fix: #510: third-party licenses (#511)

* add THIRDPARTY yaml file with all third-party licenses * generate initial draft using cargo bundle-licenses * resolve all license warnings manually * manually add Rust stdlib section * resolve CI issues * bundle new YAML file in Python `wheel` and `sdist` * add notes regarding manual resolutions
rigetti · Nov 20, 2024 · dfc0ac9 · dfc0ac9
1 parent 85c0f24
commit dfc0ac9
Show file tree

Hide file tree

Showing 9 changed files with 41,126 additions and 16 deletions.
diff --git a/.gitignore b/.gitignore
@@ -37,3 +37,6 @@ crates/python/tests/__output__/
 
 # unversioned developer notes
 scratch/
+
+# un-consolidated updates to THIRDPARTY license data
+/THIRDPARTY-update.yaml
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/lib/Cargo.toml b/crates/lib/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "qcs"
 description = "High level interface for running Quil on a QPU"
-version = "0.25.2"
+version = "0.25.3-rc.4"
 edition = "2018"
 license = "Apache-2.0"
 repository = "https://github.com/rigetti/qcs-sdk-rust"

diff --git a/crates/python/Cargo.toml b/crates/python/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "qcs-sdk-python"
 description = "Python bindings to qcs-sdk-rust"
-version = "0.21.2"
+version = "0.21.3-rc.4"
 edition = "2021"
 license = "Apache-2.0"
 repository = "https://github.com/rigetti/qcs-sdk-rust"

diff --git a/crates/python/THIRDPARTY.yaml b/crates/python/THIRDPARTY.yaml
diff --git a/crates/python/pyproject.toml b/crates/python/pyproject.toml
@@ -1,7 +1,7 @@
 # This is the metadata Maturin uploads to PyPI on publish
 [project]
 name = "qcs-sdk-python"
-version = "0.21.2"
+version = "0.21.3-rc.4"
 description = "Python interface for the QCS Rust SDK"
 readme = "README.md"
 license = { text = "Apache-2.0" }
@@ -27,7 +27,8 @@ dependencies = ["quil>=0.11.2", "qcs-api-client-common>=0.10.0"]
 features = ["pyo3/extension-module"]
 bindings = "pyo3"
 compatibility = "linux"
-sdist-include = ["README.md"]
+include = ["THIRDPARTY.yaml"]
+sdist-include = ["README.md", "THIRDPARTY.yaml"]
 
 [project.optional-dependencies]
 pyquil = [

diff --git a/crates/python/scripts/patch_grpc_web.py b/crates/python/scripts/patch_grpc_web.py
@@ -1,6 +1,5 @@
 """
-Appends grpc-web to the project name of both Cargo.toml and pyproject.toml,
-and patches the `hyper-proxy` dependency to allow ppc64le wheel builds.
+Appends grpc-web to the project name of both Cargo.toml and pyproject.toml.
 
 This is used in CI to prepare grpc-web-specific python artifacts for publishing.
 """
@@ -29,11 +28,4 @@ def write(f: TextIOWrapper, data):
 with open(join(pycrate_path, "Cargo.toml"), "r+") as f:
     data = toml.load(f)
     data["package"]["name"] = "qcs-sdk-python-grpc-web"
-    write(f, data)
-
-# Patch the `hyper-proxy` dependency
-
-with open(join(workspace_path, "Cargo.toml"), "r+") as f:
-    data = toml.load(f)
-    data["patch"] = {"crates-io": {"hyper-proxy": {"git": "https://github.com/rigetti/hyper-proxy"}}}
-    write(f, data)
+    write(f, data)
diff --git a/deny.toml b/deny.toml
@@ -68,6 +68,7 @@ ignore = [
     { id = "RUSTSEC-2024-0375", reason = "introduced by atty, a transitive dependency of multiple dependencies, with no upgrade path" },
     { id = "RUSTSEC-2024-0006", reason = "introduced by shlex, a transitive dependency of bindgen with no upgrade path" },
     { id = "RUSTSEC-2021-0139", reason = "ansi_term is unmaintained, but used by clap" },
+    { id = "RUSTSEC-2024-0384", reason = "instant is unmaintained, but used by backoff" },
 ]
 yanked = "deny"
 # If this is true, then cargo deny will use the git executable to fetch advisory database.

diff --git a/manual_changes_thirdparty.txt b/manual_changes_thirdparty.txt