From 5cd0fef7ff75dbe32c06a8d36b4f837852a6d004 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Thu, 4 Jan 2018 10:42:31 +0100 Subject: [PATCH] Upgrade to SPDX License 3.0 and handle deprecations more gracefully, fixes #6951 --- composer.lock | 12 +++--- .../Package/Loader/ValidatingArrayLoader.php | 43 +++++++++++++++++++ src/Composer/Util/ConfigValidator.php | 27 +----------- 3 files changed, 50 insertions(+), 32 deletions(-) diff --git a/composer.lock b/composer.lock index 858234009..23915cf61 100644 --- a/composer.lock +++ b/composer.lock @@ -126,23 +126,23 @@ }, { "name": "composer/spdx-licenses", - "version": "1.1.6", + "version": "1.2.0", "source": { "type": "git", "url": "https://github.com/composer/spdx-licenses.git", - "reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c" + "reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2603a0d7ddc00a015deb576fa5297ca43dee6b1c", - "reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c", + "url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2d899e9b33023c631854f36c39ef9f8317a7ab33", + "reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0" }, "require-dev": { - "phpunit/phpunit": "^4.5 || ^5.0.5", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5", "phpunit/phpunit-mock-objects": "2.3.0 || ^3.0" }, "type": "library", @@ -183,7 +183,7 @@ "spdx", "validator" ], - "time": "2017-04-03T19:08:52+00:00" + "time": "2018-01-03T16:37:06+00:00" }, { "name": "justinrainbow/json-schema", diff --git a/src/Composer/Package/Loader/ValidatingArrayLoader.php b/src/Composer/Package/Loader/ValidatingArrayLoader.php index f98db5955..68279d539 100644 --- a/src/Composer/Package/Loader/ValidatingArrayLoader.php +++ b/src/Composer/Package/Loader/ValidatingArrayLoader.php @@ -17,6 +17,7 @@ use Composer\Package\BasePackage; use Composer\Semver\Constraint\Constraint; use Composer\Package\Version\VersionParser; use Composer\Repository\PlatformRepository; +use Composer\Spdx\SpdxLicenses; /** * @author Jordi Boggiano @@ -97,6 +98,48 @@ class ValidatingArrayLoader implements LoaderInterface } else { $this->validateFlatArray('license', '[A-Za-z0-9+. ()-]+'); } + + if (is_array($this->config['license']) || is_string($this->config['license'])) { + $licenses = (array) $this->config['license']; + + // strip proprietary since it's not a valid SPDX identifier, but is accepted by composer + foreach ($licenses as $key => $license) { + if ('proprietary' === $license) { + unset($licenses[$key]); + } + } + + $licenseValidator = new SpdxLicenses(); + if (count($licenses) === 1 && !$licenseValidator->validate($licenses) && $licenseValidator->validate(trim($licenses[0]))) { + $this->warnings[] = sprintf( + 'License %s must not contain extra spaces, make sure to trim it.', + json_encode($this->config['license']) + ); + } elseif (array() !== $licenses && !$licenseValidator->validate($licenses)) { + $this->warnings[] = sprintf( + 'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL . + 'If the software is closed-source, you may use "proprietary" as license.', + json_encode($this->config['license']) + ); + } else { + foreach ($licenses as $license) { + $spdxLicense = $licenseValidator->getLicenseByIdentifier($license); + if ($spdxLicense && $spdxLicense[3]) { + if (preg_match('{^[AL]?GPL-[123](\.[01])?\+?$}i', $license)) { + $this->warnings[] = sprintf( + 'License "%s" is a deprecated SPDX license identifier, use "'.$license.'-only" or "'.$license.'-or-later" instead', + $license + ); + } else { + $this->warnings[] = sprintf( + 'License "%s" is a deprecated SPDX license identifier, see https://spdx.org/licenses/', + $license + ); + } + } + } + } + } } $this->validateString('time'); diff --git a/src/Composer/Util/ConfigValidator.php b/src/Composer/Util/ConfigValidator.php index 9953e92d4..e5f64ec23 100644 --- a/src/Composer/Util/ConfigValidator.php +++ b/src/Composer/Util/ConfigValidator.php @@ -18,7 +18,6 @@ use Composer\Package\Loader\InvalidPackageException; use Composer\Json\JsonValidationException; use Composer\IO\IOInterface; use Composer\Json\JsonFile; -use Composer\Spdx\SpdxLicenses; /** * Validates a composer configuration. @@ -73,31 +72,7 @@ class ConfigValidator } // validate actual data - if (!empty($manifest['license'])) { - // strip proprietary since it's not a valid SPDX identifier, but is accepted by composer - if (is_array($manifest['license'])) { - foreach ($manifest['license'] as $key => $license) { - if ('proprietary' === $license) { - unset($manifest['license'][$key]); - } - } - } - - $licenseValidator = new SpdxLicenses(); - if ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license']) && $licenseValidator->validate(trim($manifest['license']))) { - $warnings[] = sprintf( - 'License %s must not contain extra spaces, make sure to trim it.', - json_encode($manifest['license']) - ); - } elseif ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license'])) { - $warnings[] = sprintf( - 'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' - . PHP_EOL . - 'If the software is closed-source, you may use "proprietary" as license.', - json_encode($manifest['license']) - ); - } - } else { + if (empty($manifest['license'])) { $warnings[] = 'No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.'; }