• Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • None
    • 2.2 ER2
    • System
    • None

      The version of the Prawn gems used by System (0.5.1), although released under RUBY, GPLv2 and GPLv3 licenses were still being shipped containing some proprietary TTF files in the package. After an analysis, we have decided to repack the gem striping out all the protected files and depend on a custom version of the component (https://github.com/3scale/prawn) instead of upgrading to a newer version or any alternative solution to generate PDFs.

      For further details on the analysis, please see to https://github.com/3scale/system/pull/8893#issuecomment-356045721

      Fixing the gem is pre-requirement for enabling billing on premises.

      With 3scale/prawn, license_finder in System is still raising license issues, but that is only because the base version of the gem, plus immediate dependencies, didn't include a proper manifest stating the licenses. Thus, we need to manually white-list them.

      A check can be performed by deep searching for TTF files within the following gems:

      • prawn-core (0.5.1.pre.3scale)git: 'https://github.com/3scale/prawn.git', branch: '0.5.1-3scale'
      • ttfunk (~> 1.0, >= 1.5.1)
      • pdf-reader (~> 0.9.0)
      • Ascii85 (1.0.2)
      • prawn-format (0.2.1)
      • prawn-layout (0.2.1)

              Unassigned Unassigned
              mcassola Guilherme Cassolato
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: