-
Sub-task
-
Resolution: Done
-
Major
-
None
-
2.2 ER2
-
None
The version of the Prawn gems used by System (0.5.1), although released under RUBY, GPLv2 and GPLv3 licenses were still being shipped containing some proprietary TTF files in the package. After an analysis, we have decided to repack the gem striping out all the protected files and depend on a custom version of the component (https://github.com/3scale/prawn) instead of upgrading to a newer version or any alternative solution to generate PDFs.
For further details on the analysis, please see to https://github.com/3scale/system/pull/8893#issuecomment-356045721
Fixing the gem is pre-requirement for enabling billing on premises.
With 3scale/prawn, license_finder in System is still raising license issues, but that is only because the base version of the gem, plus immediate dependencies, didn't include a proper manifest stating the licenses. Thus, we need to manually white-list them.
A check can be performed by deep searching for TTF files within the following gems:
- prawn-core (0.5.1.pre.3scale)git: 'https://github.com/3scale/prawn.git', branch: '0.5.1-3scale'
- ttfunk (~> 1.0, >= 1.5.1)
- pdf-reader (~> 0.9.0)
- Ascii85 (1.0.2)
- prawn-format (0.2.1)
- prawn-layout (0.2.1)