Merge pull request #317 from logos-blockchain/drusu/license

Add Licensing + cargo deny check to ensure all dependencies are compliant
2026-02-18 04:13:07 +00:00 · 2026-02-04 08:55:03 +04:00 · 2026-02-04 08:55:03 +04:00 · dac773fa03
commit dac773fa03
parent ec1424cd8e a939ceecad
50 changed files with 512 additions and 417 deletions
--- a/.deny.toml
+++ b/.deny.toml
@ -0,0 +1,50 @@
+# Config file reference can be found at https://embarkstudios.github.io/cargo-deny/checks/cfg.html.
+
+[graph]
+all-features        = true
+exclude-dev         = true
+no-default-features = true
+
+[advisories]
+ignore = [
+  { id = "RUSTSEC-2023-0071", reason = "Marvin Attack: potential key recovery through timing sidechannels" },
+  { id = "RUSTSEC-2024-0388", reason = "`derivative` is unmaintained; consider using an alternative. Use `cargo tree -p derivative -i > tmp.txt` to check the dependency tree." },
+  { id = "RUSTSEC-2024-0436", reason = "`paste` has a security vulnerability; consider using an alternative. Use `cargo tree -p paste -i > tmp.txt` to check the dependency tree." },
+  { id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in by ark-relations v0.4.0 - will be addressed before mainnet" },
+  { id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained but continuing to use it." },
+]
+yanked = "deny"
+unused-ignored-advisory = "deny"
+
+[bans]
+allow-wildcard-paths = false
+multiple-versions    = "allow"
+
+[licenses]
+allow = [
+  "Apache-2.0 WITH LLVM-exception",
+  "Apache-2.0",
+  "BSD-2-Clause",
+  "BSD-3-Clause",
+  "BSL-1.0",
+  "CC0-1.0",
+  "CDLA-Permissive-2.0",
+  "ISC",
+  "MIT",
+  "MPL-2.0",
+  "Unicode-3.0",
+  "Zlib",
+]
+private = { ignore = false }
+unused-allowed-license = "deny"
+
+[sources]
+allow-git = [
+  "https://github.com/EspressoSystems/jellyfish.git",
+  "https://github.com/logos-blockchain/logos-blockchain.git",
+]
+unknown-git = "deny"
+unknown-registry = "deny"
+
+[sources.allow-org]
+github = ["logos-co"]
--- a/.github/actions/install-logos-blockchain-circuits/action.yaml
+++ b/.github/actions/install-logos-blockchain-circuits/action.yaml
@ -0,0 +1,19 @@
+name: Setup Logos Blockchain Circuits
+
+description: Set up Logos Blockchain Circom Circuits, Rapidsnark prover and Rapidsnark verifier using the setup-logos-blockchain-circuits.sh script.
+
+inputs:
+  github-token:
+    description: GitHub token for downloading releases
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup logos-blockchain-circuits
+      shell: bash
+      working-directory: ${{ github.workspace }}
+      env:
+        GITHUB_TOKEN: ${{ inputs.github-token }}
+      run: |
+        curl -sSL https://raw.githubusercontent.com/logos-blockchain/logos-blockchain/main/scripts/setup-logos-blockchain-circuits.sh | bash
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -56,6 +56,19 @@ jobs:
      - name: Check for unused dependencies
        run: cargo machete

+  deny:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Install cargo-deny
+        run: cargo install --locked cargo-deny
+
+      - name: Check licenses and advisories
+        run: cargo deny check
+
  lint:
    runs-on: ubuntu-latest
    timeout-minutes: 60
@ -70,6 +83,10 @@ jobs:

      - uses: ./.github/actions/install-risc0

+      - uses: ./.github/actions/install-logos-blockchain-circuits
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
      - name: Install active toolchain
        run: rustup install

@ -95,6 +112,10 @@ jobs:

      - uses: ./.github/actions/install-risc0

+      - uses: ./.github/actions/install-logos-blockchain-circuits
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
      - name: Install active toolchain
        run: rustup install

@ -119,6 +140,10 @@ jobs:

      - uses: ./.github/actions/install-risc0

+      - uses: ./.github/actions/install-logos-blockchain-circuits
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
      - name: Install active toolchain
        run: rustup install

--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,3 +1,6 @@
+[workspace.package]
+license = "MIT or Apache-2.0"
+
 [workspace]
 resolver = "3"
 members = [
--- a/artifacts/program_methods/amm.bin
+++ b/artifacts/program_methods/amm.bin
--- a/artifacts/program_methods/authenticated_transfer.bin
+++ b/artifacts/program_methods/authenticated_transfer.bin
--- a/artifacts/program_methods/pinata.bin
+++ b/artifacts/program_methods/pinata.bin
--- a/artifacts/program_methods/pinata_token.bin
+++ b/artifacts/program_methods/pinata_token.bin
--- a/artifacts/program_methods/privacy_preserving_circuit.bin
+++ b/artifacts/program_methods/privacy_preserving_circuit.bin
--- a/artifacts/program_methods/token.bin
+++ b/artifacts/program_methods/token.bin
--- a/artifacts/test_program_methods/burner.bin
+++ b/artifacts/test_program_methods/burner.bin
--- a/artifacts/test_program_methods/chain_caller.bin
+++ b/artifacts/test_program_methods/chain_caller.bin
--- a/artifacts/test_program_methods/changer_claimer.bin
+++ b/artifacts/test_program_methods/changer_claimer.bin
--- a/artifacts/test_program_methods/claimer.bin
+++ b/artifacts/test_program_methods/claimer.bin
--- a/artifacts/test_program_methods/data_changer.bin
+++ b/artifacts/test_program_methods/data_changer.bin
--- a/artifacts/test_program_methods/extra_output.bin
+++ b/artifacts/test_program_methods/extra_output.bin
--- a/artifacts/test_program_methods/malicious_authorization_changer.bin
+++ b/artifacts/test_program_methods/malicious_authorization_changer.bin
--- a/artifacts/test_program_methods/minter.bin
+++ b/artifacts/test_program_methods/minter.bin
--- a/artifacts/test_program_methods/missing_output.bin
+++ b/artifacts/test_program_methods/missing_output.bin
--- a/artifacts/test_program_methods/modified_transfer.bin
+++ b/artifacts/test_program_methods/modified_transfer.bin
--- a/artifacts/test_program_methods/nonce_changer.bin
+++ b/artifacts/test_program_methods/nonce_changer.bin
--- a/artifacts/test_program_methods/noop.bin
+++ b/artifacts/test_program_methods/noop.bin
--- a/artifacts/test_program_methods/program_owner_changer.bin
+++ b/artifacts/test_program_methods/program_owner_changer.bin
--- a/artifacts/test_program_methods/simple_balance_transfer.bin
+++ b/artifacts/test_program_methods/simple_balance_transfer.bin
--- a/bedrock_client/Cargo.toml
+++ b/bedrock_client/Cargo.toml
@ -2,6 +2,7 @@
 name = "bedrock_client"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 reqwest.workspace = true
--- a/common/Cargo.toml
+++ b/common/Cargo.toml
@ -2,6 +2,7 @@
 name = "common"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa.workspace = true
--- a/examples/program_deployment/Cargo.toml
+++ b/examples/program_deployment/Cargo.toml
@ -2,6 +2,7 @@
 name = "program_deployment"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa.workspace = true
--- a/examples/program_deployment/methods/Cargo.toml
+++ b/examples/program_deployment/methods/Cargo.toml
@ -2,6 +2,7 @@
 name = "example_program_deployment_methods"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [build-dependencies]
 risc0-build.workspace = true
--- a/examples/program_deployment/methods/guest/Cargo.toml
+++ b/examples/program_deployment/methods/guest/Cargo.toml
@ -2,6 +2,7 @@
 name = "example_program_deployment_programs"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa_core.workspace = true
--- a/indexer_core/Cargo.toml
+++ b/indexer_core/Cargo.toml
@ -2,6 +2,7 @@
 name = "indexer_core"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 common.workspace = true
--- a/indexer_service/Cargo.toml
+++ b/indexer_service/Cargo.toml
@ -2,6 +2,7 @@
 name = "indexer_service"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 indexer_service_protocol.workspace = true
--- a/indexer_service/protocol/Cargo.toml
+++ b/indexer_service/protocol/Cargo.toml
@ -2,6 +2,7 @@
 name = "indexer_service_protocol"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa_core = { workspace = true, optional = true, features = ["host"] }
--- a/indexer_service/rpc/Cargo.toml
+++ b/indexer_service/rpc/Cargo.toml
@ -2,6 +2,7 @@
 name = "indexer_service_rpc"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 indexer_service_protocol = { workspace = true }
--- a/integration_tests/Cargo.toml
+++ b/integration_tests/Cargo.toml
@ -2,6 +2,7 @@
 name = "integration_tests"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa_core = { workspace = true, features = ["host"] }
--- a/key_protocol/Cargo.toml
+++ b/key_protocol/Cargo.toml
@ -2,6 +2,7 @@
 name = "key_protocol"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa.workspace = true
--- a/mempool/Cargo.toml
+++ b/mempool/Cargo.toml
@ -2,6 +2,7 @@
 name = "mempool"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 tokio = { workspace = true, features = ["sync"] }
--- a/nssa/Cargo.toml
+++ b/nssa/Cargo.toml
@ -2,6 +2,7 @@
 name = "nssa"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa_core = { workspace = true, features = ["host"] }
--- a/nssa/core/Cargo.toml
+++ b/nssa/core/Cargo.toml
@ -2,6 +2,7 @@
 name = "nssa_core"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 risc0-zkvm.workspace = true
--- a/program_methods/Cargo.toml
+++ b/program_methods/Cargo.toml
@ -2,6 +2,7 @@
 name = "program_methods"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [build-dependencies]
 risc0-build.workspace = true
--- a/program_methods/guest/Cargo.toml
+++ b/program_methods/guest/Cargo.toml
@ -2,6 +2,7 @@
 name = "programs"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa_core.workspace = true
--- a/sequencer_core/Cargo.toml
+++ b/sequencer_core/Cargo.toml
@ -2,6 +2,7 @@
 name = "sequencer_core"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa.workspace = true
--- a/sequencer_rpc/Cargo.toml
+++ b/sequencer_rpc/Cargo.toml
@ -2,6 +2,7 @@
 name = "sequencer_rpc"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa.workspace = true
--- a/sequencer_runner/Cargo.toml
+++ b/sequencer_runner/Cargo.toml
@ -2,6 +2,7 @@
 name = "sequencer_runner"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 common.workspace = true
--- a/storage/Cargo.toml
+++ b/storage/Cargo.toml
@ -2,6 +2,7 @@
 name = "storage"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 common.workspace = true
--- a/test_program_methods/Cargo.toml
+++ b/test_program_methods/Cargo.toml
@ -2,6 +2,7 @@
 name = "test_program_methods"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [build-dependencies]
 risc0-build.workspace = true
--- a/test_program_methods/guest/Cargo.toml
+++ b/test_program_methods/guest/Cargo.toml
@ -2,6 +2,7 @@
 name = "test_programs"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa_core.workspace = true
--- a/wallet-ffi/Cargo.toml
+++ b/wallet-ffi/Cargo.toml
@ -2,6 +2,7 @@
 name = "wallet-ffi"
 version = "0.1.0"
 edition = "2021"
+license = { workspace = true }

 [lib]
 crate-type = ["cdylib", "staticlib"]
@ -13,4 +14,4 @@ common.workspace = true
 tokio.workspace = true

 [build-dependencies]
-cbindgen = "0.26"
+cbindgen = "0.29"
--- a/wallet-ffi/wallet_ffi.h
+++ b/wallet-ffi/wallet_ffi.h
@ -24,7 +24,7 @@
 #ifndef WALLET_FFI_H
 #define WALLET_FFI_H

-/* Generated with cbindgen:0.26.0 */
+/* Generated with cbindgen:0.29.2 */

 #include <stdarg.h>
 #include <stdbool.h>
@ -661,4 +661,4 @@ char *wallet_ffi_get_sequencer_addr(struct WalletHandle *handle);
 */
 void wallet_ffi_free_string(char *ptr);

-#endif /* WALLET_FFI_H */
+#endif  /* WALLET_FFI_H */
--- a/wallet/Cargo.toml
+++ b/wallet/Cargo.toml
@ -2,6 +2,7 @@
 name = "wallet"
 version = "0.1.0"
 edition = "2024"
+license = { workspace = true }

 [dependencies]
 nssa_core.workspace = true