nvaccess · seanbudd · Jul 1, 2024 · Jun 27, 2024 · Jun 27, 2024 · Jun 27, 2024
@@ -8,3 +8,12 @@ repos:
       args: [ --fix ]
     # Run the formatter.
     - id: ruff-format
+
+- repo: local
+  hooks:
+    - id: licenseCheck
+      name: Check license compatibility of pip dependencies
+      files: requirements.txt
+      entry: ./runlicensecheck.bat
+      language: script
+      pass_filenames: false
@@ -81,6 +81,7 @@ test_script:
  - ps: |
      "TEST_START, $(Get-Date -Format 'o')"| Out-File ../timing.csv -Append
  - ps: appveyor\scripts\tests\translationCheck.ps1
+ - ps: appveyor\scripts\tests\licenseCheck.ps1
  - ps: appveyor\scripts\tests\unitTests.ps1
  - ps: appveyor\scripts\tests\lintCheck.ps1
  - ps: appveyor\scripts\tests\systemTests.ps1

@@ -2,6 +2,7 @@ New-Item -ItemType directory -Path testOutput
 New-Item -ItemType directory -Path testOutput\unit
 New-Item -ItemType directory -Path testOutput\system
 New-Item -ItemType directory -Path testOutput\lint
+New-Item -ItemType directory -Path testOutput\license
 
 # The first Chrome system test to run occasionally fails.
 # This has been observed on developer machines after chrome updates, but is difficult to reproduce.

@@ -0,0 +1,10 @@
+$licenseOutput = (Resolve-Path .\testOutput\license\)
+$licenseOutput = "$licenseOutput\licenseCheckResults.md"
+.\runlicensecheck.bat "$licenseOutput" 
+if ($LastExitCode -ne 0) {
+	Set-AppveyorBuildVariable "testFailExitCode" $LastExitCode
+	Add-AppveyorMessage "FAIL: License check. See $licenseOutput for more information."
+} else {
+	Add-AppveyorMessage "PASS: License check."
+}
+Push-AppveyorArtifact $licenseOutput
@@ -0,0 +1,2 @@
+# Pillow is an implicit dependency and requires zlib and jpeg by default, but we don't need it
+Pillow==10.3.0 -C "zlib=disable" -C "jpeg=disable"
@@ -30,6 +30,7 @@ These are the only files expected to be executed directly by a user/developer:
 - `rununittests.bat`
 - `runsystemtests.bat`
 - `runlint.bat`
+- `runlicensecheck.bat`
 
 **Note:** The `runnvda.bat` script intentionally uses `pyw.exe` to run NVDA as
 this is the more common and expected way to run NVDA.

@@ -40,6 +40,7 @@ If you are new to the project, or looking for some way to help take a look at:
 	- The lint check ensures your changes comply with our code style expectations.
 	Use `runlint.bat`.
 	- Run `scons checkPot` to ensure translatable strings have comments for the translators
+	- Run `runlicensecheck.bat` to check that you don't introduce any new python dependencies with incompatible licenses.
 1. [Create a change log entry](#change-log-entry)
 1. [Create a Pull Request (PR)](./githubPullRequestTemplateExplanationAndExamples.md)
 	- When you think a contribution is ready, or you would like feedback, open a draft pull request.

@@ -50,3 +50,10 @@ To run all tests standard tests for developers use `runsystemtests.bat --include
 Internally this script uses the Robot test framework to execute the tests.
 Any arguments given to `runsystemtests.bat` are forwarded onto Robot.
 For more details (including filtering and exclusion of tests) see `tests/system/readme.md`.
+
+### License checks
+
+NVDA uses GPLv2 which is incompatible with certain licenses like Apache.
+Run `runlicensecheck.bat` to check that you don't introduce any new python dependencies with incompatible licenses.
+
+This is configured in [pyproject.toml](../../pyproject.toml) using the [licensecheck pip package](https://github.com/FHPythonUtils/LicenseCheck).
@@ -51,3 +51,32 @@ ignore = [
 	# indentation contains tabs
 	"W191",
 ]
+
+[tool.licensecheck]
+using = "requirements:requirements.txt"
+only_licenses = ["BSD", "MIT", "Python", "LGPLV3+"]
+ignore_packages = [
+	# Incompatible Apache licenses.
+	# These are current license violations and are bundled with NVDA.
+	"fast-diff-match-patch",  # See also #16633
+	"requests",
+
+	# Incompatible Apache licenses.
+	# Bundled with a dependency, but not bundled with NVDA.
+	"importlib-metadata",
+	"opencv-python",
+
+	# Incompatible Apache licenses.
+	# System testing frameworks, not bundled with NVDA.
+	"robotframework",
+	"robotframework-screencaplibrary",
+	"robotremoteserver",
+
+	# Compatible licenses:
+	"certifi",  # Mozilla Public License 2.0
+	"markdown-link-attr-modifier",  # GPLV3 license, but not in PyPI correctly
+	"pycaw",  # MIT license, but not in PyPI
+	"wxPython",  # wxWindows Library License
+	"pillow",  # PIL Software License
+]
+
@@ -4,12 +4,11 @@ SCons==4.5.2
 # NVDA's runtime dependencies
 comtypes==1.2.0
 pyserial==3.5
-./miscDeps/python/wxPython-4.2.2a1-cp311-cp311-win32.whl
-git+https://github.com/DiffSK/configobj@e2ba4457c4651fa54f8d59d8dcdd3da950e956b8#egg=configobj
+wxPython @ https://github.com/nvaccess/nvda-misc-deps/raw/51ae7db821d1d5166ab0c030fe20ec72dd7a2ad9/python/wxPython-4.2.2a1-cp311-cp311-win32.whl
+configobj @ git+https://github.com/DiffSK/configobj@e2ba4457c4651fa54f8d59d8dcdd3da950e956b8#egg=configobj
 requests==2.32.0
 schedule==1.2.1
-# Pillow is an implicit dependency and requires zlib and jpeg by default, but we don't need it
-Pillow==10.3.0 -C "zlib=disable" -C "jpeg=disable"
+-c constraints.txt
 
 #NVDA_DMP requires diff-match-patch
 fast-diff-match-patch==2.1.0
@@ -21,7 +20,7 @@ typing-extensions==4.9.0
 pycaw==20240210
 
 # Packaging NVDA
-git+https://github.com/py2exe/py2exe@4e7b2b2c60face592e67cb1bc935172a20fa371d#egg=py2exe
+py2exe @ git+https://github.com/py2exe/py2exe@4e7b2b2c60face592e67cb1bc935172a20fa371d#egg=py2exe
 
 # Creating XML unit test reports
 unittest-xml-reporting==3.2.0
@@ -42,6 +41,9 @@ sphinx_rtd_theme==1.3.0
 ruff==0.4.10
 pre-commit==3.7.1
 
+# Runing automated license checks
+licensecheck==2024.2
+
 # Requirements for system tests
 robotframework==6.1.1
 robotremoteserver==1.1.1

@@ -0,0 +1,12 @@
+@echo off
+rem runlicensecheck [<output file>]
+rem Runs a license check for python dependencies
+set hereOrig=%~dp0
+set here=%hereOrig%
+if #%hereOrig:~-1%# == #\# set here=%hereOrig:~0,-1%
-if #%hereOrig:~-1%# == #\# set here=%hereOrig:~0,-1%
+if #%here:~-1%# == #\# set here=%here:~0,-1%
-if #%hereOrig:~-1%# == #\# set here=%hereOrig:~0,-1%
+if #%here:~-1%# == #\# set here=%here:~0,-1%
+set scriptsDir=%here%\venvUtils
+
+set checkArgs=
+if "%1" NEQ "" set checkArgs=--file=%1 --format=markdown
+call "%scriptsDir%\venvCmd.bat" py -m licensecheck -0 --format ansi %checkArgs%
+if ERRORLEVEL 1 exit /b %ERRORLEVEL%
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Pillow is an implicit dependency and requires zlib and jpeg by default, but we don't need it
		Pillow==10.3.0 -C "zlib=disable" -C "jpeg=disable"