scripts: forbid use of arbitrary SPDX tags besides license identifiers

While SPDX-License-Identifier is a well known SPDX tag, there are a
great many more besides that[1]. These are mostly focused on making
machine readable metadata available to the 'reuse' tool and similar.
They cover concepts like author names, copyright owners, and much
more. It is even possible to define source file line groups and apply
different SPDX tags to regions of code within a file.

At this time we're only interested in adopting SPDX for recording the
file global licensing info, so detect & reject any other SPDX metadata.
If we want to explicitly collect extra data in SPDX format, we can
evaluate each data item on its merits when someone wants to propose it
at a later date.

[1] https://spdx.github.io/spdx-spec/v2.2.2/file-tags/
    https://spdx.github.io/spdx-spec/v2.2.2/file-information/

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 8995d2c3911038d1589fa8c5f83e77222bd97a82..83b59fb4436db3e147c49f2616dfa865b8c1d6be 100755 (executable)
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -1714,6 +1714,18 @@ sub process {
                    &checkspdx($realfile, $1);
                }
 
+               if ($rawline =~ m,(SPDX-[a-zA-Z0-9-_]+):,) {
+                   my $tag = $1;
+                   my @permitted = qw(
+                       SPDX-License-Identifier
+                   );
+
+                   unless (grep { /^$tag$/ } @permitted) {
+                       ERROR("Tag $tag not permitted in QEMU code, valid " .
+                             "choices are: " . join(", ", @permitted));
+                   }
+               }
+
 # Check for wrappage within a valid hunk of the file
                if ($realcnt != 0 && $line !~ m{^(?:\+|-| |\\ No newline|$)}) {
                        ERROR("patch seems to be corrupt (line wrapped?)\n" .