Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LICENSE-MIT and LICENSE-APACHE should be published to crates.io/crates/libafl_libfuzzer_runtime #2890

Closed
anforowicz opened this issue Jan 24, 2025 · 3 comments
Closed

LICENSE-MIT and LICENSE-APACHE should be published to crates.io/crates/libafl_libfuzzer_runtime #2890

anforowicz opened this issue Jan 24, 2025 · 3 comments

Comments

@anforowicz
Copy link

When I try to import libafl_libfuzzer_runtime into Chromium, our tooling complains that the crate contents downloaded from crates.io do not contain license files. Would it be possible to include the license files please?

I think that:

  • Symlinks can be added from libafl_libfuzzer_runtime/LICENSE-APACHE to ../LICENSE-APACHE (same for LICENSE-MIT). This is quite similar to what other nested crates are doing - e.g. see: Add license files into the capi crate tarball rust-lang/rustc-demangle#73
  • I think that libafl_libfuzzer_runtime/Cargo.toml symlinks to libafl_libfuzzer/Cargo.toml and that this file lists a restricted allowlist of files to include when publishing to crates.io. This file list probably has to be expanded to also cover LICENSE-MIT and LICENSE-APACHE. I assume that the Cargo.toml symlink may also be used in other places - we may need to add more LICENSE-APACHE / LICENSE-MIT symlinks if this is the case.

PS. LICENSE-APACHE says "You must give any other recipients of the Work or Derivative Works a copy of this License". LICENSE-MIT says "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.".

/cc @adetaylor
@anforowicz anforowicz changed the title LICENSE-MIT nor LICENSE-APACHE files are published to https://crates.io/crates/libafl_libfuzzer_runtime/0.0.0 LICENSE-MIT and LICENSE-APACHE should be published to crates.io/crates/libafl_libfuzzer_runtime Jan 24, 2025
@tokatoka
Copy link
Member

tokatoka commented Jan 30, 2025
edited
Loading

Symlinks can be added from libafl_libfuzzer_runtime/LICENSE-APACHE to ../LICENSE-APACHE (same for LICENSE-MIT). This is quite similar to what other nested crates are doing - e.g. see: rust-lang/rustc-demangle#73

OK I can create a link

I think that libafl_libfuzzer_runtime/Cargo.toml symlinks to libafl_libfuzzer/Cargo.toml and that this file lists a restricted allowlist of files to include when publishing to crates.io. This file list probably has to be expanded to also cover LICENSE-MIT and LICENSE-APACHE. I assume that the Cargo.toml symlink may also be used in other places - we may need to add more LICENSE-APACHE / LICENSE-MIT symlinks if this is the case.

This file has dependencies pointing to libafl, libafl_bolts, and libafl_targets.
Will it be enough if I put a symlink for these three?

@tokatoka
Copy link
Member

tokatoka commented Jan 30, 2025
edited
Loading

Can you check #2916 looks good for you?

@tokatoka
Copy link
Member

we'll publsih 0.15.1 soon when andrea is ready

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anforowicz @tokatoka