xref: /freebsd/sys/contrib/openzfs/scripts/spdxcheck.pl (revision f1c4c3daccbaf3820f0e2224de53df12fc952fcc) 
1#!/usr/bin/env perl
2
3# SPDX-License-Identifier: MIT
4#
5# Copyright (c) 2025, Rob Norris <robn@despairlabs.com>
6#
7# Permission is hereby granted, free of charge, to any person obtaining a copy
8# of this software and associated documentation files (the "Software"), to
9# deal in the Software without restriction, including without limitation the
10# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
11# sell copies of the Software, and to permit persons to whom the Software is
12# furnished to do so, subject to the following conditions:
13#
14# The above copyright notice and this permission notice shall be included in
15# all copies or substantial portions of the Software.
16#
17# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
23# IN THE SOFTWARE.
24
25use 5.010;
26use warnings;
27use strict;
28
29# All files known to git are either "tagged" or "untagged". Tagged files are
30# expected to have a license tag, while untagged files are expected to _not_
31# have a license tag. There is no "optional" tag; all files are either "tagged"
32# or "untagged".
33#
34# Whether or not a file is tagged or untagged is determined using the patterns
35# in $tagged_patterns and $untagged_patterns and the following sequence:
36#
37# - if the file's full path is explicity listed in $tagged_patterns, then the
38#   file is tagged.
39#
40# - if the file's full path is explicitly listed in $untagged_patterns, then
41#   file is untagged.
42#
43# - if the filename matches a pattern in $tagged_patterns, and does not match a
44#   pattern in $untagged_patterns, then the file is tagged
45#
46# - otherwise, the file is untagged.
47#
48# The patterns do a simple glob-like match over the entire path relative to the
49# root of the git repo (no leading /). '*' matches as anything at that point,
50# across path fragments. '?' matches a single character.
51
52my $tagged_patterns = q(
53	# Compiled source files
54	*.c
55	*.h
56	*.S
57
58	# Python files, eg test suite drivers, libzfs bindings
59	*.py
60	*.py.in
61
62	# Various support scripts
63	*.sh
64	*.pl
65
66	# Test suite
67	*.ksh
68	*.ksh.in
69	*.kshlib
70	*.kshlib.in
71	*.shlib
72
73	# Test suite data files
74	*.run
75	*.cfg
76	*.cfg.in
77	*.fio
78	*.lua
79	*.zcp
80
81	# Manpages
82	man/man?/*.?
83	man/man?/*.?.in
84
85	# Unsuffixed programs (or generated of same)
86	cmd/arcstat.in
87	cmd/arc_summary
88	cmd/dbufstat.in
89	cmd/zilstat.in
90	cmd/zpool/zpool.d/*
91	etc/init.d/zfs-import.in
92	etc/init.d/zfs-load-key.in
93	etc/init.d/zfs-mount.in
94	etc/init.d/zfs-share.in
95	etc/init.d/zfs-zed.in
96	etc/zfs/zfs-functions.in
97	scripts/objtool-wrapper.in
98
99	# Misc items that have clear licensing info but aren't easily matched,
100	# or are the first of a class that we aren't ready to match yet.
101	config/ax_code_coverage.m4
102	configure.ac
103	module/lua/README.zfs
104	scripts/kmodtool
105	tests/zfs-tests/tests/functional/inheritance/README.config
106	tests/zfs-tests/tests/functional/inheritance/README.state
107	cmd/zed/zed.d/statechange-notify.sh
108);
109
110my $untagged_patterns = q(
111	# Exclude CI tooling as it's not interesting for overall project
112	# licensing.
113	.github/*
114
115	# Everything below this has unclear licensing. Work is happening to
116	# identify and update them. Once one gains a tag it should be removed
117	# from this list.
118
119	cmd/zed/zed.d/*.sh
120	cmd/zpool/zpool.d/*
121
122	contrib/coverity/model.c
123	include/libzdb.h
124	include/os/freebsd/spl/sys/inttypes.h
125	include/os/freebsd/spl/sys/mode.h
126	include/os/freebsd/spl/sys/trace.h
127	include/os/freebsd/spl/sys/trace_zfs.h
128	include/os/freebsd/zfs/sys/zpl.h
129	include/os/linux/kernel/linux/page_compat.h
130	lib/libspl/include/os/freebsd/sys/sysmacros.h
131	lib/libspl/include/sys/string.h
132	lib/libspl/include/sys/trace_spl.h
133	lib/libspl/include/sys/trace_zfs.h
134	lib/libzdb/libzdb.c
135	module/lua/setjmp/setjmp.S
136	module/lua/setjmp/setjmp_ppc.S
137	module/zstd/include/sparc_compat.h
138	module/zstd/zstd_sparc.c
139	tests/zfs-tests/cmd/cp_files.c
140	tests/zfs-tests/cmd/zed_fd_spill-zedlet.c
141	tests/zfs-tests/tests/functional/tmpfile/tmpfile_001_pos.c
142	tests/zfs-tests/tests/functional/tmpfile/tmpfile_002_pos.c
143	tests/zfs-tests/tests/functional/tmpfile/tmpfile_003_pos.c
144	tests/zfs-tests/tests/functional/tmpfile/tmpfile_test.c
145
146	autogen.sh
147	contrib/bpftrace/zfs-trace.sh
148	contrib/pyzfs/docs/source/conf.py
149	contrib/pyzfs/libzfs_core/test/__init__.py
150	contrib/pyzfs/setup.py.in
151	contrib/zcp/autosnap.lua
152	scripts/commitcheck.sh
153	scripts/man-dates.sh
154	scripts/mancheck.sh
155	scripts/paxcheck.sh
156	scripts/zfs-helpers.sh
157	scripts/zfs-tests-color.sh
158	scripts/zfs.sh
159	scripts/zimport.sh
160	tests/zfs-tests/callbacks/zfs_failsafe.ksh
161	tests/zfs-tests/include/commands.cfg
162	tests/zfs-tests/include/tunables.cfg
163	tests/zfs-tests/include/zpool_script.shlib
164	tests/zfs-tests/tests/functional/mv_files/random_creation.ksh
165);
166
167# For files expected to have a license tags, these are the acceptable tags by
168# path. A file in one of these paths with a tag not listed here must be in the
169# override list below. If the file is not in any of these paths, then
170# $default_license_tags is used.
171my $default_license_tags = [
172    'CDDL-1.0', '0BSD', 'BSD-2-Clause', 'BSD-3-Clause', 'MIT'
173];
174
175my @path_license_tags = (
176	# Conventional wisdom is that the Linux SPL must be GPL2+ for
177	# kernel compatibility.
178	'module/os/linux/spl' => ['GPL-2.0-or-later'],
179	'include/os/linux/spl' => ['GPL-2.0-or-later'],
180
181	# Third-party code should keep it's original license
182	'module/zstd/lib' => ['BSD-3-Clause OR GPL-2.0-only'],
183	'module/lua' => ['MIT'],
184
185	# lua/setjmp is platform-specific code sourced from various places
186	'module/lua/setjmp' => $default_license_tags,
187
188	# Some of the fletcher modules are dual-licensed
189	'module/zcommon/zfs_fletcher' =>
190	    ['BSD-2-Clause OR GPL-2.0-only', 'CDDL-1.0'],
191
192	'module/icp' => ['Apache-2.0', 'CDDL-1.0'],
193
194	# Python bindings are always Apache-2.0
195	'contrib/pyzfs' => ['Apache-2.0'],
196);
197
198# This is a list of "special case" license tags that are in use in the tree,
199# and the files where they occur. these exist for a variety of reasons, and
200# generally should not be used for new code. If you need to bring in code that
201# has a different license from the acceptable ones listed above, then you will
202# also need to add it here, with rationale provided and approval given in your
203# PR.
204my %override_file_license_tags = (
205
206	# SPDX have repeatedly rejected the creation of a tag for a public
207	# domain dedication, as not all dedications are clear and unambiguious
208	# in their meaning and not all jurisdictions permit relinquishing a
209	# copyright anyway.
210	#
211	# A reasonably common workaround appears to be to create a local
212	# (project-specific) identifier to convey whatever meaning the project
213	# wishes it to. To cover OpenZFS' use of third-party code with a
214	# public domain dedication, we use this custom tag.
215	#
216	# Further reading:
217	#   https://github.com/spdx/old-wiki/blob/main/Pages/Legal%20Team/Decisions/Dealing%20with%20Public%20Domain%20within%20SPDX%20Files.md
218	#   https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/
219	#   https://cr.yp.to/spdx.html
220	#
221	'LicenseRef-OpenZFS-ThirdParty-PublicDomain' => [qw(
222		include/sys/skein.h
223		module/icp/algs/skein/skein_block.c
224		module/icp/algs/skein/skein.c
225		module/icp/algs/skein/skein_impl.h
226		module/icp/algs/skein/skein_iv.c
227		module/icp/algs/skein/skein_port.h
228		module/zfs/vdev_draid_rand.c
229	)],
230
231	# Legacy inclusions
232	'Brian-Gladman-3-Clause' => [qw(
233		module/icp/asm-x86_64/aes/aestab.h
234		module/icp/asm-x86_64/aes/aesopt.h
235		module/icp/asm-x86_64/aes/aeskey.c
236		module/icp/asm-x86_64/aes/aes_amd64.S
237	)],
238	'OpenSSL-standalone' => [qw(
239		module/icp/asm-x86_64/aes/aes_aesni.S
240	)],
241	'LGPL-2.1-or-later' => [qw(
242		config/ax_code_coverage.m4
243	)],
244
245	# Legacy inclusions of BSD-2-Clause files in Linux SPL.
246	'BSD-2-Clause' => [qw(
247		include/os/linux/spl/sys/debug.h
248		module/os/linux/spl/spl-zone.c
249	)],
250
251	# Temporary overrides for things that have the wrong license for
252	# their path. Work is underway to understand and resolve these.
253	'GPL-2.0-or-later' => [qw(
254		include/os/freebsd/spl/sys/kstat.h
255		include/os/freebsd/spl/sys/sunddi.h
256	)],
257	'CDDL-1.0' => [qw(
258		include/os/linux/spl/sys/errno.h
259		include/os/linux/spl/sys/ia32/asm_linkage.h
260		include/os/linux/spl/sys/misc.h
261		include/os/linux/spl/sys/procfs_list.h
262		include/os/linux/spl/sys/trace.h
263		include/os/linux/spl/sys/trace_spl.h
264		include/os/linux/spl/sys/trace_taskq.h
265		include/os/linux/spl/sys/wmsum.h
266		module/os/linux/spl/spl-procfs-list.c
267		module/os/linux/spl/spl-trace.c
268		module/lua/README.zfs
269	)],
270);
271
272##########
273
274sub setup_patterns {
275	my ($patterns) = @_;
276
277	my @re;
278	my @files;
279
280	for my $pat (split "\n", $patterns) {
281		# remove leading/trailing whitespace and comments
282		$pat =~ s/(:?^\s*|\s*(:?#.*)?$)//g;
283		# skip (now-)empty lines
284		next if $pat eq '';
285
286		# if the "pattern" has no metachars, then it's a literal file
287		# path and gets matched a bit more strongly
288		unless ($pat =~ m/[?*]/) {
289			push @files, $pat;
290			next;
291		}
292
293		# naive pattern to regex conversion
294
295		# escape simple metachars
296		$pat =~ s/([\.\(\[])/\Q$1\E/g;
297
298		$pat =~ s/\?/./g;	# glob ? -> regex .
299		$pat =~ s/\*/.*/g;	# glob * -> regex .*
300
301		push @re, $pat;
302	}
303
304	my $re = join '|', @re;
305	return (qr/^(?:$re)$/, { map { $_ => 1 } @files });
306};
307
308my ($tagged_re, $tagged_files) = setup_patterns($tagged_patterns);
309my ($untagged_re, $untagged_files) = setup_patterns($untagged_patterns);
310
311sub file_is_tagged {
312	my ($file) = @_;
313
314	# explicitly tagged
315	if ($tagged_files->{$file}) {
316		delete $tagged_files->{$file};
317		return 1;
318	}
319
320	# explicitly untagged
321	if ($untagged_files->{$file}) {
322		delete $untagged_files->{$file};
323		return 0;
324	}
325
326	# must match tagged patterns and not match untagged patterns
327	return ($file =~ $tagged_re) && !($file =~ $untagged_re);
328}
329
330my %override_tags = map {
331	my $tag = $_;
332	map { $_ => $tag } @{$override_file_license_tags{$_}};
333} keys %override_file_license_tags;
334
335##########
336
337my $rc = 0;
338
339# Get a list of all files known to git. This is a crude way of avoiding any
340# build artifacts that have tags embedded in them.
341my @git_files = sort grep { chomp } qx(git ls-tree --name-only -r HEAD);
342
343# Scan all files and work out if their tags are correct.
344for my $file (@git_files) {
345	# Ignore non-files. git can store other types of objects (submodule
346	# dirs, symlinks, etc) that aren't interesting for licensing.
347	next unless -f $file && ! -l $file;
348
349	# Open the file, and extract its license tag. We only check the first
350	# 4K of each file because many of these files are large, binary, or
351	# both.  For a typical source file that means the tag should be found
352	# within the first ~50 lines.
353	open my $fh, '<', $file or die "$0: couldn't open $file: $!\n";
354	my $nbytes = read $fh, my $buf, 4096;
355	die "$0: couldn't read $file: $!\n" if !defined $nbytes;
356
357	my ($tag) =
358	    $buf =~ m/\bSPDX-License-Identifier: ([A-Za-z0-9_\-\. ]+)$/smg;
359
360	close $fh;
361
362	# Decide if the file should have a tag at all
363	my $tagged = file_is_tagged($file);
364
365	# If no license tag is wanted, there's not much left to do
366	if (!$tagged) {
367		if (defined $tag) {
368			# untagged file has a tag, pattern change required
369			say "unexpected license tag: $file";
370			$rc = 1;
371		}
372		next;
373	}
374
375	# If a tag is required, but doesn't have one, warn and loop.
376	if (!defined $tag) {
377		say "missing license tag: $file";
378		$rc = 1;
379		next;
380	}
381
382	# Determine the set of valid license tags for this file. Start with
383	# the defaults.
384	my $tags = $default_license_tags;
385
386	if ($override_tags{$file}) {
387		# File has an explicit override, use it.
388		$tags = [delete $override_tags{$file}];
389	} else {
390		# Work through the path tag sets, taking the set with the
391		# most precise match. If no sets match, we fall through and
392		# are left with the default set.
393		my $matchlen = 0;
394		for (my $n = 0; $n < @path_license_tags; $n += 2) {
395			my ($path, $t) = @path_license_tags[$n,$n+1];
396			if (substr($file, 0, length($path)) eq $path &&
397			    length($path) > $matchlen) {
398				$tags = $t;
399				$matchlen = length($path);
400			}
401		}
402	}
403
404	# Confirm the file's tag is in the set, and warn if not.
405	my %tags = map { $_ => 1 } @$tags;
406	unless ($tags{$tag}) {
407		say "invalid license tag: $file";
408		say "    (got $tag; expected: @$tags)";
409		$rc = 1;
410		next;
411	}
412}
413
414##########
415
416# List any files explicitly listed as tagged or untagged that we didn't see.
417# Likely the file was removed from the repo but not from our lists.
418
419for my $file (sort keys %$tagged_files) {
420	say "explicitly tagged file not on disk: $file";
421	$rc = 1;
422}
423for my $file (sort keys %$untagged_files) {
424	say "explicitly untagged file not on disk: $file";
425	$rc = 1;
426}
427for my $file (sort keys %override_tags) {
428	say "explicitly overridden file not on disk: $file";
429	$rc = 1;
430}
431
432exit $rc;
433