[XN2vr37d] Add license files and gradle script

build.gradle

@@ -118,7 +118,10 @@ subprojects {
 
 }
 
+apply from: "licenses-3rdparties.gradle"
+
 ext {
+    publicDir =  "${project.rootDir}"
     // NB: due to version.json generation by parsing this file, the next line must not have any if/then/else logic
     neo4jVersion = "4.4.19"
     // instead we apply the override logic here

core/build.gradle

@@ -54,6 +54,8 @@ dependencies {
     compile group: 'com.jayway.jsonpath', name: 'json-path', version: '2.8.0'
     compile group: 'org.hdrhistogram', name: 'HdrHistogram', version: '2.1.9'
 
+    // If updated check if the transitive dependency to org.antlr:ST4:4.1 has also updated
+    // and remove the manual licensing check for it in licenses-3rdparties.gradle
     antlr "org.antlr:antlr4:4.7.2", {
         exclude group: 'org.glassfish'
         exclude group: 'com.ibm.icu'
@@ -126,6 +128,8 @@ dependencies {
     testCompile group: 'org.apache.hive', name: 'hive-jdbc', version: '1.2.2', withoutServers
 
     compileOnly group: 'org.apache.hadoop', name: 'hadoop-hdfs', version: '3.3.5', withoutServers
+    // If updated check if the transitive dependency to javax.servlet.jsp:jsp-api:2.1 has also updated
+    // and remove the manual licensing check for it in licenses-3rdparties.gradle
     compileOnly group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.5', withoutServers
 
     compile group: 'org.apache.commons', name: 'commons-math3', version: '3.6.1'

extra-dependencies/hadoop/build.gradle

@@ -36,6 +36,8 @@ def commonExclusions = {
 
 dependencies {
     compile group: 'org.apache.hadoop', name: 'hadoop-hdfs-client', version: '3.3.5', commonExclusions
+    // If updated check if the transitive dependency to javax.servlet.jsp:jsp-api:2.1 has also updated
+    // and remove the manual licensing check for it in licenses-3rdparties.gradle
     compile group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.5', commonExclusions
 }
 

full/build.gradle

@@ -58,6 +58,8 @@ dependencies {
     compileOnly group: 'org.neo4j.driver', name: 'neo4j-java-driver', version: '4.4.9'
     compile group: 'com.novell.ldap', name: 'jldap', version: '2009-10-07'
 
+    // If updated check if the transitive dependency to org.antlr:ST4:4.1 has also updated
+    // and remove the manual licensing check for it in licenses-3rdparties.gradle
     antlr "org.antlr:antlr4:4.7.2", {
         exclude group: 'org.glassfish'
         exclude group: 'com.ibm.icu'

licenses-3rdparties.gradle

@@ -0,0 +1,200 @@
+// All licenses that we accept, and their aliases
+def allowList = [
+        [name: 'BSD-2-Clause', url: 'http://opensource.org/licenses/BSD-2-Clause', aliases: [
+                [name: 'BSD-style', url: 'http://www.opensource.org/licenses/bsd-license.php'],
+                [name: 'BSD', url: 'http://www.opensource.org/licenses/bsd-license.php'],
+                [name: 'The BSD License', url: 'http://www.opensource.org/licenses/bsd-license.php'],
+                [name: 'BSD 2-Clause License'],
+                [name: 'BSD 2-Clause license', url: 'http://opensource.org/licenses/BSD-2-Clause'],
+                [name: 'BSD', url: 'http://www.jcraft.com/jzlib/LICENSE.txt'],
+                [name: 'Revised BSD', url: 'http://www.jcraft.com/jsch/LICENSE.txt'],
+        ]],
+        [name: 'BSD-3-Clause', url: 'http://opensource.org/licenses/BSD-3-Clause', aliases: [
+                [name: 'BSD-3-Clause', url: 'https://asm.ow2.io/license.html'],
+                [name: 'The BSD 3-Clause License'],
+                [name: 'The 3-Clause BSD License'],
+                [name: '3-Clause BSD License'],
+                [name: 'BSD 3-Clause'],
+                [name: 'BSD 3 Clause'],
+                [name: 'BSD 3-clause'],
+                [name: 'BSD 3-Clause License'],
+                [name: 'BSD Licence 3'],
+                [name: 'BSD License 3'],
+                [name: 'New BSD License'],
+                [name: 'New BSD license'],
+                [name: 'The New BSD License'],
+                [name: 'BSD License', url: 'http://www.antlr.org/license.html'],
+                [name: 'BSD licence', url: 'http://antlr.org/license.html'],
+                [name: 'The BSD License', url: 'http://www.antlr.org/license.html'],
+                [name: 'BSD', url: 'http://asm.ow2.org/license.html'],
+                [name: 'BSD', url: 'http://www.jcraft.com/jsch/LICENSE.txt'],
+                [name: 'BSD', url: 'https://github.com/sbt/test-interface/blob/master/LICENSE'],
+                [name: 'BSD', url: 'LICENSE.txt'],
+                [name: 'BSD 3-Clause "New" or "Revised" License (BSD-3-Clause)'],
+                [name: '', url: 'http://asm.ow2.org/license.html'],
+                [name: 'BSD', url: 'http://asm.objectweb.org/license.html'],
+        ]],
+        [name: 'Apache-2.0', url: 'https://opensource.org/licenses/Apache-2.0', aliases: [
+                [name: 'The Apache Software License, Version 2.0'],
+                [name: 'The Apache License, Version 2.0'],
+                [name: 'The Apache Software License, version 2.0'],
+                [name: 'Apache 2'],
+                [name: 'Apache v2'],
+                [name: 'Apache License, Version 2.0'],
+                [name: 'Apache License, Version 2'],
+                [name: 'Apache Software License - Version 2.0'],
+                [name: 'Apache License 2.0'],
+                [name: 'Apache License'],
+                [name: 'Apache 2.0'],
+                [name: 'Apache-2.0'],
+                [name: 'Apache 2.0 License'],
+                [name: 'ASL'],
+                [name: 'ASL 2.0'],
+                [name: 'the Apache License, ASL Version 2.0'],
+                [name: 'Apache License V2.0'],
+                [name: 'Apache License v2.0'],
+                [name: 'Apache License Version 2.0'],
+                [name: '', url: 'http://www.apache.org/licenses/LICENSE-2.0.txt'],
+        ]],
+        [name: 'MIT', url: 'https://opensource.org/licenses/MIT', aliases: [
+                [name: 'MIT'],
+                [name: 'MIT license'],
+                [name: 'MIT License'],
+                [name: 'The MIT License'],
+                [name: 'Bouncy Castle Licence'],
+                [name: 'MIT-0', url: 'https://spdx.org/licenses/MIT-0.html'],
+        ]],
+        [name: 'Eclipse Distribution License - v 1.0', url: 'https://www.eclipse.org/licenses/edl-v10.html', aliases: [
+                [name: 'Eclipse Distribution License - v 1.0', url: 'http://www.eclipse.org/org/documents/edl-v10.php'],
+                [name: 'EDL 1.0'],
+        ]],
+        [name: 'Eclipse Public License - v 1.0', url: 'https://www.eclipse.org/legal/epl-v10.html', aliases: [
+                [name: 'Eclipse Public License 1.0'],
+                [name: 'EPL', url: 'http://www.eclipse.org/legal/epl-v10.html']
+        ]],
+        [name: 'Eclipse Public License - v 2.0', url: 'http://www.eclipse.org/legal/epl-2.0.html', aliases: [
+                [name: 'Eclipse Public License 2.0'],
+                [name: 'Eclipse Public License v2.0', url: 'https://www.eclipse.org/legal/epl-v20.html'],
+                [name: 'EPL 2.0', url: 'http://www.eclipse.org/legal/epl-2.0'],
+                [name: 'Eclipse Public License - v 2.0', url: 'https://www.eclipse.org/legal/epl-v20.html']
+        ]],
+        [name: 'GNU General Public License (GPL), version 2, with the Classpath exception', url: 'http://openjdk.java.net/legal/gplv2+ce.html', aliases: [
+                [name: 'GPL-2.0'],
+                [name: 'GPL'],
+                [name: 'GNU General Public License Version 2', url: 'http://www.gnu.org/copyleft/gpl.html']
+        ]],
+        [name: 'GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1', url: 'https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html'],
+        [name: 'Public Domain, per Creative Commons CC0', url: 'http://creativecommons.org/publicdomain/zero/1.0/', aliases: [
+                [name: 'CC0'],
+                [name: 'Public Domain'],
+        ]],
+        [name: 'MPL-2.0', url: 'https://www.mozilla.org/MPL/2.0/', aliases: [
+                [name: 'Mozilla Public License Version 2.0'],
+                [name: 'Mozilla Public License, v. 2.0', url: 'http://mozilla.org/MPL/2.0/'],
+        ]],
+        [name: 'Common Development and Distribution License Version 1.0', aliases: [
+                [name: 'COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0']
+        ]],
+        [name: 'Common Development and Distribution License Version 1.1', aliases: [
+                [name: 'CDDL1.1'],
+                [name: 'CDDL 1.1'],
+                [name: 'Common Development and Distribution License (CDDL), Version 1.1'],
+                [name: 'CDDL License', url: 'http://www.opensource.org/licenses/cddl1.php']
+        ]],
+        [name: 'Common Development and Distribution License Version 1.1 and GNU General Public License, version 2 with the Classpath Exception', aliases: [
+                [name: 'CDDL1.1-GPL2/CPE'],
+                [name: 'Dual license consisting of the CDDL v1.1 and GPL v2'],
+                [name: 'CDDL + GPLv2 with classpath exception'],
+        ]],
+        [name: 'The Go license', url: 'https://golang.org/LICENSE'],
+        [name: 'The OpenLDAP Public License', url: 'http://www.openldap.org/software/release/license.html'],
+]
+
+// Dependency license reporting
+downloadLicenses {
+    dependencyConfiguration = 'runtimeClasspath'
+    // Add licenses to some libraries which don't declare their license inside the POM. Should be rechecked if the version is updated.
+    licenses = [
+                    'javax.servlet.jsp:jsp-api:2.1' : license('Common Development and Distribution License Version 1.1', null),
+                    'org.antlr:ST4:4.1' : license('BSD-3-Clause', null),
+                    'org.gradle:gradle-tooling-api:6.1.1' : license('Apache-2.0', null),
+    ]
+    aliases = allowList.collectEntries { lic ->
+        def actual = license(lic.name, lic.url)
+        def alternatives = lic.aliases.collect { it.url ? license(it.name, it.url) : it.name }
+        [(actual): alternatives]
+    }
+}
+
+tasks.downloadLicenses.ext.licenseToDependencyJson = { ->
+    def jsonDir = tasks.downloadLicenses.jsonDestination
+    def jsonFile = file("$jsonDir/license-dependency.json")
+    new groovy.json.JsonSlurper().parseText(jsonFile.text)
+}
+
+tasks.downloadLicenses.ext.dependencyToLicenseJson = { ->
+    def jsonDir = tasks.downloadLicenses.jsonDestination
+    def jsonFile = file("$jsonDir/dependency-license.json")
+    new groovy.json.JsonSlurper().parseText(jsonFile.text)
+}
+
+// Dependency license validation
+tasks.register("validateLicenses") {
+    group = 'license'
+    description = 'Checks 3rd-party dependency licenses against an allowlist'
+
+    dependsOn tasks.downloadLicenses
+
+    def excludeNeo4jPattern = /^(org|com)\.neo4j.*/
+    doLast {
+        def allowListedNames = allowList.collect { it.name }
+        tasks.downloadLicenses.dependencyToLicenseJson().dependencies
+                .findAll { dep -> !dep.name.matches(excludeNeo4jPattern) }
+                .findAll { dep -> allowListedNames.intersect(dep.licenses.collect { it.name }).isEmpty() }
+                .each { dep -> logger.error("In project ${project.name}: Could not find an allowed license for dependency '$dep.name'. Details: ${dep.toMapString()}") }
+                .each { dep -> throw new GradleException("The dependency '$dep.name' has no allowed license") }
+    }
+}
+tasks.check.dependsOn tasks.validateLicenses
+
+tasks.register("generateLicensesFiles") {
+    group = 'license'
+    description 'Generates a LICENSES and NOTICE file with 3rd-party dependency license information'
+
+    dependsOn tasks.downloadLicenses, tasks.validateLicenses
+
+    ext.licensesFile = file("$tasks.downloadLicenses.jsonDestination/LICENSES.txt")
+    ext.noticeFile = file("$tasks.downloadLicenses.jsonDestination/NOTICE.txt")
+    outputs.file(ext.licensesFile)
+    outputs.file(ext.noticeFile)
+    doLast {
+        // LICENSES.txt
+        licensesFile.createNewFile()
+        licensesFile.text = rootProject.file("$publicDir/licenses/headers/LICENSES-header.txt").text
+
+        tasks.downloadLicenses.licenseToDependencyJson().licences
+                .findAll { lic -> allowList.any { lic.name == it.name }}
+                .sort { it.name }.each {
+            licensesFile << '\n\n'
+            licensesFile << "------------------------------------------------------------------------------\n"
+            licensesFile << "$it.name\n"
+            it.dependencies.sort { it }.each { licensesFile << "  $it\n" }
+            licensesFile << "------------------------------------------------------------------------------\n"
+            licensesFile << '\n'
+            licensesFile << rootProject.file("$publicDir/licenses/text/$it.name").text
+        }
+
+        // NOTICE.txt
+        noticeFile.createNewFile()
+        noticeFile.text = rootProject.file("$publicDir/licenses/headers/NOTICE-header.txt").text
+        noticeFile << '\n\n'
+        noticeFile << "Third-party licenses\n"
+        noticeFile << "--------------------\n"
+        tasks.downloadLicenses.licenseToDependencyJson().licences.sort { it.name }.each {
+            noticeFile << '\n'
+            noticeFile << "$it.name\n"
+            it.dependencies.sort { it }.each { noticeFile << "  $it\n" }
+        }
+    }
+}
+tasks.check.dependsOn tasks.generateLicensesFiles

licenses/headers/LICENSES-header.txt

@@ -0,0 +1,2 @@
+This file contains the full license text of the included third party
+libraries. For an overview of the licenses see the NOTICE.txt file.

licenses/headers/NOTICE-header.txt

@@ -0,0 +1,22 @@
+Neo4j
+Copyright © 2002-2023 Neo4j Sweden AB (referred to in this notice as "Neo4j")
+[http://neo4j.com]
+
+This product includes software ("Software") developed by Neo4j.
+
+The copyright in the bundled Neo4j graph database (including the
+Software) is owned by Neo4j. The Software developed and owned
+by Neo4j is licensed under the GNU GENERAL PUBLIC LICENSE Version 3
+(http://www.fsf.org/licensing/licenses/gpl-3.0.html) ("GPL")
+to all third parties and that license, as required by the GPL, is
+included in the LICENSE.txt file.
+
+However, if you have executed an End User Software License and Services
+Agreement or an OEM Software License and Support Services Agreement, or
+another commercial license agreement with Neo4j or one of its
+affiliates (each, a "Commercial Agreement"), the terms of the license in
+such Commercial Agreement will supersede the GPL and you may use the
+software solely pursuant to the terms of the relevant Commercial
+Agreement.
+
+Full license texts are found in LICENSES.txt.

licenses/headers/source-header.txt

@@ -0,0 +1,16 @@
+Copyright (c) "Neo4j"
+Neo4j Sweden AB [http://neo4j.com]
+
+This file is part of Neo4j.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.