bobbai00 opened a new issue, #4448:
URL: https://github.com/apache/texera/issues/4448
### What happened?
The `sbt dist` zips produced by each dist-producing module
(access-control-service, amber, config-service,
computing-unit-managing-service, file-service, workflow-compiling-service) ship
the source-tree `LICENSE` and `NOTICE` at the top level.
For a binary distribution, ASF policy requires:
1. A top-level `LICENSE` that enumerates every third-party dependency
bundled inside the zip (this is what `LICENSE-binary` is for).
2. A matching `NOTICE` that carries the required attribution notices from
bundled third-party projects (this is what `NOTICE-binary` is for).
3. The full text of every non-Apache-2.0 license used by bundled
dependencies, shipped alongside `LICENSE` (this is what a top-level `licenses/`
directory is for).
The current `asfDistLicensingSettings` in `build.sbt` and the `distSettings`
helper in `project/AddMetaInfLicenseFiles.scala` ship the source-tree files
instead, so the zips do not satisfy ASF binary-distribution policy.
This is also a prerequisite for meaningful enforcement by the
`check-binary-licenses.yml` CI workflow: without the zips containing the
binary-specific files, the checker has nothing to validate.
### How to reproduce?
1. Run `sbt 'AccessControlService/dist'` (or any dist-producing module).
2. Unzip the output under `access-control-service/target/universal/`.
3. Inspect the top-level `LICENSE` — it is identical to the repo-root
`LICENSE`, i.e. the Apache 2.0 text only, with no third-party enumeration.
4. Inspect the top level — there is no `licenses/` directory containing
per-license texts.
### Version
1.1.0-incubating (Pre-release/Master)
### Commit Hash (Optional)
ef663648d (current `main` at time of filing)
### Relevant log output
```
$ unzip -l
access-control-service/target/universal/access-control-service-*.zip | grep -E
'LICENSE|NOTICE|licenses/'
...(only LICENSE and NOTICE; no LICENSE-binary, no NOTICE-binary, no
licenses/)...
```
### Proposed fix
Plumb `LICENSE-binary`, `NOTICE-binary`, `DISCLAIMER-WIP` (optional) and
every file under `licenses/*.txt` through the sbt-native-packager Universal
mappings for each dist-producing module. Replace the current `distSettings`
with a `distMappings(existing, rootDir)` helper in
`project/AddMetaInfLicenseFiles.scala`, and have each dist-producing module's
`build.sbt` invoke it:
```scala
Universal / mappings := AddMetaInfLicenseFiles.distMappings(
(Universal / mappings).value,
(ThisBuild / baseDirectory).value
)
```
The helper adds `require(...)` preconditions so the build fails early if any
compliance file is missing at the repo root.
Because this only addresses packaging, the real content of `LICENSE-binary`
/ `NOTICE-binary` / `licenses/` is a separate follow-up tracked by #4131 and
the ongoing binary-license review. A first cut can ship with stub files so the
packaging path lands safely and the content can be iterated on independently.
### Was this authored or co-authored using generative AI tooling?
Generated-by: Claude Code (Claude Opus 4.7)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
