Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser#154823
Merged
rust-bors[bot] merged 3 commits intorust-lang:mainfrom Apr 19, 2026
Merged
Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser#154823rust-bors[bot] merged 3 commits intorust-lang:mainfrom
rust-bors[bot] merged 3 commits intorust-lang:mainfrom
Conversation
Collaborator
|
These commits modify the If this was unintentional then you should revert the changes before this PR is merged. |
rustbot
added
the
S-waiting-on-review
Collaborator
|
rustbot has assigned @Mark-Simulacrum. Use Why was this reviewer chosen?The reviewer was selected based on:
|
Mark-Simulacrum
requested changes
Apr 11, 2026
| serde = { version = "1.0.147", features = ["derive"] } | ||
| serde_json = "1.0.85" | ||
| similar = "2.7.0" | ||
| spdx-rs = "0.5.1" |
Member
There was a problem hiding this comment.
It looks like crates.io is using spdx (no -rs). Maybe we can do the same?
If that doesn't work, I'd like to see a few unit tests added for the inlined code that exercise the parsing.
Contributor
Author
There was a problem hiding this comment.
@Mark-Simulacrum, the spdx crate deals with parsing SPDX licence expressions (e.g. ”MIT OR Apache-2.0”) as described in the annex B of the spec – it validates and decomposes them. What we need here is a parser for the SPDX 2.3 tag-value document format as produced by the reuse tool. The spdx crate’s features don’t extend to that, as far as I can tell, and there's no actively maintained crate on crates.io that would be helpful here.
I've now added a number of unit tests for the inlined parser, covering both the happy paths (single and multiple file entries, compound licence expressions, single-line and multi-line blocks) and a few error paths (missing fields, unterminated blocks). The examples used are extracted from the SPDX 2.3 specification.
Contributor
Author
There was a problem hiding this comment.
@Mark-Simulacrum, thanks for reviewing this!
@rustbot ready
rustbot
added
S-waiting-on-author
Collaborator
|
Reminder, once the PR becomes ready for a review, use |
…parser The spdx-rs crate is no longer maintained and is behind on its own dependency updates. The only function that collect-license-metadata uses from it is `spdx_rs::parsers::spdx_from_tag_value`, which parses the output of the `reuse` tool to extract file names, licences and copyright text. Replace this with a small minimal parser that handles just the subset of the SPDX tag-value format that is needed: `Tag: Value` line pairs and multi-line `<text>...</text>` blocks. Coincidentally, this gets rid of the last transitive dependency on syn v1.
jakubadamw
force-pushed
the
spdx-rs-replacement
branch
from
197a2da to
1bdbde5
Compare
Collaborator
|
This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed. Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers. |
rustbot
added
S-waiting-on-review
Member
|
@bors r+ |
Contributor
rust-bors
Bot
added
S-waiting-on-bors
jhpratt
added a commit
to jhpratt/rust
that referenced
this pull request
Apr 19, 2026
…Mark-Simulacrum Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser The spdx-rs crate [is no longer maintained](https://github.com/doubleopen-project/spdx-rs/pulls) and is behind on its own dependency updates. It is currently used in [the collect-license-metadata tool](https://github.com/rust-lang/rust/tree/main/src/tools/collect-license-metadata), employing a single function therefrom: `spdx_rs::parsers::spdx_from_tag_value`, which parses the output of the `reuse` tool to extract file names, licences and copyright text. This PR replaces the use of said function with a small minimal parser that handles just the subset of the SPDX tag-value format that is needed: `Tag: Value` line pairs and multi-line `<text>...</text>` blocks. Coincidentally, this gets rid of the last transitive dependency on syn v1.
rust-bors Bot
pushed a commit
that referenced
this pull request
Apr 19, 2026
Rollup of 8 pull requests Successful merges: - #155370 (Add regression test for dead code elimination with drop + panic) - #154823 (Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser) - #155352 (triagebot.toml: Sync `assign.owners` with `autolabel."T-compiler"`) - #155431 (Add temporary scope to assert_matches) - #152995 (ACP Implementation of PermissionsExt for Windows ) - #153873 (deprecate `std::char` constants and functions) - #154654 (Move `std::io::ErrorKind` to `core::io`) - #154865 (libtest: use binary search for --exact test filtering)
jhpratt
added a commit
to jhpratt/rust
that referenced
this pull request
Apr 19, 2026
…Mark-Simulacrum Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser The spdx-rs crate [is no longer maintained](https://github.com/doubleopen-project/spdx-rs/pulls) and is behind on its own dependency updates. It is currently used in [the collect-license-metadata tool](https://github.com/rust-lang/rust/tree/main/src/tools/collect-license-metadata), employing a single function therefrom: `spdx_rs::parsers::spdx_from_tag_value`, which parses the output of the `reuse` tool to extract file names, licences and copyright text. This PR replaces the use of said function with a small minimal parser that handles just the subset of the SPDX tag-value format that is needed: `Tag: Value` line pairs and multi-line `<text>...</text>` blocks. Coincidentally, this gets rid of the last transitive dependency on syn v1.
rust-bors Bot
pushed a commit
that referenced
this pull request
Apr 19, 2026
Rollup of 9 pull requests Successful merges: - #155370 (Add regression test for dead code elimination with drop + panic) - #154823 (Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser) - #154972 (Implement `core::arch::return_address` and tests) - #155294 (Add test for coalescing of diagnostic attribute duplicates) - #155352 (triagebot.toml: Sync `assign.owners` with `autolabel."T-compiler"`) - #155431 (Add temporary scope to assert_matches) - #152995 (ACP Implementation of PermissionsExt for Windows ) - #153873 (deprecate `std::char` constants and functions) - #154865 (libtest: use binary search for --exact test filtering)
jhpratt
added a commit
to jhpratt/rust
that referenced
this pull request
Apr 19, 2026
…Mark-Simulacrum Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser The spdx-rs crate [is no longer maintained](https://github.com/doubleopen-project/spdx-rs/pulls) and is behind on its own dependency updates. It is currently used in [the collect-license-metadata tool](https://github.com/rust-lang/rust/tree/main/src/tools/collect-license-metadata), employing a single function therefrom: `spdx_rs::parsers::spdx_from_tag_value`, which parses the output of the `reuse` tool to extract file names, licences and copyright text. This PR replaces the use of said function with a small minimal parser that handles just the subset of the SPDX tag-value format that is needed: `Tag: Value` line pairs and multi-line `<text>...</text>` blocks. Coincidentally, this gets rid of the last transitive dependency on syn v1.
rust-bors Bot
pushed a commit
that referenced
this pull request
Apr 19, 2026
Rollup of 10 pull requests Successful merges: - #155370 (Add regression test for dead code elimination with drop + panic) - #154823 (Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser) - #155294 (Add test for coalescing of diagnostic attribute duplicates) - #155352 (triagebot.toml: Sync `assign.owners` with `autolabel."T-compiler"`) - #155431 (Add temporary scope to assert_matches) - #152995 (ACP Implementation of PermissionsExt for Windows ) - #153873 (deprecate `std::char` constants and functions) - #154865 (libtest: use binary search for --exact test filtering) - #154979 (add #[must_use] macros for floats) - #155504 (Remove `AttributeLintKind` variants - part 2)
rust-bors Bot
pushed a commit
that referenced
this pull request
Apr 19, 2026
…uwer Rollup of 12 pull requests Successful merges: - #155370 (Add regression test for dead code elimination with drop + panic) - #154823 (Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser) - #155294 (Add test for coalescing of diagnostic attribute duplicates) - #155352 (triagebot.toml: Sync `assign.owners` with `autolabel."T-compiler"`) - #155431 (Add temporary scope to assert_matches) - #153873 (deprecate `std::char` constants and functions) - #154865 (libtest: use binary search for --exact test filtering) - #154979 (add #[must_use] macros for floats) - #155486 (c-variadic: add roundtrip test) - #155504 (Remove `AttributeLintKind` variants - part 2) - #155510 (Update Tidy python executable path) - #155514 (codegen-options docs: remove -Csoft-float)
rust-timer
added a commit
that referenced
this pull request
Apr 19, 2026
Rollup merge of #154823 - jakubadamw:spdx-rs-replacement, r=Mark-Simulacrum Replace the spdx-rs dependency with a minimal in-tree SPDX tag-value parser The spdx-rs crate [is no longer maintained](https://github.com/doubleopen-project/spdx-rs/pulls) and is behind on its own dependency updates. It is currently used in [the collect-license-metadata tool](https://github.com/rust-lang/rust/tree/main/src/tools/collect-license-metadata), employing a single function therefrom: `spdx_rs::parsers::spdx_from_tag_value`, which parses the output of the `reuse` tool to extract file names, licences and copyright text. This PR replaces the use of said function with a small minimal parser that handles just the subset of the SPDX tag-value format that is needed: `Tag: Value` line pairs and multi-line `<text>...</text>` blocks. Coincidentally, this gets rid of the last transitive dependency on syn v1.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The spdx-rs crate is no longer maintained and is behind on its own dependency updates. It is currently used in the collect-license-metadata tool, employing a single function therefrom:
spdx_rs::parsers::spdx_from_tag_value, which parses the output of thereusetool to extract file names, licences and copyright text.This PR replaces the use of said function with a small minimal parser that handles just the subset of the SPDX tag-value format that is needed:
Tag: Valueline pairs and multi-line<text>...</text>blocks.Coincidentally, this gets rid of the last transitive dependency on syn v1.