Merge pull request #9 from nexB/release-020

Prepare Release 0.2.0

AUTHORS.rst

@@ -1,3 +1,5 @@
 The following organizations or individuals have contributed to this repo:
 
-- 
+- Tushar Goel @TG1999
+- Philippe Ombredanne @pombredanne
+- nexB Inc.

CHANGELOG.rst

@@ -7,3 +7,11 @@ v0.1.0 (8th April 2024)
 
 - Add goresym support in go-inspector.
 
+
+
+v0.2.0 (9th April 2024)
+------------------------
+
+- Add missing ABOUT file and license for goresym.
+- Bump to version GoReSym 2.7.2
+- Add support for dependencies and build info

NOTICE

@@ -1,6 +1,6 @@
 #
 # Copyright (c) nexB Inc. and others.
-# SPDX-License-Identifier: Apache-2.0
+# SPDX-License-Identifier: Apache-2.0 AND MIT AND BSD-3-Clause WITH LicenRef-scancode-google-patent-license-golang
 #
 # Visit https://aboutcode.org and https://github.com/nexB/ for support and download.
 # ScanCode is a trademark of nexB Inc.

README.rst

@@ -1,16 +1,75 @@
-Go-Inspector
+go-inspector
 ================================
 
-- To enable the GoReSym plugin, first you need to install goresym from https://github.com/mandiant/GoReSym/releases/download/v2.6.4/GoReSym.zip
-- Unzip the GoReSym.zip, extract goresym for linux and add it in src/go_inspector/bin.
-- then change it to executable  ```chmod u+x src/go_inspector/bin/GoReSym_lin```
-- Install requirements and dependencies using ```make dev```
-- Use ```scancode --json-pp - --go-symbol <PATH> --verbose``` to get debug symbols.
+go-inspector is a utility to extract dependencies and symbols from Go binaries.
+It is desigend to work as a ScanCode Toolkit plugin.
 
+To install and use:
 
-How to generate test binaries
-============================
+- Run ``pip install go-inspector``
+- Use with ``scancode --json-pp - --go-symbol --verbose <PATH to a tree or file with Go binaries>``
 
-- Run `go tool dist list` to get all possible pairs of OSes and arches to compile the binary.
-- Then use a OS/arch pair like this ``GOOS=<OS> GOARCH=<arch> go build -o ./tests/data/app_exe ./tests/data/main.go``
-  to get compiled binary.
+The JSON output will contain various dependencies and symbols found in Go binaries if any.
+
+
+- License: Apache-2.0 AND MIT AND BSD-3-Clause WITH LicenRef-scancode-google-patent-license-golang
+- Copyright (c) nexB Inc., Mandiant, The Go Authors, Elliot Chance and others
+- Homepage: https://github.com/nexB/go-inspector/
+
+See the src/go_inspector/bin for detailed license and credits for bundled third-party packages.
+
+
+Development
+----------------
+
+- Install requirements and dependencies using ``make dev``
+- Then ``source venv/bin/activate``
+
+Testing:
+
+- To run tests: ``pytest -vvs``
+- To regen test fixtures: ``SCANCODE_REGEN_TEST_FIXTURES=yes pytest -vvs``
+- To update the bundled GoReSym, see src/bin/update.sh
+
+
+How to re-generate test binaries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+These are compiled (and committed) from code in tests/data/basic :
+
+- Run ``go tool dist list`` to get all possible pairs of OSes and arches to compile the binary.
+- Then build a OS/arch pair like this to get compiled binaries:
+  ``GOOS=<OS> GOARCH=<arch> go build -o ./tests/data/basic/app_<OS>_exe ./tests/data/main.go``
+- Make a copy and run strip of the Linux executable as "app_lin_exe_stripped"
+
+
+Funding and sponsoring
+---------------------------
+
+This project is funded in part through:
+
+- NGI0 Entrust https://nlnet.nl/entrust, a fund established by NLnet with
+  financial support from the European Commission's Next Generation Internet https://ngi.eu program.
+  Learn more at the NLnet project page https://nlnet.nl/purl2all. 
+
+  |nlnet| and |ngi0entrust|
+
+- Support from nexB Inc. |nexb|
+
+- Generous support from users like you!
+
+
+.. |nlnet| image:: https://nlnet.nl/logo/banner.png
+    :target: https://nlnet.nl
+    :width: 20%
+    :alt: NLnet foundation logo
+
+.. |ngi0entrust| image:: https://nlnet.nl/image/logos/NGI0_tag.svg
+    :target: https://nlnet.nl/entrust
+    :width: 20%
+    :alt: NGI Zero Logo
+
+.. |nexb| image:: https://nexb.com/wp-content/uploads/2022/04/nexB.svg
+    :target: https://nexb.com
+    :width: 20%
+    :alt: nexB logo

azure-pipelines.yml

@@ -11,54 +11,54 @@ jobs:
       parameters:
           job_name: ubuntu20_cpython
           image_name: ubuntu-20.04
-          python_versions: ['3.8', '3.9', '3.10', '3.11']
+          python_versions: ['3.8', '3.9', '3.10', '3.11', '3.12']
           test_suites:
               all: venv/bin/pytest -n 2 -vvs
 
     - template: etc/ci/azure-posix.yml
       parameters:
           job_name: ubuntu22_cpython
           image_name: ubuntu-22.04
-          python_versions: ['3.8', '3.9', '3.10', '3.11']
+          python_versions: ['3.8', '3.9', '3.10', '3.11', '3.12']
           test_suites:
               all: venv/bin/pytest -n 2 -vvs
 
     # - template: etc/ci/azure-posix.yml
     #   parameters:
     #       job_name: macos11_cpython
     #       image_name: macOS-11
-    #       python_versions: ['3.8', '3.9', '3.10', '3.11']
+    #       python_versions: ['3.8', '3.9', '3.10', '3.11', '3.12']
     #       test_suites:
     #           all: venv/bin/pytest -n 2 -vvs
 
     # - template: etc/ci/azure-posix.yml
     #   parameters:
     #       job_name: macos12_cpython
     #       image_name: macOS-12
-    #       python_versions: ['3.8', '3.9', '3.10', '3.11']
+    #       python_versions: ['3.8', '3.9', '3.10', '3.11', '3.12']
     #       test_suites:
     #           all: venv/bin/pytest -n 2 -vvs
 
     # - template: etc/ci/azure-posix.yml
     #   parameters:
     #       job_name: macos13_cpython
     #       image_name: macOS-13
-    #       python_versions: ['3.8', '3.9', '3.10', '3.11']
+    #       python_versions: ['3.8', '3.9', '3.10', '3.11', '3.12']
     #       test_suites:
     #           all: venv/bin/pytest -n 2 -vvs
 
     # - template: etc/ci/azure-win.yml
     #   parameters:
     #       job_name: win2019_cpython
     #       image_name: windows-2019
-    #       python_versions: ['3.8', '3.9', '3.10', '3.11']
+    #       python_versions: ['3.8', '3.9', '3.10', '3.11', '3.12']
     #       test_suites:
     #           all: venv\Scripts\pytest -n 2 -vvs
 
     # - template: etc/ci/azure-win.yml
     #   parameters:
     #       job_name: win2022_cpython
     #       image_name: windows-2022
-    #       python_versions: ['3.8', '3.9', '3.10', '3.11']
+    #       python_versions: ['3.8', '3.9', '3.10', '3.11', '3.12']
     #       test_suites:
     #           all: venv\Scripts\pytest -n 2 -vvs

setup.cfg

@@ -1,12 +1,12 @@
 [metadata]
-name = skeleton
-license = Apache-2.0
+name = go-inspector
+license = Apache-2.0 AND MIT AND BSD-3-Clause WITH LicenRef-scancode-google-patent-license-golang
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
-description = skeleton
+description = go-inspector is a scancode plugin to extract symbols and dependencies found in Go binaries.
 long_description = file:README.rst
 long_description_content_type = text/x-rst
-url = https://github.com/nexB/skeleton
+url = https://github.com/nexB/go-inspector
 
 author = nexB. Inc. and others
 author_email = info@aboutcode.org
@@ -38,14 +38,13 @@ zip_safe = false
 
 setup_requires = setuptools_scm[toml] >= 4
 
-python_requires = >=3.7
+python_requires = >=3.8
 
 install_requires =
+    commoncode
     plugincode
     scancode-toolkit
     typecode
-    commoncode
-    importlib-metadata
 
 [options.entry_points]
 
@@ -74,4 +73,3 @@ docs =
     sphinx-autobuild
     sphinx-rtd-dark-mode>=1.3.0
     sphinx-copybutton
-

src/go_inspector/__init__.py

@@ -1,2 +1 @@
-
-__version__ = "0.1.0"
+__version__ = "0.2.0"

src/go_inspector/bin/GoReSym.zip.sums

@@ -0,0 +1 @@
+24c50fc10f169d36814b43da006bb5cd313baa04fcf94af99c730ef56eee62fe  GoReSym.zip

src/go_inspector/bin/GoReSym_lin.ABOUT

@@ -0,0 +1,10 @@
+about_resource: GoReSym_lin
+name: goresym
+version: 2.7.2
+download_url: https://github.com/mandiant/GoReSym/releases/download/v2.7.2/GoReSym.zip
+package_url: pkg:github/mandiant/goresym@2.7.2?download_url=https://github.com/mandiant/GoReSym/releases/download/v2.7.2/GoReSym.zip
+copyright: Copyright (c) 2022 MANDIANT
+checksum_sha1: d1a3252a3a174c8baacbe16b8d060b3affc9d05b
+checksum_sha256: 24c50fc10f169d36814b43da006bb5cd313baa04fcf94af99c730ef56eee62fe
+license_expression: mit
+license_text_file: GoReSym_lin.LICENSE

src/go_inspector/bin/GoReSym_lin.LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 MANDIANT
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

src/go_inspector/bin/arch-52c3e6f60cffa0133a3f9b2fc7f6862504a6cba0.tar.gz.ABOUT

@@ -0,0 +1,16 @@
+about_resource: GoReSym_lin
+notes: GoReSym_lin embeds this package
+name: arch
+version: 52c3e6f60cffa0133a3f9b2fc7f6862504a6cba0
+download_url: https://github.com/golang/arch/archive/52c3e6f60cffa0133a3f9b2fc7f6862504a6cba0.tar.gz
+package_url: pkg:github/golang/arch@52c3e6f60cffa0133a3f9b2fc7f6862504a6cba0
+license_expression: bsd-new AND google-patent-license-golang
+copyright: Copyright The Go Authors
+attribute: yes
+licenses:
+  - key: bsd-new
+    name: BSD-3-Clause
+    file: bsd-new.LICENSE
+  - key: google-patent-license-golang
+    name: Google Patent License for Go
+    file: google-patent-license-golang.LICENSE

src/go_inspector/bin/binaryregexp-0.2.0.tar.gz.ABOUT

@@ -0,0 +1,13 @@
+about_resource: GoReSym_lin
+notes: GoReSym_lin embeds this package
+name: binaryregexp
+version: 0.2.0
+download_url: https://github.com/rsc/binaryregexp/archive/refs/tags/v0.2.0.tar.gz
+package_url: pkg:github/rsc/binaryregexp@0.2.0?version_prefix=v
+license_expression: bsd-new
+copyright: Copyright The Go Authors
+attribute: yes
+licenses:
+  - key: bsd-new
+    name: BSD-3-Clause
+    file: bsd-new.LICENSE

src/go_inspector/bin/bsd-new.LICENSE

@@ -0,0 +1,9 @@
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

src/go_inspector/bin/exp-89c5cff77bcbacf5bc89bd83d69d4fa8c80cf8af.tar.gz.ABOUT

@@ -0,0 +1,16 @@
+about_resource: GoReSym_lin
+notes: GoReSym_lin embeds this package
+name: exp
+version: 89c5cff77bcbacf5bc89bd83d69d4fa8c80cf8af
+download_url: https://github.com/golang/exp/archive/89c5cff77bcbacf5bc89bd83d69d4fa8c80cf8af.tar.gz
+package_url: pkg:github/golang/exp@89c5cff77bcbacf5bc89bd83d69d4fa8c80cf8af
+license_expression: bsd-new AND google-patent-license-golang
+copyright: Copyright The Go Authors
+attribute: yes
+licenses:
+  - key: bsd-new
+    name: BSD-3-Clause
+    file: bsd-new.LICENSE
+  - key: google-patent-license-golang
+    name: Google Patent License for Go
+    file: google-patent-license-golang.LICENSE

src/go_inspector/bin/google-patent-license-golang.LICENSE

@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.

src/go_inspector/bin/mit.LICENSE

@@ -0,0 +1,5 @@
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

src/go_inspector/bin/orderedmap-1.4.0.tar.gz.ABOUT

@@ -0,0 +1,13 @@
+about_resource: GoReSym_lin
+notes: GoReSym_lin embeds this package
+name: orderedmap
+version: 1.4.0
+download_url: https://github.com/elliotchance/orderedmap/archive/refs/tags/v1.4.0.tar.gz
+package_url: pkg:github/elliotchance/orderedmap@1.4.0?version_prefix=v
+license_expression: mit
+copyright: Copyright Elliot Chance
+attribute: yes
+licenses:
+  - key: mit
+    name: MIT License
+    file: mit.LICENSE

src/go_inspector/bin/update.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/go-inspector for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+
+# Use this script to update GoReSym binary to a new version
+
+set +e
+GORESYM_VERSION=v2.7.2
+
+rm -rf GoReSym.zip goresymzip
+
+wget https://github.com/mandiant/GoReSym/releases/download/$GORESYM_VERSION/GoReSym.zip
+
+# recompute the sha256 by hand with:
+# sha256sum GoReSym.zip > GoReSym.zip.sums
+sha256sum -c GoReSym.zip.sums
+
+unzip -qd goresymzip GoReSym.zip
+mv goresymzip/GoReSym_lin .
+chmod u+x GoReSym_lin
+
+rm -rf GoReSym.zip goresymzip
+
+# finally run a binary analysis on this GoReSym executable and update the ABOUT files accordingly