Check SPDX-2 expression and OSI compatibility for license

typst · Oct 15, 2024 · f73d904 · f73d904
1 parent 16ae07a
commit f73d904
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -26,6 +26,7 @@ reqwest = { version = "0.12.4", features = ["json"] }
 serde = { version = "1.0.198", features = ["derive"] }
 serde_json = "1.0.116"
 sha1 = "0.10.6"
+spdx = "0.10"
 stringcase = "0.2.1"
 tar = "0.4.40"
 tokio = { version = "1.37.0", features = ["rt-multi-thread", "process", "fs"] }

diff --git a/src/check/manifest.rs b/src/check/manifest.rs
@@ -419,13 +419,44 @@ fn check_universe_fields(
         .as_table()
         .context("[package] is not a table")?;
 
-    if pkg.get("license").map(|l| !l.is_str()).unwrap_or(true) {
+    if let Some((license, span)) = pkg.get("license").and_then(|l|
+        l.as_str().map(|s| (s, l.span().unwrap_or_default()))
+    ) {
+        if let Ok(license) = spdx::Expression::parse(license) {
+            for requirement in license.requirements() {
+                if let Some(id) = requirement
+                    .req
+                    .license
+                    .id()
+                {
+                    if !id.is_osi_approved() {
+                        diags.emit(
+                            Diagnostic::error()
+                                .with_message("The `license` field should be OSI approved")
+                                .with_labels(vec![Label::primary(manifest_file_id, span.clone())]),
+                        );
+                    }
+                } else {
+                    diags.emit(
+                        Diagnostic::error()
+                            .with_message("The `license` field should not contain a referencer")
+                            .with_labels(vec![Label::primary(manifest_file_id, span.clone())]),
+                    );
+                }
+            }
+        } else {
+            diags.emit(
+                Diagnostic::error()
+                    .with_message("The `license` field should be a valid SPDX-2 expression")
+                    .with_labels(vec![Label::primary(manifest_file_id, span.clone())]),
+            );
+        }
+    } else {
         diags.emit(
             Diagnostic::error()
                 .with_message("The `license` field should be a string")
                 .with_labels(vec![Label::primary(manifest_file_id, 0..0)]),
         );
-        // TODO: check that it is a valid SPDX identifier and that it is OSI approved?
     }
 
     if pkg.get("description").map(|d| !d.is_str()).unwrap_or(true) {