Merge pull request #317 from logos-blockchain/drusu/license

Add Licensing + cargo deny check to ensure all dependencies are compliant

.deny.toml

@@ -0,0 +1,50 @@
+# Config file reference can be found at https://embarkstudios.github.io/cargo-deny/checks/cfg.html.
+
+[graph]
+all-features        = true
+exclude-dev         = true
+no-default-features = true
+
+[advisories]
+ignore = [
+  { id = "RUSTSEC-2023-0071", reason = "Marvin Attack: potential key recovery through timing sidechannels" },
+  { id = "RUSTSEC-2024-0388", reason = "`derivative` is unmaintained; consider using an alternative. Use `cargo tree -p derivative -i > tmp.txt` to check the dependency tree." },
+  { id = "RUSTSEC-2024-0436", reason = "`paste` has a security vulnerability; consider using an alternative. Use `cargo tree -p paste -i > tmp.txt` to check the dependency tree." },
+  { id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in by ark-relations v0.4.0 - will be addressed before mainnet" },
+  { id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained but continuing to use it." },
+]
+yanked = "deny"
+unused-ignored-advisory = "deny"
+
+[bans]
+allow-wildcard-paths = false
+multiple-versions    = "allow"
+
+[licenses]
+allow = [
+  "Apache-2.0 WITH LLVM-exception",
+  "Apache-2.0",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+  "BSL-1.0",
+  "CC0-1.0",
+  "CDLA-Permissive-2.0",
+  "ISC",
+  "MIT",
+  "MPL-2.0",
+  "Unicode-3.0",
+  "Zlib",
+]
+private = { ignore = false }
+unused-allowed-license = "deny"
+
+[sources]
+allow-git = [
+  "https://github.com/EspressoSystems/jellyfish.git",
+  "https://github.com/logos-blockchain/logos-blockchain.git",
+]
+unknown-git = "deny"
+unknown-registry = "deny"
+
+[sources.allow-org]
+github = ["logos-co"]

.github/actions/install-logos-blockchain-circuits/action.yaml

@@ -0,0 +1,19 @@
+name: Setup Logos Blockchain Circuits
+
+description: Set up Logos Blockchain Circom Circuits, Rapidsnark prover and Rapidsnark verifier using the setup-logos-blockchain-circuits.sh script.
+
+inputs:
+  github-token:
+    description: GitHub token for downloading releases
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup logos-blockchain-circuits
+      shell: bash
+      working-directory: ${{ github.workspace }}
+      env:
+        GITHUB_TOKEN: ${{ inputs.github-token }}
+      run: |
+        curl -sSL https://raw.githubusercontent.com/logos-blockchain/logos-blockchain/main/scripts/setup-logos-blockchain-circuits.sh | bash

.github/workflows/ci.yml

@@ -56,6 +56,19 @@ jobs:
       - name: Check for unused dependencies
         run: cargo machete
 
+  deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Install cargo-deny
+        run: cargo install --locked cargo-deny
+
+      - name: Check licenses and advisories
+        run: cargo deny check
+
   lint:
     runs-on: ubuntu-latest
     timeout-minutes: 60
@@ -70,6 +83,10 @@ jobs:
 
       - uses: ./.github/actions/install-risc0
 
+      - uses: ./.github/actions/install-logos-blockchain-circuits
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Install active toolchain
         run: rustup install
 
@@ -95,6 +112,10 @@ jobs:
 
       - uses: ./.github/actions/install-risc0
 
+      - uses: ./.github/actions/install-logos-blockchain-circuits
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Install active toolchain
         run: rustup install
 
@@ -119,6 +140,10 @@ jobs:
 
       - uses: ./.github/actions/install-risc0
 
+      - uses: ./.github/actions/install-logos-blockchain-circuits
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Install active toolchain
         run: rustup install
 

Cargo.toml

@@ -1,3 +1,6 @@
+[workspace.package]
+license = "MIT or Apache-2.0"
+
 [workspace]
 resolver = "3"
 members = [

bedrock_client/Cargo.toml

@@ -2,6 +2,7 @@
 name = "bedrock_client"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 reqwest.workspace = true

common/Cargo.toml

@@ -2,6 +2,7 @@
 name = "common"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa.workspace = true

examples/program_deployment/Cargo.toml

@@ -2,6 +2,7 @@
 name = "program_deployment"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa.workspace = true

examples/program_deployment/methods/Cargo.toml

@@ -2,6 +2,7 @@
 name = "example_program_deployment_methods"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [build-dependencies]
 risc0-build.workspace = true

examples/program_deployment/methods/guest/Cargo.toml

@@ -2,6 +2,7 @@
 name = "example_program_deployment_programs"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa_core.workspace = true

indexer_core/Cargo.toml

@@ -2,6 +2,7 @@
 name = "indexer_core"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 common.workspace = true

indexer_service/Cargo.toml

@@ -2,6 +2,7 @@
 name = "indexer_service"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 indexer_service_protocol.workspace = true

indexer_service/protocol/Cargo.toml

@@ -2,6 +2,7 @@
 name = "indexer_service_protocol"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa_core = { workspace = true, optional = true, features = ["host"] }

indexer_service/rpc/Cargo.toml

@@ -2,6 +2,7 @@
 name = "indexer_service_rpc"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 indexer_service_protocol = { workspace = true }

integration_tests/Cargo.toml

@@ -2,6 +2,7 @@
 name = "integration_tests"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa_core = { workspace = true, features = ["host"] }

key_protocol/Cargo.toml

@@ -2,6 +2,7 @@
 name = "key_protocol"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa.workspace = true

mempool/Cargo.toml

@@ -2,6 +2,7 @@
 name = "mempool"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 tokio = { workspace = true, features = ["sync"] }

nssa/Cargo.toml

@@ -2,6 +2,7 @@
 name = "nssa"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa_core = { workspace = true, features = ["host"] }

nssa/core/Cargo.toml

@@ -2,6 +2,7 @@
 name = "nssa_core"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 risc0-zkvm.workspace = true

program_methods/Cargo.toml

@@ -2,6 +2,7 @@
 name = "program_methods"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [build-dependencies]
 risc0-build.workspace = true

program_methods/guest/Cargo.toml

@@ -2,6 +2,7 @@
 name = "programs"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa_core.workspace = true

sequencer_core/Cargo.toml

@@ -2,6 +2,7 @@
 name = "sequencer_core"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa.workspace = true

sequencer_rpc/Cargo.toml

@@ -2,6 +2,7 @@
 name = "sequencer_rpc"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa.workspace = true

sequencer_runner/Cargo.toml

@@ -2,6 +2,7 @@
 name = "sequencer_runner"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 common.workspace = true

storage/Cargo.toml

@@ -2,6 +2,7 @@
 name = "storage"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 common.workspace = true

test_program_methods/Cargo.toml

@@ -2,6 +2,7 @@
 name = "test_program_methods"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [build-dependencies]
 risc0-build.workspace = true

test_program_methods/guest/Cargo.toml

@@ -2,6 +2,7 @@
 name = "test_programs"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa_core.workspace = true

wallet-ffi/Cargo.toml

@@ -2,6 +2,7 @@
 name = "wallet-ffi"
 version = "0.1.0"
 edition = "2021"
+license = { workspace = true }
 
 [lib]
 crate-type = ["cdylib", "staticlib"]
@@ -13,4 +14,4 @@ common.workspace = true
 tokio.workspace = true
 
 [build-dependencies]
-cbindgen = "0.26"
+cbindgen = "0.29"

wallet-ffi/wallet_ffi.h

@@ -24,7 +24,7 @@
 #ifndef WALLET_FFI_H
 #define WALLET_FFI_H
 
-/* Generated with cbindgen:0.26.0 */
+/* Generated with cbindgen:0.29.2 */
 
 #include <stdarg.h>
 #include <stdbool.h>
@@ -661,4 +661,4 @@ char *wallet_ffi_get_sequencer_addr(struct WalletHandle *handle);
  */
 void wallet_ffi_free_string(char *ptr);
 
-#endif /* WALLET_FFI_H */
+#endif  /* WALLET_FFI_H */

wallet/Cargo.toml

@@ -2,6 +2,7 @@
 name = "wallet"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }
 
 [dependencies]
 nssa_core.workspace = true