EmbarkStudios · Jake-Shadle · Feb 28, 2024 · Feb 28, 2024
@@ -52,15 +52,10 @@ allow = [
     "ISC",
 ]
 exceptions = [
-    { allow = [
-        "Zlib",
-    ], crate = "tinyvec" },
-    { allow = [
-        "Unicode-DFS-2016",
-    ], crate = "unicode-ident" },
-    { allow = [
-        "OpenSSL",
-    ], crate = "ring" },
+    # Use exceptions for these as they only have a single user
+    { allow = ["Zlib"], crate = "tinyvec" },
+    { allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },
+    { allow = ["OpenSSL"], crate = "ring" },
 ]
 
 # Sigh

@@ -343,6 +343,8 @@ pub(crate) fn cmd(
     let colorize = log_ctx.format == crate::Format::Human
         && crate::common::should_colorize(log_ctx.color, std::io::stderr());
 
+    let log_level = log_ctx.log_level;
+
     rayon::scope(|s| {
         // Asynchronously displays messages sent from the checks
         s.spawn(|_| {
@@ -372,6 +374,7 @@ pub(crate) fn cmd(
                 krate_spans: &krate_spans,
                 serialize_extra,
                 colorize,
+                log_level,
             };
 
             s.spawn(move |_| {
@@ -421,6 +424,7 @@ pub(crate) fn cmd(
                 krate_spans: &krate_spans,
                 serialize_extra,
                 colorize,
+                log_level,
             };
 
             s.spawn(|_| {
@@ -444,6 +448,7 @@ pub(crate) fn cmd(
                 krate_spans: &krate_spans,
                 serialize_extra,
                 colorize,
+                log_level,
             };
 
             s.spawn(|_| {
@@ -467,6 +472,7 @@ pub(crate) fn cmd(
                 krate_spans: &krate_spans,
                 serialize_extra,
                 colorize,
+                log_level,
             };
 
             s.spawn(move |_| {

@@ -445,6 +445,9 @@ pub struct CheckCtx<'ctx, T> {
     pub serialize_extra: bool,
     /// Allows for ANSI colorization of diagnostic content
     pub colorize: bool,
+    /// Log level specified by the user, may be used by checks to determine what
+    /// information to emit in diagnostics
+    pub log_level: log::LevelFilter,
 }
 
 /// Checks if a version satisfies the specifies the specified version requirement.

@@ -34,7 +34,7 @@ struct Hits {
 }
 
 fn evaluate_expression(
-    cfg: &cfg::ValidConfig,
+    ctx: &crate::CheckCtx<'_, cfg::ValidConfig>,
     krate_lic_nfo: &KrateLicense<'_>,
     expr: &spdx::Expression,
     nfo: &LicenseExprInfo,
@@ -73,6 +73,8 @@ fn evaluate_expression(
 
     let mut warnings = 0;
 
+    let cfg = &ctx.cfg;
+
     // Check to see if the crate matches an exception, which is additional to
     // the general allow list
     let exception_ind = cfg
@@ -228,7 +230,37 @@ fn evaluate_expression(
         ),
     );
 
-    for (reason, failed_req) in reasons.into_iter().zip(expr.requirements()) {
+    let mut notes = Vec::new();
+
+    for ((reason, accepted), failed_req) in reasons.into_iter().zip(expr.requirements()) {
+        if accepted && ctx.log_level < log::LevelFilter::Info {
+            continue;
+        }
+
+        if severity == Severity::Error {
+            if let Some(id) = failed_req.req.license.id() {
+                notes.push(format!("{} - {}:", id.name, id.full_name));
+
+                if id.is_deprecated() {
+                    notes.push("  - **DEPRECATED**".into());
+                }
+
+                if id.is_osi_approved() {
+                    notes.push("  - OSI approved".into());
+                }
+
+                if id.is_fsf_free_libre() {
+                    notes.push("  - FSF Free/Libre".into());
+                }
+
+                if id.is_copyleft() {
+                    notes.push("  - Copyleft".into());
+                }
+            } else {
+                notes.push(format!("{} is not an SPDX license", failed_req.req));
+            }
+        }
+
         labels.push(
             Label::primary(
                 nfo.file_id,
@@ -237,8 +269,8 @@ fn evaluate_expression(
             )
             .with_message(format!(
                 "{}: {}",
-                if reason.1 { "accepted" } else { "rejected" },
-                match reason.0 {
+                if accepted { "accepted" } else { "rejected" },
+                match reason {
                     Reason::Denied => "explicitly denied",
                     Reason::IsFsfFree =>
                         "license is FSF approved https://www.gnu.org/licenses/license-list.en.html",
@@ -273,6 +305,7 @@ fn evaluate_expression(
             diags::Code::Rejected
         })
         .with_labels(labels)
+        .with_notes(notes)
 }
 
 pub fn check(
@@ -317,7 +350,7 @@ pub fn check(
         match &krate_lic_nfo.lic_info {
             LicenseInfo::SpdxExpression { expr, nfo } => {
                 pack.push(evaluate_expression(
-                    &ctx.cfg,
+                    &ctx,
                     &krate_lic_nfo,
                     expr,
                     nfo,

@@ -276,6 +276,7 @@ where
                 cfg,
                 serialize_extra: true,
                 colorize: false,
+                log_level: log::LevelFilter::Info,
             };
             runner(ctx, newmap, tx, &mut files);
         },

@@ -81,6 +81,17 @@ expression: diags
         }
       ],
       "message": "failed to satisfy license requirements",
+      "notes": [
+        "Zlib - zlib License:",
+        "  - OSI approved",
+        "  - FSF Free/Libre",
+        "Apache-2.0 - Apache License 2.0:",
+        "  - OSI approved",
+        "  - FSF Free/Libre",
+        "MIT - MIT License:",
+        "  - OSI approved",
+        "  - FSF Free/Libre"
+      ],
       "severity": "error"
     },
     "type": "diagnostic"

@@ -46,6 +46,11 @@ expression: diags
         }
       ],
       "message": "failed to satisfy license requirements",
+      "notes": [
+        "MIT - MIT License:",
+        "  - OSI approved",
+        "  - FSF Free/Libre"
+      ],
       "severity": "error"
     },
     "type": "diagnostic"
@@ -85,6 +90,13 @@ expression: diags
         }
       ],
       "message": "failed to satisfy license requirements",
+      "notes": [
+        "GPL-3.0 - GNU General Public License v3.0 only:",
+        "  - **DEPRECATED**",
+        "  - OSI approved",
+        "  - FSF Free/Libre",
+        "  - Copyleft"
+      ],
       "severity": "error"
     },
     "type": "diagnostic"