Skip to content

The Quartermaster prototype. It expires on January 16, 2018.

License

Notifications You must be signed in to change notification settings

NicolasToussaint/qmstr-prototype

 
 

Repository files navigation

qmstr-prototype

The Quartermaster prototype.

Quartermaster is a suite of command line tools and build system plugins that instruments software builds to create FLOSS compliance documentation and support compliance decision making. It executes as part of a software build process to generate reports about the analysed product.

Test Quartermaster

In our first demo, Quartermaster builds bash, retrieves license information using Ninka, and uses the identified licenses to generate a simple SPDX file.

You can test Quartermaster and see how it works by following the steps bellow:

  1. Check out a clone of this repo to a location of your choice.
  2. For historical reasons we are using the virtual machine tool Vagrant, so you need to type in your command line: vagrant up --provider virtualbox , to bring up the test VM.
  3. Then run vagrant ssh to enter the VM
  4. Change your location to /vagrant by typing cd /vagrant.
  5. Start the demo by running our demo setup ./vagrant-demo-setup.sh.

You will see a lot of things going on in your terminal. What happens is that Quartermaster hooks into the existing build phase and takes information about the target and the sources that were used to build bash. In the end of the analysis you will see an SPDX output like this:

SPDXVersion: SPDX-2.0

DataLicense: CCO-1.0

PackageName: bash

PackageLicenseDeclared: NONE AND GPLv3+ AND GPLv3+,BisonException

  • SPDXVersion: The version of the spec used, normally "SPDX-2.0".
  • DataLicense: The license for the license data itself, normally this is "CC0-1.0" (note that this is not the license for the software or data being packaged).
  • PackageName: The full name of the package.
  • PackageLicenseDeclared: The licenses identified in the source files.

The prototype does not yet understand all of the source file licenses in bash. Some of the files compiled are generated during the build. Support for code generators will be added to Quartermaster in one of the upcoming sprints.

Docker

You can build a Docker image with qmstr built into it with the provided Dockerfile.

To build the image run docker build -t qmstr . from the repositories root path.

After building the image you can run containers as follows:

  1. docker run -v <some source path>:/build qmstr <build command> to build some project in the container
  2. docker run -v <qmstr source path>:/qmstr qmstr dev build to compile qmstr in the container
  3. docker run -v <qmstr source path>:/qmstr -v <some source path>:/build qmstr dev build <build command> to compile qmstr in the container and subsequently build a project

About

The Quartermaster prototype. It expires on January 16, 2018.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 81.8%
  • Java 14.3%
  • Shell 3.1%
  • Other 0.8%