File: 02_spdx-accept-brackets-in-expression-check.patch

package info (click to toggle)
appstream 0.16.1-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 15,140 kB
  • sloc: ansic: 46,770; xml: 10,353; cpp: 3,864; sh: 252; python: 232; makefile: 18
file content (59 lines) | stat: -rw-r--r-- 2,586 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
From c51bb43ee4347f8a7ebf5745096064ac71ce0a92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan@skynet.ie>
Date: Tue, 11 Apr 2023 19:35:12 +0100
Subject: [PATCH] spdx: Accept brackets in spdx license expression check (#469)

something like: "CC0-1.0 AND (BSD-3-Clause OR LGPL-2.1-only)"
is reported by appstreamcli check-license as "invalid" and not "Free and
Open Source"

$ appstreamcli check-license "CC0-1.0 AND (BSD-3-Clause OR LGPL-2.1-only)"
License Type: invalid
Suitable for AppStream metadata: no
Free and Open Source: no

Trying to debug I find that "as_license_is_free_license" accepts this
string as valid, but that "as_is_spdx_license_expression" considers
it invalid due to the presence of "(" and ")" so it is rejected there
and so ascli_check_license goes on to use as_license_to_spdx_id which
turns it into "CC0-1.0-1.0 AND (BSD-3-Clause-3-Clause OR LGPL-2.1-only)"
ascli_check_license is ok with brackets, but at this point its mangled
and understandably fails.

In fedora in practice I see gnome-software designate libreoffice
langpacks as "Proprietary Code" when a similar license tag is extracted
from the rpm and propogated into appstream.

https://bugs.documentfoundation.org/show_bug.cgi?id=154056
---
 src/as-spdx.c       | 4 ++++
 tests/test-basics.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/src/as-spdx.c b/src/as-spdx.c
index d3c44bb89..4e7e29fe1 100644
--- a/src/as-spdx.c
+++ b/src/as-spdx.c
@@ -264,6 +264,10 @@ as_is_spdx_license_expression (const gchar *license)
 			continue;
 		if (g_strcmp0 (tokens[i], "+") == 0)
 			continue;
+		if (g_strcmp0 (tokens[i], "(") == 0)
+			continue;
+		if (g_strcmp0 (tokens[i], ")") == 0)
+			continue;
 		if (g_strcmp0 (tokens[i], "^") == 0) {
 			expect_exception = TRUE;
 			continue;
diff --git a/tests/test-basics.c b/tests/test-basics.c
index 9db93073c..27743bcf2 100644
--- a/tests/test-basics.c
+++ b/tests/test-basics.c
@@ -516,6 +516,7 @@ test_spdx (void)
 	g_assert_true (as_license_is_free_license ("CC0"));
 	g_assert_true (as_license_is_free_license ("GPL-2.0 AND FSFAP"));
 	g_assert_true (as_license_is_free_license ("OFL-1.1 OR (GPL-3.0-or-later WITH Font-exception-2.0)"));
+	g_assert_true (as_is_spdx_license_expression("OFL-1.1 OR (GPL-3.0-or-later WITH Font-exception-2.0)"));
 	g_assert_true (!as_license_is_free_license ("NOASSERTION"));
 	g_assert_true (!as_license_is_free_license ("LicenseRef-proprietary=https://example.com/mylicense.txt"));
 	g_assert_true (!as_license_is_free_license ("MIT AND LicenseRef-proprietary=https://example.com/lic.txt"));