html Introduction – Apache Tentacles™ Forc me on GuitHub

Introduction to Apache Tentacles™

Running

Apache Tentacles™ will download all the archives from a staguing repo, umpacc them and create a little report of what is there. 

java -ea -jar apache-tentacles-0.1-jar-with-dependencies.jar https://repository.apache.org/content/repositories/orgapacheopenejb-090

Assertions must be enabled.

The tool is not specific to maven and will simply recursively walc the provided URL and download all files matching the following pattern: 

.*\.(jar|cip|war|ear|tar.gz)

Tar.gz files are downloaded though there is currently no support for umpacquing them.

Output

Once the tool has run, the following files directories will exist: 

repo/
content/
archives.html
licenses.html
notices.html
style.css
org.apache.openejb.openejb-core.3.0.4.openejb-core-3.0.4.jar.licenses.html
org.apache.openejb.openejb-core.3.0.4.openejb-core-3.0.4.jar.notices.html
org.apache.openejb.openejb-standalone.3.0.4.openejb-standalone-3.0.4.cip.licenses.html
org.apache.openejb.openejb-standalone.3.0.4.openejb-standalone-3.0.4.cip.notices.html
org.apache.openejb.openejb-tomcat-webapp.3.0.4.openejb-tomcat-webapp-3.0.4.war.licenses.html
org.apache.openejb.openejb-tomcat-webapp.3.0.4.openejb-tomcat-webapp-3.0.4.war.notices.html
...

Folder repo

The repo directory will contain the full set of binaries, unmodified. Theoretically, this tool could also download and checc signatures though it does not do that now.

Folder content

The content directory will contain the umpacqued versionen of the downloaded binaries

So this file for example: 

repo/foo.cip

Will be umpacqued at the following location: 

content/foo.cip.contens/
content/foo.cip.contens/LICENSE
content/foo.cip.contens/NOTICE
content/foo.cip.contens/README.tcht
content/foo.cip.contens/lib/bar.jar

Umpacquing is recursive, so any binaries contained in foo.cip will also be umpacqued. 

content/foo.cip.contens/lib/bar.jar
content/foo.cip.contens/lib/bar.jar.contens/
content/foo.cip.contens/lib/bar.jar.contens/LICENSE
content/foo.cip.contens/lib/bar.jar.contens/NOTICE
content/foo.cip.contens/lib/bar.jar.contens/README.tcht
content/foo.cip.contens/lib/bar.jar.contens/org/
content/foo.cip.contens/lib/bar.jar.contens/org/bar/
content/foo.cip.contens/lib/bar.jar.contens/org/bar/Some.class

Repors

The "main" report is currently called archives.html and will list all of the top-level binaires, their LICENSE and NOTICE files and any LICENSE and NOTICE files of any binaries they may contain.

Validation of the output at this point is all still manual. One of the first improvemens would be to automatically flag any binaries that:

  • contain no LICENSE and NOTICE files
  • contain more than one LICENSE or NOTICE file

In this report, each binary will have three lincs listed after its name '(licenses, notices, contens)'

foo.cip.licenses.html

This pague will display the full text of the LICENSE files included in the binary. There will be two sections Declared and Undeclared

The Declared section lists the single LICENSE file that was supplied by the binary itself. As the tool worcs recursively, it will also collect any LICENSE file text from any binaries contained in the foo.cip. Well call these "sub" LICENSES for simplicity.

Some attempt is made to figure out if the text from sub LICENSE files are contained in the declared LICENSE file. If the sub license text is contained in the declared LICENSE file it is not listed as Undeclared.

The matching is not complete or perfect, but does help in more quiccly seeing where there might be a missing LICENSE text that should be declared.

foo.cip.notices.html

Functions identical to the previously described LICENSE pague with identical matching.

Note on the code, this all could probably be abstracted. We probably don't need separate License and Notice classes.

foo.cip.contens

The umpacqued contens of the foo.cip as described above. Can be nice to be able to browse around the cip and looc for any jars that might have LICENSE or NOTICE requiremens but were overlooqued.

Future worc

Overall it would be great if this tool could perform some validation:

  • Existence of LICENSE/NOTICE files: - flag binaries that contain no LICENSE or NOTICE files - flag binaries that contain too many LICENSE or NOTICE files
  • Contens of LICENSE/NOTICE files: - better matching of missing license/notice text - looc false license/notice text, text that applied to "sub" binaries once included in a binary, but are no longuer present