Narrows the previous check, allowing this particular LGPL
only for the hashx and equix crates.
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
This replaces the 'TODO' marker from earlier commits, using tevador's
copyright and license (LGPL 3.0 only) for the hashx and equix crates.
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
This is a new pure Rust implementation of the HashX algorithm
designed by tevador for Tor's onion service proof of work puzzle v1.
HashX is a lightweight family of randomly generated hash functions.
A seed, via blake2 and siphash, drives a program generation model
which randomly selects opcodes and registers while following some
constraints that avoid timing stalls or insufficient hash mixing.
The execution of these hash funcions can be done using a pure Rust
interpreter, or about 20x faster using a very simple just in time
compiler based on the dynasm assembler crate. This has been
implemented for x86_64 and aarch64.
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
Previously we allowed this license unconditionally. But because of its
non-self-enacting nature, we need the actual notice from its "exhibit A"
to appear somewhere that says that it applies to all the relevant code.
Therefore, we shouldn't take new MPL-2.0 dependencies without
hand-checking them. (I am tentatively allowing option-ext, though,
since we already have an indirect dependency on that crate via
`directories`.)
For more info, see https://gitlab.torproject.org/tpo/core/arti/-/issues/845
The generational-arena crate is distributed under MPL-2.0,
so we need to allow it.
I believe that this license is fine and does not interfere with
our code or our users; the reviewer should double-check.
This commit changes the shebang in all shell scripts from absolute
paths (such as `/bin/bash` or `/usr/bin/python3`) to the `/usr/bin/env`
binary with the accompanying interpreter as it's argument.
The reason for this are as follows:
- NixOS cannot work with absolute paths
- BSD systems install their packages in /usr/local/bin
The license there is `(MIT OR Apache-2.0) AND Unicode-DFS-2016`,
which fine, but the existing shell script doesn't actually handle
"AND" correctly. This commit adds a workaround for licenses that
are "AND", and some comments about weaknesses in our (lack of)
boolean expression parsing.
This should fix CI.
Closes#462.
Note that the license on `ring` is slightly problematic for some
users, including as it does old the openssl license[^1], with
advertising clause and all. That's not a blocker for us now, since
`ring` is not a required dependency. But we wouldn't want `ring` to
become a mandatory dependency because of this.
[^1]: To make the situation even more complicated, modern openssl
has relicensed under apache-2.0, but that doesn't necessarily
help us, since ring took its code from boringssll, which
forked from an older version of openssl.
A build script reaching into your .git/hooks/ and modifying them
nonconsensually was a bit of a horrifying concept, and also made it hard
to build arti with the feature disabled. Remove this crate, and replace
it with manual instructions on how to install the hooks in
CONTRIBUTING.md.
As per #309
Update all references. There is one remaining hit for
git-grep '\.sh\b'
namely "build.sh" in maint/reproducible_build, which I think is
the build script for osxcross - ie, an external project.