The file was analyzed with shellcheck, and various issues fixed. Most of
the problems were just cleanups, but also potential bugs were fixed.
Many variables were quoted with double quotes to prevent globbing. The
local_files array expansion was quoted so that any file names with
potential spaces in the filename would not be re-split. The empty
default value was removed from the list processing. POSIX standard "grep
-E" was used instead of egrep.
The script incorrectly thinks that `gopkg.in/square/go-jose.v2/cipher`
doesn't have a license because it parses `gopkg.in/square` as the
root of the repo, even though `gopkg.in/square/go-jose.v2` is the
root.
Add special handling for gopkg.in packages by grep'ing for the
version that gopkg.in appends to the package name.
Add it as a special case package root and import the license file. This was
the only UNKNOWN license, prior to the change to not look at upstream repo
state.
This code used to actually reach out to the internet to look for files. This
is flaky, slow, and semantically WRONG. The license that is upstream might
actually be different than what we have vendored. Only look at local files.
This now passes back-to-back updates and verifies.
godeps doesn't get everything we want, so fix the problem but write it
to a parallel tree since _workspace is reserved only for godeps auto-generated
files.
- Add Godeps/LICENSES.md
- Add verify-godep-licenses to verify that Godeps/LICENSES.md is up to date
- Trigger verify-godep-licenses in the pre-commit hook only if the Godeps dir has changed
- Exclude verify-godep-licenses in verify-all
- Add verify-godep-licenses to make verify (used by travis)
- Add verify-godep-licenses to shippable
- Update dev docs to mention update-godep-licenses
David Eads