From 851cf20b7d5aed45c3331781afef8de3961f4bb4 Mon Sep 17 00:00:00 2001
(check-suspect-license): New linter.
(%local-checkers)[suspect-license]: Register it.
guix/lint.scm | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
Toggle diff (57 lines)
diff --git a/guix/lint.scm b/guix/lint.scm
index ffd3f7007e..3a7f3be327 100644
#:use-module (guix store)
#:autoload (guix base16) (bytevector->base16-string)
#:use-module (guix base32)
+ #:use-module (guix build-system)
#:use-module (guix diagnostics)
#:use-module (guix download)
#:use-module (guix ftp-client)
@@ -1347,6 +1348,31 @@ of the propagated inputs it pulls in."
(make-warning package (G_ "invalid license field")
+(define (check-suspect-license package)
+ "Warn about suspicious license combinations in PACKAGE."
+ ;; Use 'build-system-name' instead of comparing the build
+ ;; system directly with 'linux-module-build-system' to avoid
+ ;; loading (guix build-system linux-module) when no Linux modules
+ (build-system-name (package-build-system package))))
+ ;; This has plenty of false negatives and should
+ ;; have very few false positives.
+ (define gpl2-only-incompatible?
+ ;; The Linux kernel is GPL-2-only, so GPL3 and later are out.
+ ;; The GPL and CDDL appear to be incompatible, see
+ ;; <https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/>
+ ;; and <https://www.fsf.org/licensing/zfs-and-linux>.
+ (memq (package-license package)
+ (list gpl3 gpl3+ cddl1.0)))
+ (if (and linux-module? gpl2-only-incompatible?)
+ (G_ "license appears incompatible with the Linux kernel")
(define (current-vulnerabilities*)
"Like 'current-vulnerabilities', but return the empty list upon networking
or HTTP errors. This allows network-less operation and makes problems with
@@ -1762,6 +1788,10 @@ them for PACKAGE."
(description "Make sure the 'license' field is a <license> \
+ (name 'suspect-license)
+ (description "Detect some suspect combinations of licenses")
+ (check check-suspect-license))
(description "Make sure tests are only run when requested")