print0 | while IFS= read -r -d '' file; do
|         rpm -qf "$file"	| grep -i -e "not owned"
|     done
| done

Results:

|  file /usr/share/mariadb-server is not owned by any package
|  file /usr/share/mariadb-server/groonga is not owned by any package
|  file /usr/share/mariadb-server/groonga-normalizer-mysql is not owned by any package
|  file /usr/share/mariadb/mroonga is not owned by any package
2024-08-19 12:19:31 +02:00
Michal Schorm
7d24cb9757 [Fixup] Fix my.cnf dependency
Fixup of commit:
  commit 45b40b2e9c515cfb04d6eaabc0c1b2e90eb1a535
  Author: Yaakov Selkowitz <yselkowi@redhat.com>
  Date:   Mon Apr 8 23:18:44 2024 -0400

Fixup contains:
 - use macro instead of '/etc/'
 - extend the condition to other occurences
2024-08-19 12:19:24 +02:00
Yaakov Selkowitz
60e7da0fac Fix my.cnf dependency
Installation path macros are not allowed in file dependencies.
Starting with F40, these break flatpak builds entirely because
dnf5 only recognizes file deps in /etc, /usr/bin, and /usr/sbin,
not /app/etc.  At this point, mariadb-connector-c-config is the
sole provider of my.cnf.

https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_dependencies
2024-08-19 12:19:16 +02:00
Troy Dawson
9d568231da Bump release for June 2024 mass rebuild 2024-06-24 09:01:41 -07:00
Filip Janus
19889e78e3 Release bump 2024-02-07 12:54:21 +01:00
Filip Janus
6673fbda85 Add architecture specific requirement in -server subpacakge 2024-02-05 21:09:33 +01:00
Filip Janus
a85be7152c Renaming macro names to be more descriptive 2024-02-05 20:33:34 +01:00
Honza Horak
6bab42f298 Remove %pkg_provides macro
This macro does not add any new provides that wouldn't be there automatically.
2024-02-05 13:44:38 +01:00
Honza Horak
b636fca34b Do not add automatic provides for private sub-packages
These sub-packages (errmsg and common) are only required by the same build
of mariadb. When built with the automatic provides (that adds %{_isa} as well),
these noarch sub-packages cause koji to complain and build to fail with:

BuildError: The following noarch package built differently on different
architectures: mariadb-errmsg-10.11.6-2.fc40.noarch.rpm
rpmdiff output was:
removed     PROVIDES mariadb-errmsg(x86-32) = 3:10.11.6-2.fc40
removed     PROVIDES mariadb10.11-errmsg(x86-32) = 3:10.11.6-2.fc40
added       PROVIDES mariadb-errmsg(x86-64) = 3:10.11.6-2.fc40
added       PROVIDES mariadb10.11-errmsg(x86-64) = 3:10.11.6-2.fc40
2024-02-05 09:25:42 +01:00
Filip Janus
aaaf2ae734 Add mariadbXX.XX provide 2024-02-02 09:37:15 +01:00
Filip Janus
6af9ed3656 Apply demodularization 2024-02-01 07:17:13 +01:00