lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 21 Dec 2017 08:15:43 +0100
From:   Philippe Ombredanne <pombredanne@...b.com>
To:     Rob Herring <robh@...nel.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Joe Perches <joe@...ches.com>,
        Andy Whitcroft <apw@...onical.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH v4] checkpatch.pl: Add SPDX license tag check

Rob,

On Thu, Dec 21, 2017 at 12:46 AM, Rob Herring <robh@...nel.org> wrote:
> Add SPDX license tag check based on the rules defined in
> Documentation/process/license-rules.rst. To summarize, SPDX license tags
> should be on the 1st line (or 2nd line in scripts) using the appropriate
> comment style for the file type.
>
> Cc: Andy Whitcroft <apw@...onical.com>
> Cc: Joe Perches <joe@...ches.com>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Philippe Ombredanne <pombredanne@...b.com>
> Signed-off-by: Rob Herring <robh@...nel.org>
> ---
> Thomas, if you are inclined and Joe is happy with this, can you add this
> on top of your series adding license-rules.rst.
>
> v4:
> - Reference license-rules.rst
> - Add comment style checks based on file types
> - Check .rst files
>
> v3:
> - Since we specify that the tag goes on the 1st or 2nd line, the logic
>   can be greatly simplified compared to v2 because we can just use the
>   line number. And now the check is improved too.
>
>  scripts/checkpatch.pl | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 31031f10fe56..0324f845011d 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -2866,6 +2866,31 @@ sub process {
>                         }
>                 }
>
> +# check for using SPDX license tag at beginning of files
> +               if ($rawline =~ /^\+/ && !($realline == 1 && $rawline =~ /^[\s\+]#!/)) {
> +                       my $ln = 1;
> +                       my $comment = "";
> +
> +                       if ($realfile =~ /\.(h|s|S)$/) {
> +                               $comment = '/\*';
> +                       } elsif ($realfile =~ /\.(c|dts|dtsi)$/) {
> +                               $comment = '//';
> +                       } elsif ($realfile =~ /\.(sh|pl|py)$/) {
> +                               if ($prevrawline =~ /^[\s\+]#!/) {
> +                                       $ln = 2;
> +                               }
> +                               $comment = '#';
> +                       } elsif ($realfile =~ /\.rst$/) {
> +                               $comment = '..';
> +                       }
> +
> +                       if ($comment !~ /^$/ &&
> +                           ($realline == $ln xor $rawline =~ m@^\+$comment SPDX-License-Identifier: @)) {
> +                               WARN("SPDX_LICENSE_TAG",
> +                                    "Missing or malformed SPDX-License-Identifier tag in 1st (or 2nd for scripts) line\n" . $herecurr);
> +                       }
> +               }
> +
>  # check we are in a valid source file if not then ignore this hunk
>                 next if ($realfile !~ /\.(h|c|s|S|sh|dtsi|dts)$/);
>
> --
> 2.14.1
>

My Perl is terribly rusty. But heck this is checkpatch.pl, not
checkpatch.py ;) This looks good to me though.

FWIW I maintain a comprehensive license expression parser and boolean
minimizer that could be a nice addition but is likely overkill even
for deeper checks.

Instead, in the future what we could add to checkpatch.pl could be
some simple table lookup to ensure that the actual expression is a
known one since we have a finite number of licenses in the kernel.

Reviewed-by:  Philippe Ombredanne <pombredanne@...b.com>

[1] https://github.com/nexB/license-expression/
-- 
Cordially
Philippe Ombredanne

Powered by blists - more mailing lists