aboutsummaryrefslogtreecommitdiff
path: root/libbpkg/manifest.cxx
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2020-07-02 17:06:24 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2020-07-02 19:38:37 +0300
commit594a3bc993cd1d0df054ccc1ff06f5c047827fe6 (patch)
treeab57f26a2048df35d84b8b0f1a631f36de98323f /libbpkg/manifest.cxx
parent2791fa36fb6a3688461ca6c5a07d003fba711ddc (diff)
Verify that package license has no scheme or 'other' scheme
Diffstat (limited to 'libbpkg/manifest.cxx')
-rw-r--r--libbpkg/manifest.cxx18
1 files changed, 18 insertions, 0 deletions
diff --git a/libbpkg/manifest.cxx b/libbpkg/manifest.cxx
index 4a104f4..3df1726 100644
--- a/libbpkg/manifest.cxx
+++ b/libbpkg/manifest.cxx
@@ -2006,7 +2006,25 @@ namespace bpkg
list_parser lp (vc.first.begin (), vc.first.end ());
for (string lv (lp.next ()); !lv.empty (); lv = lp.next ())
+ {
+ // Reserve the license schemes for the future use and only recognize
+ // the 'other' scheme for now, if specified. By default, the 'spdx'
+ // scheme is implied.
+ //
+ // Note that if the substring that precedes ':' contains the
+ // 'DocumentRef-' substring, then this is not a license scheme but
+ // the license is a SPDX License Expression (see SPDX user defined
+ // license reference for details).
+ //
+ size_t p (lv.find (':'));
+
+ if (p != string::npos &&
+ lv.find ("DocumentRef-") > p &&
+ lv.compare (0, p, "other") != 0)
+ bad_value ("invalid package license scheme");
+
l.push_back (move (lv));
+ }
if (l.empty ())
bad_value ("empty package license specification");