Welcome to reuse’s documentation!¶
reuse¶
reuse is a tool for compliance with the REUSE recommendations.
- Documentation: https://reuse.readthedocs.io and https://reuse.software
- Source code: https://github.com/fsfe/reuse-tool
- PyPI: https://pypi.python.org/pypi/fsfe-reuse
- REUSE: 3.0
- Python: 3.6+
Background¶
Copyright and licensing is difficult, especially when reusing software from different projects that are released under various different licenses. REUSE was started by the Free Software Foundation Europe (FSFE) to provide a set of recommendations to make licensing your Free Software projects easier. Not only do these recommendations make it easier for you to declare the licenses under which your works are released, but they also make it easier for a computer to understand how your project is licensed.
As a short summary, the recommendations are threefold:
- Choose and provide licenses
- Add copyright and licensing information to each file
- Confirm REUSE compliance
You are recommended to read our tutorial for a step-by-step guide through these three steps. The FAQ covers basic questions about licensing, copyright, and more complex use cases. Advanced users and integrators will find the full specification helpful.
This tool exists to facilitate the developer in complying with the above recommendations.
There are other tools that have a lot more features and functionality surrounding the analysis and inspection of copyright and licenses in software projects. The REUSE helper tool, on the other hand, is solely designed to be a simple tool to assist in compliance with the REUSE recommendations.
Install¶
Installation via pip¶
To install reuse, you need to have the following pieces of software on your computer:
- Python 3.6+
- pip
You then only need to run the following command:
pip3 install --user fsfe-reuse
After this, make sure that ~/.local/bin
is in your $PATH
.
Installation via package managers¶
There are packages available for easy install on some operating systems. You are welcome to help us package this tool for more distributions!
Installation from source¶
You can also install this tool from the source code, but we recommend the methods above for easier and more stable updates. Please make sure the requirements for the installation via pip are present on your machine.
python3 setup.py install
Usage¶
First, read the REUSE tutorial. In a nutshell:
- Put your licenses in the
LICENSES/
directory. - Add a comment header to each file that says
SPDX-License-Identifier: GPL-3.0-or-later
, andSPDX-FileCopyrightText: $YEAR $NAME
. You can be flexible with the format, just make sure that the line starts withSPDX-FileCopyrightText:
. - Verify your work using this tool.
To check against the recommendations, use reuse lint
:
~/Projects/reuse-tool $ reuse lint
[...]
Congratulations! Your project is compliant with version 3.0 of the REUSE Specification :-)
This tool can do various more things, detailed in the documentation. Here a short summary:
addheader
— Add copyright and/or licensing information to the header of a file.download
— Download the specified license into theLICENSES/
directory.init
— Set up the project for REUSE compliance.lint
— Verify the project for REUSE compliance.spdx
— Generate an SPDX Document of all files in the project.
Run in Docker¶
REUSE is simple to include in CI/CD processes. This way, you can check for REUSE compliance for each build. In our resources for developers you can learn how to integrate the REUSE tool in Drone, Travis, or GitLab CI.
Within the fsfe/reuse
Docker image available on Docker
Hub, you can run the helper tool
simply by executing reuse lint
. To use the tool on your computer, you can
mount your project directory and run reuse lint <path/to/directory>
.
Maintainers¶
- Carmen Bianca Bakker - carmenbianca@fsfe.org
Contribute¶
Any pull requests or suggestions are welcome at https://github.com/fsfe/reuse-tool or via e-mail to one of the maintainers. General inquiries can be sent to reuse@lists.fsfe.org.
Starting local development is very simple, just execute the following commands:
git clone git@github.com:fsfe/reuse-tool.git
cd reuse-tool/
python3 -mvenv venv
source venv/bin/activate
make develop
You need to run make develop
at least once to set up the virtualenv.
Next, run make help
to see the available interactions.
License¶
Copyright (C) 2017-2019 Free Software Foundation Europe e.V.
This work is licensed under multiple licences. Because keeping this section up-to-date is challenging, here is a brief summary as of July 2019:
- All original source code is licensed under GPL-3.0-or-later.
- All documentation is licensed under CC-BY-SA-4.0.
- Some configuration and data files are licensed under CC0-1.0.
- Some code borrowed from spdx/tool-python is licensed under Apache-2.0.
For more accurate information, check the individual files.
Usage¶
The overview documents some basic usage on how to use this tool.
It is highly recommended to read the overview first, and you might not even need
to read this chapter. This chapter covers details that might not be immediately
obvious when using the tool. This chapter does not cover everything, assuming
that the user is helped enough by reuse --help
and reuse <subcommand>
--help
.
addheader¶
addheader
makes it possible to semi-automatically add copyright and
licensing information into the header of a file. This is useful especially in
scenarios where you want to add a copyright holder or license to a lot of files
without having to manually edit the header of each file.
Warning
You should be cautious with using addheader
in automated processes. While
nothing is stopping you from using it in your release script, you should make
sure that the information it adds is actually reflective of reality. This is
best verified manually.
The basic usage is reuse addheader --copyright="Jane Doe" --license=MIT
my_file.py
. This will add the following header to the file (assuming that the
current year is 2019):
# SPDX-FileCopyrightText: 2019 Jane Doe
#
# SPDX-License-Identifier: MIT
You can use as many --copyright
and --copyright
arguments, so long as
there is at least one such argument.
The REUSE header always starts at the first character in a file. If a different REUSE header already existed, its tags are copied, and the header is replaced. If the pre-existing comment header did not contain any copyright and licensing information, it is moved downwards in the file. A shebang is always preserved.
Comment styles¶
The tool normally tries to auto-detect the comment style to use from the file
extension of a file, and use that comment style. If the tool is unable to detect
the comment style, or if it detects the wrong style, you can override the style
using --style
. The supported styles are:
- C
- CSS
- Haskell
- HTML
- ML
- Python
- TeX
If your comment style is not supported or a file extension is not correctly detected, please open an issue.
Templates¶
When the tool adds a header to a file, it normally first lists all copyright statements alphabetically, adds a single empty line, and then lists all SPDX License Expressions alphabetically. That is all that the header contains. It is possible to change this behaviour, and use a custom type of header that contains extra text. This is done through Jinja2 templates.
The default template is:
{% for copyright_line in copyright_lines %}
{{ copyright_line }}
{% endfor %}
{% for expression in spdx_expressions %}
SPDX-License-Identifier: {{ expression }}
{% endfor %}
Templates are automatically commented by the tool, depending on the detected or specified comment style.
You can create your own Jinja2 templates and place them in
.reuse/templates/
. If you create the template mytemplate.jinja2
, you can
use it with reuse addheader --copyright="Jane Doe" --template=mytemplate
foo.py
.
Inside of the template, you have access to the following variables:
copyright_lines
— a list of copyright notices (string).spdx_expressions
— a list of SPDX License Expressions (string).
In the future, more variables will be added.
In some cases, you might want to do custom comment formatting. In those cases,
you can pre-format your header as a comment. When doing so, suffix your template
with .commented.jinja2
.
An example of a custom template with manual commenting is:
/*
{% for copyright_line in copyright_lines %}
* {{ copyright_line }}
{% endfor %}
{% if copyright_lines and spdx_expressions %}
*
{% endif %}
{% for expression in spdx_expressions %}
* SPDX-License-Identifier: {{ expression }}
{% endfor %}
{% if "GPL-3.0-or-later" in spdx_expressions %}
*
* This program is free software: you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* this program. If not, see <https://www.gnu.org/licenses/>.
{% endif %}
*/
lint¶
lint
is the main component of the tool. Summarily, it verifies whether the
project is compliant with the REUSE Specification. Its main goal is to find all files that do not
have copyright and licensing information in their headers, but it also checks a
few other things.
This is some example output of reuse lint
:
# MISSING COPYRIGHT AND LICENSING INFORMATION
The following files have no copyright and licensing information:
* no-information.txt
# BAD LICENSES
'bad-license' found in:
* LICENSES/bad-license.txt
# MISSING LICENSES
'MIT' found in:
* src/reuse/header.py
# SUMMARY
* Bad licenses: bad-license
* Missing licenses: MIT
* Unused licenses: bad-license
* Used licenses: Apache-2.0, CC-BY-SA-4.0, CC0-1.0, GPL-3.0-or-later
* Read errors: 0
* Files with copyright information: 56 / 57
* Files with license information: 56 / 57
Unfortunately, your project is not compliant with version 3.0 of the REUSE Specification :-(
Implementation details¶
The following implementation details might be relevant for your use of the tool.
The linter does not strictly limit itself to the header comment as prescribed by the specification. It searches the first 4 kibibytes of the file for copyright and licensing information. This makes sure that the linter can parse any type of plain-text file, even if the comment style is not recognised.
If a file is found to have an unparseable tag, that file is not parsed at all. This is a bug.
The tool does not verify the correctness of copyright notices. It finds any line beginning with ‘©’, ‘Copyright’, or ‘SPDX-FileCopyrightText:’, then the tag and everything following it is considered a valid copyright notice, even if the copyright notice is not compliant with the specification.
When running reuse lint
, the root of the project is automatically found if
the working directory is inside a git repository. Otherwise, it treats the
working directory or the specified directory as the root of the project.
The STDOUT output of reuse lint
is valid Markdown. Occasionally some logging
will be printed to STDERR, which is not valid Markdown.
Criteria¶
These are the criteria that the linter checks against:
Bad licenses¶
Licenses that are found in LICENSES/
that are not found in the SPDX License
List or do not start with LicenseRef-
are bad licenses.
Missing licenses¶
If a license is referred to in a comment header, but the license is not found in
the LICENSES/
directory, then that license is missing.
Unused licenses¶
Conversely, if a license is found in the LICENSES/
directory but is not
referred to in any comment header, then that license is unused.
Read errors¶
Not technically a criterion, but files that cannot be read by the operating system are read errors, and need to be fixed.
Files with copyright and license information¶
Every file needs to have copyright and licensing information associated with it. The REUSE Specification details several ways of doing it. By and large, these are the methods:
- Placing tags in the header of the file.
- Placing tags in a
.license
file adjacent to the file. - Putting the information in the DEP5 file.
If a file is found that does not have copyright and/or license information associated with it, then the project is not compliant.
Credits¶
Development Lead¶
- Carmen Bianca Bakker <carmenbianca@fsfe.org>
Contributors¶
- Sebastian Schuberth <schuberth@fsfe.org>
- Kirill Elagin
- Max Mehl <max.mehl@fsfe.org>
- Matija Šuklje <hook@fsfe.org>
- Greg Kroah-Hartman
- Basil Peace
- Keith Maxwell
- Stefan Bakker <s.bakker777@gmail.com>
Translators¶
- Dutch:
- André Ockers <ao@fsfe.org>
- Carmen Bianca Bakker <carmenbianca@fsfe.org>
- Esperanto:
- Carmen Bianca Bakker <carmenbianca@fsfe.org>
- Tirifto <tirifto@posteo.cz>
- Spanish:
- flow <adolflow@sindominio.net>
- pd <euklade@gmail.com>
Change log¶
This change log follows the Keep a Changelog spec. Every release contains the following sections:
Added
for new features.Changed
for changes in existing functionality.Deprecated
for soon-to-be removed features.Removed
for now removed features.Fixed
for any bug fixes.Security
in case of vulnerabilities.
The versions follow semantic versioning.
0.5.2 - 2019-10-27¶
Added¶
python3 -m reuse
now works.
Changed¶
- Updated license list to 3.6-2-g2a14810.
Fixed¶
- Performance of
reuse lint
improved by at least a factor of 2. It no longer does any checksums on files behind the scenes. - Also handle
MachineReadableFormatError
when parsing DEP5 files. Tries to import that error. If the import is unsuccessful, it is handled.
0.5.1 - 2019-10-24 [YANKED]¶
This release was replaced by 0.5.2 due to importing
MachineReadableFormatError
, which is not a backwards-compatible change.
0.5.0 - 2019-08-29¶
Added¶
- TeX and ML comment styles added.
- Added
--year
and--exclude-year
toreuse addheader
. - Added
--template
toreuse addheader
. - Added
--explicit-license
toreuse addheader
. binaryornot
added as new dependency.- Greatly improved the usage documentation.
Changed¶
reuse addheader
now automatically adds the current year to the copyright notice.reuse addheader
preserves the original header below the new header if it did not contain any SPDX information.reuse addheader
now correctly handles.license
files.- Bad licenses are no longer resolved to LicenseRef-Unknown
. They are instead resolved to the stem of the path. This reduces the magic in the code base. .gitkeep
files are now ignored by the tool.- Changed Lisp’s comment character from ‘;;’ to ‘;’.
0.4.1 - 2019-08-07¶
Added¶
--all
argument help toreuse download
, which downloads all detected missing licenses.
Fixed¶
- When using
reuse addheader
on a file that contains a shebang, the shebang is preserved. - Copyright lines in
reuse spdx
are now sorted. - Some publicly visible TODOs were patched away.
0.4.0 - 2019-08-07¶
This release is a major overhaul and refactoring of the tool. Its primary focus is improved usability and speed, as well as adhering to version 3.0 of the REUSE Specification.
Added¶
reuse addheader
has been added as a way to automatically add copyright statements and license identifiers to the headers of files. It is currently not complete.reuse init
has been added as a way to initialise a REUSE project. Its functionality is currently scarce, but should improve in the future.
Changed¶
reuse lint
now provides a helpful summary instead of merely spitting out non-compliant files.reuse compile
is nowreuse spdx
.- In addition to
Copyright
and©
, copyright lines can be marked with the tagSPDX-FileCopyrightText:
. This is the new recommended default. - Project no longer depends on pygit2.
- The list of SPDX licenses has been updated.
Valid-License-Identifier
is no longer used, and licenses and exceptions can now only live inside of the LICENSES/ directory.
Removed¶
- Removed
--ignore-debian
. - Removed
--spdx-mandatory
,--copyright-mandatory
,--ignore-missing
arguments fromreuse lint
. - Remove
reuse license
. - GPL-3.0 and GPL-3.0+ (and all other similar GPL licenses) are no longer detected as SPDX identifiers. Use GPL-3.0-only and GPL-3.0-or-later instead.
Fixed¶
- Scanning a Git directory is a lot faster now.
- Scanning binary files is a lot faster now.
0.3.4 - 2019-04-15¶
This release should be a short-lived one. A new (slightly backwards-incompatible) version is in the works.
Added¶
- Copyrights can now start with
©
in addition toCopyright
. The former is now recommended, but they are functionally similar.
Changed¶
- The source code of reuse is now formatted with black.
- The repository has been moved from https://git.fsfe.org/reuse/reuse to https://gitlab.com/reuse/reuse.
0.3.1 - 2018-07-14¶
Fixed¶
- When using reuse from a child directory using pygit2, correctly find the root.
0.3.0 - 2018-05-16¶
Changed¶
- The output of
reuse compile
is now deterministic. The files, copyright lines and SPDX expressions are sorted alphabetically.
Fixed¶
- When a GPL license could not be found, the correct
-only
or-or-later
extension is now used in the warning message, rather than a bareGPL-3.0
. - If you have a license listed as
SPDX-Valid-License: GPL-3.0-or-later
, this now correctly matches corresponding SPDX identifiers. Still it is recommended to useSPDX-Valid-License: GPL-3.0
instead.
0.2.0 - 2018-04-17¶
Added¶
- Internationalisation support added. Initial support for:
- English.
- Dutch.
- Esperanto.
- Spanish.
Fixed¶
- The license list of SPDX 3.0 has deprecated
GPL-3.0
andGPL-3.0+
et al in favour ofGPL-3.0-only
andGPL-3.0-or-later
. The program has been amended to accommodate sufficiently for those licenses.
Changed¶
Project.reuse_info_of
now extracts, combines and returns information both from the file itself and from debian/copyright.ReuseInfo
now holds sets instead of lists.- As a result of this,
ReuseInfo
will not hold duplicates of copyright lines or SPDX expressions.
- As a result of this,
- click removed as dependency. Good old argparse from the library is used instead.
0.1.1 - 2017-12-14¶
Changed¶
- The
reuse --help
text has been tidied up a little bit.
Fixed¶
- Release date in change log fixed.
- The PyPI homepage now gets reStructuredText instead of Markdown.
0.1.0 - 2017-12-14¶
Added¶
- Successfully parse old-style C and HTML comments now.
- Added
reuse compile
, which creates an SPDX bill of materials. - Added
--ignore-missing
toreuse lint
. - Allow to specify multiple paths to
reuse lint
. chardet
added as dependency.pygit2
added as soft dependency. reuse remains usable without it, but the performance withpygit2
is significantly better. Becausepygit2
has a non-Python dependency (libgit2
), it must be installed independently by the user. In the future, when reuse is packaged natively, this will not be an issue.
Changed¶
- Updated to version 2.0 of the REUSE recommendations. The
most important change is that
License-Filename
is no longer used. Instead, the filename is deducted fromSPDX-License-Identifier
. This change is NOT backwards compatible. - The conditions for linting have changed. A file is now non-compliant
when:
- The license associated with the file could not be found.
- There is no SPDX expression associated with the file.
- There is no copyright notice associated with the file.
- Only read the first 4 KiB (by default) from code files rather than the entire file when searching for SPDX tags. This speeds up the tool a bit.
Project.reuse_info_of
no longer raises an exception. Instead, it returns an emptyReuseInfo
object when no reuse information is found.- Logging is a lot prettier now. Only output entries from the
reuse
module.
Fixed¶
reuse --ignore-debian compile
now works as expected.- The tool no longer breaks when reading a file that has a non-UTF-8
encoding. Instead,
chardet
is used to detect the encoding before reading the file. If a file still has errors during decoding, those errors are silently ignored and replaced.
0.0.4 - 2017-11-06¶
Fixed¶
- Removed dependency on
os.PathLike
so that Python 3.5 is actually supported
0.0.2 - 2017-11-03¶
This is a very early development release aimed at distributing the program as soon as possible. Because this is the first release, the changelog is a little empty beyond “created the program”.
The program can do roughly the following:
- Detect the license of a given file through one of three methods (in
order of precedence):
- Information embedded in the .license file.
- Information embedded in its header.
- Information from the global debian/copyright file.
- Find and report all files in a project tree of which the license could not be found.
- Ignore files ignored by Git.
- Do some logging into STDERR.
reuse¶
reuse package¶
Submodules¶
reuse.download module¶
Functions for downloading license files from spdx/license-data-list.
-
reuse.download.
download_license
(spdx_identifier)[source]¶ Download the license text from the SPDX repository.
Parameters: spdx_identifier ( str
) – SPDX identifier of the license.Raises: requests.RequestException – if the license could not be downloaded. Return type: str
Returns: The license text.
-
reuse.download.
put_license_in_file
(spdx_identifier, destination)[source]¶ Download a license and put it in the destination file.
This function exists solely for convenience.
Parameters: Raises: - requests.RequestException – if the license could not be downloaded.
- FileExistsError – if the license file already exists.
Return type: None
reuse.header module¶
Functions for manipulating the comment headers of files.
-
exception
reuse.header.
MissingSpdxInfo
[source]¶ Bases:
Exception
Some SPDX information is missing from the result.
-
reuse.header.
create_header
(spdx_info, header=None, template=None, template_is_commented=False, style=None)[source]¶ Create a header containing spdx_info. header is an optional argument containing a header which should be modified to include spdx_info. If header is not given, a brand new header is created.
template, template_is_commented, and style determine what the header will look like, and whether it will be commented or not.
Raises: - CommentCreateError – if a comment could not be created.
- MissingSpdxInfo – if the generated comment is missing SPDX information.
Return type:
-
reuse.header.
find_and_replace_header
(text, spdx_info, template=None, template_is_commented=False, style=None)[source]¶ Find the comment block starting at the first character in text. That comment block is replaced by a new comment block containing spdx_info. It is formatted as according to template. The template is normally uncommented, but if it is already commented, template_is_commented should be
True
.If both style and template_is_commented are provided, style is only used to find the header comment.
If the comment block already contained some SPDX information, that information is merged into spdx_info.
If no header exists, one is simply created.
text is returned with a new header.
Raises: - CommentCreateError – if a comment could not be created.
- MissingSpdxInfo – if the generated comment is missing SPDX information.
Return type:
reuse.init module¶
Functions for REUSE-ifying a project.
reuse.lint module¶
All linting happens here. The linting here is nothing more than reading the reports and printing some conclusions.
-
reuse.lint.
lint
(report, out=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='UTF-8'>)[source]¶ Lint the entire project.
Return type: bool
-
reuse.lint.
lint_bad_licenses
(report, out=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='UTF-8'>)[source]¶ Lint for bad licenses. Bad licenses are licenses that are not in the SPDX License List or do not start with LicenseRef-.
Return type: Iterable
[str
]
-
reuse.lint.
lint_files_without_copyright_and_licensing
(report, out=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='UTF-8'>)[source]¶ Lint for files that do not have copyright or licensing information.
Return type: Iterable
[str
]
-
reuse.lint.
lint_missing_licenses
(report, out=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='UTF-8'>)[source]¶ Lint for missing licenses. A license is missing when it is referenced in a file, but cannot be found.
Return type: Iterable
[str
]
-
reuse.lint.
lint_read_errors
(report, out=<_io.TextIOWrapper name='<stdout>' mode='w' encoding='UTF-8'>)[source]¶ Lint for read errors.
Return type: Iterable
[str
]
reuse.project module¶
Module that contains the central Project class.
-
class
reuse.project.
Project
(root)[source]¶ Bases:
object
Simple object that holds the project’s root, which is necessary for many interactions.
reuse.report module¶
Module that contains reports about files and projects for linting.
-
class
reuse.report.
FileReport
(name, path, do_checksum=True)[source]¶ Bases:
object
Object that holds a linting report about a single file. Importantly, it also contains SPDX File information in
spdxfile
.-
classmethod
generate
(project, path, do_checksum=True)[source]¶ Generate a FileReport from a path in a Project.
Return type: FileReportInfo
-
classmethod
-
class
reuse.report.
FileReportInfo
(file_report, bad_licenses, missing_licenses)¶ Bases:
tuple
-
bad_licenses
¶ Alias for field number 1
-
file_report
¶ Alias for field number 0
-
missing_licenses
¶ Alias for field number 2
-
-
class
reuse.report.
ProjectReport
(do_checksum=True)[source]¶ Bases:
object
Object that holds linting report about the project.
-
bill_of_materials
()[source]¶ Generate a bill of materials from the project.
See https://spdx.org/specifications.
Return type: str
-
files_without_copyright
¶ Iterable of paths that have no copyright information.
Return type: Iterable
[PathLike
]
-
files_without_licenses
¶ Iterable of paths that have no license information.
Return type: Iterable
[PathLike
]
-
classmethod
generate
(project, paths=None, do_checksum=True)[source]¶ Generate a ProjectReport from a Project.
Return type: ProjectReport
-
Module contents¶
reuse is a tool for compliance with the REUSE recommendations.
-
exception
reuse.
IdentifierNotFound
[source]¶ Bases:
reuse.ReuseException
Could not find SPDX identifier for license file.