abuild: check license for valid SPDX license identifiers

licenses will be checked against the license.lst file provided by
the spdx-licenses-list package when installed except when explicitly
disabled by the !spdx options flag.

1 files changed, 16 insertions, 0 deletions

diff --git a/abuild.in b/abuild.in
index 16c4bee..e3a6f20 100644
--- a/abuild.in
+++ b/abuild.in
@@ -233,6 +233,7 @@ default_sanitycheck() {
 	[ -n "$checkdepend" ] && spell_error checkdepend checkdepends
 
 	check_maintainer || die "Provide a valid RFC822 maintainer address"
+	check_license || warning "Please use valid SPDX license identifiers found at: https://spdx.org/licenses"
 
 	check_depends_dev || warning "depends_dev found but no development subpackage found"
 	check_secfixes_comment || return 1
@@ -837,6 +838,21 @@ check_maintainer() {
 	fi
 }
 
+check_license() {
+	local ret=0
+	local license_list=/usr/share/spdx/license.lst
+	if options_has "!spdx" || ! [ -f "$license_list" ]; then
+		return 0
+	fi
+	local i; for i in $license; do
+		if ! grep -q -w -F "$i" "$license_list"; then
+			ret=1
+			warning "\"$i\" is not a known license"
+		fi
+	done
+	return $ret
+}
+
 check_secfixes_comment() {
 	local c=$(sed -E -n -e '/^# secfixes:/,/(^[^#]|^$)/p' $APKBUILD | grep '^#')
 	local invalid=$(echo "$c" \