Upgrade to SPDX License 3.0 and handle deprecations more gracefully, fixes #6951
parent
ab8437ce06
commit
5cd0fef7ff
|
@ -126,23 +126,23 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "composer/spdx-licenses",
|
"name": "composer/spdx-licenses",
|
||||||
"version": "1.1.6",
|
"version": "1.2.0",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/composer/spdx-licenses.git",
|
"url": "https://github.com/composer/spdx-licenses.git",
|
||||||
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c"
|
"reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2603a0d7ddc00a015deb576fa5297ca43dee6b1c",
|
"url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2d899e9b33023c631854f36c39ef9f8317a7ab33",
|
||||||
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c",
|
"reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
"php": "^5.3.2 || ^7.0"
|
"php": "^5.3.2 || ^7.0"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"phpunit/phpunit": "^4.5 || ^5.0.5",
|
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5",
|
||||||
"phpunit/phpunit-mock-objects": "2.3.0 || ^3.0"
|
"phpunit/phpunit-mock-objects": "2.3.0 || ^3.0"
|
||||||
},
|
},
|
||||||
"type": "library",
|
"type": "library",
|
||||||
|
@ -183,7 +183,7 @@
|
||||||
"spdx",
|
"spdx",
|
||||||
"validator"
|
"validator"
|
||||||
],
|
],
|
||||||
"time": "2017-04-03T19:08:52+00:00"
|
"time": "2018-01-03T16:37:06+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "justinrainbow/json-schema",
|
"name": "justinrainbow/json-schema",
|
||||||
|
|
|
@ -17,6 +17,7 @@ use Composer\Package\BasePackage;
|
||||||
use Composer\Semver\Constraint\Constraint;
|
use Composer\Semver\Constraint\Constraint;
|
||||||
use Composer\Package\Version\VersionParser;
|
use Composer\Package\Version\VersionParser;
|
||||||
use Composer\Repository\PlatformRepository;
|
use Composer\Repository\PlatformRepository;
|
||||||
|
use Composer\Spdx\SpdxLicenses;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Jordi Boggiano <j.boggiano@seld.be>
|
* @author Jordi Boggiano <j.boggiano@seld.be>
|
||||||
|
@ -97,6 +98,48 @@ class ValidatingArrayLoader implements LoaderInterface
|
||||||
} else {
|
} else {
|
||||||
$this->validateFlatArray('license', '[A-Za-z0-9+. ()-]+');
|
$this->validateFlatArray('license', '[A-Za-z0-9+. ()-]+');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (is_array($this->config['license']) || is_string($this->config['license'])) {
|
||||||
|
$licenses = (array) $this->config['license'];
|
||||||
|
|
||||||
|
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
|
||||||
|
foreach ($licenses as $key => $license) {
|
||||||
|
if ('proprietary' === $license) {
|
||||||
|
unset($licenses[$key]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$licenseValidator = new SpdxLicenses();
|
||||||
|
if (count($licenses) === 1 && !$licenseValidator->validate($licenses) && $licenseValidator->validate(trim($licenses[0]))) {
|
||||||
|
$this->warnings[] = sprintf(
|
||||||
|
'License %s must not contain extra spaces, make sure to trim it.',
|
||||||
|
json_encode($this->config['license'])
|
||||||
|
);
|
||||||
|
} elseif (array() !== $licenses && !$licenseValidator->validate($licenses)) {
|
||||||
|
$this->warnings[] = sprintf(
|
||||||
|
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
|
||||||
|
'If the software is closed-source, you may use "proprietary" as license.',
|
||||||
|
json_encode($this->config['license'])
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
foreach ($licenses as $license) {
|
||||||
|
$spdxLicense = $licenseValidator->getLicenseByIdentifier($license);
|
||||||
|
if ($spdxLicense && $spdxLicense[3]) {
|
||||||
|
if (preg_match('{^[AL]?GPL-[123](\.[01])?\+?$}i', $license)) {
|
||||||
|
$this->warnings[] = sprintf(
|
||||||
|
'License "%s" is a deprecated SPDX license identifier, use "'.$license.'-only" or "'.$license.'-or-later" instead',
|
||||||
|
$license
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
$this->warnings[] = sprintf(
|
||||||
|
'License "%s" is a deprecated SPDX license identifier, see https://spdx.org/licenses/',
|
||||||
|
$license
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->validateString('time');
|
$this->validateString('time');
|
||||||
|
|
|
@ -18,7 +18,6 @@ use Composer\Package\Loader\InvalidPackageException;
|
||||||
use Composer\Json\JsonValidationException;
|
use Composer\Json\JsonValidationException;
|
||||||
use Composer\IO\IOInterface;
|
use Composer\IO\IOInterface;
|
||||||
use Composer\Json\JsonFile;
|
use Composer\Json\JsonFile;
|
||||||
use Composer\Spdx\SpdxLicenses;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validates a composer configuration.
|
* Validates a composer configuration.
|
||||||
|
@ -73,31 +72,7 @@ class ConfigValidator
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate actual data
|
// validate actual data
|
||||||
if (!empty($manifest['license'])) {
|
if (empty($manifest['license'])) {
|
||||||
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
|
|
||||||
if (is_array($manifest['license'])) {
|
|
||||||
foreach ($manifest['license'] as $key => $license) {
|
|
||||||
if ('proprietary' === $license) {
|
|
||||||
unset($manifest['license'][$key]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$licenseValidator = new SpdxLicenses();
|
|
||||||
if ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license']) && $licenseValidator->validate(trim($manifest['license']))) {
|
|
||||||
$warnings[] = sprintf(
|
|
||||||
'License %s must not contain extra spaces, make sure to trim it.',
|
|
||||||
json_encode($manifest['license'])
|
|
||||||
);
|
|
||||||
} elseif ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license'])) {
|
|
||||||
$warnings[] = sprintf(
|
|
||||||
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.'
|
|
||||||
. PHP_EOL .
|
|
||||||
'If the software is closed-source, you may use "proprietary" as license.',
|
|
||||||
json_encode($manifest['license'])
|
|
||||||
);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$warnings[] = 'No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.';
|
$warnings[] = 'No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue