scripts: forbid use of arbitrary SPDX tags besides license identifiers

While SPDX-License-Identifier is a well known SPDX tag, there are a great many more besides that[1]. These are mostly focused on making machine readable metadata available to the 'reuse' tool and similar. They cover concepts like author names, copyright owners, and much more. It is even possible to define source file line groups and apply different SPDX tags to regions of code within a file. At this time we're only interested in adopting SPDX for recording the file global licensing info, so detect & reject any other SPDX metadata. If we want to explicitly collect extra data in SPDX format, we can evaluate each data item on its merits when someone wants to propose it at a later date. [1] https://spdx.github.io/spdx-spec/v2.2.2/file-tags/ https://spdx.github.io/spdx-spec/v2.2.2/file-information/ Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-08-02 07:13:54 -06:00 · 2024-10-07 16:21:54 +01:00 · 2024-10-07 16:21:54 +01:00 · 6b7521818b
commit 6b7521818b
parent 2b96c1a493
1 changed files with 12 additions and 0 deletions
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@ -1714,6 +1714,18 @@ sub process {
 		    &checkspdx($realfile, $1);
 		}

+		if ($rawline =~ m,(SPDX-[a-zA-Z0-9-_]+):,) {
+		    my $tag = $1;
+		    my @permitted = qw(
+			SPDX-License-Identifier
+		    );
+
+		    unless (grep { /^$tag$/ } @permitted) {
+			ERROR("Tag $tag not permitted in QEMU code, valid " .
+			      "choices are: " . join(", ", @permitted));
+		    }
+		}
+
 # Check for wrappage within a valid hunk of the file
 		if ($realcnt != 0 && $line !~ m{^(?:\+|-| |\\ No newline|$)}) {
 			ERROR("patch seems to be corrupt (line wrapped?)\n" .