[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Luca Ceresoli]

Hi,

during the latest two Buildroot Developers Days (in November 2011 and February
2012) and in this mailing list there has been some discussion about introducing
in Buildroot the possibility to automatically derive legally relevant material,
such as licensing info and source tarballs for open source packages.

I have submitted a first tentative RFC implementation of these features back in
late January
(http://lists.busybox.net/pipermail/buildroot/2012-January/049590.html).

This second RFC incorporates many of the additions and modifications that have
been discussed, as well as many other improvements. Thanks Arnout, ThomasDS and
others for their review, and the BDD participants for their suggestions.

This code is now fully working, meaning that the core features are there and
those things that cannot be handled produce big fat warnings.
I think this code does not need big changes before being merged (unless your
review is catastrophic).

However I hit a few issues that still need to be sorted out, see the "ISSUE"
sections below.

My approach is based on two per-package constants in eack .mk file, such as:
  FOOBAR_LICENSE = GPLv3 + LGPLv2.1
  FOOBAR_LICENSE_FILES = COPYING.LGPL demo-app/COPYING.GPL3
or:
  MYAPP_LICENSE = PROPRIETARY
  # MYAPP_LICENSE_FILES not relevant in this case
This is the only effort required to the package creator. If <PKG>_LICENSE is
not specified it defaults to "unknown".

After running 'make legal-info', the following things will be produced in
$(O)/legal-info/:
  $ find legal-info/ -type f
  legal-info/README            # Lists saved stuff, warns about unsaved stuff
  legal-info/licenses.txt      # Text of all licenses
  legal-info/buildroot.config  # The buildroot config
  legal-info/licenses/buildroot/COPYING       # License files, one dir per pkg
  legal-info/licenses/busybox/LICENSE         # ...
  legal-info/licenses/...other packages...    # ...
  legal-info/manifest.csv                     # CSV table summarizing all info
  legal-info/sources/busybox-1.19.4.tar.bz2   # tarballs
  legal-info/sources/kmod-5.tar.xz            # ...
  legal-info/sources/libtool-2.2.10.tar.gz    # ...
  legal-info/sources/...other packages...     # ...

Given the technical difficulties, the toolchain and the BR sources are not
saved. Warnings are generated to make sure the user is aware of this.

Following is an explanation of the open issues and future development
directions. Actually issue 3 is the one where I mostly would like to have
comments, so you may skip to it if your time is limited. Otherwise seat down
comfortably and read on.


ISSUE 1: the License Repository Feature
=======================================

The original idea that came out of the last Buildroot Developer Day was to
maintain in BR a "license repository" holding those licenses that are used
without change by many projects, such as the GPL family.
Packages that cannot use this mechanism would need to explicitly define the
license file in <PKG>_LICENSE_FILES.

The idea of implementation was:
  if (<PKG>_LICENSE_FILES defined):
    copy $(<PKG>_LICENSE_FILES)
  else if (<PKG>_LICENSE = *GPL*, or any other known that's always equal):
    copy file from a "license repo dir" (one copy only per file);
  else:
    copy nothing and warn user

Unfortunately, as Will Moore also pointed out, I discovered that the same
license (e.g. GPLv2) is not always identical between two packages, although
the differences might be not substantial.

I do not have precise figures, but the number of variations might be quite
large. In a config with ~25 packages enabled I got this:
  $ make external-deps|wc -l
  39
  $ find . -iname "COPYING*" -o -iname "LICENSE*" | \
    xargs grep -l 'Version 2,' | xargs md5sum | \
    awk '{print $1}'|sort|uniq|wc -l
  20

These are 20 different GPLv2 files! Some only have whitespace changes, some
have other little differences. An example:

  $ diff -u0 -b  ./binutils-2.21.1/COPYING ./libtool-2.2.10/COPYING
  --- ./binutils-2.21.1/COPYING	2005-07-14 03:24:56.000000000 +0200
  +++ ./libtool-2.2.10/COPYING	2010-05-20 23:18:41.000000000 +0200
   @@ -4 +4 @@
   - Copyright (C) 1989, 1991 Free Software Foundation, Inc.
   + Copyright (C) 1989, 1991 Free Software Foundation, Inc.,

An added comma.

   @@ -18 +18 @@
   -the GNU Library General Public License instead.)  You can apply it to
   +the GNU Lesser General Public License instead.)  You can apply it to

This updates a reference to another license.

  @@ -306,4 +306,3 @@
  -    You should have received a copy of the GNU General Public License
  -    along with this program; if not, write to the Free Software
  -    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  -
  +    You should have received a copy of the GNU General Public License along
  +    with this program; if not, write to the Free Software Foundation, Inc.,
  +    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Just formatting changes here.

  @@ -339 +338 @@
  -library.  If this is what you want to do, use the GNU Library General
  +library.  If this is what you want to do, use the GNU Lesser General

Same as above.

Another example:

  $ diff -u0 -b  ./binutils-2.21.1/COPYING  ./iostat-2.2/LICENSE 
  --- ./binutils-2.21.1/COPYING	2005-07-14 03:24:56.000000000 +0200
  +++ ./iostat-2.2/LICENSE	2004-11-25 11:53:11.000000000 +0100
  @@ -5 +5 @@
  -     51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  +     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

Apparently the FSF offices have moved some time in the past.

  @@ -308 +308 @@
  -    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  +    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

Same as above.

I did not investigate a lot to discover if there are more substantial
differences. I wanted to stay on the safe side, so I just did not implement the
"license repository" and the second step of the algorithm. All packages that
want their license files copied must define <PKG>_LICENSE_FILES. Full stop.

The license repository feature may still be added in the future, but I think
it should be discussed before. Asking the FSF may be an option, I guess they
listen to an active community developing free software.


ISSUE 2: Packages with multiple licenses
========================================

Some packages (e.g. freetype, qt) allow to choose among different licenses.
- Should we add an option in menuconfig for choosing the license? This would
  allow to generate "customized" manifest and license files.
- Or should we save all licenses and and define the package license as, for
  instance:
    QT_LICENSE = GPLv3 or LGPLv2.1 or COMMERCIAL?

I think the first option is more nice and still legally correct, so I
implemented it for Qt to see how it would look. You can see the implementation
in a patch near the bottom of this set. It's not currently documented at all,
I'd first like to know if the approach is good or option 2 (or whatever else)
is better.


ISSUE 3: packages without a license file
========================================

Some packages (e.g. tslib) do not have a license file. Instead, the license is
written in a comment at the top of one or more source files. In such cases we
planned that the package maintainer would manually copy this text into a file
in the package directory (where the .mk lives) and the teach the infrastructure
where it is, so it gets copied from there.

I haven't started working on an implementation of this feature yet, but at
first sight it's not totally trivial. The problem is the <PKG>_LICENSE_FILES
definition as it is implemented in the present RFC does not easily allow to
discriminate between a file in $(O)/build/<pkg>-<ver>/ and a file in
packages/<pkg>/.

This is how it works now:
        @cp $(addprefix $$($(2)_DIR)/,$$($(3)_LICENSE_FILES)) \
                $(LICENSE_FILES_DIR)/$$($(3)_NAME)/
It assumes the files are in the package build dir, $(2)_DIR, which allows a
very simple and clean implementation.

In order to support a copy from the package directory, option 1 is to define
the full path in <PKG>_LICENSE_FILES, and remove the addprefix from the above
code snipped. Example:
  FOO_LICENSE_FILES = $(BUILD_DIR)/foo-$(FOO_VERSION)/COPYING
  BAR_LICENSE_FILES = packages/bar/COPYING
which is not very pleasant to read, and is quite error-prone for the developer
adding a package.

Option 2 would be to have two distinct constants for the two cases:
  FOO_LICENSE_FILES_IN_BUILD_DIR = COPYING
  BAR_LICENSE_FILES_IN_PACKAGE_DIR = COPYING
Even with better constant names this would not be extremely beautiful IMHO.

Option 3 is to wait for a smarter idea coming from your reviews! :)


TODO in the next patchset before merging into mainline
======================================================

- Add to the documentation:
  - some words of advice from Buildroot developers about how to comply to GPL
    and other open source licenses;
  - brief instructions on using this stuff ('make legal-info');
 - instructions in the GENTARGETS section about the _LICENSE and _LICENSE_FILES
   constants.

- Write a few lines of explanation in the log message of the first big commit,
  the one that implements all the logic.

- Save a defconfig instead of the whole .config for the Buildroot configuration?
  Which one would you better like?


POSSIBLE FUTURE IMPROVEMENTS
============================

IMHO these should be planned after the merge of the first core functionality:
I would like to keep it as simple as possible for a first step.

- How to handle local and override packages?
  - Modify the -source target (_DOWNLOAD macros) to produce tarball?
    But adds a lot of work for normal builds that is used only rarely.
  - Modify the legal-info stuff to re-download them and make a tarball?
  - Assume they are not / almost never used in production and just save
    nothing? Meaning just like the present patchset does, generating a warning.
    My vote here.

- The toolchain is not currently saved (internal, external, ct-NG, no
  discrimination). Actually, only GENTARGETS-based packages are handled, so the
  best approach might be to "simply" migrate the toolchains to GENTARGETS.

- Save the Buildroot sources too. If the sources are not a git clone this might
  be as simple as tar of the current directory and exclude dl and output, but
  this has never been tested. Also, make sure this works for out-of-tree BR
  builds.

- Add a hook for a post-legal-info script.


SHOW US THE CODE NOW
====================

Ok, the patches are there.
- The implementation is all in the first commit.
- A few patches follow to make non-GENTARGETS packages warn about their
  dumbness.
- Other commits define licenses for some packages.
- A couple of support commits (for testing only) closes the series.

Changed in v2:
- squashed together patches 1-4 from RFC v1; now all the legal-info mechanism
  is implmented in a unique patch.
- rebase on top of current master
- don't clean $(REDIST_SOURCES_DIR): it is a subdir of $(LEGAL_INFO_DIR), so
  doesn't need to be cleaned twice
- added legal-info-clean target
- made legal-info target .PHONY
- remove the output/legal-info dir before populating it
- when saving source tarballs, create hardlinks instead of copies if possible
- add infrastructure to warn the user about info that has not been saved: a
  .warnings file is filled with such info and displayed to the user at the
  end of the legal-info processing
- ensure manual (non-GENTARGETS-based) packages return error, at least; this
  required to explicitly create a -legal-info target for each of them, or
  they would have been silently skipped.
- list also Buildroot in the manifest file! :)
- save the Buildroot .config
- save license files listed in <PKG>_LICENSE_FILES, both in a separate
  directory for each package and all together in a unique file
- various cleanups.

Luca

Luca Ceresoli (31):
  legal-info: infrastructure to collect legally-relevant material
  cups: warn that legal-info is not implemented
  fis: warn that legal-info is not implemented
  doom-wad: warn that legal-info is not implemented
  gettext: warn that legal-info is not implemented
  microperl: warn that legal-info is not implemented
  netkitbase: warn that legal-info is not implemented
  netkittelnet: warn that legal-info is not implemented
  newt: warn that legal-info is not implemented
  tinyhttpd: warn that legal-info is not implemented
  ttcp: warn that legal-info is not implemented
  uemacs: warn that legal-info is not implemented
  vpnc: warn that legal-info is not implemented
  xfsprogs: warn that legal-info is not implemented
  mpc: define license
  linux: define license
  m4: define license
  busybox: define license
  bzip2: define license
  directfb: define license
  iostat: define license
  lzo: define license
  lzop: define license
  tslib: define license
  libusb: define license
  pcre: define license
  netsnmp: define license
  berkeleydb: define license
  qt: define license choice
  foobar: create a fake proprietary package (testing only)
  Create test configs (testing only)

 Makefile                                  |   52 ++++++++++++++++++++++++-
 configs/legal_info_test2_defconfig        |    8 ++++
 configs/legal_info_test_defconfig         |   20 ++++++++++
 linux/linux.mk                            |    2 +
 package/Config.in                         |    1 +
 package/Makefile.package.in               |   59 +++++++++++++++++++++++++++++
 package/berkeleydb/berkeleydb.mk          |    2 +
 package/busybox/busybox.mk                |    2 +
 package/bzip2/bzip2.mk                    |    2 +
 package/cups/cups.mk                      |    4 ++
 package/directfb/directfb.mk              |    2 +
 package/fis/fis.mk                        |    4 ++
 package/foobar/Config.in                  |    5 ++
 package/foobar/foobar.mk                  |   15 +++++++
 package/foobar/source/foobar.c            |    7 +++
 package/games/doom-wad/doom-wads.mk       |    4 ++
 package/gettext/gettext.mk                |    4 ++
 package/iostat/iostat.mk                  |    2 +
 package/libusb/libusb.mk                  |    2 +
 package/lzo/lzo.mk                        |    2 +
 package/lzop/lzop.mk                      |    2 +
 package/m4/m4.mk                          |    2 +
 package/microperl/microperl.mk            |    4 ++
 package/mpc/mpc.mk                        |    2 +
 package/netkitbase/netkitbase.mk          |    4 ++
 package/netkittelnet/netkittelnet.mk      |    4 ++
 package/netsnmp/netsnmp.mk                |    2 +
 package/newt/newt.mk                      |    4 ++
 package/pcre/pcre.mk                      |    2 +
 package/qt/Config.in                      |   15 +++++++
 package/qt/qt.mk                          |    9 ++++
 package/tinyhttpd/tinyhttpd.mk            |    4 ++
 package/tslib/tslib.mk                    |    2 +
 package/ttcp/ttcp.mk                      |    4 ++
 package/uemacs/uemacs.mk                  |    4 ++
 package/vpnc/vpnc.mk                      |    4 ++
 package/xfsprogs/xfsprogs.mk              |    4 ++
 support/legal-info/README.header          |   24 ++++++++++++
 support/legal-info/README.warnings-header |    4 ++
 39 files changed, 296 insertions(+), 3 deletions(-)
 create mode 100644 configs/legal_info_test2_defconfig
 create mode 100644 configs/legal_info_test_defconfig
 create mode 100644 package/foobar/Config.in
 create mode 100644 package/foobar/foobar.mk
 create mode 100644 package/foobar/source/foobar.c
 create mode 100644 support/legal-info/README.header
 create mode 100644 support/legal-info/README.warnings-header

-- 
1.7.5.4

[Buildroot] [RFC v2 01/31] legal-info: infrastructure to collect legally-relevant material

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 Makefile                                  |   52 ++++++++++++++++++++++++-
 package/Makefile.package.in               |   59 +++++++++++++++++++++++++++++
 support/legal-info/README.header          |   24 ++++++++++++
 support/legal-info/README.warnings-header |    4 ++
 4 files changed, 136 insertions(+), 3 deletions(-)
 create mode 100644 support/legal-info/README.header
 create mode 100644 support/legal-info/README.warnings-header

diff --git a/Makefile b/Makefile
index d508888..b78aaf8 100644
--- a/Makefile
+++ b/Makefile
@@ -284,6 +284,15 @@ TARGET_DIR:=$(BASE_DIR)/target
 TOOLCHAIN_DIR=$(BASE_DIR)/toolchain
 TARGET_SKELETON=$(TOPDIR)/fs/skeleton
 
+LEGAL_INFO_DIR=$(BASE_DIR)/legal-info
+REDIST_SOURCES_DIR=$(LEGAL_INFO_DIR)/sources
+LICENSE_FILES_DIR=$(LEGAL_INFO_DIR)/licenses
+LEGAL_MANIFEST_CSV=$(LEGAL_INFO_DIR)/manifest.csv
+LEGAL_LICENSES_TXT=$(LEGAL_INFO_DIR)/licenses.txt
+LEGAL_WARNINGS=$(LEGAL_INFO_DIR)/.warnings
+LEGAL_REPORT=$(LEGAL_INFO_DIR)/README
+LEGAL_INFO_SEPARATOR="::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
+
 ifeq ($(BR2_CCACHE),y)
 CCACHE:=$(HOST_DIR)/usr/bin/ccache
 CCACHE_CACHE_DIR=$(HOME)/.buildroot-ccache
@@ -362,6 +371,10 @@ HOST_DEPS = $(sort $(foreach dep,\
 		$($(dep))))
 HOST_SOURCE += $(addsuffix -source,$(sort $(TARGETS_HOST_DEPS) $(HOST_DEPS)))
 
+TARGETS_LEGAL_INFO:=$(patsubst %,%-legal-info,\
+		$(filter-out host-makedevs,\
+		$(TARGETS) $(BASE_TARGETS) $(TARGETS_HOST_DEPS) $(HOST_DEPS))))
+
 # all targets depend on the crosscompiler and it's prerequisites
 $(TARGETS_ALL): __real_tgt_%: $(BASE_TARGETS) %
 
@@ -395,8 +408,9 @@ $(HOST_DIR)/usr/share/buildroot/toolchainfile.cmake:
 	" > $@
 
 .PHONY: all world dirs clean distclean source outputmakefile \
+	legal-info legal-info-prepare legal-info-clean \
 	$(BASE_TARGETS) $(TARGETS) $(TARGETS_ALL) \
-	$(TARGETS_CLEAN) $(TARGETS_DIRCLEAN) $(TARGETS_SOURCE) \
+	$(TARGETS_CLEAN) $(TARGETS_DIRCLEAN) $(TARGETS_SOURCE) $(TARGETS_LEGAL_INFO) \
 	$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(STAGING_DIR) $(TARGET_DIR) \
 	$(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR)
 
@@ -406,7 +420,7 @@ $(HOST_DIR)/usr/share/buildroot/toolchainfile.cmake:
 # dependencies anywhere else
 #
 #############################################################
-$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR):
+$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR) $(LEGAL_INFO_DIR) $(REDIST_SOURCES_DIR):
 	@mkdir -p $@
 
 $(STAGING_DIR):
@@ -513,6 +527,37 @@ source: dirs $(TARGETS_SOURCE) $(HOST_SOURCE)
 external-deps:
 	@$(MAKE) -Bs DL_MODE=SHOW_EXTERNAL_DEPS $(EXTRAMAKEARGS) source | sort -u
 
+legal-info-clean:
+	@rm -fr $(LEGAL_INFO_DIR)
+
+legal-info-prepare: $(LEGAL_INFO_DIR)
+	@echo "package,version,license,license files,source archive" \
+		>>$(LEGAL_MANIFEST_CSV)
+	@mkdir -p $(LICENSE_FILES_DIR)/buildroot
+	@cp COPYING $(LICENSE_FILES_DIR)/buildroot/COPYING
+	@echo -e "$(LEGAL_INFO_SEPARATOR)\n\t buildroot:" \
+		"COPYING file\n$(LEGAL_INFO_SEPARATOR)\n\n" \
+			>>$(LEGAL_LICENSES_TXT)
+	@cat COPYING >>$(LEGAL_LICENSES_TXT)
+	@echo >>$(LEGAL_LICENSES_TXT)
+	@echo "buildroot,$(BR2_VERSION_FULL),GPLv2,COPYING,not saved" \
+		>>$(LEGAL_MANIFEST_CSV)
+	@echo "WARNING: The Buildroot source code has not be saved" \
+		>>$(LEGAL_WARNINGS)
+	@echo "WARNING: The toolchain has not be saved" \
+		>>$(LEGAL_WARNINGS)
+	@cp $(CONFIG_DIR)/.config $(LEGAL_INFO_DIR)/buildroot.config
+
+legal-info: legal-info-clean legal-info-prepare $(REDIST_SOURCES_DIR) \
+		$(TARGETS_LEGAL_INFO)
+	@cat support/legal-info/README.header >>$(LEGAL_REPORT)
+	@if [ -r $(LEGAL_WARNINGS) ]; then \
+		cat support/legal-info/README.warnings-header \
+			$(LEGAL_WARNINGS) >>$(LEGAL_REPORT); \
+		cat $(LEGAL_WARNINGS); fi
+	@echo "Legal info produced in $(LEGAL_INFO_DIR)"
+	@rm -f $(LEGAL_WARNINGS)
+
 show-targets:
 	@echo $(TARGETS)
 
@@ -634,7 +679,8 @@ endif
 
 clean:
 	rm -rf $(STAGING_DIR) $(TARGET_DIR) $(BINARIES_DIR) $(HOST_DIR) \
-		$(STAMP_DIR) $(BUILD_DIR) $(TOOLCHAIN_DIR) $(BASE_DIR)/staging
+		$(STAMP_DIR) $(BUILD_DIR) $(TOOLCHAIN_DIR) $(BASE_DIR)/staging \
+		$(LEGAL_INFO_DIR)
 
 distclean: clean
 ifeq ($(DL_DIR),$(TOPDIR)/dl)
diff --git a/package/Makefile.package.in b/package/Makefile.package.in
index 59adce1..262cc6a 100644
--- a/package/Makefile.package.in
+++ b/package/Makefile.package.in
@@ -505,6 +505,8 @@ ifndef $(2)_SOURCE
  endif
 endif
 
+$(2)_LICENSE			?= unknown
+
 ifndef $(2)_PATCH
  ifdef $(3)_PATCH
   $(2)_PATCH = $($(3)_PATCH)
@@ -644,6 +646,62 @@ $(1)-rsync:		$$($(2)_TARGET_RSYNC)
 $(1)-source:		$$($(2)_TARGET_RSYNC_SOURCE)
 endif
 
+# legal-info: produce legally relevant info.
+ifneq ($$($(3)_LICENSE),PROPRIETARY)
+ifneq ($$($(3)_SITE_METHOD),local)
+ifneq ($$($(3)_SITE_METHOD),override)
+# Packages that have a tarball need it downloaded and extracted beforehand
+$(1)-legal-info:	$(1)-extract $(REDIST_SOURCES_DIR)
+endif
+endif
+endif
+
+$(1)-legal-info:
+	@echo -n "$$($(3)_NAME),$$($(3)_VERSION),$$($(3)_LICENSE)," \
+		>>$(LEGAL_MANIFEST_CSV)
+ifeq ($$($(3)_LICENSE),PROPRIETARY)
+# Proprietary packages: nothing to save
+	@echo "not saved,not saved" >>$(LEGAL_MANIFEST_CSV)
+else ifeq ($$($(3)_SITE_METHOD),local)
+# Packages without a tarball: don't save and warn
+	@echo "not saved,not saved" >>$(LEGAL_MANIFEST_CSV)
+	@echo "WARNING: $$($(3)_NAME): sources and license files not saved" \
+		"(local packages not handled)" \
+		>>$(LEGAL_WARNINGS)
+else ifeq ($$($(3)_SITE_METHOD),override)
+	@echo "not saved,not saved" >>$(LEGAL_MANIFEST_CSV)
+	@echo "WARNING:  $$($(3)_NAME): sources and license files not saved" \
+		"(override packages not handled)" \
+		>>$(LEGAL_WARNINGS)
+else
+# Other packages
+# Save license files if defined
+ifeq ($(call qstrip,$$($(3)_LICENSE_FILES)),)
+	@echo -n "not saved," >>$(LEGAL_MANIFEST_CSV)
+	@echo -e "$(LEGAL_INFO_SEPARATOR)\n\t $$($(3)_NAME):" \
+		"unknown license file(s)\n$(LEGAL_INFO_SEPARATOR)\n\n" \
+			>>$(LEGAL_LICENSES_TXT)
+	@echo "WARNING: $$($(3)_NAME): cannot save license" \
+		"($(3)_LICENSE_FILES not defined)" >>$(LEGAL_WARNINGS)
+else
+	@mkdir -p $(LICENSE_FILES_DIR)/$$($(3)_NAME)/
+	@cp $(addprefix $$($(2)_DIR)/,$$($(3)_LICENSE_FILES)) \
+		$(LICENSE_FILES_DIR)/$$($(3)_NAME)/
+	@echo -n "$$($(3)_LICENSE_FILES)," >>$(LEGAL_MANIFEST_CSV)
+	@for F in $$($(3)_LICENSE_FILES); do \
+		echo -e "$(LEGAL_INFO_SEPARATOR)\n\t $$($(3)_NAME):" \
+			"$$$${F} file\n$(LEGAL_INFO_SEPARATOR)\n" \
+			>>$(LEGAL_LICENSES_TXT); \
+		cat $$($(2)_DIR)/$$$${F} >>$(LEGAL_LICENSES_TXT); \
+		echo >>$(LEGAL_LICENSES_TXT); \
+		done
+endif
+# Copy the source tarball (just hardlink if possible)
+	@cp -l $(DL_DIR)/$$($(3)_SOURCE) $(REDIST_SOURCES_DIR) 2>/dev/null || \
+	   cp $(DL_DIR)/$$($(3)_SOURCE) $(REDIST_SOURCES_DIR)
+	@echo "$$($(3)_SOURCE)" >>$(LEGAL_MANIFEST_CSV)
+endif
+
 $(1)-show-depends:
 			@echo $$($(2)_DEPENDENCIES)
 
@@ -687,6 +745,7 @@ $$($(2)_TARGET_PATCH):			PKG=$(2)
 $$($(2)_TARGET_PATCH):			RAWNAME=$(patsubst host-%,%,$(1))
 $$($(2)_TARGET_EXTRACT):		PKG=$(2)
 $$($(2)_TARGET_SOURCE):			PKG=$(2)
+$$($(2)_TARGET_LEGAL_INFO):		PKG=$(2)
 $$($(2)_TARGET_UNINSTALL):		PKG=$(2)
 $$($(2)_TARGET_CLEAN):			PKG=$(2)
 $$($(2)_TARGET_DIRCLEAN):		PKG=$(2)
diff --git a/support/legal-info/README.header b/support/legal-info/README.header
new file mode 100644
index 0000000..156ef7e
--- /dev/null
+++ b/support/legal-info/README.header
@@ -0,0 +1,24 @@
+Most of the packages that were used by Buildroot to produce the image files,
+including Buildroot itself, have open-source licenses. It is your
+responsibility to comply to the requirements of these licenses.
+To make this easier for you, Buildroot collected in this directory some
+material you may need to get it done.
+
+This material is composed of the following items.
+ * The scripts used to control compilation of the packages and the generation
+   of image files, i.e. the Buildroot sources.
+   Note: this has not be saved due to technical limitations, you must collect
+   it manually.
+ * The Buildroot configuration file; this has been saved in buildroot.config.
+ * The toolchain (cross-compiler and related tools) used to generate all the
+   compiled programs.
+   Note: this has not be saved due to technical limitations, you must collect
+   it manually.
+ * The source code for all packages; this has been saved in the sources/
+   subdirectory (except for the proprietary packages, which have not been
+   saved); patches applied to some packages by Buildroot are included in the
+   Buildroot sources and were not duplicated in the sources/ subdirectory.
+ * A manifest file listing the configured packages and related information;
+ * The license text of the packages; they have been saved in the licenses/
+   subdirectory.
+
diff --git a/support/legal-info/README.warnings-header b/support/legal-info/README.warnings-header
new file mode 100644
index 0000000..cd08290
--- /dev/null
+++ b/support/legal-info/README.warnings-header
@@ -0,0 +1,4 @@
+Due to technical limitations or lack of license definition in the package
+makefile, some of the material listed above could not been saved, as the
+following list details.
+
-- 
1.7.5.4

[Buildroot] [RFC v2 02/31] cups: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/cups/cups.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/cups/cups.mk b/package/cups/cups.mk
index 4e8db71..1ad551f 100644
--- a/package/cups/cups.mk
+++ b/package/cups/cups.mk
@@ -110,6 +110,10 @@ $(CUPS_DIR)/.installed: $(CUPS_DIR)/.compiled
 	$(SED) "s,^libdir=.*,libdir=\'$(STAGING_DIR)/usr/lib\',g" $(STAGING_DIR)/usr/bin/cups-config
 	touch $@
 
+cups-legal-info:
+	@echo WARNING: Cannot produce any legal info for package cups \
+		>>$(LEGAL_WARNINGS)
+
 cups: host-autoconf $(CUPS_DEPENDENCIES) $(CUPS_DIR)/.installed
 
 cups-source: $(DL_DIR)/$(CUPS_SOURCE)
-- 
1.7.5.4

[Buildroot] [RFC v2 03/31] fis: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/fis/fis.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/fis/fis.mk b/package/fis/fis.mk
index 2942449..1d22068 100644
--- a/package/fis/fis.mk
+++ b/package/fis/fis.mk
@@ -32,6 +32,10 @@ $(TARGET_DIR)/$(FIS_TARGET_BINARY): $(FIS_DIR)/$(FIS_BINARY)
 	$(INSTALL) -D -m 0755 $(FIS_DIR)/$(FIS_BINARY) $(TARGET_DIR)/$(FIS_TARGET_BINARY)
 	$(STRIPCMD) $(STRIP_STRIP_ALL) $@
 
+fis-legal-info:
+	@echo WARNING: Cannot produce any legal info for package fis \
+		>>$(LEGAL_WARNINGS)
+
 fis: $(TARGET_DIR)/$(FIS_TARGET_BINARY)
 
 fis-clean:
-- 
1.7.5.4

[Buildroot] [RFC v2 04/31] doom-wad: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/games/doom-wad/doom-wads.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/games/doom-wad/doom-wads.mk b/package/games/doom-wad/doom-wads.mk
index bae2420..832d861 100644
--- a/package/games/doom-wad/doom-wads.mk
+++ b/package/games/doom-wad/doom-wads.mk
@@ -23,6 +23,10 @@ $(DOOM_WAD_DIR)/.unpacked: $(DL_DIR)/$(DOOM_WAD_SOURCE)
 $(TARGET_DIR)/usr/share/games/doom/doom1.wad: $(DOOM_WAD_DIR)/.unpacked
 	$(INSTALL) -D $(DOOM_WAD_DIR)/doom-$(DOOM_WAD_VERSION).wad $@
 
+doom-wad-legal-info:
+	@echo WARNING: Cannot produce any legal info for package doom-wad \
+		>>$(LEGAL_WARNINGS)
+
 doom-wad: $(TARGET_DIR)/usr/share/games/doom/doom1.wad
 
 #############################################################
-- 
1.7.5.4

[Buildroot] [RFC v2 05/31] gettext: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/gettext/gettext.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/gettext/gettext.mk b/package/gettext/gettext.mk
index f4c8c76..b5a2099 100644
--- a/package/gettext/gettext.mk
+++ b/package/gettext/gettext.mk
@@ -113,6 +113,10 @@ $(STAGING_DIR)/$(GETTEXT_TARGET_BINARY): $(GETTEXT_DIR)/$(GETTEXT_BINARY)
 		autopoint envsubst gettext.sh gettextize msg* ?gettext)
 	touch -c $@
 
+gettext-legal-info:
+	@echo WARNING: Cannot produce any legal info for package gettext \
+		>>$(LEGAL_WARNINGS)
+
 gettext: host-pkg-config $(if $(BR2_PACKAGE_LIBICONV),libiconv) $(STAGING_DIR)/$(GETTEXT_TARGET_BINARY)
 
 gettext-unpacked: $(GETTEXT_DIR)/.unpacked
-- 
1.7.5.4

[Buildroot] [RFC v2 06/31] microperl: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/microperl/microperl.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/microperl/microperl.mk b/package/microperl/microperl.mk
index de5ecd6..f9c32a9 100644
--- a/package/microperl/microperl.mk
+++ b/package/microperl/microperl.mk
@@ -93,6 +93,10 @@ ifneq ($(BR2_STRIP_none),y)
 endif
 	(cd $(TARGET_DIR)/usr/bin; rm -f perl; ln -s microperl perl;)
 
+microperl-legal-info:
+	@echo WARNING: Cannot produce any legal info for package microperl \
+		>>$(LEGAL_WARNINGS)
+
 microperl: $(TARGET_DIR)/usr/bin/microperl
 
 microperl-source: $(DL_DIR)/$(MICROPERL_SOURCE)
-- 
1.7.5.4

[Buildroot] [RFC v2 07/31] netkitbase: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/netkitbase/netkitbase.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/netkitbase/netkitbase.mk b/package/netkitbase/netkitbase.mk
index dde8f9f..b8c965d 100644
--- a/package/netkitbase/netkitbase.mk
+++ b/package/netkitbase/netkitbase.mk
@@ -47,6 +47,10 @@ $(TARGET_DIR)/$(NETKITBASE_TARGET_BINARY): $(NETKITBASE_DIR)/$(NETKITBASE_BINARY
 	fi
 	touch -c $(TARGET_DIR)/$(NETKITBASE_TARGET_BINARY)
 
+netkitbase-legal-info:
+	@echo WARNING: Cannot produce any legal info for package netkitbase \
+		>>$(LEGAL_WARNINGS)
+
 netkitbase: $(TARGET_DIR)/$(NETKITBASE_TARGET_BINARY)
 
 netkitbase-clean:
-- 
1.7.5.4

[Buildroot] [RFC v2 08/31] netkittelnet: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/netkittelnet/netkittelnet.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/netkittelnet/netkittelnet.mk b/package/netkittelnet/netkittelnet.mk
index e9f40ca..c489709 100644
--- a/package/netkittelnet/netkittelnet.mk
+++ b/package/netkittelnet/netkittelnet.mk
@@ -48,6 +48,10 @@ $(TARGET_DIR)/$(NETKITTELNET_TARGET_BINARY): $(NETKITTELNET_DIR)/$(NETKITTELNET_
 	#rm -rf $(TARGET_DIR)/share/locale $(TARGET_DIR)/usr/info \
 	# $(TARGET_DIR)/usr/man $(TARGET_DIR)/usr/share/doc
 
+netkittelnet-legal-info:
+	@echo WARNING: Cannot produce any legal info for package netkittelnet \
+		>>$(LEGAL_WARNINGS)
+
 netkittelnet: netkitbase $(TARGET_DIR)/$(NETKITTELNET_TARGET_BINARY)
 
 netkittelnet-clean:
-- 
1.7.5.4

[Buildroot] [RFC v2 09/31] newt: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/newt/newt.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/newt/newt.mk b/package/newt/newt.mk
index eb944a9..a85cb2d 100644
--- a/package/newt/newt.mk
+++ b/package/newt/newt.mk
@@ -58,6 +58,10 @@ $(TARGET_DIR)/usr/lib/libnewt.so.$(NEWT_VERSION): $(STAGING_DIR)/usr/lib/libnewt
 	-$(STRIPCMD) $(STRIP_STRIP_UNNEEDED) $(TARGET_DIR)/usr/lib/libnewt.so*
 	touch -c $@
 
+newt-legal-info:
+	@echo WARNING: Cannot produce any legal info for package newt \
+		>>$(LEGAL_WARNINGS)
+
 newt: slang $(TARGET_DIR)/usr/lib/libnewt.so.$(NEWT_VERSION)
 
 newt-source: $(DL_DIR)/$(NEWT_SOURCE)
-- 
1.7.5.4

[Buildroot] [RFC v2 10/31] tinyhttpd: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/tinyhttpd/tinyhttpd.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/tinyhttpd/tinyhttpd.mk b/package/tinyhttpd/tinyhttpd.mk
index 739849f..00a3005 100644
--- a/package/tinyhttpd/tinyhttpd.mk
+++ b/package/tinyhttpd/tinyhttpd.mk
@@ -35,6 +35,10 @@ $(TARGET_DIR)/$(TINYHTTPD_TARGET_BINARY): $(TINYHTTPD_DIR)/$(TINYHTTPD_BINARY)
 	$(INSTALL) -m 0755 package/tinyhttpd/S85tinyhttpd $(TARGET_DIR)/etc/init.d
 	mkdir -p $(TARGET_DIR)/var/www
 
+tinyhttpd-legal-info:
+	@echo WARNING: Cannot produce any legal info for package tinyhttpd \
+		>>$(LEGAL_WARNINGS)
+
 tinyhttpd: $(TARGET_DIR)/$(TINYHTTPD_TARGET_BINARY)
 
 tinyhttpd-clean:
-- 
1.7.5.4

[Buildroot] [RFC v2 11/31] ttcp: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/ttcp/ttcp.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/ttcp/ttcp.mk b/package/ttcp/ttcp.mk
index 006b74c..0fb0845 100644
--- a/package/ttcp/ttcp.mk
+++ b/package/ttcp/ttcp.mk
@@ -27,6 +27,10 @@ $(TTCP_DIR)/ttcp: $(TTCP_DIR)/.configured
 $(TARGET_DIR)/usr/bin/ttcp: $(TTCP_DIR)/ttcp
 	cp -af $(TTCP_DIR)/ttcp $(TARGET_DIR)/usr/bin/
 
+ttcp-legal-info:
+	@echo WARNING: Cannot produce any legal info for package ttcp \
+		>>$(LEGAL_WARNINGS)
+
 ttcp: $(TARGET_DIR)/usr/bin/ttcp
 
 ttcp-source: $(DL_DIR)/$(TTCP_SOURCE)
-- 
1.7.5.4

[Buildroot] [RFC v2 12/31] uemacs: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/uemacs/uemacs.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/uemacs/uemacs.mk b/package/uemacs/uemacs.mk
index 8355a7f..e690eee 100644
--- a/package/uemacs/uemacs.mk
+++ b/package/uemacs/uemacs.mk
@@ -29,6 +29,10 @@ $(UEMACS_DIR)/$(UEMACS_BINARY): $(UEMACS_DIR)/.unpacked
 $(TARGET_DIR)/$(UEMACS_TARGET_BINARY): $(UEMACS_DIR)/$(UEMACS_BINARY)
 	$(INSTALL) -m 0755 -D $(UEMACS_DIR)/$(UEMACS_BINARY) $(TARGET_DIR)/$(UEMACS_TARGET_BINARY)
 
+uemacs-legal-info:
+	@echo WARNING: Cannot produce any legal info for package uemacs \
+		>>$(LEGAL_WARNINGS)
+
 uemacs: ncurses $(TARGET_DIR)/$(UEMACS_TARGET_BINARY)
 
 uemacs-clean:
-- 
1.7.5.4

[Buildroot] [RFC v2 13/31] vpnc: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/vpnc/vpnc.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/vpnc/vpnc.mk b/package/vpnc/vpnc.mk
index 5a8c700..34f9118 100644
--- a/package/vpnc/vpnc.mk
+++ b/package/vpnc/vpnc.mk
@@ -42,6 +42,10 @@ $(VPNC_TARGET_BINARY): $(VPNC_BINARY)
 		-C $(VPNC_DIR) install
 	$(STRIPCMD) $(STRIP_STRIP_UNNEEDED) $(VPNC_TARGET_BINARY)
 
+vpnc-legal-info:
+	@echo WARNING: Cannot produce any legal info for package vpnc \
+		>>$(LEGAL_WARNINGS)
+
 vpnc: libgcrypt $(VPNC_TARGET_BINARY)
 
 vpnc-source: $(DL_DIR)/$(VPNC_SOURCE)
-- 
1.7.5.4

[Buildroot] [RFC v2 14/31] xfsprogs: warn that legal-info is not implemented

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/xfsprogs/xfsprogs.mk |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/package/xfsprogs/xfsprogs.mk b/package/xfsprogs/xfsprogs.mk
index 68db2f7..b07ab08 100644
--- a/package/xfsprogs/xfsprogs.mk
+++ b/package/xfsprogs/xfsprogs.mk
@@ -77,6 +77,10 @@ $(TARGET_DIR)/$(XFSPROGS_TARGET_BINARY): $(XFSPROGS_DIR)/$(XFSPROGS_BINARY)
 	rm -rf $(TARGET_DIR)/usr/man $(TARGET_DIR)/usr/share/doc
 	touch -c $(TARGET_DIR)/$(XFSPROGS_TARGET_BINARY)
 
+xfsprogs-legal-info:
+	@echo WARNING: Cannot produce any legal info for package xfsprogs \
+		>>$(LEGAL_WARNINGS)
+
 xfsprogs: util-linux $(TARGET_DIR)/$(XFSPROGS_TARGET_BINARY)
 
 xfsprogs-clean:
-- 
1.7.5.4

[Buildroot] [RFC v2 15/31] mpc: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/mpc/mpc.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/mpc/mpc.mk b/package/mpc/mpc.mk
index e5ee489..0a11a52 100644
--- a/package/mpc/mpc.mk
+++ b/package/mpc/mpc.mk
@@ -6,6 +6,8 @@
 
 MPC_VERSION = 0.9
 MPC_SITE = http://www.multiprecision.org/mpc/download
+MPC_LICENSE = LGPLv2.1
+MPC_LICENSE_FILES = COPYING.LIB
 MPC_INSTALL_STAGING = YES
 MPC_DEPENDENCIES = gmp mpfr
 MPC_AUTORECONF = YES
-- 
1.7.5.4

[Buildroot] [RFC v2 16/31] linux: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 linux/linux.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/linux/linux.mk b/linux/linux.mk
index ae236d4..e6f2388 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -4,6 +4,8 @@
 #
 ###############################################################################
 LINUX_VERSION=$(call qstrip,$(BR2_LINUX_KERNEL_VERSION))
+LINUX_LICENSE = GPLv2-ONLY
+LINUX_LICENSE_FILES = COPYING
 
 # Compute LINUX_SOURCE and LINUX_SITE from the configuration
 ifeq ($(LINUX_VERSION),custom)
-- 
1.7.5.4

[Buildroot] [RFC v2 17/31] m4: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/m4/m4.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/m4/m4.mk b/package/m4/m4.mk
index 173bba8..f376ca2 100644
--- a/package/m4/m4.mk
+++ b/package/m4/m4.mk
@@ -7,6 +7,8 @@
 M4_VERSION = 1.4.16
 M4_SOURCE = m4-$(M4_VERSION).tar.bz2
 M4_SITE = $(BR2_GNU_MIRROR)/m4
+M4_LICENSE = GPLv3
+M4_LICENSE_FILES = COPYING
 M4_CONF_ENV = gl_cv_func_gettimeofday_clobber=no
 
 ifneq ($(BR2_USE_WCHAR),y)
-- 
1.7.5.4

[Buildroot] [RFC v2 18/31] busybox: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/busybox/busybox.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
index 59448d5..f9e57a0 100644
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -12,6 +12,8 @@ BUSYBOX_VERSION = $(call qstrip,$(BR2_BUSYBOX_VERSION))
 BUSYBOX_SITE = http://www.busybox.net/downloads
 endif
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
+BUSYBOX_LICENSE = GPLv2-ONLY
+BUSYBOX_LICENSE_FILES = LICENSE
 BUSYBOX_BUILD_CONFIG = $(BUSYBOX_DIR)/.config
 # Allows the build system to tweak CFLAGS
 BUSYBOX_MAKE_ENV = $(TARGET_MAKE_ENV) CFLAGS="$(TARGET_CFLAGS) -I$(LINUX_HEADERS_DIR)/include"
-- 
1.7.5.4

[Buildroot] [RFC v2 19/31] bzip2: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/bzip2/bzip2.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/bzip2/bzip2.mk b/package/bzip2/bzip2.mk
index 1bc4449..028c2f2 100644
--- a/package/bzip2/bzip2.mk
+++ b/package/bzip2/bzip2.mk
@@ -7,6 +7,8 @@ BZIP2_VERSION:=1.0.5
 BZIP2_SONAME=1.0.4
 BZIP2_SOURCE:=bzip2-$(BZIP2_VERSION).tar.gz
 BZIP2_SITE:=http://www.bzip.org/$(BZIP2_VERSION)
+BZIP2_LICENSE = BSD-like
+BZIP2_LICENSE_FILES = LICENSE
 BZIP2_INSTALL_STAGING=YES
 
 define BZIP2_FIX_MAKEFILE
-- 
1.7.5.4

[Buildroot] [RFC v2 20/31] directfb: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/directfb/directfb.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/directfb/directfb.mk b/package/directfb/directfb.mk
index 977d272..8fb6766 100644
--- a/package/directfb/directfb.mk
+++ b/package/directfb/directfb.mk
@@ -7,6 +7,8 @@ DIRECTFB_VERSION_MAJOR = 1.4
 DIRECTFB_VERSION = $(DIRECTFB_VERSION_MAJOR).15
 DIRECTFB_SITE = http://www.directfb.org/downloads/Core/DirectFB-$(DIRECTFB_VERSION_MAJOR)
 DIRECTFB_SOURCE = DirectFB-$(DIRECTFB_VERSION).tar.gz
+DIRECTFB_LICENSE = LGPLv2.1
+DIRECTFB_LICENSE_FILES = COPYING
 DIRECTFB_AUTORECONF = YES
 DIRECTFB_INSTALL_STAGING = YES
 DIRECTFB_CONF_OPT = \
-- 
1.7.5.4

[Buildroot] [RFC v2 21/31] iostat: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/iostat/iostat.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/iostat/iostat.mk b/package/iostat/iostat.mk
index 83eea07..97b4cac 100644
--- a/package/iostat/iostat.mk
+++ b/package/iostat/iostat.mk
@@ -6,6 +6,8 @@
 
 IOSTAT_VERSION = 2.2
 IOSTAT_SITE = http://www.linuxinsight.com/files
+IOSTAT_LICENSE = GPLv2
+IOSTAT_LICENSE_FILE = LICENSE
 
 iostat-source: $(DL_DIR)/$(IOSTAT_SOURCE)
 
-- 
1.7.5.4

[Buildroot] [RFC v2 22/31] lzo: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/lzo/lzo.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/lzo/lzo.mk b/package/lzo/lzo.mk
index 84f31f0..04033ac 100644
--- a/package/lzo/lzo.mk
+++ b/package/lzo/lzo.mk
@@ -5,6 +5,8 @@
 #############################################################
 LZO_VERSION = 2.06
 LZO_SITE = http://www.oberhumer.com/opensource/lzo/download
+LZO_LICENSE = GPLv2
+LZO_LICENSE_FILES = COPYING
 LZO_INSTALL_STAGING = YES
 
 $(eval $(call AUTOTARGETS))
-- 
1.7.5.4

[Buildroot] [RFC v2 23/31] lzop: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/lzop/lzop.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/lzop/lzop.mk b/package/lzop/lzop.mk
index 6d1d674..6f74d16 100644
--- a/package/lzop/lzop.mk
+++ b/package/lzop/lzop.mk
@@ -6,6 +6,8 @@
 LZOP_VERSION = 1.03
 LZOP_SOURCE = lzop-$(LZOP_VERSION).tar.gz
 LZOP_SITE = http://www.lzop.org/download/
+LZOP_LICENSE = GPLv2
+LZOP_LICENSE_FILES = COPYING
 LZOP_DEPENDENCIES = lzo
 
 $(eval $(call AUTOTARGETS))
-- 
1.7.5.4

[Buildroot] [RFC v2 24/31] tslib: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/tslib/tslib.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/tslib/tslib.mk b/package/tslib/tslib.mk
index 885bd88..4f07bbb 100644
--- a/package/tslib/tslib.mk
+++ b/package/tslib/tslib.mk
@@ -5,6 +5,8 @@
 #############################################################
 TSLIB_VERSION = 412d99d8b92c
 TSLIB_SITE = git://github.com/kergoth/tslib.git
+TSLIB_LICENSE = GPLv2
+TSLIB_LICENSE_FILES = COPYING
 TSLIB_AUTORECONF = YES
 TSLIB_INSTALL_STAGING = YES
 TSLIB_INSTALL_STAGING_OPT = DESTDIR=$(STAGING_DIR) LDFLAGS=-L$(STAGING_DIR)/usr/lib install
-- 
1.7.5.4

[Buildroot] [RFC v2 25/31] libusb: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/libusb/libusb.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/libusb/libusb.mk b/package/libusb/libusb.mk
index fce0c28..6a22bed 100644
--- a/package/libusb/libusb.mk
+++ b/package/libusb/libusb.mk
@@ -6,6 +6,8 @@
 LIBUSB_VERSION = 1.0.8
 LIBUSB_SOURCE = libusb-$(LIBUSB_VERSION).tar.bz2
 LIBUSB_SITE = http://$(BR2_SOURCEFORGE_MIRROR).dl.sourceforge.net/project/libusb/libusb-1.0/libusb-$(LIBUSB_VERSION)
+LIBUSB_LICENSE = LGPLv2.1
+LIBUSB_LICENSE_FILES = COPYING
 LIBUSB_DEPENDENCIES = host-pkg-config
 LIBUSB_INSTALL_STAGING = YES
 
-- 
1.7.5.4

[Buildroot] [RFC v2 26/31] pcre: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/pcre/pcre.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/pcre/pcre.mk b/package/pcre/pcre.mk
index d64106e..eab3c2d 100644
--- a/package/pcre/pcre.mk
+++ b/package/pcre/pcre.mk
@@ -6,6 +6,8 @@
 
 PCRE_VERSION = 8.20
 PCRE_SITE = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+PCRE_LICENSE = BSD
+PCRE_LICENSE_FILES = LICENCE
 PCRE_INSTALL_STAGING = YES
 
 ifneq ($(BR2_INSTALL_LIBSTDCPP),y)
-- 
1.7.5.4

[Buildroot] [RFC v2 27/31] netsnmp: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/netsnmp/netsnmp.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/netsnmp/netsnmp.mk b/package/netsnmp/netsnmp.mk
index 959e39f..fd159e7 100644
--- a/package/netsnmp/netsnmp.mk
+++ b/package/netsnmp/netsnmp.mk
@@ -7,6 +7,8 @@
 NETSNMP_VERSION = 5.7.1
 NETSNMP_SITE = http://$(BR2_SOURCEFORGE_MIRROR).dl.sourceforge.net/sourceforge/net-snmp
 NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
+NETSNMP_LICENSE = BSD
+NETSNMP_LICENSE_FILES = COPYING
 NETSNMP_INSTALL_STAGING = YES
 NETSNMP_CONF_ENV = ac_cv_NETSNMP_CAN_USE_SYSCTL=yes
 NETSNMP_CONF_OPT = --with-persistent-directory=/var/lib/snmp --disable-static \
-- 
1.7.5.4

[Buildroot] [RFC v2 28/31] berkeleydb: define license

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/berkeleydb/berkeleydb.mk |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/package/berkeleydb/berkeleydb.mk b/package/berkeleydb/berkeleydb.mk
index ed70486..e27f4a9 100644
--- a/package/berkeleydb/berkeleydb.mk
+++ b/package/berkeleydb/berkeleydb.mk
@@ -6,6 +6,8 @@
 BERKELEYDB_VERSION:=4.4.20
 BERKELEYDB_SITE:=http://download.oracle.com/berkeley-db
 BERKELEYDB_SOURCE:=db-$(BERKELEYDB_VERSION).NC.tar.gz
+BERKELEYDB_LICENSE = Sleepycat License
+BERKELEYDB_LICENSE_FILES = LICENSE
 BERKELEYDB_SUBDIR=build_unix
 BERKELEYDB_INSTALL_STAGING = YES
 
-- 
1.7.5.4

[Buildroot] [RFC v2 29/31] qt: define license choice

[Luca Ceresoli]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/qt/Config.in |   15 +++++++++++++++
 package/qt/qt.mk     |    9 +++++++++
 2 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/package/qt/Config.in b/package/qt/Config.in
index 3a552d0..b430258 100644
--- a/package/qt/Config.in
+++ b/package/qt/Config.in
@@ -55,6 +55,21 @@ config BR2_PACKAGE_QT_LICENSE_APPROVED
 	  LGPL v2.1: http://doc.trolltech.com/4.5/lgpl.html
 	  GPL  v3.0: http://doc.trolltech.com/4.5/gpl.html
 
+if BR2_PACKAGE_QT_LICENSE_APPROVED
+
+choice
+	prompt "License"
+
+config BR2_PACKAGE_QT_LICENSE_LGPL
+	bool "LGPL v2.1"
+
+config BR2_PACKAGE_QT_LICENSE_GPL
+	bool "GPL v3.0"
+
+endchoice
+
+endif # BR2_PACKAGE_QT_LICENSE_APPROVED
+
 config BR2_PACKAGE_QT_CONFIG_FILE
 	string "Config file"
 	help
diff --git a/package/qt/qt.mk b/package/qt/qt.mk
index 776eb63..e8bc3a2 100644
--- a/package/qt/qt.mk
+++ b/package/qt/qt.mk
@@ -20,6 +20,15 @@ QT_INSTALL_STAGING = YES
 
 ifeq ($(BR2_PACKAGE_QT_LICENSE_APPROVED),y)
 QT_CONFIGURE_OPTS += -opensource -confirm-license
+
+ifeq ($(BR2_PACKAGE_QT_LICENSE_LGPL),y)
+QT_LICENSE = LGPLv2.1
+QT_LICENSE_FILES = LICENSE.LGPL
+else ifeq ($(BR2_PACKAGE_QT_LICENSE_GPL),y)
+QT_LICENSE = GPLv3
+QT_LICENSE_FILES = LICENSE.GPL3
+endif
+
 endif
 
 QT_CONFIG_FILE=$(call qstrip,$(BR2_PACKAGE_QT_CONFIG_FILE))
-- 
1.7.5.4

[Buildroot] [RFC v2 30/31] foobar: create a fake proprietary package (testing only)

[Luca Ceresoli]

This is only for testing the proprietary package handling, not to be
committed in any serious repository.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 package/Config.in              |    1 +
 package/foobar/Config.in       |    5 +++++
 package/foobar/foobar.mk       |   15 +++++++++++++++
 package/foobar/source/foobar.c |    7 +++++++
 4 files changed, 28 insertions(+), 0 deletions(-)
 create mode 100644 package/foobar/Config.in
 create mode 100644 package/foobar/foobar.mk
 create mode 100644 package/foobar/source/foobar.c

diff --git a/package/Config.in b/package/Config.in
index 41cbb8c..fd31f51 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -420,6 +420,7 @@ endmenu
 
 menu "Miscellaneous"
 source "package/shared-mime-info/Config.in"
+source "package/foobar/Config.in"
 endmenu
 
 menu "Networking applications"
diff --git a/package/foobar/Config.in b/package/foobar/Config.in
new file mode 100644
index 0000000..c88da26
--- /dev/null
+++ b/package/foobar/Config.in
@@ -0,0 +1,5 @@
+config BR2_PACKAGE_FOOBAR
+	bool "foobar"
+	default y
+	help
+	  Fake propritary package
diff --git a/package/foobar/foobar.mk b/package/foobar/foobar.mk
new file mode 100644
index 0000000..31709de
--- /dev/null
+++ b/package/foobar/foobar.mk
@@ -0,0 +1,15 @@
+#############################################################
+#
+# foobar - just a dummy, fake proprietary package
+#
+#############################################################
+
+FOOBAR_VERSION = 1.2.3.4
+FOOBAR_SOURCE = foobar-$(FOOBAR_VERSION).tar.bz2
+FOOBAR_SITE = package/foobar/source
+FOOBAR_SITE_METHOD = local
+FOOBAR_LICENSE = PROPRIETARY
+
+foobar-extract:
+
+$(eval $(call GENTARGETS))
diff --git a/package/foobar/source/foobar.c b/package/foobar/source/foobar.c
new file mode 100644
index 0000000..2c375ef
--- /dev/null
+++ b/package/foobar/source/foobar.c
@@ -0,0 +1,7 @@
+#include <stdlib.h>
+
+int main(void)
+{
+  printf("Hello, World!\n");
+  return 0;
+}
-- 
1.7.5.4

[Buildroot] [RFC v2 31/31] Create test configs (testing only)

[Luca Ceresoli]

This is for testing only, not to be committed in any serious repository

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
---
 configs/legal_info_test2_defconfig |    8 ++++++++
 configs/legal_info_test_defconfig  |   20 ++++++++++++++++++++
 2 files changed, 28 insertions(+), 0 deletions(-)
 create mode 100644 configs/legal_info_test2_defconfig
 create mode 100644 configs/legal_info_test_defconfig

diff --git a/configs/legal_info_test2_defconfig b/configs/legal_info_test2_defconfig
new file mode 100644
index 0000000..cb192ec
--- /dev/null
+++ b/configs/legal_info_test2_defconfig
@@ -0,0 +1,8 @@
+BR2_TOOLCHAIN_CTNG=y
+BR2_TOOLCHAIN_CTNG_glibc=y
+BR2_TOOLCHAIN_CTNG_CXX=y
+BR2_ENABLE_LOCALE_PURGE=y
+BR2_ENABLE_LOCALE_WHITELIST="C en_US"
+BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV=y
+BR2_PACKAGE_KMOD=y
+BR2_PACKAGE_UTIL_LINUX=y
diff --git a/configs/legal_info_test_defconfig b/configs/legal_info_test_defconfig
new file mode 100644
index 0000000..81cb234
--- /dev/null
+++ b/configs/legal_info_test_defconfig
@@ -0,0 +1,20 @@
+BR2_x86_pentiumpro=y
+BR2_DL_DIR="~/src"
+BR2_TARGET_GENERIC_GETTY_PORT="tty1"
+BR2_PACKAGE_ALSA_LIB=y
+BR2_PACKAGE_BZIP2=y
+BR2_PACKAGE_LZOP=y
+BR2_PACKAGE_DIRECTFB=y
+BR2_PACKAGE_IOSTAT=y
+BR2_PACKAGE_KBD=y
+BR2_PACKAGE_BERKELEYDB=y
+BR2_PACKAGE_PCRE=y
+BR2_PACKAGE_NETSNMP=y
+BR2_PACKAGE_TTCP=y
+BR2_PACKAGE_UEMACS=y
+BR2_PACKAGE_HOST_OPENOCD=y
+BR2_TARGET_ROOTFS_EXT2=y
+# BR2_TARGET_ROOTFS_TAR is not set
+BR2_LINUX_KERNEL=y
+BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
+BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86/linux-3.2.config"
-- 
1.7.5.4

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Luca Ceresoli]

Hi,

for the lazy, here's how the output produced by 'make legal-info' looks 
like.
It is the result of the legal_info_test_defconfig supplied in the last 
patch,
generated fir an out-of-tree BR build (cool, looks like it works!).

$ make legal-info
...
WARNING: The Buildroot source code has not be saved
WARNING: The toolchain has not be saved
WARNING: freetype: cannot save license (FREETYPE_LICENSE_FILES not defined)
WARNING: iostat: cannot save license (IOSTAT_LICENSE_FILES not defined)
WARNING: jpeg: cannot save license (JPEG_LICENSE_FILES not defined)
...
WARNING: binutils: cannot save license (BINUTILS_LICENSE_FILES not defined)
WARNING: autoconf: cannot save license (AUTOCONF_LICENSE_FILES not defined)
WARNING: automake: cannot save license (AUTOMAKE_LICENSE_FILES not defined)
...
Legal info produced in /home/murray/devel/test-legal1/legal-info

$ ls -F legal-info/
buildroot.config  licenses/  licenses.txt  manifest.csv  README  sources/

$ cat legal-info/README
Most of the packages that were used by Buildroot to produce the image files,
including Buildroot itself, have open-source licenses. It is your
responsibility to comply to the requirements of these licenses.
To make this easier for you, Buildroot collected in this directory some
material you may need to get it done.

This material is composed of the following items.
  * The scripts used to control compilation of the packages and the 
generation
    of image files, i.e. the Buildroot sources.
    Note: this has not be saved due to technical limitations, you must 
collect
    it manually.
  * The Buildroot configuration file; this has been saved in 
buildroot.config.
  * The toolchain (cross-compiler and related tools) used to generate 
all the
    compiled programs.
    Note: this has not be saved due to technical limitations, you must 
collect
    it manually.
  * The source code for all packages; this has been saved in the sources/
    subdirectory (except for the proprietary packages, which have not been
    saved); patches applied to some packages by Buildroot are included 
in the
    Buildroot sources and were not duplicated in the sources/ subdirectory.
  * A manifest file listing the configured packages and related information;
  * The license text of the packages; they have been saved in the licenses/
    subdirectory.

Due to technical limitations or lack of license definition in the package
makefile, some of the material listed above could not been saved, as the
following list details.

WARNING: The Buildroot source code has not be saved
WARNING: The toolchain has not be saved
WARNING: freetype: cannot save license (FREETYPE_LICENSE_FILES not defined)
WARNING: iostat: cannot save license (IOSTAT_LICENSE_FILES not defined)
WARNING: jpeg: cannot save license (JPEG_LICENSE_FILES not defined)
...
WARNING: Cannot produce any legal info for package ttcp
WARNING: Cannot produce any legal info for package uemacs
...

$ cat legal-info/manifest.csv
package,version,license,license files,source archive
buildroot,2012.05-git,GPLv2,COPYING,not saved
berkeleydb,4.4.20,Sleepycat License,LICENSE,db-4.4.20.NC.tar.gz
busybox,1.19.4,GPLv2-ONLY,LICENSE,busybox-1.19.4.tar.bz2
bzip2,1.0.5,BSD-like,LICENSE,bzip2-1.0.5.tar.gz
directfb,1.4.15,LGPLv2.1,COPYING,DirectFB-1.4.15.tar.gz
foobar,1.2.3.4,PROPRIETARY,not saved,not saved
freetype,2.4.8,unknown,not saved,freetype-2.4.8.tar.bz2
...

$ cat legal-info/licenses.txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
      buildroot: COPYING file
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


             GNU GENERAL PUBLIC LICENSE
                Version 2, June 1991

  Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA


...

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
      binutils: unknown license file(s)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
      autoconf: unknown license file(s)
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


$ head legal-info/buildroot.config
#
# Automatically generated make config: don't edit
# Buildroot 2012.05-git Configuration
#
BR2_HAVE_DOT_CONFIG=y
# BR2_arm is not set
# BR2_armeb is not set
# BR2_avr32 is not set
# BR2_bfin is not set
BR2_i386=y

$ ls -F legal-info/sources/
alsa-lib-1.0.24.1.tar.bz2  libtool-2.2.10.tar.gz
autoconf-2.65.tar.bz2      libusb-1.0.8.tar.bz2
automake-1.11.1.tar.bz2    libusb-compat-0.1.3.tar.bz2
binutils-2.21.1.tar.bz2    linux-3.2.6.tar.bz2
busybox-1.19.4.tar.bz2     lzo-2.06.tar.gz
bzip2-1.0.5.tar.gz         lzop-1.03.tar.gz
...

$ find legal-info/licenses -type f
legal-info/licenses/tslib/COPYING
legal-info/licenses/linux/COPYING
legal-info/licenses/berkeleydb/LICENSE
legal-info/licenses/libusb/COPYING
legal-info/licenses/directfb/COPYING
legal-info/licenses/pcre/LICENCE
...

Luca

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Yann E. MORIN]

Lucas, All,

On Wednesday 07 March 2012 21:58:00 Luca Ceresoli wrote:
> This second RFC incorporates many of the additions and modifications that have
> been discussed, as well as many other improvements. Thanks Arnout, ThomasDS and
> others for their review, and the BDD participants for their suggestions.

Woohoo, that's impressive! :-)

>   $ find legal-info/ -type f
>   legal-info/README            # Lists saved stuff, warns about unsaved
>   stuff legal-info/licenses.txt      # Text of all licenses
>   legal-info/buildroot.config  # The buildroot config
>   legal-info/licenses/buildroot/COPYING       # License files, one dir per
>   pkg legal-info/licenses/busybox/LICENSE         # ...
>   legal-info/licenses/...other packages...    # ...
>   legal-info/manifest.csv                     # CSV table summarizing all
>   info legal-info/sources/busybox-1.19.4.tar.bz2   # tarballs
>   legal-info/sources/kmod-5.tar.xz            # ...
>   legal-info/sources/libtool-2.2.10.tar.gz    # ...
>   legal-info/sources/...other packages...     # ...

I would expect a one-directory-pre-package layout (personal opinion):
  legal-info/busybox/LICENSE
  legal-info/busybox/busybox-1.19.4.tar.bz2
  legal-info/kmod/COPYING
  legal-info/kmod/kmod-5.tar.bz2
  ...

[--SNIP--]
> ISSUE 2: Packages with multiple licenses
> ========================================
> 
> Some packages (e.g. freetype, qt) allow to choose among different licenses.
> - Should we add an option in menuconfig for choosing the license? This would
>   allow to generate "customized" manifest and license files.
> - Or should we save all licenses and and define the package license as, for
>   instance:
>     QT_LICENSE = GPLv3 or LGPLv2.1 or COMMERCIAL?

It would probably be possible to do:
    QT_LICENSE = GPLv3
    ifeq ($(blabla),y)
    QT_LICENSE += LGPLv2.1
    endif

and so on...

> ISSUE 3: packages without a license file
> ========================================
> 
> Some packages (e.g. tslib) do not have a license file. Instead, the license is
> written in a comment at the top of one or more source files. In such cases we
> planned that the package maintainer would manually copy this text into a file
> in the package directory (where the .mk lives) and the teach the infrastructure
> where it is, so it gets copied from there.
> 
> I haven't started working on an implementation of this feature yet, but at
> first sight it's not totally trivial. The problem is the <PKG>_LICENSE_FILES
> definition as it is implemented in the present RFC does not easily allow to
> discriminate between a file in $(O)/build/<pkg>-<ver>/ and a file in
> packages/<pkg>/.
> 
> This is how it works now:
>         @cp $(addprefix $$($(2)_DIR)/,$$($(3)_LICENSE_FILES)) \
>                 $(LICENSE_FILES_DIR)/$$($(3)_NAME)/
> It assumes the files are in the package build dir, $(2)_DIR, which allows a
> very simple and clean implementation.
> 
> In order to support a copy from the package directory, option 1 is to define
> the full path in <PKG>_LICENSE_FILES, and remove the addprefix from the above
> code snipped. Example:
>   FOO_LICENSE_FILES = $(BUILD_DIR)/foo-$(FOO_VERSION)/COPYING
>   BAR_LICENSE_FILES = packages/bar/COPYING
> which is not very pleasant to read, and is quite error-prone for the developer
> adding a package.
> 
> Option 2 would be to have two distinct constants for the two cases:
>   FOO_LICENSE_FILES_IN_BUILD_DIR = COPYING
>   BAR_LICENSE_FILES_IN_PACKAGE_DIR = COPYING
> Even with better constant names this would not be extremely beautiful IMHO.
> 
> Option 3 is to wait for a smarter idea coming from your reviews! :)

Proposal:
  - FOO_LICENSE_FILES = list of license files
  - FOO_LICENSE_HOOK = macros to call to copy the license files

> TODO in the next patchset before merging into mainline
> ======================================================
> 
> - Add to the documentation:
>   - some words of advice from Buildroot developers about how to comply to GPL
>     and other open source licenses;
>   - brief instructions on using this stuff ('make legal-info');
>  - instructions in the GENTARGETS section about the _LICENSE and _LICENSE_FILES
>    constants.
> 
> - Write a few lines of explanation in the log message of the first big commit,
>   the one that implements all the logic.
> 
> - Save a defconfig instead of the whole .config for the Buildroot configuration?
>   Which one would you better like?

A full .config, from experiemce...

And what about the linux, uClibc and busybox .config files? Unless I missed
something in your email, you did not address these...

Thank you for doing this!

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [RFC v2 16/31] linux: define license

[Yann E. MORIN]

Lucas, All,

On Wednesday 07 March 2012 21:58:16 Luca Ceresoli wrote:
> Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
> ---
>  linux/linux.mk |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/linux/linux.mk b/linux/linux.mk
> index ae236d4..e6f2388 100644
> --- a/linux/linux.mk
> +++ b/linux/linux.mk
> @@ -4,6 +4,8 @@
>  #
>  ###############################################################################
>  LINUX_VERSION=$(call qstrip,$(BR2_LINUX_KERNEL_VERSION))
> +LINUX_LICENSE = GPLv2-ONLY

What's the point of giving the version 'v2' and stating 'only'?
I would rather see:
  values        meaning
  -------------------------------
  GPLv2         GPLv2 only
  GPLv2+        GPLv2 or later
  LGPLv2.1      LGPLv2.1 only
  LGPLv2.1+     LGPLv2.1 or later
  ...           ...

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [RFC v2 19/31] bzip2: define license

[Yann E. MORIN]

On Wednesday 07 March 2012 21:58:19 Luca Ceresoli wrote:
> Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
> ---
>  package/bzip2/bzip2.mk |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/package/bzip2/bzip2.mk b/package/bzip2/bzip2.mk
> index 1bc4449..028c2f2 100644
> --- a/package/bzip2/bzip2.mk
> +++ b/package/bzip2/bzip2.mk
> @@ -7,6 +7,8 @@ BZIP2_VERSION:=1.0.5
>  BZIP2_SONAME=1.0.4
>  BZIP2_SOURCE:=bzip2-$(BZIP2_VERSION).tar.gz
>  BZIP2_SITE:=http://www.bzip.org/$(BZIP2_VERSION)
> +BZIP2_LICENSE = BSD-like

I think it makes sense to have:

  value         meaning
  -------------------------------
  BSD-4c        Original BSD 4-clause
  BSD           Alias for the above
  BSD-3c        BSD 3-clause
  BSD-2c        BSD 2-clause

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Yann E. MORIN]

Lucas, All,

On Wednesday 07 March 2012 21:58:00 Luca Ceresoli wrote:
> This second RFC incorporates many of the additions and modifications that have
> been discussed, as well as many other improvements. Thanks Arnout, ThomasDS and
> others for their review, and the BDD participants for their suggestions.

Is there a public git tree we can pull from?

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Luca Ceresoli]

Yann E. MORIN wrote:
> Lucas, All,
>
> On Wednesday 07 March 2012 21:58:00 Luca Ceresoli wrote:
>> This second RFC incorporates many of the additions and modifications that have
>> been discussed, as well as many other improvements. Thanks Arnout, ThomasDS and
>> others for their review, and the BDD participants for their suggestions.
> Is there a public git tree we can pull from?

No, sorry. But I might set up one on github next time.

Luca

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Luca Ceresoli]

Yann,
thanks for the review.

Yann E. MORIN wrote:
> Lucas, All,

s/Lucas/Luca/ :)

>    $ find legal-info/ -type f
>    legal-info/README            # Lists saved stuff, warns about unsaved
>    stuff legal-info/licenses.txt      # Text of all licenses
>    legal-info/buildroot.config  # The buildroot config
>    legal-info/licenses/buildroot/COPYING       # License files, one dir per
>    pkg legal-info/licenses/busybox/LICENSE         # ...
>    legal-info/licenses/...other packages...    # ...
>    legal-info/manifest.csv                     # CSV table summarizing all
>    info legal-info/sources/busybox-1.19.4.tar.bz2   # tarballs
>    legal-info/sources/kmod-5.tar.xz            # ...
>    legal-info/sources/libtool-2.2.10.tar.gz    # ...
>    legal-info/sources/...other packages...     # ...
> I would expect a one-directory-pre-package layout (personal opinion):
>    legal-info/busybox/LICENSE
>    legal-info/busybox/busybox-1.19.4.tar.bz2
>    legal-info/kmod/COPYING
>    legal-info/kmod/kmod-5.tar.bz2
>    ...

I thought about the usage I would make of this material. The tarballs must go
into some CD or website or similar. The licenses may be sent to documentation
writers so they can typeset them in a document (if for some reason they do not
want to use the produced licenses.txt file).


> [--SNIP--]
>> ISSUE 2: Packages with multiple licenses
>> ========================================
>>
>> Some packages (e.g. freetype, qt) allow to choose among different licenses.
>> - Should we add an option in menuconfig for choosing the license? This would
>>    allow to generate "customized" manifest and license files.
>> - Or should we save all licenses and and define the package license as, for
>>    instance:
>>      QT_LICENSE = GPLv3 or LGPLv2.1 or COMMERCIAL?
> It would probably be possible to do:
>      QT_LICENSE = GPLv3
>      ifeq ($(blabla),y)
>      QT_LICENSE += LGPLv2.1
>      endif
>
> and so on...

Well, Qt allows to choose the license you want. So you can use all of it under
the GPLv3, or all of it under LGPLv2.1, or all of it purchasing a commercial
license.

The same applies to FreeType: "FreeType comes with two licenses from which you
can choose the one which fits your needs best."
(http://freetype.org/license.html).

In such cases, for what concerns Buildroot, I think we should either that the
package in Buildroot is always used with a given license (e.g. LGPLv2.1 for Qt)
or allow the Buildroot user to choose via menuconfig.

Your code snippet is perfect for a package that has a GPLv3 part that's always
compiled and an optional LGPLv2.1 part.


>> ISSUE 3: packages without a license file
>> ========================================
>>
>> Some packages (e.g. tslib) do not have a license file. Instead, the license is
>> written in a comment at the top of one or more source files. In such cases we
>> planned that the package maintainer would manually copy this text into a file
>> in the package directory (where the .mk lives) and the teach the infrastructure
>> where it is, so it gets copied from there.
>>
>> I haven't started working on an implementation of this feature yet, but at
>> first sight it's not totally trivial. The problem is the<PKG>_LICENSE_FILES
>> definition as it is implemented in the present RFC does not easily allow to
>> discriminate between a file in $(O)/build/<pkg>-<ver>/ and a file in
>> packages/<pkg>/.
>>
>> This is how it works now:
>>          @cp $(addprefix $$($(2)_DIR)/,$$($(3)_LICENSE_FILES)) \
>>                  $(LICENSE_FILES_DIR)/$$($(3)_NAME)/
>> It assumes the files are in the package build dir, $(2)_DIR, which allows a
>> very simple and clean implementation.
>>
>> In order to support a copy from the package directory, option 1 is to define
>> the full path in<PKG>_LICENSE_FILES, and remove the addprefix from the above
>> code snipped. Example:
>>    FOO_LICENSE_FILES = $(BUILD_DIR)/foo-$(FOO_VERSION)/COPYING
>>    BAR_LICENSE_FILES = packages/bar/COPYING
>> which is not very pleasant to read, and is quite error-prone for the developer
>> adding a package.
>>
>> Option 2 would be to have two distinct constants for the two cases:
>>    FOO_LICENSE_FILES_IN_BUILD_DIR = COPYING
>>    BAR_LICENSE_FILES_IN_PACKAGE_DIR = COPYING
>> Even with better constant names this would not be extremely beautiful IMHO.
>>
>> Option 3 is to wait for a smarter idea coming from your reviews! :)
> Proposal:
>    - FOO_LICENSE_FILES = list of license files
>    - FOO_LICENSE_HOOK = macros to call to copy the license files

Meaning something like the current POST_{CONFIGURE|INSTALL_TARGET|...}_HOOKS?
Good idea, concise and readable. But we should also provide a macro (or a
script) to copy the license files, such as:

   $(call COPY_LICENSE_FILES,pkgname,pkgver,license_file(s))

that copies to $(O)/legal-info/pkgname-pkgver, cats into licenses.txt and
fills manifest.csv.

I'll try to code something like this.


>> TODO in the next patchset before merging into mainline
>> ======================================================
>>
>> - Add to the documentation:
>>    - some words of advice from Buildroot developers about how to comply to GPL
>>      and other open source licenses;
>>    - brief instructions on using this stuff ('make legal-info');
>>   - instructions in the GENTARGETS section about the _LICENSE and _LICENSE_FILES
>>     constants.
>>
>> - Write a few lines of explanation in the log message of the first big commit,
>>    the one that implements all the logic.
>>
>> - Save a defconfig instead of the whole .config for the Buildroot configuration?
>>    Which one would you better like?
> A full .config, from experiemce...
>
> And what about the linux, uClibc and busybox .config files? Unless I missed
> something in your email, you did not address these...

I considered they are part of Buildroot, so they are kind of addressed... by
the warning that says you have to tar your Buildroot on your own.

These may be added of course, but then we might ask ourselves if we should
also save the post-built script, custom skeleton, additional device table
files, whatever else... This would be hard to maintain.

Luca

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Yann E. MORIN]

Luca, All,

On Thursday 08 March 2012 11:02:32 Luca Ceresoli wrote:
> Yann E. MORIN wrote:
> > I would expect a one-directory-pre-package layout (personal opinion):
> >    legal-info/busybox/LICENSE
> >    legal-info/busybox/busybox-1.19.4.tar.bz2
> >    legal-info/kmod/COPYING
> >    legal-info/kmod/kmod-5.tar.bz2
> >    ...
> 
> I thought about the usage I would make of this material. The tarballs must go
> into some CD or website or similar. The licenses may be sent to documentation
> writers so they can typeset them in a document (if for some reason they do not
> want to use the produced licenses.txt file).

Which is also a valid point of view. Besides, packages (most of them, at
least) do include their own license file (in COPYING or the likes).

Agreed.

> > [--SNIP--]
> >> ISSUE 2: Packages with multiple licenses
> >> ========================================
> >>
> >> Some packages (e.g. freetype, qt) allow to choose among different licenses.
> >> - Should we add an option in menuconfig for choosing the license? This would
> >>    allow to generate "customized" manifest and license files.
> >> - Or should we save all licenses and and define the package license as, for
> >>    instance:
> >>      QT_LICENSE = GPLv3 or LGPLv2.1 or COMMERCIAL?
> > It would probably be possible to do:
> >      QT_LICENSE = GPLv3
> >      ifeq ($(blabla),y)
> >      QT_LICENSE += LGPLv2.1
> >      endif
> >
> > and so on...
> 
> Well, Qt allows to choose the license you want. So you can use all of it under
> the GPLv3, or all of it under LGPLv2.1, or all of it purchasing a commercial
> license.
> 
> The same applies to FreeType: "FreeType comes with two licenses from which you
> can choose the one which fits your needs best."
> (http://freetype.org/license.html).
> 
> In such cases, for what concerns Buildroot, I think we should either that the
> package in Buildroot is always used with a given license (e.g. LGPLv2.1 for Qt)
> or allow the Buildroot user to choose via menuconfig.
> 
> Your code snippet is perfect for a package that has a GPLv3 part that's always
> compiled and an optional LGPLv2.1 part.

In the end, what you did with your Qt patch, plus my proposal above,
should cover all cases:

  - single license
  - multiple licenses
  - conditional licenses

After all, this is a 'make' variable, so you can set it the way you want.

> >> ISSUE 3: packages without a license file
[--SNIP--]
> >> Option 3 is to wait for a smarter idea coming from your reviews! :)
> >
> > Proposal:
> >    - FOO_LICENSE_FILES = list of license files
> >    - FOO_LICENSE_HOOK = macros to call to copy the license files
> 
> Meaning something like the current POST_{CONFIGURE|INSTALL_TARGET|...}_HOOKS?
> Good idea, concise and readable. But we should also provide a macro (or a
> script) to copy the license files, such as:
> 
>    $(call COPY_LICENSE_FILES,pkgname,pkgver,license_file(s))
> 
> that copies to $(O)/legal-info/pkgname-pkgver, cats into licenses.txt and
> fills manifest.csv.

It should be part of the generic package infrastructure. So, one only needs to
call any of :
    $(eval $(call GENTARGETS,package,libfoo))
    $(eval $(call AUTOTARGETS,package,libfoo))
    $(eval $(call CMAKETARGETS,package,libfoo))

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [RFC v2 01/31] legal-info: infrastructure to collect legally-relevant material

[Thomas De Schampheleire]

On Wed, Mar 7, 2012 at 9:58 PM, Luca Ceresoli <luca@lucaceresoli.net> wrote:
> Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
> ---
> ?Makefile ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?| ? 52 ++++++++++++++++++++++++-
> ?package/Makefile.package.in ? ? ? ? ? ? ? | ? 59 +++++++++++++++++++++++++++++
> ?support/legal-info/README.header ? ? ? ? ?| ? 24 ++++++++++++
> ?support/legal-info/README.warnings-header | ? ?4 ++
> ?4 files changed, 136 insertions(+), 3 deletions(-)
> ?create mode 100644 support/legal-info/README.header
> ?create mode 100644 support/legal-info/README.warnings-header
>
> diff --git a/Makefile b/Makefile
> index d508888..b78aaf8 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -284,6 +284,15 @@ TARGET_DIR:=$(BASE_DIR)/target
> ?TOOLCHAIN_DIR=$(BASE_DIR)/toolchain
> ?TARGET_SKELETON=$(TOPDIR)/fs/skeleton
>
> +LEGAL_INFO_DIR=$(BASE_DIR)/legal-info
> +REDIST_SOURCES_DIR=$(LEGAL_INFO_DIR)/sources
> +LICENSE_FILES_DIR=$(LEGAL_INFO_DIR)/licenses
> +LEGAL_MANIFEST_CSV=$(LEGAL_INFO_DIR)/manifest.csv
> +LEGAL_LICENSES_TXT=$(LEGAL_INFO_DIR)/licenses.txt
> +LEGAL_WARNINGS=$(LEGAL_INFO_DIR)/.warnings

I'm not sure if this should be a hidden file, as it is quite important
for a user to really see this.

> +LEGAL_REPORT=$(LEGAL_INFO_DIR)/README
> +LEGAL_INFO_SEPARATOR="::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
> +
> ?ifeq ($(BR2_CCACHE),y)
> ?CCACHE:=$(HOST_DIR)/usr/bin/ccache
> ?CCACHE_CACHE_DIR=$(HOME)/.buildroot-ccache
> @@ -362,6 +371,10 @@ HOST_DEPS = $(sort $(foreach dep,\
> ? ? ? ? ? ? ? ?$($(dep))))
> ?HOST_SOURCE += $(addsuffix -source,$(sort $(TARGETS_HOST_DEPS) $(HOST_DEPS)))
>
> +TARGETS_LEGAL_INFO:=$(patsubst %,%-legal-info,\
> + ? ? ? ? ? ? ? $(filter-out host-makedevs,\
> + ? ? ? ? ? ? ? $(TARGETS) $(BASE_TARGETS) $(TARGETS_HOST_DEPS) $(HOST_DEPS))))
> +
> ?# all targets depend on the crosscompiler and it's prerequisites
> ?$(TARGETS_ALL): __real_tgt_%: $(BASE_TARGETS) %
>
> @@ -395,8 +408,9 @@ $(HOST_DIR)/usr/share/buildroot/toolchainfile.cmake:
> ? ? ? ?" > $@
>
> ?.PHONY: all world dirs clean distclean source outputmakefile \
> + ? ? ? legal-info legal-info-prepare legal-info-clean \
> ? ? ? ?$(BASE_TARGETS) $(TARGETS) $(TARGETS_ALL) \
> - ? ? ? $(TARGETS_CLEAN) $(TARGETS_DIRCLEAN) $(TARGETS_SOURCE) \
> + ? ? ? $(TARGETS_CLEAN) $(TARGETS_DIRCLEAN) $(TARGETS_SOURCE) $(TARGETS_LEGAL_INFO) \
> ? ? ? ?$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(STAGING_DIR) $(TARGET_DIR) \
> ? ? ? ?$(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR)
>
> @@ -406,7 +420,7 @@ $(HOST_DIR)/usr/share/buildroot/toolchainfile.cmake:
> ?# dependencies anywhere else
> ?#
> ?#############################################################
> -$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR):
> +$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR) $(LEGAL_INFO_DIR) $(REDIST_SOURCES_DIR):
> ? ? ? ?@mkdir -p $@
>
> ?$(STAGING_DIR):
> @@ -513,6 +527,37 @@ source: dirs $(TARGETS_SOURCE) $(HOST_SOURCE)
> ?external-deps:
> ? ? ? ?@$(MAKE) -Bs DL_MODE=SHOW_EXTERNAL_DEPS $(EXTRAMAKEARGS) source | sort -u
>
> +legal-info-clean:
> + ? ? ? @rm -fr $(LEGAL_INFO_DIR)
> +
> +legal-info-prepare: $(LEGAL_INFO_DIR)
> + ? ? ? @echo "package,version,license,license files,source archive" \
> + ? ? ? ? ? ? ? >>$(LEGAL_MANIFEST_CSV)
> + ? ? ? @mkdir -p $(LICENSE_FILES_DIR)/buildroot
> + ? ? ? @cp COPYING $(LICENSE_FILES_DIR)/buildroot/COPYING
> + ? ? ? @echo -e "$(LEGAL_INFO_SEPARATOR)\n\t buildroot:" \
> + ? ? ? ? ? ? ? "COPYING file\n$(LEGAL_INFO_SEPARATOR)\n\n" \
> + ? ? ? ? ? ? ? ? ? ? ? >>$(LEGAL_LICENSES_TXT)
> + ? ? ? @cat COPYING >>$(LEGAL_LICENSES_TXT)
> + ? ? ? @echo >>$(LEGAL_LICENSES_TXT)
> + ? ? ? @echo "buildroot,$(BR2_VERSION_FULL),GPLv2,COPYING,not saved" \
> + ? ? ? ? ? ? ? >>$(LEGAL_MANIFEST_CSV)
> + ? ? ? @echo "WARNING: The Buildroot source code has not be saved" \

s/be/been
This should be fixed in a few places in the patchset.

> + ? ? ? ? ? ? ? >>$(LEGAL_WARNINGS)
> + ? ? ? @echo "WARNING: The toolchain has not be saved" \
> + ? ? ? ? ? ? ? >>$(LEGAL_WARNINGS)
> + ? ? ? @cp $(CONFIG_DIR)/.config $(LEGAL_INFO_DIR)/buildroot.config
> +
> +legal-info: legal-info-clean legal-info-prepare $(REDIST_SOURCES_DIR) \
> + ? ? ? ? ? ? ? $(TARGETS_LEGAL_INFO)
> + ? ? ? @cat support/legal-info/README.header >>$(LEGAL_REPORT)
> + ? ? ? @if [ -r $(LEGAL_WARNINGS) ]; then \
> + ? ? ? ? ? ? ? cat support/legal-info/README.warnings-header \
> + ? ? ? ? ? ? ? ? ? ? ? $(LEGAL_WARNINGS) >>$(LEGAL_REPORT); \
> + ? ? ? ? ? ? ? cat $(LEGAL_WARNINGS); fi
> + ? ? ? @echo "Legal info produced in $(LEGAL_INFO_DIR)"
> + ? ? ? @rm -f $(LEGAL_WARNINGS)
> +

I think the readability of this can be improved by creating a set of
functions to produce a warning, to add a line to the csv, etc.
Moreover, the details about the format of these files will be grouped
in one place.
For example (untested):

define legal-add-warning # (pkg, warning)
@echo "WARNING: $(1): $(warning)" >>$(LEGAL_WARNINGS)
endef

define legal-add-csv-line # (pkg, version, license, license file, source file)
@echo "$(1),$(2),$(3),$(4),$(5)" >>$(LEGAL_MANIFEST_CSV)
endef

Example calls would be:
$(call legal-add-warning,buildroot,source code has not been saved)
$(call legal-add-csv-line,$$($(3)_NAME),$$($(3)_VERSION),$$($(3)_LICENSE),not
saved,not saved)

These functions can be used in Makefile, in Makefile.package.in below,
and even for packages that do not follow gentargets but still want to
hook into the legal infrastructure.


> ?show-targets:
> ? ? ? ?@echo $(TARGETS)
>
> @@ -634,7 +679,8 @@ endif
>
> ?clean:
> ? ? ? ?rm -rf $(STAGING_DIR) $(TARGET_DIR) $(BINARIES_DIR) $(HOST_DIR) \
> - ? ? ? ? ? ? ? $(STAMP_DIR) $(BUILD_DIR) $(TOOLCHAIN_DIR) $(BASE_DIR)/staging
> + ? ? ? ? ? ? ? $(STAMP_DIR) $(BUILD_DIR) $(TOOLCHAIN_DIR) $(BASE_DIR)/staging \
> + ? ? ? ? ? ? ? $(LEGAL_INFO_DIR)
>
> ?distclean: clean
> ?ifeq ($(DL_DIR),$(TOPDIR)/dl)
> diff --git a/package/Makefile.package.in b/package/Makefile.package.in
> index 59adce1..262cc6a 100644
> --- a/package/Makefile.package.in
> +++ b/package/Makefile.package.in
> @@ -505,6 +505,8 @@ ifndef $(2)_SOURCE
> ?endif
> ?endif
>
> +$(2)_LICENSE ? ? ? ? ? ? ? ? ? ?= unknown
> +
> ?ifndef $(2)_PATCH
> ?ifdef $(3)_PATCH
> ? $(2)_PATCH = $($(3)_PATCH)
> @@ -644,6 +646,62 @@ $(1)-rsync: ? ? ? ? ? ? ? ?$$($(2)_TARGET_RSYNC)
> ?$(1)-source: ? ? ? ? ? $$($(2)_TARGET_RSYNC_SOURCE)
> ?endif
>
> +# legal-info: produce legally relevant info.
> +ifneq ($$($(3)_LICENSE),PROPRIETARY)
> +ifneq ($$($(3)_SITE_METHOD),local)
> +ifneq ($$($(3)_SITE_METHOD),override)
> +# Packages that have a tarball need it downloaded and extracted beforehand
> +$(1)-legal-info: ? ? ? $(1)-extract $(REDIST_SOURCES_DIR)
> +endif
> +endif
> +endif
> +
> +$(1)-legal-info:
> + ? ? ? @echo -n "$$($(3)_NAME),$$($(3)_VERSION),$$($(3)_LICENSE)," \
> + ? ? ? ? ? ? ? >>$(LEGAL_MANIFEST_CSV)
> +ifeq ($$($(3)_LICENSE),PROPRIETARY)
> +# Proprietary packages: nothing to save
> + ? ? ? @echo "not saved,not saved" >>$(LEGAL_MANIFEST_CSV)
> +else ifeq ($$($(3)_SITE_METHOD),local)
> +# Packages without a tarball: don't save and warn
> + ? ? ? @echo "not saved,not saved" >>$(LEGAL_MANIFEST_CSV)
> + ? ? ? @echo "WARNING: $$($(3)_NAME): sources and license files not saved" \
> + ? ? ? ? ? ? ? "(local packages not handled)" \
> + ? ? ? ? ? ? ? >>$(LEGAL_WARNINGS)
> +else ifeq ($$($(3)_SITE_METHOD),override)
> + ? ? ? @echo "not saved,not saved" >>$(LEGAL_MANIFEST_CSV)
> + ? ? ? @echo "WARNING: ?$$($(3)_NAME): sources and license files not saved" \
> + ? ? ? ? ? ? ? "(override packages not handled)" \
> + ? ? ? ? ? ? ? >>$(LEGAL_WARNINGS)
> +else
> +# Other packages
> +# Save license files if defined
> +ifeq ($(call qstrip,$$($(3)_LICENSE_FILES)),)
> + ? ? ? @echo -n "not saved," >>$(LEGAL_MANIFEST_CSV)
> + ? ? ? @echo -e "$(LEGAL_INFO_SEPARATOR)\n\t $$($(3)_NAME):" \
> + ? ? ? ? ? ? ? "unknown license file(s)\n$(LEGAL_INFO_SEPARATOR)\n\n" \
> + ? ? ? ? ? ? ? ? ? ? ? >>$(LEGAL_LICENSES_TXT)
> + ? ? ? @echo "WARNING: $$($(3)_NAME): cannot save license" \
> + ? ? ? ? ? ? ? "($(3)_LICENSE_FILES not defined)" >>$(LEGAL_WARNINGS)
> +else
> + ? ? ? @mkdir -p $(LICENSE_FILES_DIR)/$$($(3)_NAME)/
> + ? ? ? @cp $(addprefix $$($(2)_DIR)/,$$($(3)_LICENSE_FILES)) \
> + ? ? ? ? ? ? ? $(LICENSE_FILES_DIR)/$$($(3)_NAME)/
> + ? ? ? @echo -n "$$($(3)_LICENSE_FILES)," >>$(LEGAL_MANIFEST_CSV)
> + ? ? ? @for F in $$($(3)_LICENSE_FILES); do \
> + ? ? ? ? ? ? ? echo -e "$(LEGAL_INFO_SEPARATOR)\n\t $$($(3)_NAME):" \
> + ? ? ? ? ? ? ? ? ? ? ? "$$$${F} file\n$(LEGAL_INFO_SEPARATOR)\n" \
> + ? ? ? ? ? ? ? ? ? ? ? >>$(LEGAL_LICENSES_TXT); \
> + ? ? ? ? ? ? ? cat $$($(2)_DIR)/$$$${F} >>$(LEGAL_LICENSES_TXT); \
> + ? ? ? ? ? ? ? echo >>$(LEGAL_LICENSES_TXT); \
> + ? ? ? ? ? ? ? done
> +endif
> +# Copy the source tarball (just hardlink if possible)
> + ? ? ? @cp -l $(DL_DIR)/$$($(3)_SOURCE) $(REDIST_SOURCES_DIR) 2>/dev/null || \
> + ? ? ? ? ?cp $(DL_DIR)/$$($(3)_SOURCE) $(REDIST_SOURCES_DIR)
> + ? ? ? @echo "$$($(3)_SOURCE)" >>$(LEGAL_MANIFEST_CSV)
> +endif
> +
> ?$(1)-show-depends:
> ? ? ? ? ? ? ? ? ? ? ? ?@echo $$($(2)_DEPENDENCIES)
>
> @@ -687,6 +745,7 @@ $$($(2)_TARGET_PATCH): ? ? ? ? ? ? ? ? ? ? ?PKG=$(2)
> ?$$($(2)_TARGET_PATCH): ? ? ? ? ? ? ? ? RAWNAME=$(patsubst host-%,%,$(1))
> ?$$($(2)_TARGET_EXTRACT): ? ? ? ? ? ? ? PKG=$(2)
> ?$$($(2)_TARGET_SOURCE): ? ? ? ? ? ? ? ? ? ? ? ?PKG=$(2)
> +$$($(2)_TARGET_LEGAL_INFO): ? ? ? ? ? ?PKG=$(2)
> ?$$($(2)_TARGET_UNINSTALL): ? ? ? ? ? ? PKG=$(2)
> ?$$($(2)_TARGET_CLEAN): ? ? ? ? ? ? ? ? PKG=$(2)
> ?$$($(2)_TARGET_DIRCLEAN): ? ? ? ? ? ? ?PKG=$(2)
> diff --git a/support/legal-info/README.header b/support/legal-info/README.header
> new file mode 100644
> index 0000000..156ef7e
> --- /dev/null
> +++ b/support/legal-info/README.header
> @@ -0,0 +1,24 @@
> +Most of the packages that were used by Buildroot to produce the image files,
> +including Buildroot itself, have open-source licenses. It is your
> +responsibility to comply to the requirements of these licenses.
> +To make this easier for you, Buildroot collected in this directory some
> +material you may need to get it done.
> +
> +This material is composed of the following items.
> + * The scripts used to control compilation of the packages and the generation
> + ? of image files, i.e. the Buildroot sources.
> + ? Note: this has not be saved due to technical limitations, you must collect
> + ? it manually.
> + * The Buildroot configuration file; this has been saved in buildroot.config.
> + * The toolchain (cross-compiler and related tools) used to generate all the
> + ? compiled programs.
> + ? Note: this has not be saved due to technical limitations, you must collect
> + ? it manually.
> + * The source code for all packages; this has been saved in the sources/
> + ? subdirectory (except for the proprietary packages, which have not been
> + ? saved); patches applied to some packages by Buildroot are included in the
> + ? Buildroot sources and were not duplicated in the sources/ subdirectory.
> + * A manifest file listing the configured packages and related information;
> + * The license text of the packages; they have been saved in the licenses/
> + ? subdirectory.
> +
> diff --git a/support/legal-info/README.warnings-header b/support/legal-info/README.warnings-header
> new file mode 100644
> index 0000000..cd08290
> --- /dev/null
> +++ b/support/legal-info/README.warnings-header
> @@ -0,0 +1,4 @@
> +Due to technical limitations or lack of license definition in the package
> +makefile, some of the material listed above could not been saved, as the
> +following list details.
> +
> --
> 1.7.5.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Thomas De Schampheleire]

Hi Luca,

On Wed, Mar 7, 2012 at 9:58 PM, Luca Ceresoli <luca@lucaceresoli.net> wrote:
> Hi,
>
> during the latest two Buildroot Developers Days (in November 2011 and February
> 2012) and in this mailing list there has been some discussion about introducing
> in Buildroot the possibility to automatically derive legally relevant material,
> such as licensing info and source tarballs for open source packages.
>
> I have submitted a first tentative RFC implementation of these features back in
> late January
> (http://lists.busybox.net/pipermail/buildroot/2012-January/049590.html).
>
> This second RFC incorporates many of the additions and modifications that have
> been discussed, as well as many other improvements. Thanks Arnout, ThomasDS and
> others for their review, and the BDD participants for their suggestions.
>
> This code is now fully working, meaning that the core features are there and
> those things that cannot be handled produce big fat warnings.
> I think this code does not need big changes before being merged (unless your
> review is catastrophic).

Thanks for continuing this work, I'm sure it will help many developers
out there.
I have added some suggestions/comments on the first patch. See below
for some other comments.

>
> However I hit a few issues that still need to be sorted out, see the "ISSUE"
> sections below.
>
> My approach is based on two per-package constants in eack .mk file, such as:
> ?FOOBAR_LICENSE = GPLv3 + LGPLv2.1
> ?FOOBAR_LICENSE_FILES = COPYING.LGPL demo-app/COPYING.GPL3
> or:
> ?MYAPP_LICENSE = PROPRIETARY
> ?# MYAPP_LICENSE_FILES not relevant in this case
> This is the only effort required to the package creator. If <PKG>_LICENSE is
> not specified it defaults to "unknown".
>
> After running 'make legal-info', the following things will be produced in
> $(O)/legal-info/:
> ?$ find legal-info/ -type f
> ?legal-info/README ? ? ? ? ? ?# Lists saved stuff, warns about unsaved stuff
> ?legal-info/licenses.txt ? ? ?# Text of all licenses
> ?legal-info/buildroot.config ?# The buildroot config
> ?legal-info/licenses/buildroot/COPYING ? ? ? # License files, one dir per pkg
> ?legal-info/licenses/busybox/LICENSE ? ? ? ? # ...
> ?legal-info/licenses/...other packages... ? ?# ...
> ?legal-info/manifest.csv ? ? ? ? ? ? ? ? ? ? # CSV table summarizing all info
> ?legal-info/sources/busybox-1.19.4.tar.bz2 ? # tarballs
> ?legal-info/sources/kmod-5.tar.xz ? ? ? ? ? ?# ...
> ?legal-info/sources/libtool-2.2.10.tar.gz ? ?# ...
> ?legal-info/sources/...other packages... ? ? # ...

I'm a bit confused by licenses.txt: if we already have each individual
license file in the licenses/<package> directory, why do we need an
aggregated set in licenses.txt ?

>
> Given the technical difficulties, the toolchain and the BR sources are not
> saved. Warnings are generated to make sure the user is aware of this.
>
> Following is an explanation of the open issues and future development
> directions. Actually issue 3 is the one where I mostly would like to have
> comments, so you may skip to it if your time is limited. Otherwise seat down
> comfortably and read on.
>
>
> ISSUE 1: the License Repository Feature
> =======================================
>
> The original idea that came out of the last Buildroot Developer Day was to
> maintain in BR a "license repository" holding those licenses that are used
> without change by many projects, such as the GPL family.
> Packages that cannot use this mechanism would need to explicitly define the
> license file in <PKG>_LICENSE_FILES.
>
> The idea of implementation was:
> ?if (<PKG>_LICENSE_FILES defined):
> ? ?copy $(<PKG>_LICENSE_FILES)
> ?else if (<PKG>_LICENSE = *GPL*, or any other known that's always equal):
> ? ?copy file from a "license repo dir" (one copy only per file);
> ?else:
> ? ?copy nothing and warn user
>
> Unfortunately, as Will Moore also pointed out, I discovered that the same
> license (e.g. GPLv2) is not always identical between two packages, although
> the differences might be not substantial.
>
> I do not have precise figures, but the number of variations might be quite
> large. In a config with ~25 packages enabled I got this:
> ?$ make external-deps|wc -l
> ?39
> ?$ find . -iname "COPYING*" -o -iname "LICENSE*" | \
> ? ?xargs grep -l 'Version 2,' | xargs md5sum | \
> ? ?awk '{print $1}'|sort|uniq|wc -l
> ?20
>
> These are 20 different GPLv2 files! Some only have whitespace changes, some
> have other little differences. An example:
>
> ?$ diff -u0 -b ?./binutils-2.21.1/COPYING ./libtool-2.2.10/COPYING
> ?--- ./binutils-2.21.1/COPYING 2005-07-14 03:24:56.000000000 +0200
> ?+++ ./libtool-2.2.10/COPYING ?2010-05-20 23:18:41.000000000 +0200
> ? @@ -4 +4 @@
> ? - Copyright (C) 1989, 1991 Free Software Foundation, Inc.
> ? + Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
>
> An added comma.
>
> ? @@ -18 +18 @@
> ? -the GNU Library General Public License instead.) ?You can apply it to
> ? +the GNU Lesser General Public License instead.) ?You can apply it to
>
> This updates a reference to another license.
>
> ?@@ -306,4 +306,3 @@
> ?- ? ?You should have received a copy of the GNU General Public License
> ?- ? ?along with this program; if not, write to the Free Software
> ?- ? ?Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ?02110-1301 ?USA
> ?-
> ?+ ? ?You should have received a copy of the GNU General Public License along
> ?+ ? ?with this program; if not, write to the Free Software Foundation, Inc.,
> ?+ ? ?51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>
> Just formatting changes here.
>
> ?@@ -339 +338 @@
> ?-library. ?If this is what you want to do, use the GNU Library General
> ?+library. ?If this is what you want to do, use the GNU Lesser General
>
> Same as above.
>
> Another example:
>
> ?$ diff -u0 -b ?./binutils-2.21.1/COPYING ?./iostat-2.2/LICENSE
> ?--- ./binutils-2.21.1/COPYING 2005-07-14 03:24:56.000000000 +0200
> ?+++ ./iostat-2.2/LICENSE ? ? ?2004-11-25 11:53:11.000000000 +0100
> ?@@ -5 +5 @@
> ?- ? ? 51 Franklin Street, Fifth Floor, Boston, MA ?02110-1301 ?USA
> ?+ ? ? 59 Temple Place, Suite 330, Boston, MA ?02111-1307 ?USA
>
> Apparently the FSF offices have moved some time in the past.
>
> ?@@ -308 +308 @@
> ?- ? ?Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ?02110-1301 ?USA
> ?+ ? ?Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ?02111-1307 ?USA
>
> Same as above.
>
> I did not investigate a lot to discover if there are more substantial
> differences. I wanted to stay on the safe side, so I just did not implement the
> "license repository" and the second step of the algorithm. All packages that
> want their license files copied must define <PKG>_LICENSE_FILES. Full stop.
>
> The license repository feature may still be added in the future, but I think
> it should be discussed before. Asking the FSF may be an option, I guess they
> listen to an active community developing free software.

For me treating each license as a different one is OK. As you say,
it's for sure the safest option. It will keep the logic in buildroot
simple.

>
>
> ISSUE 2: Packages with multiple licenses
> ========================================
>
> Some packages (e.g. freetype, qt) allow to choose among different licenses.
> - Should we add an option in menuconfig for choosing the license? This would
> ?allow to generate "customized" manifest and license files.
> - Or should we save all licenses and and define the package license as, for
> ?instance:
> ? ?QT_LICENSE = GPLv3 or LGPLv2.1 or COMMERCIAL?
>
> I think the first option is more nice and still legally correct, so I
> implemented it for Qt to see how it would look. You can see the implementation
> in a patch near the bottom of this set. It's not currently documented at all,
> I'd first like to know if the approach is good or option 2 (or whatever else)
> is better.

In any case, a commercial license cannot be used without having a
legal agreement with the package author. Since this is a rare case, I
don't think we should try to handle this in buildroot. I'd let the
user handle this case.

Personally, I don't think that many people will be careful in
selecting the appropriate license from the config system. We'd need a
default, and the question becomes what's the default? Some people will
prefer v3 and others v2.
I'd keep it up to the user to fix the csv and related files to reflect
their choice. We can already copy all licenses as you suggest, but I
don't know whether a user should remove the non-appropriate files or
not to be legally ok...

>
>
> ISSUE 3: packages without a license file
> ========================================
>
> Some packages (e.g. tslib) do not have a license file. Instead, the license is
> written in a comment at the top of one or more source files. In such cases we
> planned that the package maintainer would manually copy this text into a file
> in the package directory (where the .mk lives) and the teach the infrastructure
> where it is, so it gets copied from there.
>
> I haven't started working on an implementation of this feature yet, but at
> first sight it's not totally trivial. The problem is the <PKG>_LICENSE_FILES
> definition as it is implemented in the present RFC does not easily allow to
> discriminate between a file in $(O)/build/<pkg>-<ver>/ and a file in
> packages/<pkg>/.
>
> This is how it works now:
> ? ? ? ?@cp $(addprefix $$($(2)_DIR)/,$$($(3)_LICENSE_FILES)) \
> ? ? ? ? ? ? ? ?$(LICENSE_FILES_DIR)/$$($(3)_NAME)/
> It assumes the files are in the package build dir, $(2)_DIR, which allows a
> very simple and clean implementation.
>
> In order to support a copy from the package directory, option 1 is to define
> the full path in <PKG>_LICENSE_FILES, and remove the addprefix from the above
> code snipped. Example:
> ?FOO_LICENSE_FILES = $(BUILD_DIR)/foo-$(FOO_VERSION)/COPYING
> ?BAR_LICENSE_FILES = packages/bar/COPYING
> which is not very pleasant to read, and is quite error-prone for the developer
> adding a package.
>
> Option 2 would be to have two distinct constants for the two cases:
> ?FOO_LICENSE_FILES_IN_BUILD_DIR = COPYING
> ?BAR_LICENSE_FILES_IN_PACKAGE_DIR = COPYING
> Even with better constant names this would not be extremely beautiful IMHO.
>
> Option 3 is to wait for a smarter idea coming from your reviews! :)
>
>
> TODO in the next patchset before merging into mainline
> ======================================================
>
> - Add to the documentation:
> ?- some words of advice from Buildroot developers about how to comply to GPL
> ? ?and other open source licenses;
> ?- brief instructions on using this stuff ('make legal-info');
> ?- instructions in the GENTARGETS section about the _LICENSE and _LICENSE_FILES
> ? constants.
>
> - Write a few lines of explanation in the log message of the first big commit,
> ?the one that implements all the logic.
>
> - Save a defconfig instead of the whole .config for the Buildroot configuration?
> ?Which one would you better like?

A full .config is better I think, as it doesn't depend on the defaults
in buildroot (e.g. version bump).

>
>
> POSSIBLE FUTURE IMPROVEMENTS
> ============================
>
> IMHO these should be planned after the merge of the first core functionality:
> I would like to keep it as simple as possible for a first step.
>
> - How to handle local and override packages?
> ?- Modify the -source target (_DOWNLOAD macros) to produce tarball?
> ? ?But adds a lot of work for normal builds that is used only rarely.
> ?- Modify the legal-info stuff to re-download them and make a tarball?
> ?- Assume they are not / almost never used in production and just save
> ? ?nothing? Meaning just like the present patchset does, generating a warning.
> ? ?My vote here.
>
> - The toolchain is not currently saved (internal, external, ct-NG, no
> ?discrimination). Actually, only GENTARGETS-based packages are handled, so the
> ?best approach might be to "simply" migrate the toolchains to GENTARGETS.
>
> - Save the Buildroot sources too. If the sources are not a git clone this might
> ?be as simple as tar of the current directory and exclude dl and output, but
> ?this has never been tested. Also, make sure this works for out-of-tree BR
> ?builds.
>
> - Add a hook for a post-legal-info script.
>
>
> SHOW US THE CODE NOW
> ====================
>
> Ok, the patches are there.
> - The implementation is all in the first commit.
> - A few patches follow to make non-GENTARGETS packages warn about their
> ?dumbness.
> - Other commits define licenses for some packages.
> - A couple of support commits (for testing only) closes the series.
>
> Changed in v2:
> - squashed together patches 1-4 from RFC v1; now all the legal-info mechanism
> ?is implmented in a unique patch.
> - rebase on top of current master
> - don't clean $(REDIST_SOURCES_DIR): it is a subdir of $(LEGAL_INFO_DIR), so
> ?doesn't need to be cleaned twice
> - added legal-info-clean target
> - made legal-info target .PHONY
> - remove the output/legal-info dir before populating it
> - when saving source tarballs, create hardlinks instead of copies if possible
> - add infrastructure to warn the user about info that has not been saved: a
> ?.warnings file is filled with such info and displayed to the user at the
> ?end of the legal-info processing
> - ensure manual (non-GENTARGETS-based) packages return error, at least; this
> ?required to explicitly create a -legal-info target for each of them, or
> ?they would have been silently skipped.
> - list also Buildroot in the manifest file! :)
> - save the Buildroot .config
> - save license files listed in <PKG>_LICENSE_FILES, both in a separate
> ?directory for each package and all together in a unique file
> - various cleanups.
>
> Luca
>
> Luca Ceresoli (31):
> ?legal-info: infrastructure to collect legally-relevant material
> ?cups: warn that legal-info is not implemented
> ?fis: warn that legal-info is not implemented
> ?doom-wad: warn that legal-info is not implemented
> ?gettext: warn that legal-info is not implemented
> ?microperl: warn that legal-info is not implemented
> ?netkitbase: warn that legal-info is not implemented
> ?netkittelnet: warn that legal-info is not implemented
> ?newt: warn that legal-info is not implemented
> ?tinyhttpd: warn that legal-info is not implemented
> ?ttcp: warn that legal-info is not implemented
> ?uemacs: warn that legal-info is not implemented
> ?vpnc: warn that legal-info is not implemented
> ?xfsprogs: warn that legal-info is not implemented
> ?mpc: define license
> ?linux: define license
> ?m4: define license
> ?busybox: define license
> ?bzip2: define license
> ?directfb: define license
> ?iostat: define license
> ?lzo: define license
> ?lzop: define license
> ?tslib: define license
> ?libusb: define license
> ?pcre: define license
> ?netsnmp: define license
> ?berkeleydb: define license
> ?qt: define license choice
> ?foobar: create a fake proprietary package (testing only)
> ?Create test configs (testing only)
>
> ?Makefile ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?| ? 52 ++++++++++++++++++++++++-
> ?configs/legal_info_test2_defconfig ? ? ? ?| ? ?8 ++++
> ?configs/legal_info_test_defconfig ? ? ? ? | ? 20 ++++++++++
> ?linux/linux.mk ? ? ? ? ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/Config.in ? ? ? ? ? ? ? ? ? ? ? ? | ? ?1 +
> ?package/Makefile.package.in ? ? ? ? ? ? ? | ? 59 +++++++++++++++++++++++++++++
> ?package/berkeleydb/berkeleydb.mk ? ? ? ? ?| ? ?2 +
> ?package/busybox/busybox.mk ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/bzip2/bzip2.mk ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/cups/cups.mk ? ? ? ? ? ? ? ? ? ? ?| ? ?4 ++
> ?package/directfb/directfb.mk ? ? ? ? ? ? ?| ? ?2 +
> ?package/fis/fis.mk ? ? ? ? ? ? ? ? ? ? ? ?| ? ?4 ++
> ?package/foobar/Config.in ? ? ? ? ? ? ? ? ?| ? ?5 ++
> ?package/foobar/foobar.mk ? ? ? ? ? ? ? ? ?| ? 15 +++++++
> ?package/foobar/source/foobar.c ? ? ? ? ? ?| ? ?7 +++
> ?package/games/doom-wad/doom-wads.mk ? ? ? | ? ?4 ++
> ?package/gettext/gettext.mk ? ? ? ? ? ? ? ?| ? ?4 ++
> ?package/iostat/iostat.mk ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/libusb/libusb.mk ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/lzo/lzo.mk ? ? ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/lzop/lzop.mk ? ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/m4/m4.mk ? ? ? ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/microperl/microperl.mk ? ? ? ? ? ?| ? ?4 ++
> ?package/mpc/mpc.mk ? ? ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/netkitbase/netkitbase.mk ? ? ? ? ?| ? ?4 ++
> ?package/netkittelnet/netkittelnet.mk ? ? ?| ? ?4 ++
> ?package/netsnmp/netsnmp.mk ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/newt/newt.mk ? ? ? ? ? ? ? ? ? ? ?| ? ?4 ++
> ?package/pcre/pcre.mk ? ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/qt/Config.in ? ? ? ? ? ? ? ? ? ? ?| ? 15 +++++++
> ?package/qt/qt.mk ? ? ? ? ? ? ? ? ? ? ? ? ?| ? ?9 ++++
> ?package/tinyhttpd/tinyhttpd.mk ? ? ? ? ? ?| ? ?4 ++
> ?package/tslib/tslib.mk ? ? ? ? ? ? ? ? ? ?| ? ?2 +
> ?package/ttcp/ttcp.mk ? ? ? ? ? ? ? ? ? ? ?| ? ?4 ++
> ?package/uemacs/uemacs.mk ? ? ? ? ? ? ? ? ?| ? ?4 ++
> ?package/vpnc/vpnc.mk ? ? ? ? ? ? ? ? ? ? ?| ? ?4 ++
> ?package/xfsprogs/xfsprogs.mk ? ? ? ? ? ? ?| ? ?4 ++
> ?support/legal-info/README.header ? ? ? ? ?| ? 24 ++++++++++++
> ?support/legal-info/README.warnings-header | ? ?4 ++
> ?39 files changed, 296 insertions(+), 3 deletions(-)
> ?create mode 100644 configs/legal_info_test2_defconfig
> ?create mode 100644 configs/legal_info_test_defconfig
> ?create mode 100644 package/foobar/Config.in
> ?create mode 100644 package/foobar/foobar.mk
> ?create mode 100644 package/foobar/source/foobar.c
> ?create mode 100644 support/legal-info/README.header
> ?create mode 100644 support/legal-info/README.warnings-header
>
> --
> 1.7.5.4
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Thomas De Schampheleire]

On Thu, Mar 8, 2012 at 11:02 AM, Luca Ceresoli <luca@lucaceresoli.net> wrote:
> Yann,
> thanks for the review.
>
>
> Yann E. MORIN wrote:
>>
>> Lucas, All,
>
>
> s/Lucas/Luca/ :)
>
>
>> ? $ find legal-info/ -type f
>> ? legal-info/README ? ? ? ? ? ?# Lists saved stuff, warns about unsaved
>> ? stuff legal-info/licenses.txt ? ? ?# Text of all licenses
>> ? legal-info/buildroot.config ?# The buildroot config
>> ? legal-info/licenses/buildroot/COPYING ? ? ? # License files, one dir per
>> ? pkg legal-info/licenses/busybox/LICENSE ? ? ? ? # ...
>> ? legal-info/licenses/...other packages... ? ?# ...
>> ? legal-info/manifest.csv ? ? ? ? ? ? ? ? ? ? # CSV table summarizing all
>> ? info legal-info/sources/busybox-1.19.4.tar.bz2 ? # tarballs
>> ? legal-info/sources/kmod-5.tar.xz ? ? ? ? ? ?# ...
>> ? legal-info/sources/libtool-2.2.10.tar.gz ? ?# ...
>> ? legal-info/sources/...other packages... ? ? # ...
>> I would expect a one-directory-pre-package layout (personal opinion):
>> ? legal-info/busybox/LICENSE
>> ? legal-info/busybox/busybox-1.19.4.tar.bz2
>> ? legal-info/kmod/COPYING
>> ? legal-info/kmod/kmod-5.tar.bz2
>> ? ...
>
>
> I thought about the usage I would make of this material. The tarballs must
> go
> into some CD or website or similar. The licenses may be sent to
> documentation
> writers so they can typeset them in a document (if for some reason they do
> not
> want to use the produced licenses.txt file).

Moreover, by having all the sources in one directory, you can set it
as a DL_DIR in buildroot, which allows your customers to make an
offline build without a lot of hassle.

>
>
>
>> [--SNIP--]
>>>
>>> ISSUE 2: Packages with multiple licenses
>>> ========================================
>>>
>>> Some packages (e.g. freetype, qt) allow to choose among different
>>> licenses.
>>> - Should we add an option in menuconfig for choosing the license? This
>>> would
>>> ? allow to generate "customized" manifest and license files.
>>> - Or should we save all licenses and and define the package license as,
>>> for
>>> ? instance:
>>> ? ? QT_LICENSE = GPLv3 or LGPLv2.1 or COMMERCIAL?
>>
>> It would probably be possible to do:
>> ? ? QT_LICENSE = GPLv3
>> ? ? ifeq ($(blabla),y)
>> ? ? QT_LICENSE += LGPLv2.1
>> ? ? endif
>>
>> and so on...
>
>
> Well, Qt allows to choose the license you want. So you can use all of it
> under
> the GPLv3, or all of it under LGPLv2.1, or all of it purchasing a commercial
> license.
>
> The same applies to FreeType: "FreeType comes with two licenses from which
> you
> can choose the one which fits your needs best."
> (http://freetype.org/license.html).
>
> In such cases, for what concerns Buildroot, I think we should either that
> the
> package in Buildroot is always used with a given license (e.g. LGPLv2.1 for
> Qt)
> or allow the Buildroot user to choose via menuconfig.
>
> Your code snippet is perfect for a package that has a GPLv3 part that's
> always
> compiled and an optional LGPLv2.1 part.
>
>
>
>>> ISSUE 3: packages without a license file
>>> ========================================
>>>
>>> Some packages (e.g. tslib) do not have a license file. Instead, the
>>> license is
>>> written in a comment at the top of one or more source files. In such
>>> cases we
>>> planned that the package maintainer would manually copy this text into a
>>> file
>>> in the package directory (where the .mk lives) and the teach the
>>> infrastructure
>>> where it is, so it gets copied from there.
>>>
>>> I haven't started working on an implementation of this feature yet, but
>>> at
>>> first sight it's not totally trivial. The problem is
>>> the<PKG>_LICENSE_FILES
>>> definition as it is implemented in the present RFC does not easily allow
>>> to
>>> discriminate between a file in $(O)/build/<pkg>-<ver>/ and a file in
>>> packages/<pkg>/.
>>>
>>> This is how it works now:
>>> ? ? ? ? @cp $(addprefix $$($(2)_DIR)/,$$($(3)_LICENSE_FILES)) \
>>> ? ? ? ? ? ? ? ? $(LICENSE_FILES_DIR)/$$($(3)_NAME)/
>>> It assumes the files are in the package build dir, $(2)_DIR, which allows
>>> a
>>> very simple and clean implementation.
>>>
>>> In order to support a copy from the package directory, option 1 is to
>>> define
>>> the full path in<PKG>_LICENSE_FILES, and remove the addprefix from the
>>> above
>>> code snipped. Example:
>>> ? FOO_LICENSE_FILES = $(BUILD_DIR)/foo-$(FOO_VERSION)/COPYING
>>> ? BAR_LICENSE_FILES = packages/bar/COPYING
>>> which is not very pleasant to read, and is quite error-prone for the
>>> developer
>>> adding a package.
>>>
>>> Option 2 would be to have two distinct constants for the two cases:
>>> ? FOO_LICENSE_FILES_IN_BUILD_DIR = COPYING
>>> ? BAR_LICENSE_FILES_IN_PACKAGE_DIR = COPYING
>>> Even with better constant names this would not be extremely beautiful
>>> IMHO.
>>>
>>> Option 3 is to wait for a smarter idea coming from your reviews! :)
>>
>> Proposal:
>> ? - FOO_LICENSE_FILES = list of license files
>> ? - FOO_LICENSE_HOOK = macros to call to copy the license files
>
>
> Meaning something like the current
> POST_{CONFIGURE|INSTALL_TARGET|...}_HOOKS?
> Good idea, concise and readable. But we should also provide a macro (or a
> script) to copy the license files, such as:
>
> ?$(call COPY_LICENSE_FILES,pkgname,pkgver,license_file(s))
>
> that copies to $(O)/legal-info/pkgname-pkgver, cats into licenses.txt and
> fills manifest.csv.
>
> I'll try to code something like this.
>
>
>
>>> TODO in the next patchset before merging into mainline
>>> ======================================================
>>>
>>> - Add to the documentation:
>>> ? - some words of advice from Buildroot developers about how to comply to
>>> GPL
>>> ? ? and other open source licenses;
>>> ? - brief instructions on using this stuff ('make legal-info');
>>> ?- instructions in the GENTARGETS section about the _LICENSE and
>>> _LICENSE_FILES
>>> ? ?constants.
>>>
>>> - Write a few lines of explanation in the log message of the first big
>>> commit,
>>> ? the one that implements all the logic.
>>>
>>> - Save a defconfig instead of the whole .config for the Buildroot
>>> configuration?
>>> ? Which one would you better like?
>>
>> A full .config, from experiemce...
>>
>> And what about the linux, uClibc and busybox .config files? Unless I
>> missed
>> something in your email, you did not address these...
>
>
> I considered they are part of Buildroot, so they are kind of addressed... by
> the warning that says you have to tar your Buildroot on your own.
>
> These may be added of course, but then we might ask ourselves if we should
> also save the post-built script, custom skeleton, additional device table
> files, whatever else... This would be hard to maintain.
>
> Luca
>
>
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

[Buildroot] [RFC v2 01/31] legal-info: infrastructure to collect legally-relevant material

[Luca Ceresoli]

Thomas De Schampheleire wrote:
> On Wed, Mar 7, 2012 at 9:58 PM, Luca Ceresoli<luca@lucaceresoli.net>  wrote:
>> Signed-off-by: Luca Ceresoli<luca@lucaceresoli.net>
>> ---
>>   Makefile                                  |   52 ++++++++++++++++++++++++-
>>   package/Makefile.package.in               |   59 +++++++++++++++++++++++++++++
>>   support/legal-info/README.header          |   24 ++++++++++++
>>   support/legal-info/README.warnings-header |    4 ++
>>   4 files changed, 136 insertions(+), 3 deletions(-)
>>   create mode 100644 support/legal-info/README.header
>>   create mode 100644 support/legal-info/README.warnings-header
>>
>> diff --git a/Makefile b/Makefile
>> index d508888..b78aaf8 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -284,6 +284,15 @@ TARGET_DIR:=$(BASE_DIR)/target
>>   TOOLCHAIN_DIR=$(BASE_DIR)/toolchain
>>   TARGET_SKELETON=$(TOPDIR)/fs/skeleton
>>
>> +LEGAL_INFO_DIR=$(BASE_DIR)/legal-info
>> +REDIST_SOURCES_DIR=$(LEGAL_INFO_DIR)/sources
>> +LICENSE_FILES_DIR=$(LEGAL_INFO_DIR)/licenses
>> +LEGAL_MANIFEST_CSV=$(LEGAL_INFO_DIR)/manifest.csv
>> +LEGAL_LICENSES_TXT=$(LEGAL_INFO_DIR)/licenses.txt
>> +LEGAL_WARNINGS=$(LEGAL_INFO_DIR)/.warnings
> I'm not sure if this should be a hidden file, as it is quite important
> for a user to really see this.

But at the end it's copied into the final README, where it is visible.
 From Makefile:

legal-info: legal-info-clean legal-info-prepare $(REDIST_SOURCES_DIR) \
                 $(TARGETS_LEGAL_INFO)
         @cat support/legal-info/README.header>>$(LEGAL_REPORT)
	@if [ -r $(LEGAL_WARNINGS) ]; then \
                 cat support/legal-info/README.warnings-header \
                         $(LEGAL_WARNINGS)>>$(LEGAL_REPORT); \
                 cat $(LEGAL_WARNINGS); fi
         @echo "Legal info produced in $(LEGAL_INFO_DIR)"
         @rm -f $(LEGAL_WARNINGS)


>> +LEGAL_REPORT=$(LEGAL_INFO_DIR)/README
>> +LEGAL_INFO_SEPARATOR="::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
>> +
>>   ifeq ($(BR2_CCACHE),y)
>>   CCACHE:=$(HOST_DIR)/usr/bin/ccache
>>   CCACHE_CACHE_DIR=$(HOME)/.buildroot-ccache
>> @@ -362,6 +371,10 @@ HOST_DEPS = $(sort $(foreach dep,\
>>                 $($(dep))))
>>   HOST_SOURCE += $(addsuffix -source,$(sort $(TARGETS_HOST_DEPS) $(HOST_DEPS)))
>>
>> +TARGETS_LEGAL_INFO:=$(patsubst %,%-legal-info,\
>> +               $(filter-out host-makedevs,\
>> +               $(TARGETS) $(BASE_TARGETS) $(TARGETS_HOST_DEPS) $(HOST_DEPS))))
>> +
>>   # all targets depend on the crosscompiler and it's prerequisites
>>   $(TARGETS_ALL): __real_tgt_%: $(BASE_TARGETS) %
>>
>> @@ -395,8 +408,9 @@ $(HOST_DIR)/usr/share/buildroot/toolchainfile.cmake:
>>         ">  $@
>>
>>   .PHONY: all world dirs clean distclean source outputmakefile \
>> +       legal-info legal-info-prepare legal-info-clean \
>>         $(BASE_TARGETS) $(TARGETS) $(TARGETS_ALL) \
>> -       $(TARGETS_CLEAN) $(TARGETS_DIRCLEAN) $(TARGETS_SOURCE) \
>> +       $(TARGETS_CLEAN) $(TARGETS_DIRCLEAN) $(TARGETS_SOURCE) $(TARGETS_LEGAL_INFO) \
>>         $(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(STAGING_DIR) $(TARGET_DIR) \
>>         $(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR)
>>
>> @@ -406,7 +420,7 @@ $(HOST_DIR)/usr/share/buildroot/toolchainfile.cmake:
>>   # dependencies anywhere else
>>   #
>>   #############################################################
>> -$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR):
>> +$(DL_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR) $(HOST_DIR) $(BINARIES_DIR) $(STAMP_DIR) $(LEGAL_INFO_DIR) $(REDIST_SOURCES_DIR):
>>         @mkdir -p $@
>>
>>   $(STAGING_DIR):
>> @@ -513,6 +527,37 @@ source: dirs $(TARGETS_SOURCE) $(HOST_SOURCE)
>>   external-deps:
>>         @$(MAKE) -Bs DL_MODE=SHOW_EXTERNAL_DEPS $(EXTRAMAKEARGS) source | sort -u
>>
>> +legal-info-clean:
>> +       @rm -fr $(LEGAL_INFO_DIR)
>> +
>> +legal-info-prepare: $(LEGAL_INFO_DIR)
>> +       @echo "package,version,license,license files,source archive" \
>> +>>$(LEGAL_MANIFEST_CSV)
>> +       @mkdir -p $(LICENSE_FILES_DIR)/buildroot
>> +       @cp COPYING $(LICENSE_FILES_DIR)/buildroot/COPYING
>> +       @echo -e "$(LEGAL_INFO_SEPARATOR)\n\t buildroot:" \
>> +               "COPYING file\n$(LEGAL_INFO_SEPARATOR)\n\n" \
>> +>>$(LEGAL_LICENSES_TXT)
>> +       @cat COPYING>>$(LEGAL_LICENSES_TXT)
>> +       @echo>>$(LEGAL_LICENSES_TXT)
>> +       @echo "buildroot,$(BR2_VERSION_FULL),GPLv2,COPYING,not saved" \
>> +>>$(LEGAL_MANIFEST_CSV)
>> +       @echo "WARNING: The Buildroot source code has not be saved" \
> s/be/been
> This should be fixed in a few places in the patchset.

Fixed, thanks.

>> +>>$(LEGAL_WARNINGS)
>> +       @echo "WARNING: The toolchain has not be saved" \
>> +>>$(LEGAL_WARNINGS)
>> +       @cp $(CONFIG_DIR)/.config $(LEGAL_INFO_DIR)/buildroot.config
>> +
>> +legal-info: legal-info-clean legal-info-prepare $(REDIST_SOURCES_DIR) \
>> +               $(TARGETS_LEGAL_INFO)
>> +       @cat support/legal-info/README.header>>$(LEGAL_REPORT)
>> +       @if [ -r $(LEGAL_WARNINGS) ]; then \
>> +               cat support/legal-info/README.warnings-header \
>> +                       $(LEGAL_WARNINGS)>>$(LEGAL_REPORT); \
>> +               cat $(LEGAL_WARNINGS); fi
>> +       @echo "Legal info produced in $(LEGAL_INFO_DIR)"
>> +       @rm -f $(LEGAL_WARNINGS)
>> +
> I think the readability of this can be improved by creating a set of
> functions to produce a warning, to add a line to the csv, etc.
> Moreover, the details about the format of these files will be grouped
> in one place.
> For example (untested):
>
> define legal-add-warning # (pkg, warning)
> @echo "WARNING: $(1): $(warning)">>$(LEGAL_WARNINGS)
> endef
> define legal-add-csv-line # (pkg, version, license, license file, source file)
> @echo "$(1),$(2),$(3),$(4),$(5)">>$(LEGAL_MANIFEST_CSV)
> endef
> Example calls would be:
> $(call legal-add-warning,buildroot,source code has not been saved)
> $(call legal-add-csv-line,$$($(3)_NAME),$$($(3)_VERSION),$$($(3)_LICENSE),not
> saved,not saved)
>
> These functions can be used in Makefile, in Makefile.package.in below,
> and even for packages that do not follow gentargets but still want to
> hook into the legal infrastructure.

It would definitely improve things, but I'm not sure about the add-csv-line. In
fact such lines are currently generated in pieces:  pkg, version, license in a
common place, license files in another, source files in yet another one. But I
might define constants in these same places, then call the function passing these
constants.

I'll try to code something.

Luca

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Luca Ceresoli]

Thomas De Schampheleire wrote:
[...]
>> However I hit a few issues that still need to be sorted out, see the "ISSUE"
>> sections below.
>>
>> My approach is based on two per-package constants in eack .mk file, such as:
>>   FOOBAR_LICENSE = GPLv3 + LGPLv2.1
>>   FOOBAR_LICENSE_FILES = COPYING.LGPL demo-app/COPYING.GPL3
>> or:
>>   MYAPP_LICENSE = PROPRIETARY
>>   # MYAPP_LICENSE_FILES not relevant in this case
>> This is the only effort required to the package creator. If<PKG>_LICENSE is
>> not specified it defaults to "unknown".
>>
>> After running 'make legal-info', the following things will be produced in
>> $(O)/legal-info/:
>>   $ find legal-info/ -type f
>>   legal-info/README            # Lists saved stuff, warns about unsaved stuff
>>   legal-info/licenses.txt      # Text of all licenses
>>   legal-info/buildroot.config  # The buildroot config
>>   legal-info/licenses/buildroot/COPYING       # License files, one dir per pkg
>>   legal-info/licenses/busybox/LICENSE         # ...
>>   legal-info/licenses/...other packages...    # ...
>>   legal-info/manifest.csv                     # CSV table summarizing all info
>>   legal-info/sources/busybox-1.19.4.tar.bz2   # tarballs
>>   legal-info/sources/kmod-5.tar.xz            # ...
>>   legal-info/sources/libtool-2.2.10.tar.gz    # ...
>>   legal-info/sources/...other packages...     # ...
> I'm a bit confused by licenses.txt: if we already have each individual
> license file in the licenses/<package>  directory, why do we need an
> aggregated set in licenses.txt ?

Producing many output formats makes it more likely that one finds his preferred
one...
Consider a product that's shipped without any CD-ROM, and no screen, no GUI, so
no capability  to show licenses on-screen. The only way to comply to the GPL
would be to print licenses in the paper documentation. In such a case the
documentation writers would probably prefer to receive a single file they just
need to copy-paste in their typesetting software, fix fonts and title
formatting and they're done. If they were fed 30~40 files to copy-paste from,
add titles or at least separators between each other etc, they would have more
boring work to do, and also error-prone.


>> Given the technical difficulties, the toolchain and the BR sources are not
>> saved. Warnings are generated to make sure the user is aware of this.
>>
>> Following is an explanation of the open issues and future development
>> directions. Actually issue 3 is the one where I mostly would like to have
>> comments, so you may skip to it if your time is limited. Otherwise seat down
>> comfortably and read on.
>>
>>
>> ISSUE 1: the License Repository Feature
>> =======================================
>>
>> The original idea that came out of the last Buildroot Developer Day was to
>> maintain in BR a "license repository" holding those licenses that are used
>> without change by many projects, such as the GPL family.
>> Packages that cannot use this mechanism would need to explicitly define the
>> license file in<PKG>_LICENSE_FILES.
>>
>> The idea of implementation was:
>>   if (<PKG>_LICENSE_FILES defined):
>>     copy $(<PKG>_LICENSE_FILES)
>>   else if (<PKG>_LICENSE = *GPL*, or any other known that's always equal):
>>     copy file from a "license repo dir" (one copy only per file);
>>   else:
>>     copy nothing and warn user
>>
>> Unfortunately, as Will Moore also pointed out, I discovered that the same
>> license (e.g. GPLv2) is not always identical between two packages, although
>> the differences might be not substantial.
>>
>> I do not have precise figures, but the number of variations might be quite
>> large. In a config with ~25 packages enabled I got this:
>>   $ make external-deps|wc -l
>>   39
>>   $ find . -iname "COPYING*" -o -iname "LICENSE*" | \
>>     xargs grep -l 'Version 2,' | xargs md5sum | \
>>     awk '{print $1}'|sort|uniq|wc -l
>>   20
>>
>> These are 20 different GPLv2 files! Some only have whitespace changes, some
>> have other little differences. An example:
>>
>>   $ diff -u0 -b  ./binutils-2.21.1/COPYING ./libtool-2.2.10/COPYING
>>   --- ./binutils-2.21.1/COPYING 2005-07-14 03:24:56.000000000 +0200
>>   +++ ./libtool-2.2.10/COPYING  2010-05-20 23:18:41.000000000 +0200
>>    @@ -4 +4 @@
>>    - Copyright (C) 1989, 1991 Free Software Foundation, Inc.
>>    + Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
>>
>> An added comma.
>>
>>    @@ -18 +18 @@
>>    -the GNU Library General Public License instead.)  You can apply it to
>>    +the GNU Lesser General Public License instead.)  You can apply it to
>>
>> This updates a reference to another license.
>>
>>   @@ -306,4 +306,3 @@
>>   -    You should have received a copy of the GNU General Public License
>>   -    along with this program; if not, write to the Free Software
>>   -    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
>>   -
>>   +    You should have received a copy of the GNU General Public License along
>>   +    with this program; if not, write to the Free Software Foundation, Inc.,
>>   +    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>>
>> Just formatting changes here.
>>
>>   @@ -339 +338 @@
>>   -library.  If this is what you want to do, use the GNU Library General
>>   +library.  If this is what you want to do, use the GNU Lesser General
>>
>> Same as above.
>>
>> Another example:
>>
>>   $ diff -u0 -b  ./binutils-2.21.1/COPYING  ./iostat-2.2/LICENSE
>>   --- ./binutils-2.21.1/COPYING 2005-07-14 03:24:56.000000000 +0200
>>   +++ ./iostat-2.2/LICENSE      2004-11-25 11:53:11.000000000 +0100
>>   @@ -5 +5 @@
>>   -     51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
>>   +     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
>>
>> Apparently the FSF offices have moved some time in the past.
>>
>>   @@ -308 +308 @@
>>   -    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
>>   +    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
>>
>> Same as above.
>>
>> I did not investigate a lot to discover if there are more substantial
>> differences. I wanted to stay on the safe side, so I just did not implement the
>> "license repository" and the second step of the algorithm. All packages that
>> want their license files copied must define<PKG>_LICENSE_FILES. Full stop.
>>
>> The license repository feature may still be added in the future, but I think
>> it should be discussed before. Asking the FSF may be an option, I guess they
>> listen to an active community developing free software.
> For me treating each license as a different one is OK. As you say,
> it's for sure the safest option. It will keep the logic in buildroot
> simple.
>
>>
>> ISSUE 2: Packages with multiple licenses
>> ========================================
>>
>> Some packages (e.g. freetype, qt) allow to choose among different licenses.
>> - Should we add an option in menuconfig for choosing the license? This would
>>   allow to generate "customized" manifest and license files.
>> - Or should we save all licenses and and define the package license as, for
>>   instance:
>>     QT_LICENSE = GPLv3 or LGPLv2.1 or COMMERCIAL?
>>
>> I think the first option is more nice and still legally correct, so I
>> implemented it for Qt to see how it would look. You can see the implementation
>> in a patch near the bottom of this set. It's not currently documented at all,
>> I'd first like to know if the approach is good or option 2 (or whatever else)
>> is better.
> In any case, a commercial license cannot be used without having a
> legal agreement with the package author. Since this is a rare case, I
> don't think we should try to handle this in buildroot. I'd let the
> user handle this case.

Yes, I wrote commercial there just for example, I don't think it's
so necessary.

> Personally, I don't think that many people will be careful in
> selecting the appropriate license from the config system. We'd need a
> default, and the question becomes what's the default? Some people will
> prefer v3 and others v2.
> I'd keep it up to the user to fix the csv and related files to reflect
> their choice. We can already copy all licenses as you suggest, but I
> don't know whether a user should remove the non-appropriate files or
> not to be legally ok...

Not sure I agree here. Having a menuconfig knob makes the
user conscious about his right to choose, as well as his "need"
to choose.
Say I release a product using Qt and I distribute it with both
license files, GPLv3 and LGPLv2. Since I also distribute it under
GPLv3 too, can a customer ask me to release the sources for
mt Qt-based proprietary application?
If I have proprietary applications, I would prefer to make things
clear in the beginning, and put only LGPL in my CD, printed
manual, About window, whatever.

[...]
> TODO in the next patchset before merging into mainline
> ======================================================
>
> - Add to the documentation:
>   - some words of advice from Buildroot developers about how to comply to GPL
>     and other open source licenses;
>   - brief instructions on using this stuff ('make legal-info');
>   - instructions in the GENTARGETS section about the _LICENSE and _LICENSE_FILES
>    constants.
>
> - Write a few lines of explanation in the log message of the first big commit,
>   the one that implements all the logic.
>
> - Save a defconfig instead of the whole .config for the Buildroot configuration?
>   Which one would you better like?
> A full .config is better I think, as it doesn't depend on the defaults
> in buildroot (e.g. version bump).

Nice to see there's a point everybody agrees on. :-)

Luca

[Buildroot] [RFC v2 19/31] bzip2: define license

[Luca Ceresoli]

Yann E. MORIN wrote:
> On Wednesday 07 March 2012 21:58:19 Luca Ceresoli wrote:
>> Signed-off-by: Luca Ceresoli<luca@lucaceresoli.net>
>> ---
>>   package/bzip2/bzip2.mk |    2 ++
>>   1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/package/bzip2/bzip2.mk b/package/bzip2/bzip2.mk
>> index 1bc4449..028c2f2 100644
>> --- a/package/bzip2/bzip2.mk
>> +++ b/package/bzip2/bzip2.mk
>> @@ -7,6 +7,8 @@ BZIP2_VERSION:=1.0.5
>>   BZIP2_SONAME=1.0.4
>>   BZIP2_SOURCE:=bzip2-$(BZIP2_VERSION).tar.gz
>>   BZIP2_SITE:=http://www.bzip.org/$(BZIP2_VERSION)
>> +BZIP2_LICENSE = BSD-like
> I think it makes sense to have:
>
>    value         meaning
>    -------------------------------
>    BSD-4c        Original BSD 4-clause
>    BSD           Alias for the above
>    BSD-3c        BSD 3-clause
>    BSD-2c        BSD 2-clause

You're right, I've been a bit lazy about BSD licenses, as I don't know in
detail all the variants. As I was mostly taking care of the core implementation
I skipped that part. I promise I'll do this homework next time. :-)

BTW, 4-clause BSD-like licenses have each a different copyright notice on
top (take for example the bzip2 license). Are them still *Original* BSD
4-clause licenses?
I think they are usually considered as such, which is ok according to common
sense, but is this correct from a strict legal point of view?
Does anybody has a precise knowledge or a trustworthy link to an answer?

Luca

[Buildroot] [RFC v2 16/31] linux: define license

[Luca Ceresoli]

Yann E. MORIN wrote:
> Lucas, All,
>
> On Wednesday 07 March 2012 21:58:16 Luca Ceresoli wrote:
>> Signed-off-by: Luca Ceresoli<luca@lucaceresoli.net>
>> ---
>>   linux/linux.mk |    2 ++
>>   1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/linux/linux.mk b/linux/linux.mk
>> index ae236d4..e6f2388 100644
>> --- a/linux/linux.mk
>> +++ b/linux/linux.mk
>> @@ -4,6 +4,8 @@
>>   #
>>   ###############################################################################
>>   LINUX_VERSION=$(call qstrip,$(BR2_LINUX_KERNEL_VERSION))
>> +LINUX_LICENSE = GPLv2-ONLY
> What's the point of giving the version 'v2' and stating 'only'?
> I would rather see:
>    values        meaning
>    -------------------------------
>    GPLv2         GPLv2 only
>    GPLv2+        GPLv2 or later
>    LGPLv2.1      LGPLv2.1 only
>    LGPLv2.1+     LGPLv2.1 or later
>    ...           ...

When a project is GPL-licensed, it usually means it uses "either version X of
the License, or (at your option) any later version". There are rare cases
(Linux, Busybox, any other?) chose to use a specific version, no later version.

So the "default" meaning of "GPLvX" is "GPL version X or later". Those rare
cases that allow no upgrade are distinguished by adding "only".

This applies for example to:
- http://en.wikipedia.org/wiki/Linux_kernel
- http://en.wikipedia.org/wiki/Directfb
- http://en.wikipedia.org/wiki/Lzop

I prefer to do the same, and use a concise definition for the most frequent
case. Of course this is a personal preference.

If we wanted to stay on the extra-safe side, we might use:
   values         meaning
   -------------------------------
   GPLv2-ONLY     GPLv2 only
   GPLv2+         GPLv2 or later
   LGPLv2.1-ONLY  LGPLv2.1 only
   LGPLv2.1+      LGPLv2.1 or later
   ...            ...
so there is no ambiguity whatsoever. Might that "+" sign create doubts in
dummies reading it ("Hey, what's GPLv2+? a super-GPLv2?")?

Your opinions?

Luca

[Buildroot] [RFC v2 16/31] linux: define license

[Thomas De Schampheleire]

On Fri, Mar 9, 2012 at 5:23 PM, Luca Ceresoli <luca@lucaceresoli.net> wrote:
> Yann E. MORIN wrote:
>>
>> Lucas, All,
>>
>> On Wednesday 07 March 2012 21:58:16 Luca Ceresoli wrote:
>>>
>>> Signed-off-by: Luca Ceresoli<luca@lucaceresoli.net>
>>> ---
>>> ?linux/linux.mk | ? ?2 ++
>>> ?1 files changed, 2 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/linux/linux.mk b/linux/linux.mk
>>> index ae236d4..e6f2388 100644
>>> --- a/linux/linux.mk
>>> +++ b/linux/linux.mk
>>> @@ -4,6 +4,8 @@
>>> ?#
>>>
>>> ?###############################################################################
>>> ?LINUX_VERSION=$(call qstrip,$(BR2_LINUX_KERNEL_VERSION))
>>> +LINUX_LICENSE = GPLv2-ONLY
>>
>> What's the point of giving the version 'v2' and stating 'only'?
>> I would rather see:
>> ? values ? ? ? ?meaning
>> ? -------------------------------
>> ? GPLv2 ? ? ? ? GPLv2 only
>> ? GPLv2+ ? ? ? ?GPLv2 or later
>> ? LGPLv2.1 ? ? ?LGPLv2.1 only
>> ? LGPLv2.1+ ? ? LGPLv2.1 or later
>> ? ... ? ? ? ? ? ...
>
>
> When a project is GPL-licensed, it usually means it uses "either version X
> of
> the License, or (at your option) any later version". There are rare cases
> (Linux, Busybox, any other?) chose to use a specific version, no later
> version.
>
> So the "default" meaning of "GPLvX" is "GPL version X or later". Those rare
> cases that allow no upgrade are distinguished by adding "only".

I'm not sure this is correct. According to me, if the license file
just specifies GPL version 2, then it really is only version 2.
Only if the license file specifies the text 'or any later version, at
your option', then it is GPLv2+.

I think the distinction GPLv2 / GPLv2+ / GPLv3 / GPLv3+ etc. is
common, and can be reused.
So I agree with Yann here.

>
> This applies for example to:
> - http://en.wikipedia.org/wiki/Linux_kernel
> - http://en.wikipedia.org/wiki/Directfb
> - http://en.wikipedia.org/wiki/Lzop
>
> I prefer to do the same, and use a concise definition for the most frequent
> case. Of course this is a personal preference.
>
> If we wanted to stay on the extra-safe side, we might use:
> ?values ? ? ? ? meaning
> ?-------------------------------
> ?GPLv2-ONLY ? ? GPLv2 only
> ?GPLv2+ ? ? ? ? GPLv2 or later
> ?LGPLv2.1-ONLY ?LGPLv2.1 only
>
> ?LGPLv2.1+ ? ? ?LGPLv2.1 or later
> ?... ? ? ? ? ? ?...
> so there is no ambiguity whatsoever. Might that "+" sign create doubts in
> dummies reading it ("Hey, what's GPLv2+? a super-GPLv2?")?
>
> Your opinions?
>
> Luca
>
>
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

[Buildroot] [RFC v2 29/31] qt: define license choice

[Arnout Vandecappelle]

On Wednesday 07 March 2012 21:58:29 Luca Ceresoli wrote:
> Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
> ---
>  package/qt/Config.in |   15 +++++++++++++++
>  package/qt/qt.mk     |    9 +++++++++
>  2 files changed, 24 insertions(+), 0 deletions(-)
> 
> diff --git a/package/qt/Config.in b/package/qt/Config.in
> index 3a552d0..b430258 100644
> --- a/package/qt/Config.in
> +++ b/package/qt/Config.in
> @@ -55,6 +55,21 @@ config BR2_PACKAGE_QT_LICENSE_APPROVED
>  	  LGPL v2.1: http://doc.trolltech.com/4.5/lgpl.html
>  	  GPL  v3.0: http://doc.trolltech.com/4.5/gpl.html
>  
> +if BR2_PACKAGE_QT_LICENSE_APPROVED
> +
> +choice
> +	prompt "License"
> +
> +config BR2_PACKAGE_QT_LICENSE_LGPL
> +	bool "LGPL v2.1"
> +
> +config BR2_PACKAGE_QT_LICENSE_GPL
> +	bool "GPL v3.0"
> +
> +endchoice
> +
> +endif # BR2_PACKAGE_QT_LICENSE_APPROVED
> +
>  config BR2_PACKAGE_QT_CONFIG_FILE
>  	string "Config file"
>  	help
> diff --git a/package/qt/qt.mk b/package/qt/qt.mk
> index 776eb63..e8bc3a2 100644
> --- a/package/qt/qt.mk
> +++ b/package/qt/qt.mk
> @@ -20,6 +20,15 @@ QT_INSTALL_STAGING = YES
>  
>  ifeq ($(BR2_PACKAGE_QT_LICENSE_APPROVED),y)
>  QT_CONFIGURE_OPTS += -opensource -confirm-license
> +
> +ifeq ($(BR2_PACKAGE_QT_LICENSE_LGPL),y)
> +QT_LICENSE = LGPLv2.1
> +QT_LICENSE_FILES = LICENSE.LGPL
> +else ifeq ($(BR2_PACKAGE_QT_LICENSE_GPL),y)
> +QT_LICENSE = GPLv3
> +QT_LICENSE_FILES = LICENSE.GPL3
> +endif
> +

 I think this is way too much hassle for the buildroot maintainers.  
Instead, I'd just include both options in the legal info.  I.e.:

QT_LICENSE = LGPLv2.1 GPLv3
QT_LICENSE_FILES = LICENSE.LGPL LICENSE.GPL3

 It's up to the legal team to decide which license to use; the buildroot
user just wants to pass on the relevant information.

 Regards,
 Arnout

-- 
Arnout Vandecappelle                               arnout at mind be
Senior Embedded Software Architect                 +32-16-286540
Essensium/Mind                                     http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium                BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [RFC v2 00/31] Automatically produce legal compliance info

[Arnout Vandecappelle]

On Thursday 08 March 2012 11:02:32 Luca Ceresoli wrote:
> > And what about the linux, uClibc and busybox .config files? Unless I missed
> > something in your email, you did not address these...
> 
> I considered they are part of Buildroot, so they are kind of addressed... by
> the warning that says you have to tar your Buildroot on your own.
> 
> These may be added of course, but then we might ask ourselves if we should
> also save the post-built script, custom skeleton, additional device table
> files, whatever else... This would be hard to maintain.

 Ideally, all of them should be saved.  But I agree that it's not so 
simple.  So it can be left out for the moment.

 However, I'd warn about it, just like for the buildroot sources.

 Regards,
 Arnout

-- 
Arnout Vandecappelle                               arnout at mind be
Senior Embedded Software Architect                 +32-16-286540
Essensium/Mind                                     http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium                BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [RFC v2 16/31] linux: define license

[Luca Ceresoli]

Thomas De Schampheleire wrote:

> On Fri, Mar 9, 2012 at 5:23 PM, Luca Ceresoli<luca@lucaceresoli.net>  wrote:
>> Yann E. MORIN wrote:
>>> Lucas, All,
>>>
>>> On Wednesday 07 March 2012 21:58:16 Luca Ceresoli wrote:
>>>> Signed-off-by: Luca Ceresoli<luca@lucaceresoli.net>
>>>> ---
>>>>   linux/linux.mk |    2 ++
>>>>   1 files changed, 2 insertions(+), 0 deletions(-)
>>>>
>>>> diff --git a/linux/linux.mk b/linux/linux.mk
>>>> index ae236d4..e6f2388 100644
>>>> --- a/linux/linux.mk
>>>> +++ b/linux/linux.mk
>>>> @@ -4,6 +4,8 @@
>>>>   #
>>>>
>>>>   ###############################################################################
>>>>   LINUX_VERSION=$(call qstrip,$(BR2_LINUX_KERNEL_VERSION))
>>>> +LINUX_LICENSE = GPLv2-ONLY
>>> What's the point of giving the version 'v2' and stating 'only'?
>>> I would rather see:
>>>    values        meaning
>>>    -------------------------------
>>>    GPLv2         GPLv2 only
>>>    GPLv2+        GPLv2 or later
>>>    LGPLv2.1      LGPLv2.1 only
>>>    LGPLv2.1+     LGPLv2.1 or later
>>>    ...           ...
>> When a project is GPL-licensed, it usually means it uses "either version X
>> of
>> the License, or (at your option) any later version". There are rare cases
>> (Linux, Busybox, any other?) chose to use a specific version, no later
>> version.
>>
>> So the "default" meaning of "GPLvX" is "GPL version X or later". Those rare
>> cases that allow no upgrade are distinguished by adding "only".
> I'm not sure this is correct. According to me, if the license file
> just specifies GPL version 2, then it really is only version 2.
> Only if the license file specifies the text 'or any later version, at
> your option', then it is GPLv2+.
>
> I think the distinction GPLv2 / GPLv2+ / GPLv3 / GPLv3+ etc. is
> common, and can be reused.
> So I agree with Yann here.
Ouch, you're right guys. And so I went back to read the original licenses once
more...

This is what the GPLv2 states (LGPLv2.0 is substantially equal):
>  Each version is given a distinguishing version number.  If the Program
>  specifies a version number of this License which applies to it and "any
>  later version", you have the option of following the terms and conditions
>  either of that version or of any later version published by the Free
>  Software Foundation.  If the Program does not specify a version number of
>  this License, you may choose any version ever published by the Free Software
>  Foundation.

So there are indeed three cases:
  1. the Program specifies a version ->  GPLv2 only
  2. the Program specifies a version or "any later version" ->  GPLv2+
  3. the Program does not specify a version ->  how to name this, simply GPL?

Let's take a real case: tslib.

The source files in src/ state:
>   * This file is placed under the LGPL.  Please see the file
>   * COPYING for more details.
and the COPYING file in the root tslib directory contains an LGPL v2.0
license. The Program does not explicitly specify a version, but a specific
version is present in COPYING. Is this case 1 or case 3? I think the comment
in the source file rules, but it's only a feeling.

OTOH, most source files in tests/ state:
>   * This file is placed under the GPL.  Please see the file
>   * COPYING for more details.
and there is no COPYING file carrying any GPL in the whole tslib distribution!
So this must be case 3 (and we must assume that GPL means GNU General Public
License, although a good lawyer may certainly prove it means any other thing
from http://en.wikipedia.org/wiki/GPL_%28disambiguation%29).

This should be taken into account by Buildroot, which builds and installs both
the library and the test programs.

Another example: busybox.

This is a messy as well. The LICENSE file carries this heading:
>  --- A note on GPL versions
>
>  BusyBox is distributed under version 2 of the General Public License (included
>  in its entirety, below).  Version 2 is the only version of this license which
>  this version of BusyBox (or modified versions derived from this one) may be
>  distributed under.
>
>  ------------------------------------------------------------------------
>  		GNU GENERAL PUBLIC LICENSE
>  		Version 2, June 1991

That looks clear, but many source files seem to disagree:
$ head coreutils/uname.c
>   * Licensed under GPLv2 or later, see file LICENSE in this source tree.

And this is not a lone spot:
$ grep  -irE 'GPLv2 or later' . |wc
     358    5000   34106
$ grep  -irwE 'GPLv2' . | grep -iv later|wc
     241    2797   20656
GPLv2+ beats GPLv2 (only)!

I checked four packages in detail, and two of them have an unclear choice of
GPL version. I can't stand any more headache tonight, and I'm not sure I'll
have more luck with other packages. This is so frustrating...

Luca

[Buildroot] [RFC v2 16/31] linux: define license

[Yann E. MORIN]

Luca, Thomas, All,

On Monday 16 April 2012 23:19:30 Luca Ceresoli wrote:
> Thomas De Schampheleire wrote:
> > I think the distinction GPLv2 / GPLv2+ / GPLv3 / GPLv3+ etc. is
> > common, and can be reused.
> > So I agree with Yann here.
> Ouch, you're right guys. And so I went back to read the original licenses once
> more...
> 
> This is what the GPLv2 states (LGPLv2.0 is substantially equal):
> >  Each version is given a distinguishing version number.  If the Program
> >  specifies a version number of this License which applies to it and "any
> >  later version", you have the option of following the terms and conditions
> >  either of that version or of any later version published by the Free
> >  Software Foundation.  If the Program does not specify a version number of
> >  this License, you may choose any version ever published by the Free Software
> >  Foundation.

And what is import, is not that the _license text_ says "or later", but if
the _Program_ says "or later".

The _Program_ could say that in every boilerplate texts, or in an accompanying
file, or by anyother means.

> So there are indeed three cases:
>   1. the Program specifies a version ->  GPLv2 only
>   2. the Program specifies a version or "any later version" ->  GPLv2+
>   3. the Program does not specify a version ->  how to name this, simply GPL?

Yes, simply GPL. "GPL" by itself means "any version of the GPL", as it is
written explicitly in the license text.

> Let's take a real case: tslib.
> 
> The source files in src/ state:
> >   * This file is placed under the LGPL.  Please see the file
> >   * COPYING for more details.
> and the COPYING file in the root tslib directory contains an LGPL v2.0
> license. The Program does not explicitly specify a version, but a specific
> version is present in COPYING. Is this case 1 or case 3? I think the comment
> in the source file rules, but it's only a feeling.
> 
> OTOH, most source files in tests/ state:
> >   * This file is placed under the GPL.  Please see the file
> >   * COPYING for more details.
> and there is no COPYING file carrying any GPL in the whole tslib distribution!
> So this must be case 3 (and we must assume that GPL means GNU General Public
> License, although a good lawyer may certainly prove it means any other thing
> from http://en.wikipedia.org/wiki/GPL_%28disambiguation%29).
> 
> This should be taken into account by Buildroot, which builds and installs both
> the library and the test programs.

What I would suggest in this case is to not specify any known license, but
use a 'generic' text, such as:
  - unknown    license is unknown
  - depends    license depends on the options selected in the Program

In all three cases, only a lawyer may decide what licensing terms apply to
such a program. For the tslib specific case, I'd use 'unknown' (which should
be the default if no license is explictly specified, anyway).

In this case, the licensing manifest should be carefully analysed, and
packages with unknown licenses carefully reviewed with help from a lawyer.

> Another example: busybox.
> 
> This is a messy as well. The LICENSE file carries this heading:
> >  --- A note on GPL versions
> >
> >  BusyBox is distributed under version 2 of the General Public License (included
> >  in its entirety, below).  Version 2 is the only version of this license which
> >  this version of BusyBox (or modified versions derived from this one) may be
> >  distributed under.
> >
> >  ------------------------------------------------------------------------
> >  		GNU GENERAL PUBLIC LICENSE
> >  		Version 2, June 1991
> 
> That looks clear, but many source files seem to disagree:
> $ head coreutils/uname.c
> >   * Licensed under GPLv2 or later, see file LICENSE in this source tree.

What this means is that the work as a whole is available under the GPLv2,
but that if you use individual files out-side of busybox, you can use that
file under the license that is specified (IANAL!).

From the buildroot perspective, busybox is GPLv2.

> I checked four packages in detail, and two of them have an unclear choice of
> GPL version. I can't stand any more headache tonight, and I'm not sure I'll
> have more luck with other packages. This is so frustrating...

Not sure? Use 'unknown'. This can be refined at a later stage, if need be.

A package with no license specified in the $(PKG)_LICENSE should default
to 'unknown', to draw attention.

IMNSHO, it is highly preferrable for the buildroot community to be
conservative on this point, and in case there is ambiguity, default to
'unknown', and let a lawyer do his/her work. ;-)

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [RFC v2 16/31] linux: define license

[Yann E. MORIN]

On Monday 16 April 2012 23:38:49 Yann E. MORIN wrote:
> And what is import, is not [...]

s/import/important/;  # Sigh. Sleepy...

YEM.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [RFC v2 16/31] linux: define license

[Thomas De Schampheleire]

On Mon, Apr 16, 2012 at 11:38 PM, Yann E. MORIN <yann.morin.1998@free.fr> wrote:
> Luca, Thomas, All,
>
> On Monday 16 April 2012 23:19:30 Luca Ceresoli wrote:
>> Thomas De Schampheleire wrote:
>> > I think the distinction GPLv2 / GPLv2+ / GPLv3 / GPLv3+ etc. is
>> > common, and can be reused.
>> > So I agree with Yann here.
>> Ouch, you're right guys. And so I went back to read the original licenses once
>> more...
>>
>> This is what the GPLv2 states (LGPLv2.0 is substantially equal):
>> > ?Each version is given a distinguishing version number. ?If the Program
>> > ?specifies a version number of this License which applies to it and "any
>> > ?later version", you have the option of following the terms and conditions
>> > ?either of that version or of any later version published by the Free
>> > ?Software Foundation. ?If the Program does not specify a version number of
>> > ?this License, you may choose any version ever published by the Free Software
>> > ?Foundation.
>
> And what is import, is not that the _license text_ says "or later", but if
> the _Program_ says "or later".
>
> The _Program_ could say that in every boilerplate texts, or in an accompanying
> file, or by anyother means.
>
>> So there are indeed three cases:
>> ? 1. the Program specifies a version -> ?GPLv2 only
>> ? 2. the Program specifies a version or "any later version" -> ?GPLv2+
>> ? 3. the Program does not specify a version -> ?how to name this, simply GPL?
>
> Yes, simply GPL. "GPL" by itself means "any version of the GPL", as it is
> written explicitly in the license text.
>
>> Let's take a real case: tslib.
>>
>> The source files in src/ state:
>> > ? * This file is placed under the LGPL. ?Please see the file
>> > ? * COPYING for more details.
>> and the COPYING file in the root tslib directory contains an LGPL v2.0
>> license. The Program does not explicitly specify a version, but a specific
>> version is present in COPYING. Is this case 1 or case 3? I think the comment
>> in the source file rules, but it's only a feeling.
>>
>> OTOH, most source files in tests/ state:
>> > ? * This file is placed under the GPL. ?Please see the file
>> > ? * COPYING for more details.
>> and there is no COPYING file carrying any GPL in the whole tslib distribution!
>> So this must be case 3 (and we must assume that GPL means GNU General Public
>> License, although a good lawyer may certainly prove it means any other thing
>> from http://en.wikipedia.org/wiki/GPL_%28disambiguation%29).
>>
>> This should be taken into account by Buildroot, which builds and installs both
>> the library and the test programs.
>
> What I would suggest in this case is to not specify any known license, but
> use a 'generic' text, such as:
> ?- unknown ? ?license is unknown
> ?- depends ? ?license depends on the options selected in the Program
>
> In all three cases, only a lawyer may decide what licensing terms apply to
> such a program. For the tslib specific case, I'd use 'unknown' (which should
> be the default if no license is explictly specified, anyway).
>
> In this case, the licensing manifest should be carefully analysed, and
> packages with unknown licenses carefully reviewed with help from a lawyer.
>
>> Another example: busybox.
>>
>> This is a messy as well. The LICENSE file carries this heading:
>> > ?--- A note on GPL versions
>> >
>> > ?BusyBox is distributed under version 2 of the General Public License (included
>> > ?in its entirety, below). ?Version 2 is the only version of this license which
>> > ?this version of BusyBox (or modified versions derived from this one) may be
>> > ?distributed under.
>> >
>> > ?------------------------------------------------------------------------
>> > ? ? ? ? ? ? GNU GENERAL PUBLIC LICENSE
>> > ? ? ? ? ? ? Version 2, June 1991
>>
>> That looks clear, but many source files seem to disagree:
>> $ head coreutils/uname.c
>> > ? * Licensed under GPLv2 or later, see file LICENSE in this source tree.
>
> What this means is that the work as a whole is available under the GPLv2,
> but that if you use individual files out-side of busybox, you can use that
> file under the license that is specified (IANAL!).
>
> From the buildroot perspective, busybox is GPLv2.
>
>> I checked four packages in detail, and two of them have an unclear choice of
>> GPL version. I can't stand any more headache tonight, and I'm not sure I'll
>> have more luck with other packages. This is so frustrating...
>
> Not sure? Use 'unknown'. This can be refined at a later stage, if need be.
>
> A package with no license specified in the $(PKG)_LICENSE should default
> to 'unknown', to draw attention.
>
> IMNSHO, it is highly preferrable for the buildroot community to be
> conservative on this point, and in case there is ambiguity, default to
> 'unknown', and let a lawyer do his/her work. ;-)

Ideally, we'd try to make sure that the upstream developers clarify
their license so as to remove the ambiguity. I think it is of benefit
to no-one that such ambiguities exist.

[Buildroot] [RFC v2 16/31] linux: define license

[Luca Ceresoli]

Yann E. MORIN:

>> Another example: busybox.
>>
>> This is a messy as well. The LICENSE file carries this heading:
>>>   --- A note on GPL versions
>>>
>>>   BusyBox is distributed under version 2 of the General Public License (included
>>>   in its entirety, below).  Version 2 is the only version of this license which
>>>   this version of BusyBox (or modified versions derived from this one) may be
>>>   distributed under.
>>>
>>>   ------------------------------------------------------------------------
>>>   		GNU GENERAL PUBLIC LICENSE
>>>   		Version 2, June 1991
>> That looks clear, but many source files seem to disagree:
>> $ head coreutils/uname.c
>>>    * Licensed under GPLv2 or later, see file LICENSE in this source tree.
> What this means is that the work as a whole is available under the GPLv2,
> but that if you use individual files out-side of busybox, you can use that
> file under the license that is specified (IANAL!).
>
>  From the buildroot perspective, busybox is GPLv2.

Is this your personal view or did you get such info from upstream?
I would not code in Buildroot any interpretation (even if from a trustworthy
expert) that does not come from upstream.

Luca

[Buildroot] [RFC v2 16/31] linux: define license

[Luca Ceresoli]

Thomas De Schampheleire wrote:

>>> I checked four packages in detail, and two of them have an unclear choice of
>>> GPL version. I can't stand any more headache tonight, and I'm not sure I'll
>>> have more luck with other packages. This is so frustrating...
>> Not sure? Use 'unknown'. This can be refined at a later stage, if need be.
>>
>> A package with no license specified in the $(PKG)_LICENSE should default
>> to 'unknown', to draw attention.
>>
>> IMNSHO, it is highly preferrable for the buildroot community to be
>> conservative on this point, and in case there is ambiguity, default to
>> 'unknown', and let a lawyer do his/her work. ;-)
> Ideally, we'd try to make sure that the upstream developers clarify
> their license so as to remove the ambiguity. I think it is of benefit
> to no-one that such ambiguities exist.
I agree with both of you. Getting things clarified from upstream is the best
thing. When this is impossible, a deep legal analysis is far out of the goals
of Buildroot.

Still, there are cases of packages whose licensing policy is clear but not
simple enough to fit into the narrow space of a csv file.
See the case of tslib: the library and a few examples are LGPL, other examples
are GPL.
In this case we might declare TSLIB_LICENSE = GPL + LGPL, but this is not
totally clear and not totally informative. So as Yann suggests it might be
better to give up and default to an "unknown" license.

Luca