1
0
Fork 0

Upgrade to SPDX License 3.0 and handle deprecations more gracefully, fixes #6951

pull/6969/merge
Jordi Boggiano 2018-01-04 10:42:31 +01:00
parent ab8437ce06
commit 5cd0fef7ff
3 changed files with 50 additions and 32 deletions

12
composer.lock generated
View File

@ -126,23 +126,23 @@
}, },
{ {
"name": "composer/spdx-licenses", "name": "composer/spdx-licenses",
"version": "1.1.6", "version": "1.2.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/composer/spdx-licenses.git", "url": "https://github.com/composer/spdx-licenses.git",
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c" "reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2603a0d7ddc00a015deb576fa5297ca43dee6b1c", "url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2d899e9b33023c631854f36c39ef9f8317a7ab33",
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c", "reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": "^5.3.2 || ^7.0" "php": "^5.3.2 || ^7.0"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": "^4.5 || ^5.0.5", "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5",
"phpunit/phpunit-mock-objects": "2.3.0 || ^3.0" "phpunit/phpunit-mock-objects": "2.3.0 || ^3.0"
}, },
"type": "library", "type": "library",
@ -183,7 +183,7 @@
"spdx", "spdx",
"validator" "validator"
], ],
"time": "2017-04-03T19:08:52+00:00" "time": "2018-01-03T16:37:06+00:00"
}, },
{ {
"name": "justinrainbow/json-schema", "name": "justinrainbow/json-schema",

View File

@ -17,6 +17,7 @@ use Composer\Package\BasePackage;
use Composer\Semver\Constraint\Constraint; use Composer\Semver\Constraint\Constraint;
use Composer\Package\Version\VersionParser; use Composer\Package\Version\VersionParser;
use Composer\Repository\PlatformRepository; use Composer\Repository\PlatformRepository;
use Composer\Spdx\SpdxLicenses;
/** /**
* @author Jordi Boggiano <j.boggiano@seld.be> * @author Jordi Boggiano <j.boggiano@seld.be>
@ -97,6 +98,48 @@ class ValidatingArrayLoader implements LoaderInterface
} else { } else {
$this->validateFlatArray('license', '[A-Za-z0-9+. ()-]+'); $this->validateFlatArray('license', '[A-Za-z0-9+. ()-]+');
} }
if (is_array($this->config['license']) || is_string($this->config['license'])) {
$licenses = (array) $this->config['license'];
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
foreach ($licenses as $key => $license) {
if ('proprietary' === $license) {
unset($licenses[$key]);
}
}
$licenseValidator = new SpdxLicenses();
if (count($licenses) === 1 && !$licenseValidator->validate($licenses) && $licenseValidator->validate(trim($licenses[0]))) {
$this->warnings[] = sprintf(
'License %s must not contain extra spaces, make sure to trim it.',
json_encode($this->config['license'])
);
} elseif (array() !== $licenses && !$licenseValidator->validate($licenses)) {
$this->warnings[] = sprintf(
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
'If the software is closed-source, you may use "proprietary" as license.',
json_encode($this->config['license'])
);
} else {
foreach ($licenses as $license) {
$spdxLicense = $licenseValidator->getLicenseByIdentifier($license);
if ($spdxLicense && $spdxLicense[3]) {
if (preg_match('{^[AL]?GPL-[123](\.[01])?\+?$}i', $license)) {
$this->warnings[] = sprintf(
'License "%s" is a deprecated SPDX license identifier, use "'.$license.'-only" or "'.$license.'-or-later" instead',
$license
);
} else {
$this->warnings[] = sprintf(
'License "%s" is a deprecated SPDX license identifier, see https://spdx.org/licenses/',
$license
);
}
}
}
}
}
} }
$this->validateString('time'); $this->validateString('time');

View File

@ -18,7 +18,6 @@ use Composer\Package\Loader\InvalidPackageException;
use Composer\Json\JsonValidationException; use Composer\Json\JsonValidationException;
use Composer\IO\IOInterface; use Composer\IO\IOInterface;
use Composer\Json\JsonFile; use Composer\Json\JsonFile;
use Composer\Spdx\SpdxLicenses;
/** /**
* Validates a composer configuration. * Validates a composer configuration.
@ -73,31 +72,7 @@ class ConfigValidator
} }
// validate actual data // validate actual data
if (!empty($manifest['license'])) { if (empty($manifest['license'])) {
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
if (is_array($manifest['license'])) {
foreach ($manifest['license'] as $key => $license) {
if ('proprietary' === $license) {
unset($manifest['license'][$key]);
}
}
}
$licenseValidator = new SpdxLicenses();
if ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license']) && $licenseValidator->validate(trim($manifest['license']))) {
$warnings[] = sprintf(
'License %s must not contain extra spaces, make sure to trim it.',
json_encode($manifest['license'])
);
} elseif ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license'])) {
$warnings[] = sprintf(
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.'
. PHP_EOL .
'If the software is closed-source, you may use "proprietary" as license.',
json_encode($manifest['license'])
);
}
} else {
$warnings[] = 'No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.'; $warnings[] = 'No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.';
} }