From 2a46b86a225f83f1b757631f12dcbe4dd792f759 Mon Sep 17 00:00:00 2001 From: Carmen Bianca BAKKER Date: Wed, 17 Sep 2025 16:21:31 +0200 Subject: [PATCH 1/6] Create REUSE.toml schema --- site/static/reuse-toml-v1.schema.json | 367 ++++++++++++++++++++++++++ 1 file changed, 367 insertions(+) create mode 100644 site/static/reuse-toml-v1.schema.json diff --git a/site/static/reuse-toml-v1.schema.json b/site/static/reuse-toml-v1.schema.json new file mode 100644 index 00000000..551e81e1 --- /dev/null +++ b/site/static/reuse-toml-v1.schema.json @@ -0,0 +1,367 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://reuse.software/reuse-toml-v1.schema.json", + "$comment": "See https://reuse.software/spec-3.2/ for details", + "title": "REUSE.toml global licensing file, version 1", + "description": "A configuration file which declares the copyright and licensing of files in a directory tree", + "type": "object", + "required": ["version"], + "additionalProperties": true, + "properties": { + "version": { + "description": "The schema version of the REUSE.toml file", + "type": "integer", + "exclusiveMinimum": 0, + "examples": [1] + }, + "SPDX-PackageName": { + "description": "SPDX package name", + "type": "string" + }, + "SPDX-PackageVersion": { + "description": "SPDX package version", + "type": "string" + }, + "SPDX-PackageFileName": { + "description": "SPDX package file name", + "type": "string" + }, + "SPDX-PackageSupplier": { + "description": "SPDX package supplier", + "type": "string" + }, + "SPDX-PackageOriginator": { + "description": "SPDX package originator", + "type": "string" + }, + "SPDX-PackageDownloadLocation": { + "description": "SPDX package download location", + "type": "string" + }, + "SPDX-FilesAnalyzed": { + "description": "SPDX files analyzed", + "type": "boolean" + }, + "SPDX-PackageVerificationCode": { + "description": "SPDX package verification code", + "type": "string" + }, + "SPDX-PackageChecksum": { + "description": "SPDX package checksum(s)", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "SPDX-PackageHomePage": { + "description": "SPDX package home page", + "type": "string" + }, + "SPDX-PackageSourceInfo": { + "description": "SPDX source information", + "type": "string" + }, + "SPDX-PackageLicenseConcluded": { + "description": "SPDX concluded license", + "type": "string" + }, + "SPDX-PackageLicenseInfoFromFiles": { + "description": "SPDX all licenses information from files", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "SPDX-PackageLicenseDeclared": { + "description": "SPDX declared license", + "type": "string" + }, + "SPDX-PackageLicenseComments": { + "description": "SPDX comments on license", + "type": "string" + }, + "SPDX-PackageCopyrightText": { + "description": "SPDX copyright text", + "type": "string" + }, + "SPDX-PackageSummary": { + "description": "SPDX package summary description", + "type": "string" + }, + "SPDX-PackageDescription": { + "description": "SPDX package detailed description", + "type": "string" + }, + "SPDX-PackageComment": { + "description": "SPDX package comment", + "type": "string" + }, + "SPDX-ExternalRef": { + "decription": "SPDX external reference", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "SPDX-ExternalRefComment": { + "description": "SPDX external reference comment", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "SPDX-PackageAttributionText": { + "description": "SPDX package attribution text", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "SPDX-PrimaryPackagePurpose": { + "description": "SPDX primary package purpose", + "enum": [ + "APPLICATION", + "FRAMEWORK", + "LIBRARY", + "CONTAINER", + "OPERATING-SYSTEM", + "DEVICE", + "FIRMWARE", + "SOURCE", + "ARCHIVE", + "FILE", + "INSTALL", + "OTHER" + ] + }, + "SPDX-ReleaseDate": { + "description": "SPDX release date", + "type": "string" + }, + "SPDX-BuiltDate": { + "description": "SPDX built date", + "type": "string" + }, + "SPDX-ValidUntilDate": { + "description": "SPDX valid until date", + "type": "string" + }, + "annotations": { + "description": "Annotation object array", + "type": "array", + "items": { + "description": "Annotation object", + "type": "object", + "required": ["path"], + "additionalProperties": true, + "properties": { + "path": { + "description": "Relative path(s) to files, with optional globbing", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "examples": [["po/*.po", "po/*.pot"], "tests/resources/**"] + }, + "precedence": { + "description": "The order of precedence for Licensing Information between this REUSE.toml file and the files covered by path", + "enum": ["closest", "aggregate", "override"], + "default": "closest", + "examples": ["closest"] + }, + "SPDX-FileCopyrightText": { + "description": "Copyright notice(s)", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "examples": [ + "2019 Jane Doe ", + "© 2019 John Doe ", + "Contributors to Example Project ", + "(C) Example Cooperative ", + "Copyright 2016, 2018-2019 Joe Anybody" + ] + }, + "SPDX-License-Identifier": { + "description": "License identifier(s)", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ], + "examples": ["GPL-3.0-or-later", "GPL-3.0-or-later OR Apache-2.0"] + }, + "SPDXID": { + "description": "SPDX file identifier", + "type": "string" + }, + "SPDX-FileType": { + "description": "SPDX file type", + "oneOf": [ + { + "$ref": "#/$defs/SPDX-FileType" + }, + { + "type": "array", + "items": { + "$ref": "#/$defs/SPDX-FileType" + } + } + ] + }, + "SPDX-FileChecksum": { + "description": "SPDX file checksum", + "type": "string" + }, + "SPDX-LicenseConcluded": { + "description": "SPDX license concluded", + "type": "string" + }, + "SPDX-LicenseInfoInFile": { + "description": "SPDX license information in file", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "SPDX-LicenseComments": { + "description": "SPDX comments on license", + "type": "string" + }, + "SPDX-ArtifactOfProjectName": { + "description": "SPDX artifact of project name", + "type": "string" + }, + "SPDX-ArtifactOfProjectHomePage": { + "description": "SPDX artifact of project homepage", + "type": "string" + }, + "SPDX-ArtifactOfProjectURI": { + "description": "SPDX artifact of project uniform resource identifier", + "type": "string" + }, + "SPDX-FileComment": { + "description": "SPDX file comment", + "type": "string" + }, + "SPDX-FileNotice": { + "description": "SPDX file notice", + "type": "string" + }, + "SPDX-FileContributor": { + "description": "SPDX file contributor(s)", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + }, + "SPDX-FileAttributionText": { + "description": "SPDX file attribution text", + "type": "string" + }, + "SPDX-FileDependency": { + "description": "SPDX file dependencies", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string" + } + } + ] + } + } + } + } + }, + "$defs": { + "SPDX-FileType": { + "enum": [ + "SOURCE", + "BINARY", + "ARCHIVE", + "APPLICATION", + "AUDIO", + "IMAGE", + "TEXT", + "VIDEO", + "DOCUMENTATION", + "SPDX", + "OTHER" + ] + } + } +} From 757779a5565cd7945966208920caa6cf04615519 Mon Sep 17 00:00:00 2001 From: Carmen Bianca BAKKER Date: Wed, 17 Sep 2025 16:58:31 +0200 Subject: [PATCH 2/6] Convert to REUSE.toml, cover schema.json in new REUSE.toml --- .github/workflows/tests.yml | 2 +- .reuse/dep5 | 36 ------------------------ REUSE.toml | 55 +++++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 37 deletions(-) delete mode 100644 .reuse/dep5 create mode 100644 REUSE.toml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 8f5eb6ca..af004a13 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: REUSE Compliance Check - uses: fsfe/reuse-action@v3 + uses: fsfe/reuse-action@v5 build: runs-on: ubuntu-latest diff --git a/.reuse/dep5 b/.reuse/dep5 deleted file mode 100644 index 7a77dedf..00000000 --- a/.reuse/dep5 +++ /dev/null @@ -1,36 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: reuse-website -Upstream-Contact: Free Software Foundation Europe -Source: https://github.com/fsfe/reuse-website - -Files: site/static/fonts/roboto/* -Copyright: 2018 Google -License: Apache-2.0 - -Files: site/static/fonts/fontawesome/css/* -Copyright: Font Awesome -License: MIT - -Files: site/static/fonts/fontawesome/webfonts/* -Copyright: Font Awesome -License: OFL-1.1 - -Files: site/static/fonts/fontawesome/webfonts/*.svg -Copyright: Font Awesome -License: CC-BY-4.0 - -Files: site/static/img/*.png -Copyright: 2019 Free Software Foundation Europe -License: CC-BY-SA-4.0 - -Files: site/static/img/*.jpg -Copyright: 2019 Free Software Foundation Europe -License: CC-BY-SA-4.0 - -Files: site/i18n/*.json -Copyright: 2019 Free Software Foundation Europe -License: CC-BY-SA-4.0 - -Files: site/po/*.po* -Copyright: 2020 Free Software Foundation Europe e.V. -License: CC-BY-SA-4.0 diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 00000000..bdd8d870 --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,55 @@ +version = 1 + +[[annotations]] +path = "site/static/*.schema.json" +precedence = "override" +SPDX-FileCopyrightText = "2025 Free Software Foundation Europe " +SPDX-License-Identifier = "CC0-1.0" + +[[annotations]] +path = "site/static/fonts/roboto/**" +precedence = "aggregate" +SPDX-FileCopyrightText = "2018 Google" +SPDX-License-Identifier = "Apache-2.0" + +[[annotations]] +path = "site/static/fonts/fontawesome/css/**" +precedence = "aggregate" +SPDX-FileCopyrightText = "Font Awesome " +SPDX-License-Identifier = "MIT" + +[[annotations]] +path = "site/static/fonts/fontawesome/webfonts/**" +precedence = "aggregate" +SPDX-FileCopyrightText = "Font Awesome " +SPDX-License-Identifier = "OFL-1.1" + +[[annotations]] +path = "site/static/fonts/fontawesome/webfonts/**.svg" +precedence = "aggregate" +SPDX-FileCopyrightText = "Font Awesome " +SPDX-License-Identifier = "CC-BY-4.0" + +[[annotations]] +path = "site/static/img/**.png" +precedence = "aggregate" +SPDX-FileCopyrightText = "2019 Free Software Foundation Europe " +SPDX-License-Identifier = "CC-BY-SA-4.0" + +[[annotations]] +path = "site/static/img/**.jpg" +precedence = "aggregate" +SPDX-FileCopyrightText = "2019 Free Software Foundation Europe " +SPDX-License-Identifier = "CC-BY-SA-4.0" + +[[annotations]] +path = "site/i18n/**.json" +precedence = "aggregate" +SPDX-FileCopyrightText = "2019 Free Software Foundation Europe " +SPDX-License-Identifier = "CC-BY-SA-4.0" + +[[annotations]] +path = "site/po/**.po**" +precedence = "aggregate" +SPDX-FileCopyrightText = "2020 Free Software Foundation Europe e.V." +SPDX-License-Identifier = "CC-BY-SA-4.0" From f05802d344c7d52288aa7857ecc52ea339a106a0 Mon Sep 17 00:00:00 2001 From: Carmen Bianca BAKKER Date: Thu, 18 Sep 2025 15:35:16 +0200 Subject: [PATCH 3/6] Remove SPDX keys The specification explicitly does not define the semantics of other keys, so we shouldn't define them here. Especially with autocomplete, and also by adding type restrictions, including these keys might give the impression that they are semantically significant somehow. --- site/static/reuse-toml-v1.schema.json | 280 -------------------------- 1 file changed, 280 deletions(-) diff --git a/site/static/reuse-toml-v1.schema.json b/site/static/reuse-toml-v1.schema.json index 551e81e1..0d431363 100644 --- a/site/static/reuse-toml-v1.schema.json +++ b/site/static/reuse-toml-v1.schema.json @@ -14,173 +14,6 @@ "exclusiveMinimum": 0, "examples": [1] }, - "SPDX-PackageName": { - "description": "SPDX package name", - "type": "string" - }, - "SPDX-PackageVersion": { - "description": "SPDX package version", - "type": "string" - }, - "SPDX-PackageFileName": { - "description": "SPDX package file name", - "type": "string" - }, - "SPDX-PackageSupplier": { - "description": "SPDX package supplier", - "type": "string" - }, - "SPDX-PackageOriginator": { - "description": "SPDX package originator", - "type": "string" - }, - "SPDX-PackageDownloadLocation": { - "description": "SPDX package download location", - "type": "string" - }, - "SPDX-FilesAnalyzed": { - "description": "SPDX files analyzed", - "type": "boolean" - }, - "SPDX-PackageVerificationCode": { - "description": "SPDX package verification code", - "type": "string" - }, - "SPDX-PackageChecksum": { - "description": "SPDX package checksum(s)", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "SPDX-PackageHomePage": { - "description": "SPDX package home page", - "type": "string" - }, - "SPDX-PackageSourceInfo": { - "description": "SPDX source information", - "type": "string" - }, - "SPDX-PackageLicenseConcluded": { - "description": "SPDX concluded license", - "type": "string" - }, - "SPDX-PackageLicenseInfoFromFiles": { - "description": "SPDX all licenses information from files", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "SPDX-PackageLicenseDeclared": { - "description": "SPDX declared license", - "type": "string" - }, - "SPDX-PackageLicenseComments": { - "description": "SPDX comments on license", - "type": "string" - }, - "SPDX-PackageCopyrightText": { - "description": "SPDX copyright text", - "type": "string" - }, - "SPDX-PackageSummary": { - "description": "SPDX package summary description", - "type": "string" - }, - "SPDX-PackageDescription": { - "description": "SPDX package detailed description", - "type": "string" - }, - "SPDX-PackageComment": { - "description": "SPDX package comment", - "type": "string" - }, - "SPDX-ExternalRef": { - "decription": "SPDX external reference", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "SPDX-ExternalRefComment": { - "description": "SPDX external reference comment", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "SPDX-PackageAttributionText": { - "description": "SPDX package attribution text", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "SPDX-PrimaryPackagePurpose": { - "description": "SPDX primary package purpose", - "enum": [ - "APPLICATION", - "FRAMEWORK", - "LIBRARY", - "CONTAINER", - "OPERATING-SYSTEM", - "DEVICE", - "FIRMWARE", - "SOURCE", - "ARCHIVE", - "FILE", - "INSTALL", - "OTHER" - ] - }, - "SPDX-ReleaseDate": { - "description": "SPDX release date", - "type": "string" - }, - "SPDX-BuiltDate": { - "description": "SPDX built date", - "type": "string" - }, - "SPDX-ValidUntilDate": { - "description": "SPDX valid until date", - "type": "string" - }, "annotations": { "description": "Annotation object array", "type": "array", @@ -246,122 +79,9 @@ } ], "examples": ["GPL-3.0-or-later", "GPL-3.0-or-later OR Apache-2.0"] - }, - "SPDXID": { - "description": "SPDX file identifier", - "type": "string" - }, - "SPDX-FileType": { - "description": "SPDX file type", - "oneOf": [ - { - "$ref": "#/$defs/SPDX-FileType" - }, - { - "type": "array", - "items": { - "$ref": "#/$defs/SPDX-FileType" - } - } - ] - }, - "SPDX-FileChecksum": { - "description": "SPDX file checksum", - "type": "string" - }, - "SPDX-LicenseConcluded": { - "description": "SPDX license concluded", - "type": "string" - }, - "SPDX-LicenseInfoInFile": { - "description": "SPDX license information in file", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "SPDX-LicenseComments": { - "description": "SPDX comments on license", - "type": "string" - }, - "SPDX-ArtifactOfProjectName": { - "description": "SPDX artifact of project name", - "type": "string" - }, - "SPDX-ArtifactOfProjectHomePage": { - "description": "SPDX artifact of project homepage", - "type": "string" - }, - "SPDX-ArtifactOfProjectURI": { - "description": "SPDX artifact of project uniform resource identifier", - "type": "string" - }, - "SPDX-FileComment": { - "description": "SPDX file comment", - "type": "string" - }, - "SPDX-FileNotice": { - "description": "SPDX file notice", - "type": "string" - }, - "SPDX-FileContributor": { - "description": "SPDX file contributor(s)", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] - }, - "SPDX-FileAttributionText": { - "description": "SPDX file attribution text", - "type": "string" - }, - "SPDX-FileDependency": { - "description": "SPDX file dependencies", - "oneOf": [ - { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } - } - ] } } } } - }, - "$defs": { - "SPDX-FileType": { - "enum": [ - "SOURCE", - "BINARY", - "ARCHIVE", - "APPLICATION", - "AUDIO", - "IMAGE", - "TEXT", - "VIDEO", - "DOCUMENTATION", - "SPDX", - "OTHER" - ] - } } } From ad10585b592a6ce586289b87f586ffb2ca510d35 Mon Sep 17 00:00:00 2001 From: Carmen Bianca BAKKER Date: Thu, 18 Sep 2025 16:15:47 +0200 Subject: [PATCH 4/6] Document JSON schema availability in spec and FAQ --- site/content/en/faq.md | 3 ++- site/content/en/spec-3.2.md | 4 ++++ site/content/en/spec-3.3.md | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/site/content/en/faq.md b/site/content/en/faq.md index 011165ec..529db318 100644 --- a/site/content/en/faq.md +++ b/site/content/en/faq.md @@ -416,7 +416,8 @@ SPDX-License-Identifier = "CC0-1.0" ``` The [REUSE Specification](/spec) documents more thoroughly how `REUSE.toml` can -be used. +be used. You can find a JSON schema for `REUSE.toml` at +. ## ... override erroneous REUSE information? {#override-info} diff --git a/site/content/en/spec-3.2.md b/site/content/en/spec-3.2.md index 1bb1f3b2..6f9c255e 100644 --- a/site/content/en/spec-3.2.md +++ b/site/content/en/spec-3.2.md @@ -309,6 +309,10 @@ SPDX-FileCopyrightText = "2019 Jane Doe" SPDX-License-Identifier = "CC0-1.0" ``` +A JSON schema of version 1 of `REUSE.toml` is provided at +. This Specification remains +authoritative. + ### DEP5 (deprecated) Licensing Information MAY be associated with a file through a DEP5 file, but you diff --git a/site/content/en/spec-3.3.md b/site/content/en/spec-3.3.md index f937de4f..c196d0cc 100644 --- a/site/content/en/spec-3.3.md +++ b/site/content/en/spec-3.3.md @@ -317,6 +317,10 @@ SPDX-FileCopyrightText = "2019 Jane Doe" SPDX-License-Identifier = "CC0-1.0" ``` +A JSON schema of version 1 of `REUSE.toml` is provided at +. This Specification remains +authoritative. + ### DEP5 (deprecated) Licensing Information MAY be associated with a file through a DEP5 file, but you From 4e8fa498a0df90382bd5110401887dc68858e29f Mon Sep 17 00:00:00 2001 From: Carmen Bianca BAKKER Date: Fri, 19 Sep 2025 21:52:45 +0200 Subject: [PATCH 5/6] Remove additionalProperties It is superfluous. sourcemeta-jsonschema's linter complains about its usage. --- site/static/reuse-toml-v1.schema.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/site/static/reuse-toml-v1.schema.json b/site/static/reuse-toml-v1.schema.json index 0d431363..3702bc16 100644 --- a/site/static/reuse-toml-v1.schema.json +++ b/site/static/reuse-toml-v1.schema.json @@ -6,7 +6,6 @@ "description": "A configuration file which declares the copyright and licensing of files in a directory tree", "type": "object", "required": ["version"], - "additionalProperties": true, "properties": { "version": { "description": "The schema version of the REUSE.toml file", @@ -21,7 +20,6 @@ "description": "Annotation object", "type": "object", "required": ["path"], - "additionalProperties": true, "properties": { "path": { "description": "Relative path(s) to files, with optional globbing", From d60fccd7fd6f4ae6aabff370b1a2cbb4468cb33a Mon Sep 17 00:00:00 2001 From: Carmen Bianca BAKKER Date: Fri, 3 Oct 2025 00:15:57 +0200 Subject: [PATCH 6/6] Final clean-ups --- site/content/en/spec-3.2.md | 3 +-- site/content/en/spec-3.3.md | 3 +-- site/static/reuse-toml-v1.schema.json | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/site/content/en/spec-3.2.md b/site/content/en/spec-3.2.md index 6f9c255e..29169402 100644 --- a/site/content/en/spec-3.2.md +++ b/site/content/en/spec-3.2.md @@ -310,8 +310,7 @@ SPDX-License-Identifier = "CC0-1.0" ``` A JSON schema of version 1 of `REUSE.toml` is provided at -. This Specification remains -authoritative. + for your convenience. ### DEP5 (deprecated) diff --git a/site/content/en/spec-3.3.md b/site/content/en/spec-3.3.md index c196d0cc..9e2bdc32 100644 --- a/site/content/en/spec-3.3.md +++ b/site/content/en/spec-3.3.md @@ -318,8 +318,7 @@ SPDX-License-Identifier = "CC0-1.0" ``` A JSON schema of version 1 of `REUSE.toml` is provided at -. This Specification remains -authoritative. + for your convenience. ### DEP5 (deprecated) diff --git a/site/static/reuse-toml-v1.schema.json b/site/static/reuse-toml-v1.schema.json index 3702bc16..9902fdd3 100644 --- a/site/static/reuse-toml-v1.schema.json +++ b/site/static/reuse-toml-v1.schema.json @@ -1,7 +1,7 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://reuse.software/reuse-toml-v1.schema.json", - "$comment": "See https://reuse.software/spec-3.2/ for details", + "$comment": "See https://reuse.software/ for details", "title": "REUSE.toml global licensing file, version 1", "description": "A configuration file which declares the copyright and licensing of files in a directory tree", "type": "object",