What is FOSSology and how to set it up?

Understanding how copyright and licenses function, and being able to clearly and precisely express them, is critical to ensure that your contributions are suitable for use in open source projects, and that licensing statements accurately reflect your goals. Licenses grant others that wish to use your code authorization in advance. Being able to minimize difficulties and uncertainty is useful for both inside business projects and contributing to open source projects.

Whenever you install a software, or use a software to create another software, you have to follow certain license compliances provided by those third-party software. If you are working with a software, you must understand clear understanding of these three things:

• Things you are required to do (MUST)
• Things you are permitted to do (CAN)
• Things you are forbidden to do (CANNOT)

You must also follow certain open source compliance practices if you want to build and ship open source software. It's critical to understand how this works so that you or the organization don't make costly mistakes when adopting, using, and deploying open source software. Few of the practices listed below are:

• Identification of the origin and applicable licenses
• Tracking open source software within the development process
• Performing open source practices review and identifying license obligations
• Fulfillment of license obligations when the product ships
• Oversight for Open Source Compliance Program, creation of policy, and compliance decisions

So, where does FOSSology fit into this picture?

FOSSology is a open source license compliance software system and toolkit. It is essentially a web-based/command-line utility for ensuring software license and copyright compliance. Since, it provides a web based interface with a database, it has multi-user/multi-tenant support to organize all your clearing jobs.

What does FOSSology do?

The FOSSology project offers tool-based licensing identification. These are the basic set of features of FOSSology toolkit:

• Identifying license-related texts
• Aggregation of licenses in hierarchical view
• Highlighting text occurrences
• Identifying phrasing discrepancies in comparison to reference texts
• Looking for licensing terms
• Bulk processing of files with same licensing
• Reporting of discovered licenses
• Reusing of license conclusions

Other features of FOSSology are:

• Copyright, authorship statements scanner
• Export control and customs scanner (ECC)
• Workflow integration with command line interfaces
• Reporting
  • SPDX RDF and tag-value
  • Debian-copyright
  • Plain text output
• Files sorting in buckets
• User, group and upload management

Now you know about the features of FOSSology, let's setup FOSSology toolkit in our local environment. This tutorial is for installation of FOSSology from source code in Ubuntu 20.04.

1. First you need to clone the repository in the machine using this command.
   

   git clone https://github.com/fossology/fossology.git 
   

2. Once you have cloned the fossology repository in GitHub, move to that folder first using the change directory command.
   

   cd fossology 
   

3. This program requires the lsb_release command, so we need to install lsb_release package.
   

   sudo apt install lsb_release
   

4. Now we can proceed with installing necessary dependencies required to run FOSSology. There are a lot of dependencies which gets installed during this command. Make sure to add -y flag in front of your install script to avoid prompts asking for your permission to install the required dependencies.
   

   sudo ./utils/fo-installdeps -y 
   

5. Now you have all the packages required to compile and run FOSSology. We'll now build the FOSSology project by running this command. There would be a few warnings generated, but you can ignore them.
   

   make
   

6. Next, we will install FOSSology in our system. Run it with root privileges. Again a few warnings would be generated, but feel free to ignore them.
   

   sudo make install
   

7. Once everything has been set up, run the post install script. This will create fossy user in your system and setup a Postgre database.
   

   sudo /usr/local/lib/fossology/fo-postinstall
   

8. The basic installation has been completed. Now test this installation by heading over to http://localhost/repo and login with username and password as fossy.

   

9. After this start the scheduler daemon. This will start FOSSology on each restart of the machine.
   

   sudo systemctl enable --now fossology
   

   Start the daemon
   

   sudo systemctl start fossology 
   

   Verify that the daemon is up and running by heading over to
   FOSSology UI > Admin > Scheduler and check for the Status
   and click submit. It should show one daemon running.

   

10. You can also configure and tune your system. There's a detailed wiki which would let you manage disk space, configure PHP, optimize Postgre, etc. We will configure PHP settings in this step. By default, PHP ships with 2 MB upload limit, which is very less for uploading huge applications. We can overwrite php.ini file with memory limit, upload limit and set a timezone.
    

    sudo ./install/scripts/php-conf-fix.sh --overwrite
    

    Verify this change by heading over to FOSSology UI > Upload >
From File and look at the maximum upload size. It should be
    changed to 700Mbytes.
    If the change isn't visible, restart your Apache server.
    

    sudo service apache2 restart 
    

    Now again, head over to that page and you should see
    700Mbytes written as maximum upload file size there.

    

Now, FOSSology would be finally up and running in your machine for basic usage. You can still configure and tune your machine and use FOSSology according to your needs. Go through the detailed wiki here.

If you are looking for video tutorial installation of FOSSology, please refer this video.

Checkout FOSSology project on GitHub and join their Slack to interact with the community!!

Happy Coding!!💻