Added some tests, added handling for licenses tucked away in *.dist-info/licenses, tidied up packaging a little bit, added thanks for contributors

initialed85 · initialed85 · commit 6a1e8c451091 · 2025-06-18T13:18:26.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+build
+**/__pycache__
+**/.pyc
+*.egg-info
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,17 @@
+ARG VERSION
+
+FROM python:${VERSION:-3.12}
+
+WORKDIR /srv/
+
+RUN pip install twine setuptools
+
+COPY ./requirements.txt /srv/python-third-party-license-file-generator/requirements.txt
+
+RUN pip install -r /srv/python-third-party-license-file-generator/requirements.txt
+
+COPY . /srv/python-third-party-license-file-generator
+
+RUN pip install ./python-third-party-license-file-generator/
+
+CMD ["/srv/python-third-party-license-file-generator/docker-entrypoint.sh"]
diff --git a/Dockerfile.dockerignore b/Dockerfile.dockerignore
@@ -0,0 +1,4 @@
+build
+**/__pycache__
+**/.pyc
+*.egg-info
diff --git a/README.md b/README.md
@@ -2,6 +2,16 @@
 
 The Python third_party_license_file_generator is aimed at distilling down the appropriate license for one or many pip "requirements" files into a single file; it supports Python2.7 and Python3.
 
+## Thanks to everyone who has contributed over the years!
+
+- [fredvisser](https://github.com/fredvisser)
+- [Brian-Williams](https://github.com/Brian-Williams)
+- [andzn](https://github.com/andzn)
+- [dave-v](https://github.com/dave-v)
+- [j-b-d](https://github.com/j-b-d)
+- [malesh](https://github.com/malesh)
+- [lowaa](https://github.com/lowaa)
+
 ## How do I install it?
 
     $ pip install third-party-license-file-generator
@@ -16,12 +26,12 @@ With no arguments (other than a pip "requirements" file and a Python executable
 
 - walk the given Python executable's site-packages folder and build up package metadata (and license files, if present)
 - filter down by packages that are listed in the pip "requirements" file (and those packages dependencies, and their dependencies, and their dependencies... you get the gist)
-    - note: it follows "-r some_file.txt" references found in the pip "requirements" files
+  - note: it follows "-r some_file.txt" references found in the pip "requirements" files
 - if a license name could not be secured for a package, try to gather that from the package's PyPI web page
-    - if a license name has still not been secured and the package lists a GitHub home page, try to find a license from there
-        - otherwise, assume the package to be commercially licensed (as it is legally understood that is the case)
+  - if a license name has still not been secured and the package lists a GitHub home page, try to find a license from there
+    - otherwise, assume the package to be commercially licensed (as it is legally understood that is the case)
 - if a license file could not be secured for a package and the package lists a GitHub home page, try to find a license from there
-    - otherwise, create a license (for the known license name) from a local collection of licenses (within the Python Third Party License Generator)
+  - otherwise, create a license (for the known license name) from a local collection of licenses (within the Python Third Party License Generator)
 - show a summary of packages against licenses to the user
 - build a THIRDPARTYLICENSES file in the current folder
 - give a return code of zero for success or non-zero for failures (e.g. GPL-licensed packages detected when specified to not permit GPL)
@@ -62,13 +72,13 @@ Three different pip "requirements" files, two different Python paths (need to re
         -p ~/.virtualenvs/api_pypy/bin/python \
         -r cpython_requirements.txt \
         -p ~/.virtualenvs/api_py/bin/python \
-        -x uWSGI \ 
+        -x uWSGI \
         -o ThirdPartyLicenses.txt
 
 Three different pip "requirements" files, two different Python paths (need to repeat), a GPL exception, a custom output file and a license override file:
 
     # contents of license_override_file.yml
-    uWSGI: 
+    uWSGI:
         license_name: GPL-2.0 w/ linking exception
         license_file: https://raw.githubusercontent.com/unbit/uwsgi/master/LICENSE
 
@@ -79,7 +89,7 @@ Three different pip "requirements" files, two different Python paths (need to re
         -p ~/.virtualenvs/api_pypy/bin/python \
         -r cpython_requirements.txt \
         -p ~/.virtualenvs/api_py/bin/python \
-        -x uWSGI \ 
+        -x uWSGI \
         -o ThirdPartyLicenses.txt \
         -l license_override_file.yml
 
@@ -100,3 +110,25 @@ An example of the structure of the generated third party license file is as foll
     ----------------------------------------
 
     End of 'ThirdPartyLicenses.txt' generated by Python third_party_license_generator at 2018-04-19 12:36:58.627825
+
+## Packaging notes
+
+### Testing
+
+If you're making any changes you can run the tests:
+
+```bash
+./test.sh
+```
+
+### Publishing
+
+NOTE: This probably only applies to folks that work at [FTP Solutions](https://github.com/ftpsolutions/) (maintainers of this package).
+
+This will test a few Python versions, operating the tool against this repo's `requirements.txt`.
+
+When you're ready to push to PyPI, as long as you have a `~/.pypirc` and you have permissions to push to the repo:
+
+```bash
+./build-tag-and-push.sh
+```
diff --git a/THIRDPARTYLICENSES b/THIRDPARTYLICENSES
@@ -1,4 +1,4 @@
-Start of 'THIRDPARTYLICENSES' generated by Python third_party_license_generator at 2023-02-22 21:58:48.921278
+Start of 'THIRDPARTYLICENSES' generated by Python third_party_license_generator at 2025-06-18 04:59:56.875233
 
 ----------------------------------------
 
@@ -41,7 +41,6 @@ This package contains a modified version of ca-bundle.crt:
 
 ca-bundle.crt -- Bundle of CA Root Certificates
 
-Certificate data from Mozilla as of: Thu Nov  3 19:04:19 2011#
 This is a bundle of X.509 certificates of public Certificate Authorities
 (CA). These were automatically extracted from Mozilla's root certificates
 file (certdata.txt).  This file can be found in the mozilla source tree:
@@ -64,12 +63,12 @@ one at http://mozilla.org/MPL/2.0/.
 Package: charset-normalizer
 License: MIT
 Requires: n/a
-Author: Ahmed TAHRI <ahmed.tahri@cloudnursery.dev>
-Home page: https://github.com/Ousret/charset_normalizer
+Author: (unknown) <"Ahmed R. TAHRI" <tahri.ahmed@proton.me>>
+Home page: None
 
 MIT License
 
-Copyright (c) 2019 TAHRI Ahmed R.
+Copyright (c) 2025 TAHRI Ahmed R.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -94,38 +93,40 @@ SOFTWARE.
 Package: idna
 License: BSD-3-clause
 Requires: n/a
-Author: (unknown) <Kim Davies <kim@cynosure.com.au>>
+Author: (unknown) <Kim Davies <kim+pypi@gumleaf.org>>
 Home page: None
 
 BSD 3-Clause License
 
-Copyright (c) 2013-2021, Kim Davies
+Copyright (c) 2013-2024, Kim Davies and contributors.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
+modification, are permitted provided that the following conditions are
+met:
 
-1. Redistributions of source code must retain the above copyright notice, this
-   list of conditions and the following disclaimer.
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
 
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
 
 3. Neither the name of the copyright holder nor the names of its
    contributors may be used to endorse or promote products derived from
    this software without specific prior written permission.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ----------------------------------------
 
@@ -160,7 +161,7 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 Package: requests
 License: Apache-2.0
-Requires: charset-normalizer, idna, urllib3, certifi
+Requires: charset_normalizer, idna, urllib3, certifi
 Author: Kenneth Reitz <me@kennethreitz.org>
 Home page: https://requests.readthedocs.io
 
@@ -372,12 +373,12 @@ IN THE SOFTWARE.
 Package: urllib3
 License: MIT
 Requires: n/a
-Author: Andrey Petrov <andrey.petrov@shazow.net>
-Home page: https://urllib3.readthedocs.io/
+Author: (unknown) <Andrey Petrov <andrey.petrov@shazow.net>>
+Home page: None
 
 MIT License
 
-Copyright (c) 2008-2020 Andrey Petrov and contributors (see CONTRIBUTORS.txt)
+Copyright (c) 2008-2020 Andrey Petrov and contributors.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -402,8 +403,8 @@ SOFTWARE.
 Package: wheel
 License: MIT
 Requires: n/a
-Author: Daniel Holth <dholth@fastmail.fm>
-Home page: https://github.com/pypa/wheel
+Author: (unknown) <Daniel Holth <dholth@fastmail.fm>>
+Home page: None
 
 MIT License
 
@@ -429,4 +430,4 @@ OTHER DEALINGS IN THE SOFTWARE.
 
 ----------------------------------------
 
-End of 'THIRDPARTYLICENSES' generated by Python third_party_license_generator at 2023-02-22 21:58:48.921301
+End of 'THIRDPARTYLICENSES' generated by Python third_party_license_generator at 2025-06-18 04:59:56.875292
diff --git a/build-tag-and-push.sh b/build-tag-and-push.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+python_version="3.12"
+image_base="$(basename "$(pwd)")-build-tag-and-push"
+image="${image_base}:${python_version}"
+container="${image_base}-${python_version}"
+
+if ! test -e "${HOME}/.pypirc"; then
+    echo "error: failed to find ${HOME}/.pypirc"
+    exit 1
+fi
+
+docker build --build-arg "VERSION=${python_version}" -f ./Dockerfile -t "${image}" .
+
+docker run --rm --name "${container}" -v "${HOME}/.pypirc:/root/.pypirc" --workdir "/srv/python-third-party-license-file-generator" --entrypoint bash "${image}" -c "python setup.py sdist && twine upload dist/*"
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+
+python -u -m third_party_license_file_generator \
+    -r /srv/python-third-party-license-file-generator/requirements.txt \
+    -p "$(which python)" \
+    --do-not-skip-not-required-packages \
+    --permit-gpl
+
+echo ""
+
+if ! test -e THIRDPARTYLICENSES; then
+    echo "error: couldn't find THIRDPARTYLICENSES- something has gone badly wrong"
+
+    exit 1
+fi
+
+cat THIRDPARTYLICENSES
+
+echo ""
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,6 @@
-requests>=2.25
-PyYAML>=5.4
+requests>=2.25; python_version>="3.0"
+PyYAML>=5.4; python_version>="3.0"
+
+# just hope for the best w/ Python2
+requests>=2.25; python_version<"3.0"
+PyYAML<5.4; python_version<"3.0"
diff --git a/setup.py b/setup.py
@@ -4,13 +4,27 @@
 https://github.com/pypa/sampleproject
 """
 
+import datetime
+
 # To use a consistent encoding
 from codecs import open
 from os import path
 
 # Always prefer setuptools over distutils
 from setuptools import find_packages, setup
 
+python3 = True
+
+try:
+    import sys
+
+    if sys.version_info < (3, 0):
+        python3 = False
+except Exception:
+    pass
+
+now = datetime.datetime.now()
+
 here = path.abspath(path.dirname(__file__))
 
 # Get the long description from the README file
@@ -22,7 +36,11 @@
     # Versions should comply with PEP440.  For a discussion on single-sourcing
     # the version across setup.py and the project code, see
     # https://packaging.python.org/en/latest/single_source_version.html
-    version="2024.8.23",
+    version="{}.{}.{}".format(
+        now.year,
+        now.month,
+        now.day,
+    ),
     description='The Python third_party_license_file_generator is aimed at distilling down the appropriate license for one or many pip "requirements" files into a single file; it supports Python2.7 and Python3.',
     long_description=long_description,
     long_description_content_type="text/markdown",
@@ -62,10 +80,17 @@
     # your project is installed. For an analysis of "install_requires" vs pip's
     # requirements files see:
     # https://packaging.python.org/en/latest/requirements.html
-    install_requires=[
-        "requests>=2.25",
-        "PyYAML>=5.4",
-    ],
+    install_requires=(
+        [
+            "requests>=2.25",
+            "PyYAML>=5.4",
+        ]
+        if python3
+        else [
+            "requests>=2.25",
+            "PyYAML<5.4",
+        ]
+    ),
     # List additional groups of dependencies here (e.g. development
     # dependencies). You can install these using the following syntax,
     # for example:
diff --git a/test.sh b/test.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+set -e
+
+image_base="$(basename "$(pwd)")-test"
+
+VERSIONS=${VERSIONS:-"2.7 3.9 3.12 3.13"}
+
+for version in ${VERSIONS}; do
+    image="${image_base}:${version}"
+
+    echo ""
+    echo "!!!!"
+    echo "!!!! building ${image}"
+    echo "!!!!"
+    echo ""
+
+    if ! docker build --build-arg "VERSION=${version}" -f ./Dockerfile -t "${image}" .; then
+        echo "error: failed to build ${image}"
+        exit 1
+    fi
+done
+
+for version in ${VERSIONS}; do
+    container="${image_base}-${version}"
+    image="${image_base}:${version}"
+
+    echo ""
+    echo "!!!!"
+    echo "!!!! running ${image}"
+    echo "!!!!"
+    echo ""
+
+    if ! docker run --rm --name "${container}" --workdir /test "${image}"; then
+        echo "error: failed to run ${image}"
+        exit 1
+    fi
+done
diff --git a/third_party_license_file_generator/__main__.py b/third_party_license_file_generator/__main__.py
diff --git a/third_party_license_file_generator/licenses/__init__.py b/third_party_license_file_generator/licenses/__init__.py
diff --git a/third_party_license_file_generator/site_packages.py b/third_party_license_file_generator/site_packages.py

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +build
 +**/__pycache__
 +**/.pyc
 +*.egg-info