Enable checking against a schema #2027
Conversation
Olympic1
added
Core (ckan.dll)
|
@dbent , you're the Cake expert. Can you figure out what's happening here? These .csproj files baffle me. |
|
Well we still need to consider if we want to do this. Json.NET Schema is not permissively licensed, but is licensed under AGPL-3.0 which is copyleft. This means the combined work (ckan.exe, netkan.exe, etc.) has to be licensed under the AGPL. Our source code is MIT licensed which is (A)GPL compatible so that doesn't have to change though. There's a few things going on in this PR with regards to the build, specifically updating versions of libraries. I'll make a separate PR for that. |
|
I already thought that it had to do something with the lib updates. |
|
That doesn't take away the MIT license from the CKAN code, does it? This whole question of multiple licenses gets pretty confusing. Would it mean that someone could fork CKAN and claim only the AGPL applies to their new fork? Actually, aren't we already including some copyleft packages? |
|
IANAL, but here's my understanding:
No, MIT aka Expat license, is "GPL-Compatible". GPL-Compatible source can be combined with (A)GPL source to create a derived work that doesn't force the GPL-Compatible source to be released under the (A)GPL. The derived work (ckan.exe, netkan.exe, etc) however must be. What this means, is that if someone wants to use ckan.exe or netkan.exe as a library (which is totally possible in .NET), their work would have to released under the (A)GPL. To avoid that, they'd have to take our MIT source, excise any bits that refer to (A)GPL code and create a custom build derived only from MIT source. (This could be automated through the use of Now, this person might also be able to avoid that by calling ckan.exe/netkan.exe as a separate process, but if the program is "specifically designed to require" ckan.exe/netkan.exe then the provisions probably apply anyway.
No, but it probably means that different source files would have to be under different licenses. Anything that uses JSON.NET Schema would have to be relicensed under AGPL (and relicensing requires consent of all contributors to that file, since CKAN has no copyright assignment to a single individual/organization so every author owns the copyright to their own contributions). Now that I think about, even excising code could be problematic. Since if the entire file is AGPL, then removing code just makes a new derived work that would also have to be AGPL. Can copyright be specified on a line-by-line basis? Hmmm.
Nope. I went through each and every library we use, including ones only used for testing and all except one are licensed under permissive (non-copyleft) MIT, Apache, or BSD licenses. The only one that isn't licensed under a permissive license is ICSharpCode.SharpZipLib.Patched but it's licensed under the GPL with an explicit linking exception making it similar to the LGPL.
The whole issue with the AGPL is a minefield of technicalities, which is why I've never bothered to incorporate JSON.NET Schema into NetKAN's validation. FYI I've made #2028 which updates the build and all our libraries to the latest and greatest. If we want to pursue this, it should be probably be based off that. |
|
Also, the AGPL version of JSON.NET Schema is listed as "Free with limitations (1000 validations per hour)". I'm not entirely sure what that means. |
|
Well, in that case it would be better to find another way to check the spec or just drop it. |
|
To note, both the indexer and Jenkins run the resulting output through a schema validator. So what makes it CKAN-meta has been validated. It would probably be handy to have in the client for those that make custom ckans or provide early signs that a netkan will fail CI, but overall I don't think the need is exceptionally high. A nice to have for sure, but it's not really a big deal in the scheme of things. |
|
NJsonSchema is another project that seems active and is permissively (MIT) licensed. |
|
Don't we have someone cough @pjf cough who loves discussing licenses and how they work and not work? |
|
@Dazpoet I think it's more @pjf is exceptionally knowledgeable on the topic and has a passion for ensuring it's done correctly. If there is an MIT based plugin lets use it. Also the restriction added by JSON.NET schema may not be applicable: https://www.gnu.org/licenses/agpl-3.0.en.html
Also AGPL is quite at the opposite end of the spectrum when compared to MIT, I'm not super across how it would effect things when used as a library though and we'd want to be very sure we're across the implications. It would certainly effect the ability for it's use in a commercial product, so if there is an MIT licensed project available, lets use that. But we're not in a rush for such a feature and we'd need to do some indexer work if NetKAN started throwing it's own schema exceptions. |
|
@Olympic1 Can you resolve conflicts/rebase or close this out? |
|
Hi everybody Im the creator of NJsonSchema. Switching should be very simple, only problem i see in the schema is the “required” properties which have no corresponding properties. We have an open issue for that. Other than that just load the schema with JsonSchema4.FromJsonAsync() and call Validate(). |
Olympic1
force-pushed
the
EnableSchema
branch
from
0258d52
to
8680a5a
Compare
|
Rebased. Have anyone had the time to test this PR? I want to move this forward. |
| } | ||
| } | ||
|
|
||
| private static readonly string SchemaPath = "CKAN.CKAN.schema"; |
There was a problem hiding this comment.
Let's make this a const instead of static readonly, since the value is known at compile time.
| JsonSchema4 schema = await JsonSchema4.FromJsonAsync(json); | ||
|
|
||
| IList<string> errorList = new List<string>(); | ||
| var errors = schema.Validate(MetadataSchema.ToJson()); |
There was a problem hiding this comment.
If I'm reading this correctly, we process the schema from a JSON string to a JsonSchema4 object in the static constructor, and then back from object to a JSON string in the validation function.
Can we store the return value of the ToJson function, so we don't have to pay the cost of that conversion for every CkanModule object? Presumably we can ensure that the CKAN.schema file bundled in the assembly is valid separately whenever we modify it.
| if (errors.Result.Any()) | ||
| { | ||
| var message = "Validation against the schema failed.\n" + string.Join("\n ", errors); | ||
| throw new BadMetadataKraken(null, message); |
There was a problem hiding this comment.
I'd like to test the impact of this exception on the GUI. What would be a good way to do that? I tried corrupting my registry.json file in various ways, but I think those tests got caught by other checks (e.g., invalid licenses are already covered elsewhere).
| @@ -0,0 +1,423 @@ | |||
| { | |||
There was a problem hiding this comment.
Is it impossible to move the old CKAN.schema file to this new location? It will be inconvenient to have to maintain two files identically going forward.
There was a problem hiding this comment.
It could be a symbolic link instead of a separate file, surely?
|
|
||
| private static async Task<IList<string>> ValidateAgainstSchema(string json) | ||
| { | ||
| JsonSchema4 schema = await JsonSchema4.FromJsonAsync(json); |
There was a problem hiding this comment.
This variable represents the module we're validating, not the schema, right? Let's change its name to clarify that.
| JsonSchema4 schema = await JsonSchema4.FromJsonAsync(json); | ||
|
|
||
| IList<string> errorList = new List<string>(); | ||
| var errors = schema.Validate(MetadataSchema.ToJson()); |
There was a problem hiding this comment.
Actually, are you sure this call is correct? The schema object appears to be the module, and the parameter with ToJson is the schema. This looks like we're trying to use the module to validate the schema rather than the other way around. The documentation passes the data to be validated to the schema's Validate function.
|
Closing as this was done in #2788 |
Rebased PR #992