Help regarding adding new property to Package.swift and prepare the build correctly

Hi,

I'm currently working on my proposal implementation. I'm struggling a bit with understanding the structure of the SPM codebase. I think I have added the new License property to all parts where necessary here but I'm now struggling with two things

  1. Where should I put the code that checks for compatible licenses. I was planning on building an array of encountered licenses and, every time, a new Package is added to that array check on the acceptableLicenses property if it matches and if not, throw a warning.
    Should this be done during build or resolution, and where do I best add it for either one.
  2. How would I go on to test the implementation locally? Can I build my version of SPM and add start using it instead of the default toolchain one, or how to do it?

Thanks for your help in advance!

I think the goal of what you're trying to achieve is laudable, but extremely complex. While we've mostly been conditioned to think of a package as having a uniform license, there are plenty of examples where code within one package is actually covered by multiple licenses, some less restrictive than others. For example MIT or BSD licensed code re-used and exposed under a project that otherwise generally uses an Apache 2.0 license, or LGPL license.

The reason I'm bringing up this complexity is that I think a better approach for achieving an end goal here would be to leverage a bit of tooling that inspecting existing repositories where code is stored, potentially even reviewing the code itself - which to me seems like it might be a much better fit for a SwiftPM plugin than directly embedded into the manifest and tooling for the package manager itself.

A simple variation of this would be looking for conventional places where license information is stored, such as a LICENSE file in the package's directory (which GitHub did a nice job popularizing and supporting).

If you develop a Swift Package Manager plugin, then you can test everything you want and need entirely locally, as plugins generally are their own packages. That said, the original question was about SwiftPM directly. While it's harder to test that entirely in situ, it's absolutely possible.

As a general tact, I'd recommend starting with using the latest Xcode beta toolchain, which may be using a recent-enough Swift to compile it. From there, you can invoke the binaries directly from their build directory, which has worked reasonable well for me in the past.

I recommend "starting" because in some cases that may not work. Because SwiftPM is compiled in-line with the toolchain, it has (in the past) used features of the language which were ONLY available in the latest main branch of the toolchain, in which case taking the time to download and install a latest toolchain in order to build the package itself would be needed. It's been a while since I've following this myself, so it may not run as "bleeding edge" in terms of Swift language features today as it once did, but it's still worth being aware it's a possibility.

Ole's article on Swift nightly toolchains is an extremely useful primer on how to use a downloaded toolchain effectively, as there's some un-clear quirks on an embedded plist containing information you'll want to know to use it effectively.

1 Like

Great idea, but I think it may be extremely difficult to implement a software algorithm for that. People are struggling to understand licenses and a common phrase is "I am not a lawyer". There are various proprietary licenses, e.g. Microsoft's license for Visual Studio, which apparently is a part of Swift toolchain on Windows. Then there may be different contexts about compiled code, e.g. how and where the compiled binary will be used. You may or may not meet the license requirements based on that.

Example: If you are building an executable for the Apple AppStore, you are bound by the Apple AppStore terms and conditions, and if you are building the same executable for other purpose, you're not.

Another example (note: I'm not a lawyer) is the difference between GPL and LGPL licenses. As far as I understand, the difference lies in further use of the compiled binary, and cannot be determined at compile time.