feat: rfc52: add checks for RFC52 (REUSE) support
Update 3: Went back to original ad-hoc checks, created new draft MR !855 for the pkgctl license check variant.
Update 2: For security reasons, we can’t run pkgctl license check on untrusted code just yet. Thanks @anthraxx for the pointer.
Update: Back to the drawing board after feedback from @svenstaro. Next steps: Wait for devtools v1.4.0 to land in extra, then remove the ad-hoc validation and replace it with done, thanks @gromitpkgctl license check.
According to RFC52 and the REUSE spec, license files go in a subdirectory named /LICENSES.
AURweb generally doesn’t allow subdirectories, so this MR adds /LICENSES as an acceptable subdirectory and (roughly) enforces compliance for file names.
Enforcing the REUSE spec
Implementation and test cases are largely derived from the spec, with a single case where checks are stricter than the spec demands, which is that instead of:
The name of the License File MUST be […] followed by an appropriate file extension (example:
LICENSES/GPL-3.0-or-later.txt)
we just make .txt the only allowed file extension.
While this is stricter than the spec demands, it allows our validator to catch obvious violations such as a missing or blatantly wrong file extension.
Alternatives
-
I briefly considered piping all commits through
reuse lintbut I think that the AUR shouldn’t enforce RFC52; basic validation is useful only if a/LICENSESsubdirectory exists. This is in line with the0BSDpolicy, which isn’t enforced in the AUR either. -
Doing nothing at all would affect all packages that are moved from extra to the AUR. The
LICENSESdirectory would be essentially frozen. The owner of the AUR package wouldn’t be able to add, remove, or change licenses.
See also
Thanks @gromit for initial guidance.