Introduce plausibility check for outbound licenes

When creating a library or executable, several source files are combined
into a binary artifact that has an outbound license of its own. This test
generator allows to check if the combined source files are compatible
with the desired outbound license.

Requirements for using these tests:
- input source files must contain the SPDX-License-Information tag
- python3 must be available
- the "reuse spdx" tool must be available

1 files changed, 139 insertions, 0 deletions

diff --git a/modules/check-outbound-license.py b/modules/check-outbound-license.py
new file mode 100755
index 00000000..b8c1ef23
--- /dev/null
+++ b/modules/check-outbound-license.py
@@ -0,0 +1,139 @@
+#!/usr/bin/env python3
+# SPDX-FileCopyrightText: 2020 Andreas Cord-Landwehr <cordlandwehr@kde.org>
+# SPDX-License-Identifier: BSD-3-Clause
+
+# key    : outbound license identifier
+# values : list of acceptable licenses that are compatible with outbound license
+compatibilityMatrix = {
+    "MIT": [
+        "CC0-1.0",
+        "MIT"],
+    "BSD-2-Clause": [
+        "CC0-1.0",
+        "MIT",
+        "BSD-2-Clause"],
+    "BSD-3-Clause": [
+        "CC0-1.0",
+        "MIT",
+        "BSD-2-Clause",
+        "BSD-3-Clause"],
+    "LGPL-2.0-only": [
+        "CC0-1.0",
+        "LGPL-2.0-only",
+        "LGPL-2.0-or-later",
+        "MIT",
+        "BSD-2-Clause",
+        "BSD-3-Clause",
+        "bzip2-1.0.6"],
+    "LGPL-2.1-only": [
+        "CC0-1.0",
+        "LGPL-2.0-or-later",
+        "LGPL-2.1-only",
+        "LGPL-2.1-or-later",
+        "MIT",
+        "BSD-2-Clause",
+        "BSD-3-Clause",
+        "bzip2-1.0.6"],
+    "LGPL-3.0-only": [
+        "CC0-1.0",
+        "LGPL-2.0-or-later",
+        "LGPL-2.1-or-later",
+        "LGPL-3.0-only",
+        "LGPL-3.0-or-later",
+        "MIT",
+        "BSD-2-Clause",
+        "BSD-3-Clause",
+        "bzip2-1.0.6"],
+    "GPL-2.0-only": [
+        "CC0-1.0",
+        "LGPL-2.0-only",
+        "LGPL-2.1-only",
+        "LGPL-2.0-or-later",
+        "LGPL-2.1-or-later",
+        "GPL-2.0-only",
+        "GPL-2.0-or-later",
+        "MIT",
+        "BSD-2-Clause",
+        "BSD-3-Clause",
+        "bzip2-1.0.6"],
+    "GPL-3.0-only": [
+        "CC0-1.0",
+        "LGPL-2.0-or-later",
+        "LGPL-2.1-or-later",
+        "LGPL-3.0-only",
+        "LGPL-3.0-or-later",
+        "GPL-2.0-or-later",
+        "GPL-3.0-only",
+        "GPL-3.0-or-later",
+        "MIT",
+        "BSD-2-Clause",
+        "BSD-3-Clause",
+        "bzip2-1.0.6"]
+}
+
+def check_outbound_license(license, files, spdxDictionary):
+    """
+    Asserts that the list of source files @p files, when combined into
+    a library or executable, can be delivered under the combined license @p license .
+    """
+    print("Checking Target License: " + license)
+    if not license in compatibilityMatrix:
+        print("Error: unknown license selected")
+        return False
+
+    allLicensesAreCompatible = True
+
+    for sourceFile in files:
+        compatible = False
+        sourceFileStripped = sourceFile.strip()
+        for fileLicense in spdxDictionary[sourceFileStripped]:
+            if fileLicense in compatibilityMatrix[license]:
+                compatible = True
+                print("OK " + sourceFileStripped + " : " + fileLicense)
+        if not compatible:
+            allLicensesAreCompatible = False
+            print("-- " + sourceFileStripped + " : ( " + ", ".join([str(i) for i in spdxDictionary[sourceFileStripped]]) + " )")
+    return allLicensesAreCompatible
+
+if __name__ == '__main__':
+    print("Parsing SPDX BOM file")
+    import sys
+    import argparse
+
+    # parse commands
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-l", "--license", help="set outbound license to test")
+    parser.add_argument("-s", "--spdx", help="spdx bill-of-materials file")
+    parser.add_argument("-i", "--input", help="input file with list of source files to test")
+    args = parser.parse_args()
+
+    # TODO check if required arguments are present and give meaningful feedback
+
+    # collect name and licenses from SPDX blocks
+    spdxDictionary = {}
+    fileName = ""
+    licenses = []
+    f = open(args.spdx, "r")
+    for line in f:
+        if line.startswith("FileName:"):
+            # strip "FileName: "
+            # thus name expected to start with "./", which is relative to CMAKE_SOURCE_DIR
+            fileName = line[10:].strip()
+        if line.startswith("LicenseInfoInFile:"):
+            licenses.append(line[19:].strip())
+        if line == '' or line == "\n":
+            spdxDictionary[fileName] = licenses
+            fileName = ""
+            licenses = []
+    f.close();
+
+    # read file with list of test files
+    f = open(args.input, "r")
+    testfiles = f.readlines()
+    f.close()
+
+    if check_outbound_license(args.license, testfiles, spdxDictionary) == True:
+        sys.exit(0);
+
+    # in any other case, return error code
+    sys.exit(1)