diff options
author | Karen Arutyunov <karen@codesynthesis.com> | 2020-07-02 17:06:24 +0300 |
---|---|---|
committer | Karen Arutyunov <karen@codesynthesis.com> | 2020-07-02 19:38:37 +0300 |
commit | 594a3bc993cd1d0df054ccc1ff06f5c047827fe6 (patch) | |
tree | ab57f26a2048df35d84b8b0f1a631f36de98323f /libbpkg | |
parent | 2791fa36fb6a3688461ca6c5a07d003fba711ddc (diff) |
Verify that package license has no scheme or 'other' scheme
Diffstat (limited to 'libbpkg')
-rw-r--r-- | libbpkg/manifest.cxx | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/libbpkg/manifest.cxx b/libbpkg/manifest.cxx index 4a104f4..3df1726 100644 --- a/libbpkg/manifest.cxx +++ b/libbpkg/manifest.cxx @@ -2006,7 +2006,25 @@ namespace bpkg list_parser lp (vc.first.begin (), vc.first.end ()); for (string lv (lp.next ()); !lv.empty (); lv = lp.next ()) + { + // Reserve the license schemes for the future use and only recognize + // the 'other' scheme for now, if specified. By default, the 'spdx' + // scheme is implied. + // + // Note that if the substring that precedes ':' contains the + // 'DocumentRef-' substring, then this is not a license scheme but + // the license is a SPDX License Expression (see SPDX user defined + // license reference for details). + // + size_t p (lv.find (':')); + + if (p != string::npos && + lv.find ("DocumentRef-") > p && + lv.compare (0, p, "other") != 0) + bad_value ("invalid package license scheme"); + l.push_back (move (lv)); + } if (l.empty ()) bad_value ("empty package license specification"); |