Help Wanted: go-licenses csv ... command returned incorrectly formed go-package licenses URLs (inaccessible URLs)

[Priyankasaggu11929]

I've been working on a bash utility script - verify-licenses.sh that verifies licenses for the go-packages used by the upstream Kubernetes Project, against the CNCF approved list of licenses.

We ran across an issue where executing the go-licenses csv ... command against Kubernetes project repo, produced a list of incorrectly formed Licenses URLs (inaccessible URLs) for a few go-packages, where in reality, those packages have valid accessible licenses present in the project.

Below is snippet from the script logs, with name/urls of the go-packages in question. (Please find the full script logs here)

go-licenses csv --git_remote "licenses" ./...

....
....
....
github.com/Azure/go-autorest/autorest                                                                :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/v0.11.18/autorest/LICENSE
github.com/Azure/go-autorest/autorest/adal                                                           :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.13/autorest/adal/LICENSE
github.com/Azure/go-autorest/autorest/date                                                           :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/date/v0.3.0/autorest/date/LICENSE
github.com/Azure/go-autorest/autorest/mocks                                                          :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/mocks/v0.4.1/autorest/mocks/LICENSE
github.com/Azure/go-autorest/autorest/to                                                             :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/to/v0.4.0/autorest/to/LICENSE
github.com/Azure/go-autorest/autorest/validation                                                     :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/validation/v0.1.0/autorest/validation/LICENSE
github.com/Azure/go-autorest/logger                                                                  :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/logger/v0.2.1/logger/LICENSE
github.com/Azure/go-autorest/tracing                                                                 :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/tracing/v0.6.0/tracing/LICENSE
github.com/blang/semver/v4                                                                           :  MIT                  : https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE
....
....

For example:

• The license URL for package github.com/Azure/go-autorest/autorest returned is https://github.com/Azure/go-autorest/blob/autorest/v0.11.18/autorest/LICENSE which is inaccessible & gives a 404 response.

  The correct accessible URL is present at https://github.com/Azure/go-autorest/blob/autorest/v0.11.18/LICENSE

For more context/information, check the WIP PR: kubernetes/kubernetes#109299

---

Help Wanted / Solution

We need help with implementing a fix/workaround for the 'go-licenses csv...' command so that it returns correctly formatted accessible URLs for go-packages that have valid licences present in their source code repository.

[Bobgy]

The problem seems identical to #73 (comment).

[Bobgy]

I have an open #110 to resolve the issue.

Not sure if the PR still compiles, can you try that branch?

Why not merged yet?

• the PR adds a lot of complexities
• I was not sure whether we can assume license URLs are accessible publicly.
• No one was asking for this issue yet

Since you asked, I can try to revisit the PR.

[Priyankasaggu11929]

Thanks @Bobgy for the prompt response & pointers ^.

Not sure if the PR still compiles, can you try that branch?

I'll try testing with the PR branch.