From c2507fdc6d96a7a6edc6000a77b1d26895603191 Mon Sep 17 00:00:00 2001 From: Issy Long Date: Tue, 27 Feb 2024 16:53:54 +0000 Subject: [PATCH] formula_audit: Check the license(s) of the specific release - Some repositories occasionally change their licenses. For example they release a version of the software with one license and then decide to change the license later. - Now that `?ref=` is a parameter to the GitHub Repositories License API, we can use that in the license audit to check if the license of the specific release matches the one declared in the formula. --- Library/Homebrew/formula_auditor.rb | 3 ++- Library/Homebrew/utils/github.rb | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Library/Homebrew/formula_auditor.rb b/Library/Homebrew/formula_auditor.rb index d44cbd0e12..dd45ad3341 100644 --- a/Library/Homebrew/formula_auditor.rb +++ b/Library/Homebrew/formula_auditor.rb @@ -255,7 +255,8 @@ module Homebrew user, repo = get_repo_data(%r{https?://github\.com/([^/]+)/([^/]+)/?.*}) return if user.blank? - github_license = GitHub.get_repo_license(user, repo) + tag = SharedAudits.github_tag_from_url(formula.stable.url) + github_license = GitHub.get_repo_license(user, repo, ref: tag) return unless github_license return if (licenses + ["NOASSERTION"]).include?(github_license) return if PERMITTED_LICENSE_MISMATCHES[github_license]&.any? { |license| licenses.include? license } diff --git a/Library/Homebrew/utils/github.rb b/Library/Homebrew/utils/github.rb index 723a711c38..b774209507 100644 --- a/Library/Homebrew/utils/github.rb +++ b/Library/Homebrew/utils/github.rb @@ -497,8 +497,10 @@ module GitHub end end - def self.get_repo_license(user, repo) - response = API.open_rest("#{API_URL}/repos/#{user}/#{repo}/license") + def self.get_repo_license(user, repo, ref: nil) + url = "#{API_URL}/repos/#{user}/#{repo}/license" + url += "?ref=#{ref}" if ref.present? + response = API.open_rest(url) return unless response.key?("license") response["license"]["spdx_id"]