logrus/LICENSE not present in THIRD_PARTY_LICENSES

[drigz]

I'm looking at how COS collects the licenses of Golang dependencies, and spotted that although osconfig specifies github.com/sirupsen/logrus as an indirect dependency in go.mod, it doesn't include its license in THIRD_PARTY_LICENSES.

Does THIRD_PARTY_LICENSES need updating? Could you explain how it was generated? (this would also be useful for me, as I'll have to do the same for another project)

I also used https://github.com/google/go-licenses to double-check, although I wouldn't trust that too much, as it seems to be in the "current tool is deprecated, new tool is not ready" state we know and love (google/go-licenses#70).

$ go-licenses csv github.com/GoogleCloudPlatform/osconfig
# lots `unsupported package host` and `cannot determine URL` errors that I couldn't easily resolve
cloud.google.com/go/logging,Unknown,Apache-2.0
cloud.google.com/go/storage,Unknown,Apache-2.0
cloud.google.com/go,Unknown,Apache-2.0
cos.googlesource.com/cos/tools.git/src/pkg,Unknown,Apache-2.0
github.com/golang/glog,https://github.com/golang/glog/blob/master/LICENSE,Apache-2.0
github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/master/lru/LICENSE,Apache-2.0
github.com/golang/mock/gomock,https://github.com/golang/mock/blob/master/gomock/LICENSE,Apache-2.0
github.com/golang/protobuf,https://github.com/golang/protobuf/blob/master/LICENSE,BSD-3-Clause
github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/master/v2/LICENSE,BSD-3-Clause
github.com/GoogleCloudPlatform/guest-logging-go/logger,https://github.com/GoogleCloudPlatform/guest-logging-go/blob/master/logger/LICENSE,Apache-2.0
github.com/GoogleCloudPlatform/osconfig,https://github.com/GoogleCloudPlatform/osconfig/blob/master/LICENSE,Apache-2.0
github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/master/cmp/LICENSE,BSD-3-Clause
github.com/julienschmidt/httprouter,https://github.com/julienschmidt/httprouter/blob/master/LICENSE,BSD-3-Clause
github.com/pkg/errors,https://github.com/pkg/errors/blob/master/LICENSE,BSD-2-Clause
github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/master/LICENSE,MIT
github.com/tarm/serial,https://github.com/tarm/serial/blob/master/LICENSE,BSD-3-Clause
github.com/ulikunitz/xz,https://github.com/ulikunitz/xz/blob/master/LICENSE,BSD-3-Clause
go.chromium.org/luci,Unknown,Apache-2.0
golang.org/x/crypto,Unknown,BSD-3-Clause
golang.org/x/net,Unknown,BSD-3-Clause
golang.org/x/oauth2,Unknown,BSD-3-Clause
golang.org/x/sync/semaphore,Unknown,BSD-3-Clause
golang.org/x/sys,Unknown,BSD-3-Clause
golang.org/x/text,Unknown,BSD-3-Clause
google.golang.org/api/internal/third_party/uritemplates,Unknown,BSD-3-Clause
google.golang.org/api,Unknown,BSD-3-Clause
google.golang.org/genproto,Unknown,Apache-2.0
google.golang.org/grpc,Unknown,Apache-2.0
google.golang.org/protobuf,Unknown,BSD-3-Clause
go.opencensus.io,Unknown,Apache-2.0

PS. I noticed that other dependencies from go.sum aren't mentioned, including https://github.com/BurntSushi/toml, although since go-licenses doesn't list these, I suspect that go.sum is too conservative here and they aren't included in the osconfig binary.

[Bobgy]

In case you might want to try, the new go-licenses tool is available in my fork: https://github.com/Bobgy/go-licenses/tree/main/v2, which is integrated fully with github.com/kubeflow/pipelines. The issue tracks upstreaming my fork to the official repo, so it's still WIP.

Besides using a built tool, note that you can also find dependencies of a go binary simply using go version -m <path-to-binary> (the binary must be built using go modules).

[adjackura]

updated all licenses