lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20171109011047.20040-1-robh@kernel.org>
Date:   Wed,  8 Nov 2017 19:10:47 -0600
From:   Rob Herring <robh@...nel.org>
To:     linux-kernel@...r.kernel.org
Cc:     Andy Whitcroft <apw@...onical.com>, Joe Perches <joe@...ches.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: [PATCH] checkpatch.pl: Add SPDX license tag check

Add a check warning if SPDX-License-Identifier tags are not used in
newly added files.

Cc: Andy Whitcroft <apw@...onical.com>
Cc: Joe Perches <joe@...ches.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Signed-off-by: Rob Herring <robh@...nel.org>
---
I rewrote my previous version to check more than just dts files. It also 
now looks for a tag in added files rather than trying a fuzzy match on 
freeform license text.

 scripts/checkpatch.pl | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 8b80bac055e4..6665735123e5 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -2185,6 +2185,8 @@ sub process {
 	my $commit_log_has_diff = 0;
 	my $reported_maintainer_file = 0;
 	my $non_utf8_charset = 0;
+	my $added_file = 0;
+	my $missing_spdx_license = 0;
 
 	my $last_blank_line = 0;
 	my $last_coalesced_string_linenr = -1;
@@ -2368,6 +2370,16 @@ sub process {
 		$here = "#$linenr: " if (!$file);
 		$here = "#$realline: " if ($file);
 
+		# determine if this is a new file
+		if ($line =~ m@^\-\-\-\s/@) {
+			if ($line =~ m@...v/null@) {
+				$added_file = 1;
+				$missing_spdx_license++;
+			} else {
+				$added_file = 0;
+			}
+		}
+
 		my $found_file = 0;
 		# extract the filename as it passes
 		if ($line =~ /^diff --git.*?(\S+)$/) {
@@ -2865,6 +2877,14 @@ sub process {
 			}
 		}
 
+# check for using SPDX tag instead of free form license text
+		if ($added_file &&
+		    ($rawline =~ /\bSPDX-License-Identifier/ ||
+		     $realfile =~ /Documentation/)) {
+			$missing_spdx_license--;
+			$added_file = 0;
+		}
+
 # check we are in a valid source file if not then ignore this hunk
 		next if ($realfile !~ /\.(h|c|s|S|sh|dtsi|dts)$/);
 
@@ -6399,6 +6419,11 @@ sub process {
 		      "Missing Signed-off-by: line(s)\n");
 	}
 
+	if ($missing_spdx_license) {
+		WARN("SPDX_LICENSE_TAG",
+		     "Missing SPDX-License-Identifier tags in added files. Use tags instead of full license text.\n");
+	}
+
 	print report_dump();
 	if ($summary && !($clean == 1 && $quiet == 1)) {
 		print "$filename " if ($summary_file);
-- 
2.14.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ