brew audit: Included json gem, does conditional check on github

2020-06-13 03:43:02 +08:00 · 2020-06-13 03:43:02 +08:00 · 998ab162d4
commit 998ab162d4
parent 803f9dd4a3
3 changed files with 31 additions and 5 deletions
--- a/Library/Homebrew/Gemfile
+++ b/Library/Homebrew/Gemfile
@ -13,6 +13,8 @@ gem "rspec-retry", require: false
 gem "rspec-wait", require: false
 gem "rubocop"
 gem "simplecov", require: false
+gem "json", require: false
+
 if ENV["HOMEBREW_SORBET"]
  gem "sorbet"
  gem "sorbet-runtime"
--- a/Library/Homebrew/Gemfile.lock
+++ b/Library/Homebrew/Gemfile.lock
@ -128,6 +128,7 @@ DEPENDENCIES
  byebug
  concurrent-ruby
  coveralls (~> 0.8)
+  json
  mechanize
  parallel_tests
  plist
--- a/Library/Homebrew/dev-cmd/audit.rb
+++ b/Library/Homebrew/dev-cmd/audit.rb
@ -347,13 +347,37 @@ module Homebrew
      file = File.open(File.expand_path(path))
      valid_licenses = JSON.load(file)
      unless formula.license.nil?
-        return if valid_licenses.key?(formula.license)
-        problem "#{formula.license} is not an SPDX license."
+        if valid_licenses.key?(formula.license)
+          return unless @online
+            user, repo = get_repo_data(%r{https?://github\.com/([^/]+)/([^/]+)/?.*}, false)
+            return if user.nil?
+            github_license = get_repo_license_data(user, repo)
+            if github_license && (github_license == formula.license)
+              return
+            else
+              problem "License mismatch - Github license is: #{github_license}, but Formulae license states: #{formula.license}"
+            end
+        else
+          problem "#{formula.license} is not an SPDX license."
+        end
      else
        problem "No license specified for package."
      end
      end

+
+
+    def get_repo_license_data(user, repo)
+      return unless @online
+      begin
+        res = GitHub.open_api("#{GitHub::API_URL}/repos/#{user}/#{repo}/license")
+        return nil unless res.key?("license")
+        return res["license"]["spdx_id"] || nil
+      rescue GitHub::HTTPNotFoundError
+        nil
+      end
+    end
+
    def audit_deps
      @specs.each do |spec|
        # Check for things we don't like to depend on.
@ -558,11 +582,10 @@ module Homebrew
      new_formula_problem warning
    end

-    def get_repo_data(regex)
+    def get_repo_data(regex, new_formula_only=true)
      return unless @core_tap
      return unless @online
-      return unless @new_formula
-
+      return unless @new_formula if new_formula_only
      _, user, repo = *regex.match(formula.stable.url) if formula.stable
      _, user, repo = *regex.match(formula.homepage) unless user
      return if !user || !repo