From 89ed4b400fb15dc47129699a039e3ac6d2c95ea7 Mon Sep 17 00:00:00 2001 From: Martin Jansa Date: Fri, 18 Sep 2020 05:48:57 -0700 Subject: [PATCH 1/6] validate: extend the license validation * catch ambiguous and invalid values while validating package.xml instead of trying to fix the values in superflore https://github.com/ros-infrastructure/superflore/issues/271 Signed-off-by: Martin Jansa --- doc/spdx-3.10-2020-08-03.csv | 413 +++++++++++++++++++++++++++++++++++ src/catkin_pkg/package.py | 81 +++++++ 2 files changed, 494 insertions(+) create mode 100644 doc/spdx-3.10-2020-08-03.csv diff --git a/doc/spdx-3.10-2020-08-03.csv b/doc/spdx-3.10-2020-08-03.csv new file mode 100644 index 00000000..c915ce29 --- /dev/null +++ b/doc/spdx-3.10-2020-08-03.csv @@ -0,0 +1,413 @@ +Full name Identifier FSF Free/Libre? OSI Approved? Text +BSD Zero Clause License 0BSD Y License Text +Attribution Assurance License AAL Y License Text +Abstyles License Abstyles License Text +Adobe Systems Incorporated Source Code License Agreement Adobe-2006 License Text +Adobe Glyph List License Adobe-Glyph License Text +Amazon Digital Services License ADSL License Text +Academic Free License v1.1 AFL-1.1 Y Y License Text +Academic Free License v1.2 AFL-1.2 Y Y License Text +Academic Free License v2.0 AFL-2.0 Y Y License Text +Academic Free License v2.1 AFL-2.1 Y Y License Text +Academic Free License v3.0 AFL-3.0 Y Y License Text +Afmparse License Afmparse License Text +Affero General Public License v1.0 only AGPL-1.0-only License Text +Affero General Public License v1.0 or later AGPL-1.0-or-later License Text +GNU Affero General Public License v3.0 only AGPL-3.0-only Y Y License Text +GNU Affero General Public License v3.0 or later AGPL-3.0-or-later Y Y License Text +Aladdin Free Public License Aladdin License Text +AMD's plpa_map.c License AMDPLPA License Text +Apple MIT License AML License Text +Academy of Motion Picture Arts and Sciences BSD AMPAS License Text +ANTLR Software Rights Notice ANTLR-PD License Text +Apache License 1.0 Apache-1.0 Y License Text +Apache License 1.1 Apache-1.1 Y Y License Text +Apache License 2.0 Apache-2.0 Y Y License Text +Adobe Postscript AFM License APAFML License Text +Adaptive Public License 1.0 APL-1.0 Y License Text +Apple Public Source License 1.0 APSL-1.0 Y License Text +Apple Public Source License 1.1 APSL-1.1 Y License Text +Apple Public Source License 1.2 APSL-1.2 Y License Text +Apple Public Source License 2.0 APSL-2.0 Y Y License Text +Artistic License 1.0 Artistic-1.0 Y License Text +Artistic License 1.0 w/clause 8 Artistic-1.0-cl8 Y License Text +Artistic License 1.0 (Perl) Artistic-1.0-Perl Y License Text +Artistic License 2.0 Artistic-2.0 Y Y License Text +Bahyph License Bahyph License Text +Barr License Barr License Text +Beerware License Beerware License Text +BitTorrent Open Source License v1.0 BitTorrent-1.0 License Text +BitTorrent Open Source License v1.1 BitTorrent-1.1 Y License Text +SQLite Blessing blessing License Text +Blue Oak Model License 1.0.0 BlueOak-1.0.0 License Text +Borceux license Borceux License Text +BSD 1-Clause License BSD-1-Clause Y License Text +BSD 2-Clause "Simplified" License BSD-2-Clause Y License Text +BSD-2-Clause Plus Patent License BSD-2-Clause-Patent Y License Text +BSD 2-Clause with views sentence BSD-2-Clause-Views License Text +BSD 3-Clause "New" or "Revised" License BSD-3-Clause Y Y License Text +BSD with attribution BSD-3-Clause-Attribution License Text +BSD 3-Clause Clear License BSD-3-Clause-Clear Y License Text +Lawrence Berkeley National Labs BSD variant license BSD-3-Clause-LBNL Y License Text +BSD 3-Clause No Nuclear License BSD-3-Clause-No-Nuclear-License License Text +BSD 3-Clause No Nuclear License 2014 BSD-3-Clause-No-Nuclear-License-2014 License Text +BSD 3-Clause No Nuclear Warranty BSD-3-Clause-No-Nuclear-Warranty License Text +BSD 3-Clause Open MPI variant BSD-3-Clause-Open-MPI License Text +BSD 4-Clause "Original" or "Old" License BSD-4-Clause Y License Text +BSD-4-Clause (University of California-Specific) BSD-4-Clause-UC License Text +BSD Protection License BSD-Protection License Text +BSD Source Code Attribution BSD-Source-Code License Text +Boost Software License 1.0 BSL-1.0 Y Y License Text +bzip2 and libbzip2 License v1.0.5 bzip2-1.0.5 License Text +bzip2 and libbzip2 License v1.0.6 bzip2-1.0.6 License Text +Cryptographic Autonomy License 1.0 CAL-1.0 Y License Text +Cryptographic Autonomy License 1.0 (Combined Work Exception) CAL-1.0-Combined-Work-Exception Y License Text +Caldera License Caldera License Text +Computer Associates Trusted Open Source License 1.1 CATOSL-1.1 Y License Text +Creative Commons Attribution 1.0 Generic CC-BY-1.0 License Text +Creative Commons Attribution 2.0 Generic CC-BY-2.0 License Text +Creative Commons Attribution 2.5 Generic CC-BY-2.5 License Text +Creative Commons Attribution 3.0 Unported CC-BY-3.0 License Text +Creative Commons Attribution 3.0 Austria CC-BY-3.0-AT License Text +Creative Commons Attribution 4.0 International CC-BY-4.0 Y License Text +Creative Commons Attribution Non Commercial 1.0 Generic CC-BY-NC-1.0 License Text +Creative Commons Attribution Non Commercial 2.0 Generic CC-BY-NC-2.0 License Text +Creative Commons Attribution Non Commercial 2.5 Generic CC-BY-NC-2.5 License Text +Creative Commons Attribution Non Commercial 3.0 Unported CC-BY-NC-3.0 License Text +Creative Commons Attribution Non Commercial 4.0 International CC-BY-NC-4.0 License Text +Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic CC-BY-NC-ND-1.0 License Text +Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic CC-BY-NC-ND-2.0 License Text +Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic CC-BY-NC-ND-2.5 License Text +Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported CC-BY-NC-ND-3.0 License Text +Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO CC-BY-NC-ND-3.0-IGO License Text +Creative Commons Attribution Non Commercial No Derivatives 4.0 International CC-BY-NC-ND-4.0 License Text +Creative Commons Attribution Non Commercial Share Alike 1.0 Generic CC-BY-NC-SA-1.0 License Text +Creative Commons Attribution Non Commercial Share Alike 2.0 Generic CC-BY-NC-SA-2.0 License Text +Creative Commons Attribution Non Commercial Share Alike 2.5 Generic CC-BY-NC-SA-2.5 License Text +Creative Commons Attribution Non Commercial Share Alike 3.0 Unported CC-BY-NC-SA-3.0 License Text +Creative Commons Attribution Non Commercial Share Alike 4.0 International CC-BY-NC-SA-4.0 License Text +Creative Commons Attribution No Derivatives 1.0 Generic CC-BY-ND-1.0 License Text +Creative Commons Attribution No Derivatives 2.0 Generic CC-BY-ND-2.0 License Text +Creative Commons Attribution No Derivatives 2.5 Generic CC-BY-ND-2.5 License Text +Creative Commons Attribution No Derivatives 3.0 Unported CC-BY-ND-3.0 License Text +Creative Commons Attribution No Derivatives 4.0 International CC-BY-ND-4.0 License Text +Creative Commons Attribution Share Alike 1.0 Generic CC-BY-SA-1.0 License Text +Creative Commons Attribution Share Alike 2.0 Generic CC-BY-SA-2.0 License Text +Creative Commons Attribution Share Alike 2.5 Generic CC-BY-SA-2.5 License Text +Creative Commons Attribution Share Alike 3.0 Unported CC-BY-SA-3.0 License Text +Creative Commons Attribution-Share Alike 3.0 Austria CC-BY-SA-3.0-AT License Text +Creative Commons Attribution Share Alike 4.0 International CC-BY-SA-4.0 Y License Text +Creative Commons Public Domain Dedication and Certification CC-PDDC License Text +Creative Commons Zero v1.0 Universal CC0-1.0 Y License Text +Common Development and Distribution License 1.0 CDDL-1.0 Y Y License Text +Common Development and Distribution License 1.1 CDDL-1.1 License Text +Community Data License Agreement Permissive 1.0 CDLA-Permissive-1.0 License Text +Community Data License Agreement Sharing 1.0 CDLA-Sharing-1.0 License Text +CeCILL Free Software License Agreement v1.0 CECILL-1.0 License Text +CeCILL Free Software License Agreement v1.1 CECILL-1.1 License Text +CeCILL Free Software License Agreement v2.0 CECILL-2.0 Y License Text +CeCILL Free Software License Agreement v2.1 CECILL-2.1 Y License Text +CeCILL-B Free Software License Agreement CECILL-B Y License Text +CeCILL-C Free Software License Agreement CECILL-C Y License Text +CERN Open Hardware Licence v1.1 CERN-OHL-1.1 License Text +CERN Open Hardware Licence v1.2 CERN-OHL-1.2 License Text +CERN Open Hardware Licence Version 2 - Permissive CERN-OHL-P-2.0 License Text +CERN Open Hardware Licence Version 2 - Strongly Reciprocal CERN-OHL-S-2.0 License Text +CERN Open Hardware Licence Version 2 - Weakly Reciprocal CERN-OHL-W-2.0 License Text +Clarified Artistic License ClArtistic Y License Text +CNRI Jython License CNRI-Jython License Text +CNRI Python License CNRI-Python Y License Text +CNRI Python Open Source GPL Compatible License Agreement CNRI-Python-GPL-Compatible License Text +Condor Public License v1.1 Condor-1.1 Y License Text +copyleft-next 0.3.0 copyleft-next-0.3.0 License Text +copyleft-next 0.3.1 copyleft-next-0.3.1 License Text +Common Public Attribution License 1.0 CPAL-1.0 Y Y License Text +Common Public License 1.0 CPL-1.0 Y Y License Text +Code Project Open License 1.02 CPOL-1.02 License Text +Crossword License Crossword License Text +CrystalStacker License CrystalStacker License Text +CUA Office Public License v1.0 CUA-OPL-1.0 Y License Text +Cube License Cube License Text +curl License curl License Text +Deutsche Freie Software Lizenz D-FSL-1.0 License Text +diffmark license diffmark License Text +DOC License DOC License Text +Dotseqn License Dotseqn License Text +DSDP License DSDP License Text +dvipdfm License dvipdfm License Text +Educational Community License v1.0 ECL-1.0 Y License Text +Educational Community License v2.0 ECL-2.0 Y Y License Text +Eiffel Forum License v1.0 EFL-1.0 Y License Text +Eiffel Forum License v2.0 EFL-2.0 Y Y License Text +eGenix.com Public License 1.1.0 eGenix License Text +Entessa Public License v1.0 Entessa Y License Text +EPICS Open License EPICS License Text +Eclipse Public License 1.0 EPL-1.0 Y Y License Text +Eclipse Public License 2.0 EPL-2.0 Y Y License Text +Erlang Public License v1.1 ErlPL-1.1 License Text +Etalab Open License 2.0 etalab-2.0 License Text +EU DataGrid Software License EUDatagrid Y Y License Text +European Union Public License 1.0 EUPL-1.0 License Text +European Union Public License 1.1 EUPL-1.1 Y Y License Text +European Union Public License 1.2 EUPL-1.2 Y Y License Text +Eurosym License Eurosym License Text +Fair License Fair Y License Text +Frameworx Open License 1.0 Frameworx-1.0 Y License Text +FreeImage Public License v1.0 FreeImage License Text +FSF All Permissive License FSFAP Y License Text +FSF Unlimited License FSFUL License Text +FSF Unlimited License (with License Retention) FSFULLR License Text +Freetype Project License FTL Y License Text +GNU Free Documentation License v1.1 only - invariants GFDL-1.1-invariants-only License Text +GNU Free Documentation License v1.1 or later - invariants GFDL-1.1-invariants-or-later License Text +GNU Free Documentation License v1.1 only - no invariants GFDL-1.1-no-invariants-only License Text +GNU Free Documentation License v1.1 or later - no invariants GFDL-1.1-no-invariants-or-later License Text +GNU Free Documentation License v1.1 only GFDL-1.1-only Y License Text +GNU Free Documentation License v1.1 or later GFDL-1.1-or-later Y License Text +GNU Free Documentation License v1.2 only - invariants GFDL-1.2-invariants-only License Text +GNU Free Documentation License v1.2 or later - invariants GFDL-1.2-invariants-or-later License Text +GNU Free Documentation License v1.2 only - no invariants GFDL-1.2-no-invariants-only License Text +GNU Free Documentation License v1.2 or later - no invariants GFDL-1.2-no-invariants-or-later License Text +GNU Free Documentation License v1.2 only GFDL-1.2-only Y License Text +GNU Free Documentation License v1.2 or later GFDL-1.2-or-later Y License Text +GNU Free Documentation License v1.3 only - invariants GFDL-1.3-invariants-only License Text +GNU Free Documentation License v1.3 or later - invariants GFDL-1.3-invariants-or-later License Text +GNU Free Documentation License v1.3 only - no invariants GFDL-1.3-no-invariants-only License Text +GNU Free Documentation License v1.3 or later - no invariants GFDL-1.3-no-invariants-or-later License Text +GNU Free Documentation License v1.3 only GFDL-1.3-only Y License Text +GNU Free Documentation License v1.3 or later GFDL-1.3-or-later Y License Text +Giftware License Giftware License Text +GL2PS License GL2PS License Text +3dfx Glide License Glide License Text +Glulxe License Glulxe License Text +Good Luck With That Public License GLWTPL License Text +gnuplot License gnuplot Y License Text +GNU General Public License v1.0 only GPL-1.0-only License Text +GNU General Public License v1.0 or later GPL-1.0-or-later License Text +GNU General Public License v2.0 only GPL-2.0-only Y Y License Text +GNU General Public License v2.0 or later GPL-2.0-or-later Y Y License Text +GNU General Public License v3.0 only GPL-3.0-only Y Y License Text +GNU General Public License v3.0 or later GPL-3.0-or-later Y Y License Text +gSOAP Public License v1.3b gSOAP-1.3b License Text +Haskell Language Report License HaskellReport License Text +Hippocratic License 2.1 Hippocratic-2.1 License Text +Historical Permission Notice and Disclaimer HPND Y Y License Text +Historical Permission Notice and Disclaimer - sell variant HPND-sell-variant License Text +IBM PowerPC Initialization and Boot Software IBM-pibs License Text +ICU License ICU License Text +Independent JPEG Group License IJG Y License Text +ImageMagick License ImageMagick License Text +iMatix Standard Function Library Agreement iMatix Y License Text +Imlib2 License Imlib2 Y License Text +Info-ZIP License Info-ZIP License Text +Intel Open Source License Intel Y Y License Text +Intel ACPI Software License Agreement Intel-ACPI License Text +Interbase Public License v1.0 Interbase-1.0 License Text +IPA Font License IPA Y Y License Text +IBM Public License v1.0 IPL-1.0 Y Y License Text +ISC License ISC Y Y License Text +JasPer License JasPer-2.0 License Text +Japan Network Information Center License JPNIC License Text +JSON License JSON License Text +Licence Art Libre 1.2 LAL-1.2 License Text +Licence Art Libre 1.3 LAL-1.3 License Text +Latex2e License Latex2e License Text +Leptonica License Leptonica License Text +GNU Library General Public License v2 only LGPL-2.0-only Y License Text +GNU Library General Public License v2 or later LGPL-2.0-or-later Y License Text +GNU Lesser General Public License v2.1 only LGPL-2.1-only Y Y License Text +GNU Lesser General Public License v2.1 or later LGPL-2.1-or-later Y Y License Text +GNU Lesser General Public License v3.0 only LGPL-3.0-only Y Y License Text +GNU Lesser General Public License v3.0 or later LGPL-3.0-or-later Y Y License Text +Lesser General Public License For Linguistic Resources LGPLLR License Text +libpng License Libpng License Text +PNG Reference Library version 2 libpng-2.0 License Text +libselinux public domain notice libselinux-1.0 License Text +libtiff License libtiff License Text +Licence Libre du Québec – Permissive version 1.1 LiLiQ-P-1.1 Y License Text +Licence Libre du Québec – Réciprocité version 1.1 LiLiQ-R-1.1 Y License Text +Licence Libre du Québec – Réciprocité forte version 1.1 LiLiQ-Rplus-1.1 Y License Text +Linux Kernel Variant of OpenIB.org license Linux-OpenIB License Text +Lucent Public License Version 1.0 LPL-1.0 Y License Text +Lucent Public License v1.02 LPL-1.02 Y Y License Text +LaTeX Project Public License v1.0 LPPL-1.0 License Text +LaTeX Project Public License v1.1 LPPL-1.1 License Text +LaTeX Project Public License v1.2 LPPL-1.2 Y License Text +LaTeX Project Public License v1.3a LPPL-1.3a Y License Text +LaTeX Project Public License v1.3c LPPL-1.3c Y License Text +MakeIndex License MakeIndex License Text +The MirOS Licence MirOS Y License Text +MIT License MIT Y Y License Text +MIT No Attribution MIT-0 License Text +Enlightenment License (e16) MIT-advertising License Text +CMU License MIT-CMU License Text +enna License MIT-enna License Text +feh License MIT-feh License Text +MIT +no-false-attribs license MITNFA License Text +Motosoto License Motosoto Y License Text +mpich2 License mpich2 License Text +Mozilla Public License 1.0 MPL-1.0 Y License Text +Mozilla Public License 1.1 MPL-1.1 Y Y License Text +Mozilla Public License 2.0 MPL-2.0 Y Y License Text +Mozilla Public License 2.0 (no copyleft exception) MPL-2.0-no-copyleft-exception Y License Text +Microsoft Public License MS-PL Y Y License Text +Microsoft Reciprocal License MS-RL Y Y License Text +Matrix Template Library License MTLL License Text +Mulan Permissive Software License, Version 1 MulanPSL-1.0 License Text +Mulan Permissive Software License, Version 2 MulanPSL-2.0 Y License Text +Multics License Multics Y License Text +Mup License Mup License Text +NASA Open Source Agreement 1.3 NASA-1.3 Y License Text +Naumen Public License Naumen Y License Text +Net Boolean Public License v1 NBPL-1.0 License Text +Non-Commercial Government Licence NCGL-UK-2.0 License Text +University of Illinois/NCSA Open Source License NCSA Y Y License Text +Net-SNMP License Net-SNMP License Text +NetCDF license NetCDF License Text +Newsletr License Newsletr License Text +Nethack General Public License NGPL Y License Text +NIST Public Domain Notice NIST-PD License Text +NIST Public Domain Notice with license fallback NIST-PD-fallback License Text +Norwegian Licence for Open Government Data NLOD-1.0 License Text +No Limit Public License NLPL License Text +Nokia Open Source License Nokia Y Y License Text +Netizen Open Source License NOSL Y License Text +Noweb License Noweb License Text +Netscape Public License v1.0 NPL-1.0 Y License Text +Netscape Public License v1.1 NPL-1.1 Y License Text +Non-Profit Open Software License 3.0 NPOSL-3.0 Y License Text +NRL License NRL License Text +NTP License NTP Y License Text +NTP No Attribution NTP-0 License Text +Open Use of Data Agreement v1.0 O-UDA-1.0 License Text +Open CASCADE Technology Public License OCCT-PL License Text +OCLC Research Public License 2.0 OCLC-2.0 Y License Text +ODC Open Database License v1.0 ODbL-1.0 Y License Text +Open Data Commons Attribution License v1.0 ODC-By-1.0 License Text +SIL Open Font License 1.0 OFL-1.0 Y License Text +SIL Open Font License 1.0 with no Reserved Font Name OFL-1.0-no-RFN License Text +SIL Open Font License 1.0 with Reserved Font Name OFL-1.0-RFN License Text +SIL Open Font License 1.1 OFL-1.1 Y Y License Text +SIL Open Font License 1.1 with no Reserved Font Name OFL-1.1-no-RFN Y License Text +SIL Open Font License 1.1 with Reserved Font Name OFL-1.1-RFN Y License Text +OGC Software License, Version 1.0 OGC-1.0 License Text +Open Government Licence - Canada OGL-Canada-2.0 License Text +Open Government Licence v1.0 OGL-UK-1.0 License Text +Open Government Licence v2.0 OGL-UK-2.0 License Text +Open Government Licence v3.0 OGL-UK-3.0 License Text +Open Group Test Suite License OGTSL Y License Text +Open LDAP Public License v1.1 OLDAP-1.1 License Text +Open LDAP Public License v1.2 OLDAP-1.2 License Text +Open LDAP Public License v1.3 OLDAP-1.3 License Text +Open LDAP Public License v1.4 OLDAP-1.4 License Text +Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B) OLDAP-2.0 License Text +Open LDAP Public License v2.0.1 OLDAP-2.0.1 License Text +Open LDAP Public License v2.1 OLDAP-2.1 License Text +Open LDAP Public License v2.2 OLDAP-2.2 License Text +Open LDAP Public License v2.2.1 OLDAP-2.2.1 License Text +Open LDAP Public License 2.2.2 OLDAP-2.2.2 License Text +Open LDAP Public License v2.3 OLDAP-2.3 Y License Text +Open LDAP Public License v2.4 OLDAP-2.4 License Text +Open LDAP Public License v2.5 OLDAP-2.5 License Text +Open LDAP Public License v2.6 OLDAP-2.6 License Text +Open LDAP Public License v2.7 OLDAP-2.7 Y License Text +Open LDAP Public License v2.8 OLDAP-2.8 License Text +Open Market License OML License Text +OpenSSL License OpenSSL Y License Text +Open Public License v1.0 OPL-1.0 License Text +OSET Public License version 2.1 OSET-PL-2.1 Y License Text +Open Software License 1.0 OSL-1.0 Y Y License Text +Open Software License 1.1 OSL-1.1 Y License Text +Open Software License 2.0 OSL-2.0 Y Y License Text +Open Software License 2.1 OSL-2.1 Y Y License Text +Open Software License 3.0 OSL-3.0 Y Y License Text +The Parity Public License 6.0.0 Parity-6.0.0 License Text +The Parity Public License 7.0.0 Parity-7.0.0 License Text +ODC Public Domain Dedication & License 1.0 PDDL-1.0 License Text +PHP License v3.0 PHP-3.0 Y License Text +PHP License v3.01 PHP-3.01 Y Y License Text +Plexus Classworlds License Plexus License Text +PolyForm Noncommercial License 1.0.0 PolyForm-Noncommercial-1.0.0 License Text +PolyForm Small Business License 1.0.0 PolyForm-Small-Business-1.0.0 License Text +PostgreSQL License PostgreSQL Y License Text +Python Software Foundation License 2.0 PSF-2.0 License Text +psfrag License psfrag License Text +psutils License psutils License Text +Python License 2.0 Python-2.0 Y Y License Text +Qhull License Qhull License Text +Q Public License 1.0 QPL-1.0 Y Y License Text +Rdisc License Rdisc License Text +Red Hat eCos Public License v1.1 RHeCos-1.1 License Text +Reciprocal Public License 1.1 RPL-1.1 Y License Text +Reciprocal Public License 1.5 RPL-1.5 Y License Text +RealNetworks Public Source License v1.0 RPSL-1.0 Y Y License Text +RSA Message-Digest License RSA-MD License Text +Ricoh Source Code Public License RSCPL Y License Text +Ruby License Ruby Y License Text +Sax Public Domain Notice SAX-PD License Text +Saxpath License Saxpath License Text +SCEA Shared Source License SCEA License Text +Sendmail License Sendmail License Text +Sendmail License 8.23 Sendmail-8.23 License Text +SGI Free Software License B v1.0 SGI-B-1.0 License Text +SGI Free Software License B v1.1 SGI-B-1.1 License Text +SGI Free Software License B v2.0 SGI-B-2.0 Y License Text +Solderpad Hardware License v0.5 SHL-0.5 License Text +Solderpad Hardware License, Version 0.51 SHL-0.51 License Text +Simple Public License 2.0 SimPL-2.0 Y License Text +Sun Industry Standards Source License v1.1 SISSL Y Y License Text +Sun Industry Standards Source License v1.2 SISSL-1.2 License Text +Sleepycat License Sleepycat Y Y License Text +Standard ML of New Jersey License SMLNJ Y License Text +Secure Messaging Protocol Public License SMPPL License Text +SNIA Public License 1.1 SNIA License Text +Spencer License 86 Spencer-86 License Text +Spencer License 94 Spencer-94 License Text +Spencer License 99 Spencer-99 License Text +Sun Public License v1.0 SPL-1.0 Y Y License Text +SSH OpenSSH license SSH-OpenSSH License Text +SSH short notice SSH-short License Text +Server Side Public License, v 1 SSPL-1.0 License Text +SugarCRM Public License v1.1.3 SugarCRM-1.1.3 License Text +Scheme Widget Library (SWL) Software License Agreement SWL License Text +TAPR Open Hardware License v1.0 TAPR-OHL-1.0 License Text +TCL/TK License TCL License Text +TCP Wrappers License TCP-wrappers License Text +TMate Open Source License TMate License Text +TORQUE v2.5+ Software License v1.1 TORQUE-1.1 License Text +Trusster Open Source License TOSL License Text +Technische Universitaet Berlin License 1.0 TU-Berlin-1.0 License Text +Technische Universitaet Berlin License 2.0 TU-Berlin-2.0 License Text +Upstream Compatibility License v1.0 UCL-1.0 Y License Text +Unicode License Agreement - Data Files and Software (2015) Unicode-DFS-2015 License Text +Unicode License Agreement - Data Files and Software (2016) Unicode-DFS-2016 License Text +Unicode Terms of Use Unicode-TOU License Text +The Unlicense Unlicense Y Y License Text +Universal Permissive License v1.0 UPL-1.0 Y Y License Text +Vim License Vim Y License Text +VOSTROM Public License for Open Source VOSTROM License Text +Vovida Software License v1.0 VSL-1.0 Y License Text +W3C Software Notice and License (2002-12-31) W3C Y Y License Text +W3C Software Notice and License (1998-07-20) W3C-19980720 License Text +W3C Software Notice and Document License (2015-05-13) W3C-20150513 License Text +Sybase Open Watcom Public License 1.0 Watcom-1.0 Y License Text +Wsuipa License Wsuipa License Text +Do What The F*ck You Want To Public License WTFPL Y License Text +X11 License X11 Y License Text +Xerox License Xerox License Text +XFree86 License 1.1 XFree86-1.1 Y License Text +xinetd License xinetd Y License Text +X.Net License Xnet Y License Text +XPP License xpp License Text +XSkat License XSkat License Text +Yahoo! Public License v1.0 YPL-1.0 License Text +Yahoo! Public License v1.1 YPL-1.1 Y License Text +Zed License Zed License Text +Zend License v2.0 Zend-2.0 Y License Text +Zimbra Public License v1.3 Zimbra-1.3 Y License Text +Zimbra Public License v1.4 Zimbra-1.4 License Text +zlib License Zlib Y Y License Text +zlib/libpng License with Acknowledgement zlib-acknowledgement License Text +Zope Public License 1.1 ZPL-1.1 License Text +Zope Public License 2.0 ZPL-2.0 Y Y License Text +Zope Public License 2.1 ZPL-2.1 Y License Text diff --git a/src/catkin_pkg/package.py b/src/catkin_pkg/package.py index bdc88a3b..c40544ab 100644 --- a/src/catkin_pkg/package.py +++ b/src/catkin_pkg/package.py @@ -222,6 +222,85 @@ def validate(self, warnings=None): errors = [] new_warnings = [] + def is_valid_spdx_identifier(lic): + """ + Check if the license is already one of valid SPDX Identifiers. + + The list was created from https://spdx.org/licenses/ with: + cat doc/spdx-3.10-2020-08-03.csv | cut -f 2 | grep -v ^Identifier$ + """ + return lic in ['0BSD', 'AAL', 'Abstyles', 'Adobe-2006', 'Adobe-Glyph', 'ADSL', 'AFL-1.1', 'AFL-1.2', 'AFL-2.0', 'AFL-2.1', 'AFL-3.0', 'Afmparse', 'AGPL-1.0-only', 'AGPL-1.0-or-later', + 'AGPL-3.0-only', 'AGPL-3.0-or-later', 'Aladdin', 'AMDPLPA', 'AML', 'AMPAS', 'ANTLR-PD', 'Apache-1.0', 'Apache-1.1', 'Apache-2.0', 'APAFML', 'APL-1.0', 'APSL-1.0', + 'APSL-1.1', 'APSL-1.2', 'APSL-2.0', 'Artistic-1.0', 'Artistic-1.0-cl8', 'Artistic-1.0-Perl', 'Artistic-2.0', 'Bahyph', 'Barr', 'Beerware', 'BitTorrent-1.0', + 'BitTorrent-1.1', 'blessing', 'BlueOak-1.0.0', 'Borceux', 'BSD-1-Clause', 'BSD-2-Clause', 'BSD-2-Clause-Patent', 'BSD-2-Clause-Views', 'BSD-3-Clause', + 'BSD-3-Clause-Attribution', 'BSD-3-Clause-Clear', 'BSD-3-Clause-LBNL', 'BSD-3-Clause-No-Nuclear-License', 'BSD-3-Clause-No-Nuclear-License-2014', + 'BSD-3-Clause-No-Nuclear-Warranty', 'BSD-3-Clause-Open-MPI', 'BSD-4-Clause', 'BSD-4-Clause-UC', 'BSD-Protection', 'BSD-Source-Code', 'BSL-1.0', 'bzip2-1.0.5', + 'bzip2-1.0.6', 'CAL-1.0', 'CAL-1.0-Combined-Work-Exception', 'Caldera', 'CATOSL-1.1', 'CC-BY-1.0', 'CC-BY-2.0', 'CC-BY-2.5', 'CC-BY-3.0', 'CC-BY-3.0-AT', 'CC-BY-4.0', + 'CC-BY-NC-1.0', 'CC-BY-NC-2.0', 'CC-BY-NC-2.5', 'CC-BY-NC-3.0', 'CC-BY-NC-4.0', 'CC-BY-NC-ND-1.0', 'CC-BY-NC-ND-2.0', 'CC-BY-NC-ND-2.5', 'CC-BY-NC-ND-3.0', + 'CC-BY-NC-ND-3.0-IGO', 'CC-BY-NC-ND-4.0', 'CC-BY-NC-SA-1.0', 'CC-BY-NC-SA-2.0', 'CC-BY-NC-SA-2.5', 'CC-BY-NC-SA-3.0', 'CC-BY-NC-SA-4.0', 'CC-BY-ND-1.0', 'CC-BY-ND-2.0', + 'CC-BY-ND-2.5', 'CC-BY-ND-3.0', 'CC-BY-ND-4.0', 'CC-BY-SA-1.0', 'CC-BY-SA-2.0', 'CC-BY-SA-2.5', 'CC-BY-SA-3.0', 'CC-BY-SA-3.0-AT', 'CC-BY-SA-4.0', 'CC-PDDC', 'CC0-1.0', + 'CDDL-1.0', 'CDDL-1.1', 'CDLA-Permissive-1.0', 'CDLA-Sharing-1.0', 'CECILL-1.0', 'CECILL-1.1', 'CECILL-2.0', 'CECILL-2.1', 'CECILL-B', 'CECILL-C', 'CERN-OHL-1.1', + 'CERN-OHL-1.2', 'CERN-OHL-P-2.0', 'CERN-OHL-S-2.0', 'CERN-OHL-W-2.0', 'ClArtistic', 'CNRI-Jython', 'CNRI-Python', 'CNRI-Python-GPL-Compatible', 'Condor-1.1', + 'copyleft-next-0.3.0', 'copyleft-next-0.3.1', 'CPAL-1.0', 'CPL-1.0', 'CPOL-1.02', 'Crossword', 'CrystalStacker', 'CUA-OPL-1.0', 'Cube', 'curl', 'D-FSL-1.0', 'diffmark', + 'DOC', 'Dotseqn', 'DSDP', 'dvipdfm', 'ECL-1.0', 'ECL-2.0', 'EFL-1.0', 'EFL-2.0', 'eGenix', 'Entessa', 'EPICS', 'EPL-1.0', 'EPL-2.0', 'ErlPL-1.1', 'etalab-2.0', + 'EUDatagrid', 'EUPL-1.0', 'EUPL-1.1', 'EUPL-1.2', 'Eurosym', 'Fair', 'Frameworx-1.0', 'FreeImage', 'FSFAP', 'FSFUL', 'FSFULLR', 'FTL', 'GFDL-1.1-invariants-only', + 'GFDL-1.1-invariants-or-later', 'GFDL-1.1-no-invariants-only', 'GFDL-1.1-no-invariants-or-later', 'GFDL-1.1-only', 'GFDL-1.1-or-later', 'GFDL-1.2-invariants-only', + 'GFDL-1.2-invariants-or-later', 'GFDL-1.2-no-invariants-only', 'GFDL-1.2-no-invariants-or-later', 'GFDL-1.2-only', 'GFDL-1.2-or-later', 'GFDL-1.3-invariants-only', + 'GFDL-1.3-invariants-or-later', 'GFDL-1.3-no-invariants-only', 'GFDL-1.3-no-invariants-or-later', 'GFDL-1.3-only', 'GFDL-1.3-or-later', 'Giftware', 'GL2PS', 'Glide', + 'Glulxe', 'GLWTPL', 'gnuplot', 'GPL-1.0-only', 'GPL-1.0-or-later', 'GPL-2.0-only', 'GPL-2.0-or-later', 'GPL-3.0-only', 'GPL-3.0-or-later', 'gSOAP-1.3b', 'HaskellReport', + 'Hippocratic-2.1', 'HPND', 'HPND-sell-variant', 'IBM-pibs', 'ICU', 'IJG', 'ImageMagick', 'iMatix', 'Imlib2', 'Info-ZIP', 'Intel', 'Intel-ACPI', 'Interbase-1.0', 'IPA', + 'IPL-1.0', 'ISC', 'JasPer-2.0', 'JPNIC', 'JSON', 'LAL-1.2', 'LAL-1.3', 'Latex2e', 'Leptonica', 'LGPL-2.0-only', 'LGPL-2.0-or-later', 'LGPL-2.1-only', 'LGPL-2.1-or-later', + 'LGPL-3.0-only', 'LGPL-3.0-or-later', 'LGPLLR', 'Libpng', 'libpng-2.0', 'libselinux-1.0', 'libtiff', 'LiLiQ-P-1.1', 'LiLiQ-R-1.1', 'LiLiQ-Rplus-1.1', 'Linux-OpenIB', + 'LPL-1.0', 'LPL-1.02', 'LPPL-1.0', 'LPPL-1.1', 'LPPL-1.2', 'LPPL-1.3a', 'LPPL-1.3c', 'MakeIndex', 'MirOS', 'MIT', 'MIT-0', 'MIT-advertising', 'MIT-CMU', 'MIT-enna', + 'MIT-feh', 'MITNFA', 'Motosoto', 'mpich2', 'MPL-1.0', 'MPL-1.1', 'MPL-2.0', 'MPL-2.0-no-copyleft-exception', 'MS-PL', 'MS-RL', 'MTLL', 'MulanPSL-1.0', 'MulanPSL-2.0', + 'Multics', 'Mup', 'NASA-1.3', 'Naumen', 'NBPL-1.0', 'NCGL-UK-2.0', 'NCSA', 'Net-SNMP', 'NetCDF', 'Newsletr', 'NGPL', 'NIST-PD', 'NIST-PD-fallback', 'NLOD-1.0', 'NLPL', + 'Nokia', 'NOSL', 'Noweb', 'NPL-1.0', 'NPL-1.1', 'NPOSL-3.0', 'NRL', 'NTP', 'NTP-0', 'O-UDA-1.0', 'OCCT-PL', 'OCLC-2.0', 'ODbL-1.0', 'ODC-By-1.0', 'OFL-1.0', + 'OFL-1.0-no-RFN', 'OFL-1.0-RFN', 'OFL-1.1', 'OFL-1.1-no-RFN', 'OFL-1.1-RFN', 'OGC-1.0', 'OGL-Canada-2.0', 'OGL-UK-1.0', 'OGL-UK-2.0', 'OGL-UK-3.0', 'OGTSL', 'OLDAP-1.1', + 'OLDAP-1.2', 'OLDAP-1.3', 'OLDAP-1.4', 'OLDAP-2.0', 'OLDAP-2.0.1', 'OLDAP-2.1', 'OLDAP-2.2', 'OLDAP-2.2.1', 'OLDAP-2.2.2', 'OLDAP-2.3', 'OLDAP-2.4', 'OLDAP-2.5', + 'OLDAP-2.6', 'OLDAP-2.7', 'OLDAP-2.8', 'OML', 'OpenSSL', 'OPL-1.0', 'OSET-PL-2.1', 'OSL-1.0', 'OSL-1.1', 'OSL-2.0', 'OSL-2.1', 'OSL-3.0', 'Parity-6.0.0', 'Parity-7.0.0', + 'PDDL-1.0', 'PHP-3.0', 'PHP-3.01', 'Plexus', 'PolyForm-Noncommercial-1.0.0', 'PolyForm-Small-Business-1.0.0', 'PostgreSQL', 'PSF-2.0', 'psfrag', 'psutils', 'Python-2.0', + 'Qhull', 'QPL-1.0', 'Rdisc', 'RHeCos-1.1', 'RPL-1.1', 'RPL-1.5', 'RPSL-1.0', 'RSA-MD', 'RSCPL', 'Ruby', 'SAX-PD', 'Saxpath', 'SCEA', 'Sendmail', 'Sendmail-8.23', + 'SGI-B-1.0', 'SGI-B-1.1', 'SGI-B-2.0', 'SHL-0.5', 'SHL-0.51', 'SimPL-2.0', 'SISSL', 'SISSL-1.2', 'Sleepycat', 'SMLNJ', 'SMPPL', 'SNIA', 'Spencer-86', 'Spencer-94', + 'Spencer-99', 'SPL-1.0', 'SSH-OpenSSH', 'SSH-short', 'SSPL-1.0', 'SugarCRM-1.1.3', 'SWL', 'TAPR-OHL-1.0', 'TCL', 'TCP-wrappers', 'TMate', 'TORQUE-1.1', 'TOSL', + 'TU-Berlin-1.0', 'TU-Berlin-2.0', 'UCL-1.0', 'Unicode-DFS-2015', 'Unicode-DFS-2016', 'Unicode-TOU', 'Unlicense', 'UPL-1.0', 'Vim', 'VOSTROM', 'VSL-1.0', 'W3C', + 'W3C-19980720', 'W3C-20150513', 'Watcom-1.0', 'Wsuipa', 'WTFPL', 'X11', 'Xerox', 'XFree86-1.1', 'xinetd', 'Xnet', 'xpp', 'XSkat', 'YPL-1.0', 'YPL-1.1', 'Zed', 'Zend-2.0', + 'Zimbra-1.3', 'Zimbra-1.4', 'Zlib', 'zlib-acknowledgement', 'ZPL-1.1', 'ZPL-2.0', 'ZPL-2.1'] + + def map_license_to_spdx(lic): + """ + Map some commonly used license values to one of valid SPDX Identifiers. + + This is mapping only whatever value is listed in package.xml without any + knowledge about the actual license used in the source files - it can map + only the clear unambiguous cases (while triggering an warning) - the rest + needs to be fixed in package.xml, so it will trigger an error + + This is similar to what e.g. Openembedded is doing in: + http://git.openembedded.org/openembedded-core/tree/meta/conf/licenses.conf + """ + return { + 'Apache2': 'Apache-2.0', + }.get(lic, None) + + def validate_licenses(licenses, warnings): + for lic in licenses: + if is_valid_spdx_identifier(lic): + continue + + if lic == 'TODO': + warnings.append('The license value "%s" is only temporary from the template, replace it with correct value' % (lic)) + continue + + spdx = map_license_to_spdx(lic) + if not spdx: + warnings.append('The license value "%s" cannot be mapped to valid SPDX identifier' % (lic)) + elif spdx != lic: + # double check that what we mapped it to, is one of valid SPDX identifiers + if not is_valid_spdx_identifier(spdx): + warnings.append('The license value "%s" was mapped to "%s", but that is not listed as valid identifier' % (lic, spdx)) + else: + warnings.append('The license value "%s" is not valid SPDX identifier, please use "%s" instead' % (lic, spdx)) + if self.package_format: if not re.match('^[1-9][0-9]*$', str(self.package_format)): errors.append('The "format" attribute of the package must contain a positive integer if present') @@ -268,6 +347,8 @@ def validate(self, warnings=None): if [license_ for license_ in self.licenses if not license_.strip()]: errors.append('The license tag must neither be empty nor only contain whitespaces') + validate_licenses(self.licenses, new_warnings) + if self.authors is not None: for author in self.authors: try: From b0f58cfff9d87931da677f2834ae856e1ce6aa72 Mon Sep 17 00:00:00 2001 From: Martin Jansa Date: Fri, 18 Sep 2020 07:09:42 -0700 Subject: [PATCH 2/6] package_templates.py: Use more specific TODO license TODO-CATKIN-PACKAGE-LICENSE Signed-off-by: Martin Jansa --- src/catkin_pkg/package.py | 2 +- src/catkin_pkg/package_templates.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/catkin_pkg/package.py b/src/catkin_pkg/package.py index c40544ab..8eefd9e9 100644 --- a/src/catkin_pkg/package.py +++ b/src/catkin_pkg/package.py @@ -287,7 +287,7 @@ def validate_licenses(licenses, warnings): if is_valid_spdx_identifier(lic): continue - if lic == 'TODO': + if lic == 'TODO-CATKIN-PACKAGE-LICENSE': warnings.append('The license value "%s" is only temporary from the template, replace it with correct value' % (lic)) continue diff --git a/src/catkin_pkg/package_templates.py b/src/catkin_pkg/package_templates.py index d539d2f8..db6ccc03 100644 --- a/src/catkin_pkg/package_templates.py +++ b/src/catkin_pkg/package_templates.py @@ -71,7 +71,7 @@ def _create_package_template(package_name, description=None, licenses=None, :param catkin_deps: """ # Sort so they are alphebetical - licenses = list(licenses or ['TODO']) + licenses = list(licenses or ['TODO-CATKIN-PACKAGE-LICENSE']) licenses.sort() if not maintainer_names: maintainer_names = [getpass.getuser()] From ab319ede7360b4e61cb2487e7a78c0868fd9e579 Mon Sep 17 00:00:00 2001 From: Martin Jansa Date: Fri, 18 Sep 2020 06:16:52 -0700 Subject: [PATCH 3/6] test_templates.py: use unambiguous BSD-3-Clause license instead of just BSD --- .../metapackages/NonConformingName/package.xml | 2 +- test/data/metapackages/invalid_cmake/package.xml | 2 +- test/data/metapackages/invalid_depends/package.xml | 2 +- test/data/metapackages/leftover_files/package.xml | 2 +- .../no_buildtool_depend_catkin/package.xml | 2 +- test/data/metapackages/no_cmake/package.xml | 2 +- .../metapackages/no_metapackage_tag/package.xml | 2 +- .../metapackages/valid_metapackage/package.xml | 2 +- .../valid_metapackage_format2/package.xml | 2 +- test/data/package/valid_package.xml | 2 +- test/test_catkin_create_pkg.py | 2 +- test/test_package.py | 14 +++++++------- test/test_templates.py | 12 ++++++------ 13 files changed, 24 insertions(+), 24 deletions(-) diff --git a/test/data/metapackages/NonConformingName/package.xml b/test/data/metapackages/NonConformingName/package.xml index 9aa73eaa..af551465 100644 --- a/test/data/metapackages/NonConformingName/package.xml +++ b/test/data/metapackages/NonConformingName/package.xml @@ -5,7 +5,7 @@ valid_metapackage user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/metapackages/invalid_cmake/package.xml b/test/data/metapackages/invalid_cmake/package.xml index bc9cf675..900c2257 100644 --- a/test/data/metapackages/invalid_cmake/package.xml +++ b/test/data/metapackages/invalid_cmake/package.xml @@ -5,7 +5,7 @@ invalid_cmake user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/metapackages/invalid_depends/package.xml b/test/data/metapackages/invalid_depends/package.xml index 54c8f12c..a104c0fd 100644 --- a/test/data/metapackages/invalid_depends/package.xml +++ b/test/data/metapackages/invalid_depends/package.xml @@ -5,7 +5,7 @@ invalid_depends user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/metapackages/leftover_files/package.xml b/test/data/metapackages/leftover_files/package.xml index 1b4e9e83..02ae05a4 100644 --- a/test/data/metapackages/leftover_files/package.xml +++ b/test/data/metapackages/leftover_files/package.xml @@ -5,7 +5,7 @@ leftover_files user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/metapackages/no_buildtool_depend_catkin/package.xml b/test/data/metapackages/no_buildtool_depend_catkin/package.xml index 306735c5..67148a66 100644 --- a/test/data/metapackages/no_buildtool_depend_catkin/package.xml +++ b/test/data/metapackages/no_buildtool_depend_catkin/package.xml @@ -5,7 +5,7 @@ no_buildtool_depend_catkin user - BSD + BSD-3-Clause foo bar diff --git a/test/data/metapackages/no_cmake/package.xml b/test/data/metapackages/no_cmake/package.xml index 772ad2ad..49d0d60b 100644 --- a/test/data/metapackages/no_cmake/package.xml +++ b/test/data/metapackages/no_cmake/package.xml @@ -5,7 +5,7 @@ no_cmake user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/metapackages/no_metapackage_tag/package.xml b/test/data/metapackages/no_metapackage_tag/package.xml index c7e60943..4ff8c30d 100644 --- a/test/data/metapackages/no_metapackage_tag/package.xml +++ b/test/data/metapackages/no_metapackage_tag/package.xml @@ -5,7 +5,7 @@ no_metapackage_tag user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/metapackages/valid_metapackage/package.xml b/test/data/metapackages/valid_metapackage/package.xml index ebdd02ee..3a78e310 100644 --- a/test/data/metapackages/valid_metapackage/package.xml +++ b/test/data/metapackages/valid_metapackage/package.xml @@ -5,7 +5,7 @@ valid_metapackage user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/metapackages/valid_metapackage_format2/package.xml b/test/data/metapackages/valid_metapackage_format2/package.xml index 58bc9cb2..7c72f597 100644 --- a/test/data/metapackages/valid_metapackage_format2/package.xml +++ b/test/data/metapackages/valid_metapackage_format2/package.xml @@ -5,7 +5,7 @@ valid_metapackage user - BSD + BSD-3-Clause catkin foo diff --git a/test/data/package/valid_package.xml b/test/data/package/valid_package.xml index 2c52a196..00cb5f8d 100644 --- a/test/data/package/valid_package.xml +++ b/test/data/package/valid_package.xml @@ -5,7 +5,7 @@ valid_package description üser - BSD + BSD-3-Clause catkin foo diff --git a/test/test_catkin_create_pkg.py b/test/test_catkin_create_pkg.py index 479bf6be..508eb182 100644 --- a/test/test_catkin_create_pkg.py +++ b/test/test_catkin_create_pkg.py @@ -29,7 +29,7 @@ def test_create_package_template(self): template = PackageTemplate._create_package_template( 'foopackage', description='foo_desc', - licenses=['a', 'b'], + licenses=['BSD-3-Clause'], maintainer_names=['John Doe', 'Jim Daniels'], author_names=['Harry Smith'], version='1.2.3', diff --git a/test/test_package.py b/test/test_package.py index b988a9f3..0f52bcf7 100644 --- a/test/test_package.py +++ b/test/test_package.py @@ -47,14 +47,14 @@ def test_init(self): pack = Package(name='foo', version='0.0.0', maintainers=[maint], - licenses=['BSD']) + licenses=['BSD-3-Clause']) self.assertEqual(None, pack.filename) self.assertEqual('0.0.0', pack.version) self.assertEqual(None, pack.version_compatibility) self.assertEqual([], pack.urls) self.assertEqual([], pack.authors) self.assertEqual([maint], pack.maintainers) - self.assertEqual(['BSD'], pack.licenses) + self.assertEqual(['BSD-3-Clause'], pack.licenses) self.assertEqual([None], [license_.file for license_ in pack.licenses]) self.assertEqual([], pack.build_depends) self.assertEqual([], pack.buildtool_depends) @@ -68,7 +68,7 @@ def test_init(self): pack = Package('foo', name='bar', version='0.0.0', - licenses=['BSD'], + licenses=['BSD-3-Clause'], maintainers=[self.get_maintainer()]) self.assertEqual('foo', pack.filename) @@ -177,7 +177,7 @@ def test_init_kwargs_string(self): version='0.0.1', version_compatibility='0.0.0', description='pdesc', - licenses=['BSD'], + licenses=['BSD-3-Clause'], maintainers=[self.get_maintainer()]) self.assertEqual('foo', pack.filename) self.assertEqual('bar', pack.name) @@ -188,7 +188,7 @@ def test_init_kwargs_string(self): def test_init_kwargs_object(self): mmain = [self.get_maintainer(), self.get_maintainer()] - mlis = ['MIT', License('BSD', 'LICENSE')] + mlis = ['MIT', License('BSD-3-Clause', 'LICENSE')] mauth = [self.get_maintainer(), self.get_maintainer()] murl = [Mock(), Mock()] mbuilddep = [Mock(), Mock()] @@ -242,7 +242,7 @@ def test_validate_package(self): package_format='1', version='0.0.1', description='pdesc', - licenses=['BSD'], + licenses=['BSD-3-Clause'], maintainers=[maint]) pack.validate() @@ -370,7 +370,7 @@ def test_parse_package_valid(self): assert package.name == 'valid_package' assert package.description == 'valid_package description' assert package.version == '0.1.0' - assert package.licenses == ['BSD'] + assert package.licenses == ['BSD-3-Clause'] assert [x.name for x in package.run_depends] == ['foo', 'bar', 'baz'] def test_parse_package_invalid(self): diff --git a/test/test_templates.py b/test/test_templates.py index 561ec288..5a950db1 100644 --- a/test/test_templates.py +++ b/test/test_templates.py @@ -63,7 +63,7 @@ def test_create_package_xml(self): description='foo', version='0.0.0', maintainers=[maint], - licenses=['BSD']) + licenses=['BSD-3-Clause']) result = create_package_xml(pack, 'groovy') self.assertTrue('foo' in result, result) @@ -136,7 +136,7 @@ def test_create_package(self): version='0.0.1', version_compatibility='0.0.0', maintainers=[maint], - licenses=['BSD']) + licenses=['BSD-3-Clause']) try: rootdir = tempfile.mkdtemp() file1 = os.path.join(rootdir, 'CMakeLists.txt') @@ -163,7 +163,7 @@ def test_parse_generated(self): urls=[Url('foo')], description='pdesc', maintainers=[maint], - licenses=['BSD']) + licenses=['BSD-3-Clause']) try: rootdir = tempfile.mkdtemp() file1 = os.path.join(rootdir, 'CMakeLists.txt') @@ -197,7 +197,7 @@ def test_parse_generated(self): 'maintainer': u('John Foo'), 'maintainer_email': 'foo@bar.com', 'description': 'pdesc', - 'license': 'BSD', + 'license': 'BSD-3-Clause', 'version': '0.0.1', 'author': '', 'url': 'foo'}, rdict) @@ -214,7 +214,7 @@ def test_parse_generated_multi(self): description='pdesc', maintainers=[maint, maint], authors=[maint, maint], - licenses=['BSD', 'MIT'], + licenses=['BSD-3-Clause', 'MIT'], urls=[Url('foo', 'bugtracker'), Url('bar')], build_depends=[Dependency('dep1')], buildtool_depends=[Dependency('dep2'), @@ -280,7 +280,7 @@ def assertEqualDependencies(deplist1, deplist2): self.assertEqual({'name': 'bar', 'maintainer': u('John Foo , John Foo '), 'description': 'pdesc', - 'license': 'BSD, MIT', + 'license': 'BSD-3-Clause, MIT', 'version': '0.0.1', 'author': u('John Foo , John Foo '), 'url': 'bar'}, rdict) From 80984fe852e081dbc003e032221c3a2beaaf2d76 Mon Sep 17 00:00:00 2001 From: Martin Jansa Date: Fri, 18 Sep 2020 08:37:32 -0700 Subject: [PATCH 4/6] validate: map_license_to_spdx: define the mapping based on rosdistro statistics * see the license value statistics in: https://github.com/ros-infrastructure/superflore/issues/271#issuecomment-694917169 * with this applied, there are following statistics across all currently used ROS distributions in rosdistro: * License values which were unambiguously mapped to one of SPDX identifiers: 1064 WARNING: The license value "Apache License 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead 741 WARNING: The license value "Apache 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead 77 WARNING: The license value "LGPLv3" is not valid SPDX identifier, please use "LGPL-3.0-only" instead 75 WARNING: The license value "GPLv3" is not valid SPDX identifier, please use "GPL-3.0-only" instead 73 WARNING: The license value "BSD 3-Clause" is not valid SPDX identifier, please use "BSD-3-Clause" instead 34 WARNING: The license value "GPLv2" is not valid SPDX identifier, please use "GPL-2.0-only" instead 34 WARNING: The license value "BSD-3" is not valid SPDX identifier, please use "BSD-3-Clause" instead 26 WARNING: The license value "Apache 2" is not valid SPDX identifier, please use "Apache-2.0" instead 23 WARNING: The license value "Apache License, Version 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead 21 WARNING: The license value "Apache2" is not valid SPDX identifier, please use "Apache-2.0" instead 14 WARNING: The license value "zlib" is not valid SPDX identifier, please use "Zlib" instead 10 WARNING: The license value "APACHE2.0" is not valid SPDX identifier, please use "Apache-2.0" instead 8 WARNING: The license value "GNU Lesser Public License 2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead 6 WARNING: The license value "LGPLv2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead 6 WARNING: The license value "CC BY-NC-SA 4.0" is not valid SPDX identifier, please use "CC-BY-NC-SA-4.0" instead 6 WARNING: The license value "BSD2" is not valid SPDX identifier, please use "BSD-2-Clause" instead 5 WARNING: The license value "LGPL-2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead 5 WARNING: The license value "Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License" is not valid SPDX identifier, please use "CC-BY-NC-ND-4.0" instead 4 WARNING: The license value "zlib License" is not valid SPDX identifier, please use "Zlib" instead 4 WARNING: The license value "LGPL v2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead 4 WARNING: The license value "GNU General Public License v2.0" is not valid SPDX identifier, please use "GPL-2.0-only" instead 4 WARNING: The license value "Eclipse Public License 2.0" is not valid SPDX identifier, please use "EPL-2.0" instead 4 WARNING: The license value "Creative Commons BY-NC-ND 3.0" is not valid SPDX identifier, please use "CC-BY-NC-ND-3.0" instead 4 WARNING: The license value "Boost Software License" is not valid SPDX identifier, please use "BSL-1.0" instead 3 WARNING: The license value "Mozilla Public License Version 1.1" is not valid SPDX identifier, please use "MPL-1.1" instead 3 WARNING: The license value "CreativeCommons-by-nc-sa-2.0" is not valid SPDX identifier, please use "CC-BY-NC-SA-2.0" instead 3 WARNING: The license value "Boost Software License, Version 1.0" is not valid SPDX identifier, please use "BSL-1.0" instead 2 WARNING: The license value "LGPL3" is not valid SPDX identifier, please use "LGPL-3.0-only" instead 2 WARNING: The license value "ECL2.0" is not valid SPDX identifier, please use "EPL-2.0" instead 2 WARNING: The license value "CreativeCommons-by-nc-4.0" is not valid SPDX identifier, please use "CC-BY-NC-4.0" instead 2 WARNING: The license value "Boost" is not valid SPDX identifier, please use "BSL-1.0" instead 2 WARNING: The license value "Boost Software License 1.0" is not valid SPDX identifier, please use "BSL-1.0" instead 2 WARNING: The license value "BSL1.0" is not valid SPDX identifier, please use "BSL-1.0" instead 2 WARNING: The license value "BSD 2-Clause License" is not valid SPDX identifier, please use "BSD-2-Clause" instead 2 WARNING: The license value "Apache2.0" is not valid SPDX identifier, please use "Apache-2.0" instead 2 WARNING: The license value "Apache v2.0" is not valid SPDX identifier, please use "Apache-2.0" instead 2 WARNING: The license value "Apache v2" is not valid SPDX identifier, please use "Apache-2.0" instead 2 WARNING: The license value "Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)" is not valid SPDX identifier, please use "Apache-2.0" instead 1 WARNING: The license value "MIT License" is not valid SPDX identifier, please use "MIT" instead 1 WARNING: The license value "LGPL v2.1 or later" is not valid SPDX identifier, please use "LGPL-2.1-or-later" instead 1 WARNING: The license value "LGPL v2" is not valid SPDX identifier, please use "LGPL-2.0-only" instead 1 WARNING: The license value "GPL-2.0" is not valid SPDX identifier, please use "GPL-2.0-only" instead 1 WARNING: The license value "GPL v3" is not valid SPDX identifier, please use "GPL-3.0-only" instead 1 WARNING: The license value "GNU GPL v3.0" is not valid SPDX identifier, please use "GPL-3.0-only" instead 1 WARNING: The license value "CreativeCommons-Attribution-NonCommercial-ShareAlike-4.0-International" is not valid SPDX identifier, please use "CC-BY-NC-SA-4.0" instead 1 WARNING: The license value "CreativeCommons-Attribution-NonCommercial-NoDerivatives-4.0" is not valid SPDX identifier, please use "CC-BY-NC-ND-4.0" instead 1 WARNING: The license value "BSD 3-clause. See license attached" is not valid SPDX identifier, please use "BSD-2-Clause" instead 1 WARNING: The license value "BSD 3-clause Clear License" is not valid SPDX identifier, please use "BSD-2-Clause" instead 1 WARNING: The license value "Apachi 2" is not valid SPDX identifier, please use "Apache-2.0" instead 1 WARNING: The license value "Apache License Version 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead * License texts which were replaced with more common version Biggest issue is clearly the "TODO" string from catkin package template which people forget to update 31 WARNING: The license value "TODO" is not valid SPDX identifier, and it is usually used as "TODO-CATKIN-PACKAGE-LICENSE" 6 WARNING: The license value "proprietary" is not valid SPDX identifier, and it is usually used as "Proprietary" 6 WARNING: The license value "Public domain" is not valid SPDX identifier, and it is usually used as "PD" 5 WARNING: The license value "Public Domain" is not valid SPDX identifier, and it is usually used as "PD" * License texts which weren't mapped to SPDX, usually because the license version wasn't specified or when some more creative form of license description was used Biggest issue is clearly the "BSD" without Clause specification followed by recipes using multiple licenses while not using clear separator between them (e.g. OpenEmbedded supports '&' '|' '(' ')': http://git.openembedded.org/openembedded-core/tree/meta/lib/oe/license.py?id=8e2d0575e4e7036b5f60e632f377a8ab2b96ead8#n42 ) 4711 WARNING: The license value "BSD" cannot be mapped to valid SPDX identifier 81 WARNING: The license value "LGPL" cannot be mapped to valid SPDX identifier 63 WARNING: The license value "GPL" cannot be mapped to valid SPDX identifier 31 WARNING: The license value "TODO" cannot be mapped to valid SPDX identifier 20 WARNING: The license value "United States Government Purpose" cannot be mapped to valid SPDX identifier 20 WARNING: The license value "SwRI Proprietary" cannot be mapped to valid SPDX identifier 18 WARNING: The license value "Apache" cannot be mapped to valid SPDX identifier 16 WARNING: The license value "ASL 2.0" cannot be mapped to valid SPDX identifier 14 WARNING: The license value "EPL" cannot be mapped to valid SPDX identifier 10 WARNING: The license value "GNU Lesser General Public License (LGPL)" cannot be mapped to valid SPDX identifier 8 WARNING: The license value "Proprietary" cannot be mapped to valid SPDX identifier 7 WARNING: The license value "BSD,LGPL,Apache 2.0" cannot be mapped to valid SPDX identifier 7 WARNING: The license value "BSD, LGPL" cannot be mapped to valid SPDX identifier 7 WARNING: The license value "BSD, Apache 2.0" cannot be mapped to valid SPDX identifier 6 WARNING: The license value "proprietary" cannot be mapped to valid SPDX identifier 6 WARNING: The license value "Public domain" cannot be mapped to valid SPDX identifier 6 WARNING: The license value "Creative Commons" cannot be mapped to valid SPDX identifier 6 WARNING: The license value "BSD, GPL" cannot be mapped to valid SPDX identifier 5 WARNING: The license value "Public Domain" cannot be mapped to valid SPDX identifier 4 WARNING: The license value "TBD" cannot be mapped to valid SPDX identifier 4 WARNING: The license value "CC-BY-SA" cannot be mapped to valid SPDX identifier 4 WARNING: The license value "BSD License 2.0" cannot be mapped to valid SPDX identifier 3 WARNING: The license value "N/A" cannot be mapped to valid SPDX identifier 3 WARNING: The license value "HOYA License" cannot be mapped to valid SPDX identifier 3 WARNING: The license value "HEBI C++ Software License (https://www.hebirobotics.com/softwarelicense)" cannot be mapped to valid SPDX identifier 3 WARNING: The license value "GPLv2 with linking exception" cannot be mapped to valid SPDX identifier 3 WARNING: The license value "BSD,LGPL,LGPL (amcl)" cannot be mapped to valid SPDX identifier 3 WARNING: The license value "BSD, some icons are licensed under the GNU Lesser General Public License (LGPL) or Creative Commons Attribution-Noncommercial 3.0 License" cannot be mapped to valid SPDX identifier 3 WARNING: The license value "ALv2" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "Yujin Robot" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "TERMS OF USE FOR GUNDAM RESEARCH OPEN SIMULATOR Attribution-NonCommercial-ShareAlike" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "Southwest Research Institute Proprietary" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "KHI CAD license (mesh data, see readme)" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "GPL for sigblock" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "GPL because of list.h; other files released under BSD" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "Eclipse Distribution License 1.0" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "Commercial" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "Check author's website" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "Binary Only" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "BSD,GPL because of list.h; other files released under BSD,GPL" cannot be mapped to valid SPDX identifier 2 WARNING: The license value "APLv2" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "specified in-file" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "see license.txt" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "see License.txt" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "free for research or education purpose, all rights maintained by David Applegate, William Cook, Sanjeeb Dash, and Monika Mevenkamp" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "free for academic research, for further licensing contact Wiliam Cook" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "WTF" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "Version 2.0" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "T.D.B" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "Slightech License" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "See license.txt" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "Lesser GPL and Apache License" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "LGPLv2.1, modified BSD" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "LGPL and Apache2" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "LGPL / BSD" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "GPL v2 with linking exception" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "GPL + runtime exception" cannot be mapped to valid SPDX identifier 1 WARNING: The license value "FZI all rights reserved" cannot be mapped to valid SPDX identifier Signed-off-by: Martin Jansa --- src/catkin_pkg/package.py | 69 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) diff --git a/src/catkin_pkg/package.py b/src/catkin_pkg/package.py index 8eefd9e9..006ff883 100644 --- a/src/catkin_pkg/package.py +++ b/src/catkin_pkg/package.py @@ -279,7 +279,69 @@ def map_license_to_spdx(lic): http://git.openembedded.org/openembedded-core/tree/meta/conf/licenses.conf """ return { + 'Apache License Version 2.0': 'Apache-2.0', + 'Apachi 2': 'Apache-2.0', + 'Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)': 'Apache-2.0', + 'Apache v2': 'Apache-2.0', + 'Apache v2.0': 'Apache-2.0', + 'Apache2.0': 'Apache-2.0', + 'APACHE2.0': 'Apache-2.0', 'Apache2': 'Apache-2.0', + 'Apache License, Version 2.0': 'Apache-2.0', + 'Apache 2': 'Apache-2.0', + 'Apache 2.0': 'Apache-2.0', + 'Apache License 2.0': 'Apache-2.0', + 'LGPL v2': 'LGPL-2.0-only', + 'LGPL v2.1 or later': 'LGPL-2.1-or-later', + 'LGPL v2.1': 'LGPL-2.1-only', + 'LGPL-2.1': 'LGPL-2.1-only', + 'LGPLv2.1': 'LGPL-2.1-only', + 'GNU Lesser Public License 2.1': 'LGPL-2.1-only', + 'LGPL3': 'LGPL-3.0-only', + 'LGPLv3': 'LGPL-3.0-only', + 'GPL-2.0': 'GPL-2.0-only', + 'GPLv2': 'GPL-2.0-only', + 'GNU General Public License v2.0': 'GPL-2.0-only', + 'GNU GPL v3.0': 'GPL-3.0-only', + 'GPL v3': 'GPL-3.0-only', + 'GPLv3': 'GPL-3.0-only', + 'ECL2.0': 'EPL-2.0', + 'Eclipse Public License 2.0': 'EPL-2.0', + 'Mozilla Public License Version 1.1': 'MPL-1.1', + 'Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License': 'CC-BY-NC-ND-4.0', + 'CreativeCommons-Attribution-NonCommercial-NoDerivatives-4.0': 'CC-BY-NC-ND-4.0', + 'CreativeCommons-Attribution-NonCommercial-ShareAlike-4.0-International': 'CC-BY-NC-SA-4.0', + 'CC BY-NC-SA 4.0': 'CC-BY-NC-SA-4.0', + 'CreativeCommons-by-nc-4.0': 'CC-BY-NC-4.0', + 'CreativeCommons-by-nc-sa-2.0': 'CC-BY-NC-SA-2.0', + 'Creative Commons BY-NC-ND 3.0': 'CC-BY-NC-ND-3.0', + 'BSD 3-clause Clear License': 'BSD-2-Clause', + 'BSD 3-clause. See license attached': 'BSD-2-Clause', + 'BSD 2-Clause License': 'BSD-2-Clause', + 'BSD2': 'BSD-2-Clause', + 'BSD-3': 'BSD-3-Clause', + 'BSD 3-Clause': 'BSD-3-Clause', + 'Boost Software License 1.0': 'BSL-1.0', + 'Boost': 'BSL-1.0', + 'Boost Software License, Version 1.0': 'BSL-1.0', + 'Boost Software License': 'BSL-1.0', + 'BSL1.0': 'BSL-1.0', + 'MIT License': 'MIT', + 'zlib License': 'Zlib', + 'zlib': 'Zlib' + }.get(lic, None) + + def map_license_to_more_common_format(lic): + """ + Map license value to more common format. + + These aren't SPDX Identifiers, but lets unify them at least. + """ + return { + 'proprietary': 'Proprietary', + 'Public Domain': 'PD', + 'Public domain': 'PD', + 'TODO': 'TODO-CATKIN-PACKAGE-LICENSE' }.get(lic, None) def validate_licenses(licenses, warnings): @@ -287,7 +349,12 @@ def validate_licenses(licenses, warnings): if is_valid_spdx_identifier(lic): continue - if lic == 'TODO-CATKIN-PACKAGE-LICENSE': + common = map_license_to_more_common_format(lic) + if common: + lic = common + warnings.append('The license value "%s" is not valid SPDX identifier, and it is usually used as "%s"' % (lic, common)) + + if license == 'TODO-CATKIN-PACKAGE-LICENSE': warnings.append('The license value "%s" is only temporary from the template, replace it with correct value' % (lic)) continue From 5f61240f230352a2da3a48e0d4c69a7020b50c08 Mon Sep 17 00:00:00 2001 From: Martin Jansa Date: Fri, 18 Sep 2020 09:01:08 -0700 Subject: [PATCH 5/6] validate: map_license_to_common: remove apostrophe from uwsim_bullet's license * "Check-author\'s-website" license value used by uwsim_bullet breaks the parsing of superflore generated recipe, at least use it without apostrophe Signed-off-by: Martin Jansa --- src/catkin_pkg/package.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/catkin_pkg/package.py b/src/catkin_pkg/package.py index 006ff883..88bfdf3f 100644 --- a/src/catkin_pkg/package.py +++ b/src/catkin_pkg/package.py @@ -338,6 +338,7 @@ def map_license_to_more_common_format(lic): These aren't SPDX Identifiers, but lets unify them at least. """ return { + "Check-author's-website": 'Check-authors-website', 'proprietary': 'Proprietary', 'Public Domain': 'PD', 'Public domain': 'PD', From 21a07b38074afd2b6aa5a94aa90d472471c56c6c Mon Sep 17 00:00:00 2001 From: Martin Jansa Date: Fri, 6 Nov 2020 09:26:04 -0800 Subject: [PATCH 6/6] validate: validate_licenses_multiple_values: show different warning * when the license value lists multiple licenses (one of currenly used combinations) * show a link to REP-0149 format definition which explicitly says: "For multiple licenses multiple separate tags must be used." but unfortunately it doesn't define how to express e.g. dual-license or other more complicated scheme, other than pointing to tag. "For any explanatory text about licensing caveats, please use the tag." * e.g. OpenEmbedded supports '&' '|' '(' ')' to express more compilcated scheme: http://git.openembedded.org/openembedded-core/tree/meta/lib/oe/license.py?id=8e2d0575e4e7036b5f60e632f377a8ab2b96ead8#n42 ) but that would require change to Package Manifest Format Signed-off-by: Martin Jansa --- src/catkin_pkg/package.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/catkin_pkg/package.py b/src/catkin_pkg/package.py index 88bfdf3f..426c564d 100644 --- a/src/catkin_pkg/package.py +++ b/src/catkin_pkg/package.py @@ -345,6 +345,25 @@ def map_license_to_more_common_format(lic): 'TODO': 'TODO-CATKIN-PACKAGE-LICENSE' }.get(lic, None) + def validate_licenses_multiple_values(lic): + """ + Check if the license tag contains multiple license values. + + Show warning about using multiple license tags when the + value is one of the listed. + """ + return lic in [ + 'LGPLv2.1, modified BSD', + 'Lesser GPL and Apache License', + 'BSD,GPL because of list.h; other files released under BSD,GPL', + 'GPL because of list.h; other files released under BSD', + 'BSD, some icons are licensed under the GNU Lesser General Public License (LGPL) or Creative Commons Attribution-Noncommercial 3.0 License', + 'BSD,LGPL,LGPL (amcl)', + 'BSD, GPL', + 'BSD, Apache 2.0', + 'BSD, LGPL', + 'BSD,LGPL,Apache 2.0'] + def validate_licenses(licenses, warnings): for lic in licenses: if is_valid_spdx_identifier(lic): @@ -362,6 +381,9 @@ def validate_licenses(licenses, warnings): spdx = map_license_to_spdx(lic) if not spdx: warnings.append('The license value "%s" cannot be mapped to valid SPDX identifier' % (lic)) + if validate_licenses_multiple_values(lic): + warnings.append('The license value "%s" contains multiple licenses, you should use multiple flags instead, ' + 'see https://www.ros.org/reps/rep-0149.html#license-multiple-but-at-least-one') elif spdx != lic: # double check that what we mapped it to, is one of valid SPDX identifiers if not is_valid_spdx_identifier(spdx):