hugo
/
composer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Upgrade to SPDX License 3.0 and handle deprecations more gracefully, fixes #6951

Browse Source
main
Jordi Boggiano 7 years ago
parent ab8437ce06
commit 5cd0fef7ff
3 changed files with 50 additions and 32 deletions
Show Stats Download Patch File Download Diff File

12
composer.lock generated
Unescape Escape View File

@ -126,23 +126,23 @@
},
{
"name": "composer/spdx-licenses",
"version": "1.1.6",
"version": "1.2.0",
"source": {
"type": "git",
"url": "https://github.com/composer/spdx-licenses.git",
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c"
"reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2603a0d7ddc00a015deb576fa5297ca43dee6b1c",
"reference": "2603a0d7ddc00a015deb576fa5297ca43dee6b1c",
"url": "https://api.github.com/repos/composer/spdx-licenses/zipball/2d899e9b33023c631854f36c39ef9f8317a7ab33",
"reference": "2d899e9b33023c631854f36c39ef9f8317a7ab33",
"shasum": ""
},
"require": {
"php": "^5.3.2 || ^7.0"
},
"require-dev": {
"phpunit/phpunit": "^4.5 || ^5.0.5",
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5",
"phpunit/phpunit-mock-objects": "2.3.0 || ^3.0"
},
"type": "library",
@ -183,7 +183,7 @@
"spdx",
"validator"
],
"time": "2017-04-03T19:08:52+00:00"
"time": "2018-01-03T16:37:06+00:00"
},
{
"name": "justinrainbow/json-schema",

43
src/Composer/Package/Loader/ValidatingArrayLoader.php
Unescape Escape View File

@ -17,6 +17,7 @@ use Composer\Package\BasePackage;
use Composer\Semver\Constraint\Constraint;
use Composer\Package\Version\VersionParser;
use Composer\Repository\PlatformRepository;
use Composer\Spdx\SpdxLicenses;
/**
* @author Jordi Boggiano <j.boggiano@seld.be>
@ -97,6 +98,48 @@ class ValidatingArrayLoader implements LoaderInterface
} else {
$this->validateFlatArray('license', '[A-Za-z0-9+. ()-]+');
}
if (is_array($this->config['license']) || is_string($this->config['license'])) {
$licenses = (array) $this->config['license'];
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
foreach ($licenses as $key => $license) {
if ('proprietary' === $license) {
unset($licenses[$key]);
}
}
$licenseValidator = new SpdxLicenses();
if (count($licenses) === 1 && !$licenseValidator->validate($licenses) && $licenseValidator->validate(trim($licenses[0]))) {
$this->warnings[] = sprintf(
'License %s must not contain extra spaces, make sure to trim it.',
json_encode($this->config['license'])
);
} elseif (array() !== $licenses && !$licenseValidator->validate($licenses)) {
$this->warnings[] = sprintf(
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.' . PHP_EOL .
'If the software is closed-source, you may use "proprietary" as license.',
json_encode($this->config['license'])
);
} else {
foreach ($licenses as $license) {
$spdxLicense = $licenseValidator->getLicenseByIdentifier($license);
if ($spdxLicense && $spdxLicense[3]) {
if (preg_match('{^[AL]?GPL-[123](\.[01])?\+?$}i', $license)) {
$this->warnings[] = sprintf(
'License "%s" is a deprecated SPDX license identifier, use "'.$license.'-only" or "'.$license.'-or-later" instead',
$license
);
} else {
$this->warnings[] = sprintf(
'License "%s" is a deprecated SPDX license identifier, see https://spdx.org/licenses/',
$license
);
}
}
}
}
}
}
$this->validateString('time');

27
src/Composer/Util/ConfigValidator.php
Unescape Escape View File

@ -18,7 +18,6 @@ use Composer\Package\Loader\InvalidPackageException;
use Composer\Json\JsonValidationException;
use Composer\IO\IOInterface;
use Composer\Json\JsonFile;
use Composer\Spdx\SpdxLicenses;
/**
* Validates a composer configuration.
@ -73,31 +72,7 @@ class ConfigValidator
}
// validate actual data
if (!empty($manifest['license'])) {
// strip proprietary since it's not a valid SPDX identifier, but is accepted by composer
if (is_array($manifest['license'])) {
foreach ($manifest['license'] as $key => $license) {
if ('proprietary' === $license) {
unset($manifest['license'][$key]);
}
}
}
$licenseValidator = new SpdxLicenses();
if ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license']) && $licenseValidator->validate(trim($manifest['license']))) {
$warnings[] = sprintf(
'License %s must not contain extra spaces, make sure to trim it.',
json_encode($manifest['license'])
);
} elseif ('proprietary' !== $manifest['license'] && array() !== $manifest['license'] && !$licenseValidator->validate($manifest['license'])) {
$warnings[] = sprintf(
'License %s is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.'
. PHP_EOL .
'If the software is closed-source, you may use "proprietary" as license.',
json_encode($manifest['license'])
);
}
} else {
if (empty($manifest['license'])) {
$warnings[] = 'No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.';
}

Write Preview
Loading…
Cancel
Save