Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cargo: check license is valid SPDX license expression #5974

Open
Tracked by #79
RAnders00 opened this issue Aug 27, 2020 · 2 comments
Open
Tracked by #79

Cargo: check license is valid SPDX license expression #5974

RAnders00 opened this issue Aug 27, 2020 · 2 comments
Labels
A-lint Area: New lints E-medium Call for participation: Medium difficulty level problem and requires some initial experience. T-cargo Type: cargo related

Comments

@RAnders00
Copy link

What it does

If a license field is defined in Cargo.toml, checks the contents to be a valid SPDX 2.1 license expression.

https://doc.rust-lang.org/cargo/reference/manifest.html#the-license-and-license-file-fields
https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 (Appendix IV: SPDX License Expressions)
https://github.com/spdx/license-list-data/tree/v3.6

idstring              = 1*(ALPHA / DIGIT / “-” / “.” )

license-id            = <short form license identifier in Appendix I.1>

license-exception-id  = <short form license exception identifier in Appendix I.2>

license-ref           = [“DocumentRef-“1*(idstring)”:”]”LicenseRef-“1*(idstring)

simple-expression = license-id / license-id”+” / license-ref

compound-expression =  1*1(simple-expression /
                 simple-expression “WITH” license-exception-id /
                 compound-expression “AND” compound-expression /
                 compound-expression “OR” compound-expression ) /
                     “(“ compound-expression “)“ )
license-expression =  1*1(simple-expression / compound-expression)

Categories (optional)

  • Kind: clippy::cargo

I'm not actually sure, it might be that crates.io check the license field to be a valid expression. Even if that's the case, then it would still be nice to catch this sort of mistake earlier.

The lint should probably also deny specifying multiple licenses with /, which according to the documentation (see link above) is still accepted but not recommended:

Previously multiple licenses could be separated with a /, but that usage is deprecated.

Drawbacks

None that I can think of.

Example

E.g. MIT OR XD would be denied, since the XD license is not known. MIT/Apache-2.0 would get denied due to the deprecated slash syntax. An empty string would also get denied.
@RAnders00 RAnders00 added the A-lint Area: New lints label Aug 27, 2020
@ebroto
Copy link
Member

ebroto commented Aug 27, 2020

The only drawback that I can think of is that alternative crate registries may not require respecting this standard as the documentation states that this is enforced by crates.io.

@ebroto ebroto added the T-cargo Type: cargo related label Aug 27, 2020
@camsteffen camsteffen added the E-medium Call for participation: Medium difficulty level problem and requires some initial experience. label Feb 7, 2021
@repi repi mentioned this issue Jun 7, 2022
Open
44 tasks
@epage
Copy link

epage commented Mar 4, 2024

See also rust-lang/cargo#2039

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-lint Area: New lints E-medium Call for participation: Medium difficulty level problem and requires some initial experience. T-cargo Type: cargo related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@epage @ebroto @RAnders00 @camsteffen