1// Copyright (C) 2022 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// A proto definition used to parse METADATA file in third party projects. 16 17// This proto will only contain fields and values used by android compliance. 18// It is not intended to be the formal definition of METADATA file. 19 20// See google3/third_party/metadata.proto if you need to add more stuff to 21// match upstream. Do not add new fields and values here. Add them upstream 22// when necessary, and copy them here. 23 24syntax = "proto2"; // As long as upstream is proto2... 25 26package project_metadata; 27option go_package = "android/soong/compliance/project_metadata_proto"; 28 29// Definitions for project metadata. (go/thirdparty/metadata) 30 31// Special naming conventions: 32// Repeated fields should have singular names (instead of plural). 33 34message Metadata { 35 // Name of this API/package. 36 optional string name = 1; 37 38 // A short description (a few lines) of the package. It will be 39 // included on the summary page. 40 // Example: "Handles location lookups, throttling, batching, etc." 41 optional string description = 3; 42 43 // Specifies additional data about third-party packages. 44 optional ThirdParty third_party = 13; 45} 46 47message ThirdParty { 48 // The name and description for the package should be specified using the top 49 // level fields in MetaData above 50 // 51 // Description should only specify a short description (a few lines) of the 52 // packages. Instructions for maintainers or similar information should be 53 // specified in BUILD comments, a separate README.md file, etc. 54 55 // URL(s) associated with the package. 56 // 57 // At a minimum, all packages must specify a URL which identifies where it 58 // came from, containing a type of: ARCHIVE, GIT, PIPER, or OTHER. Typically, 59 // a package should contain only a single URL from these types. Occasionally, 60 // a package may be broken across multiple archive files for whatever reason, 61 // in which case having multiple ARCHIVE URLs is okay. However, this should 62 // not be used to combine different logical packages that are versioned and 63 // possibly licensed differently. 64 repeated URL url = 1; 65 66 // The package version. In order of preference, this should contain: 67 // - If the package comes from Git or another source control system, 68 // a specific tag or revision in source control, such as "r123" or 69 // "58e27d2". This MUST NOT be a mutable ref such as a branch name. 70 // - a released package version such as "1.0", "2.3-beta", etc. 71 // - the date the package was retrieved, formatted as "As of YYYY-MM-DD". 72 optional string version = 2; 73 74 // The date of the change in which the package was last upgraded from 75 // upstream. 76 // This should only identify package upgrades from upstream, not local 77 // modifications. This may identify the date of either the original or 78 // merged change. 79 // 80 // Note: this is NOT the date that this version of the package was released 81 // externally. 82 optional Date last_upgrade_date = 10; 83 84 // License type that identifies how the package may be used. See 85 // go/thirdpartylicenses for instructions on selecting the appropriate type. 86 optional LicenseType license_type = 4; 87 88 // Description of local changes that have been made to the package. This does 89 // not need to (and in most cases should not) attempt to include an exhaustive 90 // list of all changes, but may instead direct readers to review the local 91 // commit history, a collection of patch files, a separate README.md (or 92 // similar) document, etc. 93 // Note: Use of this field to store IDs of advisories fixed with a backported 94 // patch is deprecated, use "security.mitigated_security_patch" instead. 95 optional string local_modifications = 6; 96 97 // The URL for any public mirror created for compliance purposes. 98 // See go/thirdpartylicenses#reciprocal policy for more details. 99 optional string compliance_mirror_url = 12; 100 101 // The homepage for the package. This will eventually replace 102 // `url { type: HOMEPAGE }` 103 optional string homepage = 14; 104} 105 106// URL associated with a third-party package. 107message URL { 108 enum Type { 109 // The homepage for the package. For example, "https://bazel.io/". This URL 110 // is optional, but encouraged to help disambiguate similarly named packages 111 // or to get more information about the package. This is especially helpful 112 // when no other URLs provide human readable resources (such as git:// or 113 // sso:// URLs). 114 HOMEPAGE = 1; 115 116 // The URL of the archive containing the source code for the package, for 117 // example a zip or tgz file. 118 ARCHIVE = 2; 119 120 // The URL of the upstream git repository this package is retrieved from. 121 // For example: 122 // - https://github.com/git/git.git 123 // - git://git.kernel.org/pub/scm/git/git.git 124 // 125 // Use of a git URL requires that the package "version" value must specify a 126 // specific git tag or revision. 127 GIT = 3; 128 129 // The URL of the upstream SVN repository this package is retrieved from. 130 // For example: 131 // - http://llvm.org/svn/llvm-project/llvm/ 132 // 133 // Use of an SVN URL requires that the package "version" value must specify 134 // a specific SVN tag or revision. 135 SVN = 7; 136 137 // The URL of the upstream mercurial repository this package is retrieved 138 // from. For example: 139 // - https://mercurial-scm.org/repo/evolve 140 // 141 // Use of a mercurial URL requires that the package "version" value must 142 // specify a specific tag or revision. 143 HG = 8; 144 145 // The URL of the upstream darcs repository this package is retrieved 146 // from. For example: 147 // - https://hub.darcs.net/hu.dwim/hu.dwim.util 148 // 149 // Use of a DARCS URL requires that the package "version" value must 150 // specify a specific tag or revision. 151 DARCS = 9; 152 153 // The URL of the upstream piper location. This is primarily used when a 154 // package is being migrated into third_party from elsewhere in piper, or 155 // when a package is being newly developed in third_party. For newly 156 // developed packages, the PIPER URL should reference the package itself 157 // (e.g. "http://google3/third_party/my/package") 158 PIPER = 4; 159 160 // A URL that does not fit any other type. This may also indicate that the 161 // source code was received via email or some other out-of-band way. This is 162 // most commonly used with commercial software received directly from the 163 // vendor. In the case of email, the URL value can be used to provide 164 // additional information about how it was received. 165 OTHER = 11; 166 167 // The URL identifying where the local copy of the package source code can 168 // be found. 169 // 170 // Typically, the metadata files describing a package reside in the same 171 // directory as the source code for the package. In a few rare cases where 172 // they are separate, the LOCAL_SOURCE URL identifies where to find the 173 // source code. This only describes where to find the local copy of the 174 // source; there should always be an additional URL describing where the 175 // package was retrieved from. 176 // 177 // Examples: 178 // - http://google3/third_party/java_src/gerritcodereview/gerrit/ 179 // - https://android.googlesource.com/platform/external/apache-http/ 180 LOCAL_SOURCE = 6; 181 } 182 183 // The type of resource this URL identifies. 184 optional Type type = 1; 185 186 // The actual URL value. URLs should be absolute and start with 'http://' or 187 // 'https://' (or occasionally 'git://' or 'ftp://' where appropriate). 188 optional string value = 2; 189} 190 191// License type that identifies how the packages may be used. See 192// go/thirdpartylicenses for full explanation of each license type. 193enum LicenseType { 194 BY_EXCEPTION_ONLY = 1; 195 NOTICE = 2; 196 PERMISSIVE = 3; 197 RECIPROCAL = 4; 198 RESTRICTED_IF_STATICALLY_LINKED = 5; 199 RESTRICTED = 6; 200 UNENCUMBERED = 7; 201} 202 203 204// Represents a whole or partial calendar date, such as a birthday. The time of 205// day and time zone are either specified elsewhere or are insignificant. The 206// date is relative to the Gregorian Calendar. This can represent one of the 207// following: 208// 209// * A full date, with non-zero year, month, and day values. 210// * A month and day, with a zero year (for example, an anniversary). 211// * A year on its own, with a zero month and a zero day. 212// * A year and month, with a zero day (for example, a credit card expiration 213// date). 214message Date { 215 // Year of the date. Must be from 1 to 9999, or 0 to specify a date without 216 // a year. 217 optional int32 year = 1; 218 // Month of a year. Must be from 1 to 12, or 0 to specify a year without a 219 // month and day. 220 optional int32 month = 2; 221 // Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 222 // to specify a year by itself or a year and month where the day isn't 223 // significant. 224 optional int32 day = 3; 225} 226