aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2020-07-02 17:06:24 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2020-07-02 19:38:37 +0300
commit594a3bc993cd1d0df054ccc1ff06f5c047827fe6 (patch)
treeab57f26a2048df35d84b8b0f1a631f36de98323f
parent2791fa36fb6a3688461ca6c5a07d003fba711ddc (diff)
Verify that package license has no scheme or 'other' scheme
-rw-r--r--libbpkg/manifest.cxx18
-rw-r--r--tests/manifest/testscript43
2 files changed, 61 insertions, 0 deletions
diff --git a/libbpkg/manifest.cxx b/libbpkg/manifest.cxx
index 4a104f4..3df1726 100644
--- a/libbpkg/manifest.cxx
+++ b/libbpkg/manifest.cxx
@@ -2006,7 +2006,25 @@ namespace bpkg
list_parser lp (vc.first.begin (), vc.first.end ());
for (string lv (lp.next ()); !lv.empty (); lv = lp.next ())
+ {
+ // Reserve the license schemes for the future use and only recognize
+ // the 'other' scheme for now, if specified. By default, the 'spdx'
+ // scheme is implied.
+ //
+ // Note that if the substring that precedes ':' contains the
+ // 'DocumentRef-' substring, then this is not a license scheme but
+ // the license is a SPDX License Expression (see SPDX user defined
+ // license reference for details).
+ //
+ size_t p (lv.find (':'));
+
+ if (p != string::npos &&
+ lv.find ("DocumentRef-") > p &&
+ lv.compare (0, p, "other") != 0)
+ bad_value ("invalid package license scheme");
+
l.push_back (move (lv));
+ }
if (l.empty ())
bad_value ("empty package license specification");
diff --git a/tests/manifest/testscript b/tests/manifest/testscript
index a271a74..3d6b060 100644
--- a/tests/manifest/testscript
+++ b/tests/manifest/testscript
@@ -102,6 +102,49 @@
EOE
}
+ : license
+ :
+ {
+ : no-scheme
+ :
+ $* <<EOF >>EOF
+ : 1
+ name: libfoo
+ version: 2.0.0
+ summary: Modern C++ parser
+ license: MIT
+ EOF
+
+ : other-scheme
+ :
+ $* <<EOF >>EOF
+ : 1
+ name: libfoo
+ version: 2.0.0
+ summary: Modern C++ parser
+ license: other:proprietary
+ EOF
+
+ : user-defined
+ :
+ $* <<EOF >>EOF
+ : 1
+ name: libfoo
+ version: 2.0.0
+ summary: Modern C++ parser
+ license: DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2; MIT-alike
+ EOF
+
+ : invalid-scheme
+ :
+ $* <<EOI 2>>EOE != 0
+ : 1
+ license: custom:proprietary
+ EOI
+ stdin:2:10: error: invalid package license scheme
+ EOE
+ }
+
: topics
:
{