Fail haskell build package on white/black-listed licenses

I’m trying to ensure that my project do not use specific licenses.
Here is pinned nixpkgs in my project, I’m trying to test package filtering with whitelistedLicenses configuration:

  fetchNixpkgs =
    builtins.fetchTarball "${rev}.tar.gz";

  importNixpkgs =
      pkgsSrc = fetchNixpkgs rev;
      lib = import "${pkgsSrc}/lib";
    import pkgsSrc {
      config = {
        allowBroken = true;
        checkMeta = true;
        whitelistedLicenses = with lib.licenses; [ agpl3Only ];

  pkgs = importNixpkgs "3821543de7ec3f9a19bdbd7ec0bfd98b9b3253f3";

If I understand correctly it should fail because whitelistedLicenses should allow only agpl3Only license packages. But build doesn’t fail.
Is there is a way to ensure that my project doesn’t use any GPL-based licenses?

The whitelistedLicenses attribute is somewhat confusingly named. It actually only serves as a list of exceptions to unfree licenses, not a true whitelist:

That is, when a package’s meta.license contains a license considered unfree and also contains a (possibly different) license from whitelistedLicenses, the package will not be considered unfree. 🤷‍♀

You could probably achieve what you want by adding all licenses from lib.licenses except for agpl3Only to blacklistedLicenses.

But I do not see how allowing only that specific license will work. I doubt there are any AGPL 3.0 only packages that do not depend on anything. Even GNU Make, which is part of build closure of almost everything, is GPL 3 or later.

Thank you for reply. Really whitelist is confusing.
My example also is confusing a little bit. It was just for testing.
Thank you very much for response!

I tried to find out which haskell packages has licenses:

$ ag gpl | grep haskell | grep license | awk '{ print $4;}' | sort | uniq

It is strange to see some licenses as strings, for example: “AGPL”.
blacklistedLicenses can’t accept strings, is it possible to handle such cases and blacklist “AGPL”?

Hmm, looks like the packages either did not use SPDX identifier so they could not be matched to a license attrset (AGPL example), or different parts of the project are distributed under different license (AND example). The first should be fixed per-project on Hackage; the latter Nix actually supports (list in meta.license has AND/intersection semantics) but cabal2nix does not handle them at the moment.

Of course string licenses are still supported, as are ad-hoc licenses not listed in lib/license.nix, so we should probably remove the restrictions in check-meta.nix.

Feel free to open issue or pull request for any of those problems. Or if you just want to move on, you can use the fact that Nix is a programming language and traverse the dependency tree and do the checks yourself.

1 Like

Thank you for your help!

ср, 20 янв. 2021 г., 11:14 Jan Tojnar via NixOS Discourse <>: