Upgrade to SPDX License 3.0 and handle deprecations more gracefully, fixes #6951
parent
ab8437ce06
commit
5cd0fef7ff
|
@ -126,23 +126,23 @@
|
|||
},
|
||||
{
|
||||
"name": "composer/spdx-licenses",
|
||||
"version": "1.1.6",
|
||||
"version": "1.2.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/composer/spdx-licenses.git",
|
||||
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c"
|
||||
"reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2603a0d7ddc00a015deb576fa5297ca43dee6b1c",
|
||||
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c",
|
||||
"url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2d899e9b33023c631854f36c39ef9f8317a7ab33",
|
||||
"reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^5.3.2 || ^7.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "^4.5 || ^5.0.5",
|
||||
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5",
|
||||
"phpunit/phpunit-mock-objects": "2.3.0 || ^3.0"
|
||||
},
|
||||
"type": "library",
|
||||
|
@ -183,7 +183,7 @@
|
|||
"spdx",
|
||||
"validator"
|
||||
],
|
||||
"time": "2017-04-03T19:08:52+00:00"
|
||||
"time": "2018-01-03T16:37:06+00:00"
|
||||
},
|
||||
{
|
||||
"name": "justinrainbow/json-schema",
|
||||
|
|
|
@ -17,6 +17,7 @@ use Composer\Package\BasePackage;
|
|||
use Composer\Semver\Constraint\Constraint;
|
||||
use Composer\Package\Version\VersionParser;
|
||||
use Composer\Repository\PlatformRepository;
|
||||
use Composer\Spdx\SpdxLicenses;
|
||||
|
||||
/**
|
||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||
|
@ -97,6 +98,48 @@ class ValidatingArrayLoader implements LoaderInterface
|
|||
} else {
|
||||
$this->validateFlatArray('license', '[A-Za-z0-9+. ()-]+');
|
||||
}
|
||||
|
||||
if (is_array($this->config['license']) || is_string($this->config['license'])) {
|
||||
$licenses = (array) $this->config['license'];
|
||||
|
||||
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
|
||||
foreach ($licenses as $key => $license) {
|
||||
if ('proprietary' === $license) {
|
||||
unset($licenses[$key]);
|
||||
}
|
||||
}
|
||||
|
||||
$licenseValidator = new SpdxLicenses();
|
||||
if (count($licenses) === 1 && !$licenseValidator->validate($licenses) && $licenseValidator->validate(trim($licenses[0]))) {
|
||||
$this->warnings[] = sprintf(
|
||||
'License %s must not contain extra spaces, make sure to trim it.',
|
||||
json_encode($this->config['license'])
|
||||
);
|
||||
} elseif (array() !== $licenses && !$licenseValidator->validate($licenses)) {
|
||||
$this->warnings[] = sprintf(
|
||||
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
|
||||
'If the software is closed-source, you may use "proprietary" as license.',
|
||||
json_encode($this->config['license'])
|
||||
);
|
||||
} else {
|
||||
foreach ($licenses as $license) {
|
||||
$spdxLicense = $licenseValidator->getLicenseByIdentifier($license);
|
||||
if ($spdxLicense && $spdxLicense[3]) {
|
||||
if (preg_match('{^[AL]?GPL-[123](\.[01])?\+?$}i', $license)) {
|
||||
$this->warnings[] = sprintf(
|
||||
'License "%s" is a deprecated SPDX license identifier, use "'.$license.'-only" or "'.$license.'-or-later" instead',
|
||||
$license
|
||||
);
|
||||
} else {
|
||||
$this->warnings[] = sprintf(
|
||||
'License "%s" is a deprecated SPDX license identifier, see https://spdx.org/licenses/',
|
||||
$license
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->validateString('time');
|
||||
|
|
|
@ -18,7 +18,6 @@ use Composer\Package\Loader\InvalidPackageException;
|
|||
use Composer\Json\JsonValidationException;
|
||||
use Composer\IO\IOInterface;
|
||||
use Composer\Json\JsonFile;
|
||||
use Composer\Spdx\SpdxLicenses;
|
||||
|
||||
/**
|
||||
* Validates a composer configuration.
|
||||
|
@ -73,31 +72,7 @@ class ConfigValidator
|
|||
}
|
||||
|
||||
// validate actual data
|
||||
if (!empty($manifest['license'])) {
|
||||
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
|
||||
if (is_array($manifest['license'])) {
|
||||
foreach ($manifest['license'] as $key => $license) {
|
||||
if ('proprietary' === $license) {
|
||||
unset($manifest['license'][$key]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$licenseValidator = new SpdxLicenses();
|
||||
if ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license']) && $licenseValidator->validate(trim($manifest['license']))) {
|
||||
$warnings[] = sprintf(
|
||||
'License %s must not contain extra spaces, make sure to trim it.',
|
||||
json_encode($manifest['license'])
|
||||
);
|
||||
} elseif ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license'])) {
|
||||
$warnings[] = sprintf(
|
||||
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.'
|
||||
. PHP_EOL .
|
||||
'If the software is closed-source, you may use "proprietary" as license.',
|
||||
json_encode($manifest['license'])
|
||||
);
|
||||
}
|
||||
} else {
|
||||
if (empty($manifest['license'])) {
|
||||
$warnings[] = 'No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.';
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue