[Question] How to handle GPLv3 packages?

[Question] How to handle GPLv3 packages?

[Måns]

Hi,

I cannot use GPLv3 packages in our image build. I am no legal expert
but from what I can understand most companies will not be able to
comply with this license without allowing the customer to compile and
deploy a new version of any GPLv3 package to the target. I know it is
possible to comply with this but we are using secure boot and have not
the time and probably no interest in setting up a solution for
allowing customers to be able to deploy GPLv3 packages on the target.
We are trying to make use of INCOMPATIBLE_LICENSE but that results in
several issues. We have made sure that we don't include GPLv3 in the
image build using a manual process but would like to use
INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
packages even if it is only part of the SDK and also for native
packages that are not part of the image build.

I cannot be the only one with this problem so how are other companies
solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
Are you setting up a parallel process for checking for any
incompatible licenses issues?

A more specific issue is that there are so many packages with bash
dependencies which are pulling in bash which is GPLv3 so how have you
solved that? Currently we have done some pretty uggly hacks which I am
not that happy with but we needed to keep it out of the image.

Thanks

Re: [yocto] [Question] How to handle GPLv3 packages?

[Alexander Kanavin]

I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
enable gpl3 ban only in the images that ship to the customers and not
across the entire build. Then carefully look at what pulls in bash
into those images and why, and reconfigure those pieces to not do that
(e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
posix shell.

Alex

On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
>
> Hi,
>
> I cannot use GPLv3 packages in our image build. I am no legal expert
> but from what I can understand most companies will not be able to
> comply with this license without allowing the customer to compile and
> deploy a new version of any GPLv3 package to the target. I know it is
> possible to comply with this but we are using secure boot and have not
> the time and probably no interest in setting up a solution for
> allowing customers to be able to deploy GPLv3 packages on the target.
> We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> several issues. We have made sure that we don't include GPLv3 in the
> image build using a manual process but would like to use
> INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> packages even if it is only part of the SDK and also for native
> packages that are not part of the image build.
>
> I cannot be the only one with this problem so how are other companies
> solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> Are you setting up a parallel process for checking for any
> incompatible licenses issues?
>
> A more specific issue is that there are so many packages with bash
> dependencies which are pulling in bash which is GPLv3 so how have you
> solved that? Currently we have done some pretty uggly hacks which I am
> not that happy with but we needed to keep it out of the image.
>
> Thanks
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [yocto] [Question] How to handle GPLv3 packages?

[Ross Burton]

On Wed, 6 Apr 2022 at 09:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> A more specific issue is that there are so many packages with bash
> dependencies which are pulling in bash which is GPLv3 so how have you
> solved that? Currently we have done some pretty uggly hacks which I am
> not that happy with but we needed to keep it out of the image.

As you're not naming recipes it is hard to offer concrete advice, but
I will note that a large percentage of the bash dependencies in
oe-core are specific to the ptest packages. If you don't need those
then you can turn off the ptest DISTRO_FEATURE.

Ross

Re: [yocto] [Question] How to handle GPLv3 packages?

[Mikko.Rapeli]

Hi

I set INCOMPATIBLE_LICENSE_append = " GPLv3 GPLv3+ LGPLv3 LGPLv3+"
but then allow compiling several recipes with those licenses as long
as they don't end up on images and in the product. For example:

...
WHITELIST_GPL-3.0+ += "cairo"
PACKAGE_EXCLUDE += "cairo-src cairo-dbg cairo-perf-utils cairo-staticdev cairo-locale"

WHITELIST_GPL-3.0 += "binutils"
PACKAGE_EXCLUDE += "binutils-dbg binutils-staticdev binutils-dev binutils-doc binutils-locale libbfd binutils"

WHITELIST_GPL-3.0 += "gdb"
PACKAGE_EXCLUDE += "gdb-sdktests-dbg gdb-sdktests gdbserver gdb-dbg gdb-staticdev gdb-dev gdb-doc gdb-locale gdb"
...

I do this in the distro config.

Results works but you may need to revisit several recipes and detect where exactly
the GPLv3 license is being used.

bash dependency is annoying but products can be made without. Same for GNU readline
support.

These are much work and better then using meta-gplv2 with its unmaintained SW
versions.

Would be nice to collaborate in yocto upstream on a build config which disables most
GPLv3 packages from rootfs but keeps the development tools etc working in
the SDK.

Cheers,

-Mikko

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

Thanks all for your quick response. You have given me something to
think of so I will look into it to see if some of my issues are
related to the way we have set things up. I will post my findings once
I have gone through your comments to see if we could use it in our
build.

Thanks

Den ons 6 apr. 2022 kl 11:23 skrev <Mikko.Rapeli@bmw.de>:
>
> Hi
>
> I set INCOMPATIBLE_LICENSE_append = " GPLv3 GPLv3+ LGPLv3 LGPLv3+"
> but then allow compiling several recipes with those licenses as long
> as they don't end up on images and in the product. For example:
>
> ...
> WHITELIST_GPL-3.0+ += "cairo"
> PACKAGE_EXCLUDE += "cairo-src cairo-dbg cairo-perf-utils cairo-staticdev cairo-locale"
>
> WHITELIST_GPL-3.0 += "binutils"
> PACKAGE_EXCLUDE += "binutils-dbg binutils-staticdev binutils-dev binutils-doc binutils-locale libbfd binutils"
>
> WHITELIST_GPL-3.0 += "gdb"
> PACKAGE_EXCLUDE += "gdb-sdktests-dbg gdb-sdktests gdbserver gdb-dbg gdb-staticdev gdb-dev gdb-doc gdb-locale gdb"
> ...
>
> I do this in the distro config.
>
> Results works but you may need to revisit several recipes and detect where exactly
> the GPLv3 license is being used.
>
> bash dependency is annoying but products can be made without. Same for GNU readline
> support.
>
> These are much work and better then using meta-gplv2 with its unmaintained SW
> versions.
>
> Would be nice to collaborate in yocto upstream on a build config which disables most
> GPLv3 packages from rootfs but keeps the development tools etc working in
> the SDK.
>
> Cheers,
>
> -Mikko

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

Hi Alex,

Could you maybe clarify what you mean with "setting
INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
specific image that is used when you build an image for release to the
customer and then one image for development?

Thanks

Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
>
> I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> enable gpl3 ban only in the images that ship to the customers and not
> across the entire build. Then carefully look at what pulls in bash
> into those images and why, and reconfigure those pieces to not do that
> (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> posix shell.
>
> Alex
>
> On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> >
> > Hi,
> >
> > I cannot use GPLv3 packages in our image build. I am no legal expert
> > but from what I can understand most companies will not be able to
> > comply with this license without allowing the customer to compile and
> > deploy a new version of any GPLv3 package to the target. I know it is
> > possible to comply with this but we are using secure boot and have not
> > the time and probably no interest in setting up a solution for
> > allowing customers to be able to deploy GPLv3 packages on the target.
> > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > several issues. We have made sure that we don't include GPLv3 in the
> > image build using a manual process but would like to use
> > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > packages even if it is only part of the SDK and also for native
> > packages that are not part of the image build.
> >
> > I cannot be the only one with this problem so how are other companies
> > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > Are you setting up a parallel process for checking for any
> > incompatible licenses issues?
> >
> > A more specific issue is that there are so many packages with bash
> > dependencies which are pulling in bash which is GPLv3 so how have you
> > solved that? Currently we have done some pretty uggly hacks which I am
> > not that happy with but we needed to keep it out of the image.
> >
> > Thanks
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> > Group Owner: yocto+owner@lists.yoctoproject.org
> > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >

Re: [yocto] [Question] How to handle GPLv3 packages?

[Alexander Kanavin]

Hello Mans,

please refer to the tests we have for the feature:
https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
(line 95 and below)

The key bit is:
INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
e.g. apply the restriction only to core-image-minimal.

Alex

On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
>
> Hi Alex,
>
> Could you maybe clarify what you mean with "setting
> INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> specific image that is used when you build an image for release to the
> customer and then one image for development?
>
> Thanks
>
> Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> >
> > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > enable gpl3 ban only in the images that ship to the customers and not
> > across the entire build. Then carefully look at what pulls in bash
> > into those images and why, and reconfigure those pieces to not do that
> > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > posix shell.
> >
> > Alex
> >
> > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > but from what I can understand most companies will not be able to
> > > comply with this license without allowing the customer to compile and
> > > deploy a new version of any GPLv3 package to the target. I know it is
> > > possible to comply with this but we are using secure boot and have not
> > > the time and probably no interest in setting up a solution for
> > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > several issues. We have made sure that we don't include GPLv3 in the
> > > image build using a manual process but would like to use
> > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > packages even if it is only part of the SDK and also for native
> > > packages that are not part of the image build.
> > >
> > > I cannot be the only one with this problem so how are other companies
> > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > Are you setting up a parallel process for checking for any
> > > incompatible licenses issues?
> > >
> > > A more specific issue is that there are so many packages with bash
> > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > solved that? Currently we have done some pretty uggly hacks which I am
> > > not that happy with but we needed to keep it out of the image.
> > >
> > > Thanks
> > >
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > > Links: You receive all messages sent to this group.
> > > View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> > > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> > > Group Owner: yocto+owner@lists.yoctoproject.org
> > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > >

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

Hi Ross,

We don't have a ptest set in DISTRO_FEATURE so if that is the only way
to pull in ptest I would say that is the reason for us at least on why
there are so many bash dependencies.
One recipe that I am looking into right now is util-linux which does
have package util-linux-bash-completion but even the package
util-linux seems to depend on bash and bash-completion when
checking the dependencies by running bitbake -g util-linux and bitbake
-g <image>. It is not clear why the package util-linux depends on bash
and bash-completion. I have other recipes where it is also
not obvious to me why they have a dependency to bash and
bash-completion. One such recipe is a recipe that we have created and
the only content in the package produced is a script and the script
only has #!/bin/sh so not sure where this bash and bash-completion
comes from it is not something we have added so maybe we have some
underlying issue here that results in so many dependencies to
bash and bash-completion. We have not set up this system ourselves,
instead one of the HW suppliers starting with a Q ending with COMM
which I must say I am not that impressed with has supplied the
base that we are building on.

Thanks for your help anyway.


Den ons 6 apr. 2022 kl 11:11 skrev Ross Burton <ross@burtonini.com>:
>
> On Wed, 6 Apr 2022 at 09:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > A more specific issue is that there are so many packages with bash
> > dependencies which are pulling in bash which is GPLv3 so how have you
> > solved that? Currently we have done some pretty uggly hacks which I am
> > not that happy with but we needed to keep it out of the image.
>
> As you're not naming recipes it is hard to offer concrete advice, but
> I will note that a large percentage of the bash dependencies in
> oe-core are specific to the ptest packages. If you don't need those
> then you can turn off the ptest DISTRO_FEATURE.
>
> Ross

Re: [yocto] [Question] How to handle GPLv3 packages?

[Alexander Kanavin]

Qualcomm is notorious for the poor quality of their layers. Just tell
the management that they created this situation, and they should be
held responsible for delaying whatever product you have to ship.

Alex

On Fri, 8 Apr 2022 at 10:18, Mans Zigher <mans.zigher@gmail.com> wrote:
>
> Hi Ross,
>
> We don't have a ptest set in DISTRO_FEATURE so if that is the only way
> to pull in ptest I would say that is the reason for us at least on why
> there are so many bash dependencies.
> One recipe that I am looking into right now is util-linux which does
> have package util-linux-bash-completion but even the package
> util-linux seems to depend on bash and bash-completion when
> checking the dependencies by running bitbake -g util-linux and bitbake
> -g <image>. It is not clear why the package util-linux depends on bash
> and bash-completion. I have other recipes where it is also
> not obvious to me why they have a dependency to bash and
> bash-completion. One such recipe is a recipe that we have created and
> the only content in the package produced is a script and the script
> only has #!/bin/sh so not sure where this bash and bash-completion
> comes from it is not something we have added so maybe we have some
> underlying issue here that results in so many dependencies to
> bash and bash-completion. We have not set up this system ourselves,
> instead one of the HW suppliers starting with a Q ending with COMM
> which I must say I am not that impressed with has supplied the
> base that we are building on.
>
> Thanks for your help anyway.
>
>
> Den ons 6 apr. 2022 kl 11:11 skrev Ross Burton <ross@burtonini.com>:
> >
> > On Wed, 6 Apr 2022 at 09:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > A more specific issue is that there are so many packages with bash
> > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > solved that? Currently we have done some pretty uggly hacks which I am
> > > not that happy with but we needed to keep it out of the image.
> >
> > As you're not naming recipes it is hard to offer concrete advice, but
> > I will note that a large percentage of the bash dependencies in
> > oe-core are specific to the ptest packages. If you don't need those
> > then you can turn off the ptest DISTRO_FEATURE.
> >
> > Ross
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#56690): https://lists.yoctoproject.org/g/yocto/message/56690
> Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [yocto] [Question] How to handle GPLv3 packages?

[Mikko.Rapeli]

Hi,

On Fri, Apr 08, 2022 at 10:18:22AM +0200, Mans Zigher wrote:
> Hi Ross,
> 
> We don't have a ptest set in DISTRO_FEATURE so if that is the only way
> to pull in ptest I would say that is the reason for us at least on why
> there are so many bash dependencies.
> One recipe that I am looking into right now is util-linux which does
> have package util-linux-bash-completion but even the package
> util-linux seems to depend on bash and bash-completion when

util-linux is a meta package. Install the needed util-linux utilities separately,
e.g. util-linux-mount, util-linux-umount. Also ptest you can build as distro
feature if you don't install ptest packages into images. I do that.
And then during testing, I install the ptest packages and dependencies to
the plain non-GPLv3 target to execute the tests.

> checking the dependencies by running bitbake -g util-linux and bitbake
> -g <image>. It is not clear why the package util-linux depends on bash
> and bash-completion. I have other recipes where it is also
> not obvious to me why they have a dependency to bash and
> bash-completion. One such recipe is a recipe that we have created and
> the only content in the package produced is a script and the script
> only has #!/bin/sh so not sure where this bash and bash-completion
> comes from it is not something we have added so maybe we have some
> underlying issue here that results in so many dependencies to
> bash and bash-completion. We have not set up this system ourselves,
> instead one of the HW suppliers starting with a Q ending with COMM
> which I must say I am not that impressed with has supplied the
> base that we are building on.

Qualcomm, I know that one :( As integrator for a product
you must minimize the impact of the BSP SW delivery and thus allow only
bootloader, kernel and low level libraries to be compiled using the
BSP vendor delivery, e.g. their meta layers. I BBMASK away most of their
high level SW changes, e.g. systemd and other odd patches which I don't need.

Cheers,

-Mikko

Re: [yocto] [Question] How to handle GPLv3 packages?

[Alexander Kanavin]

On Fri, 8 Apr 2022 at 10:32, Mikko Rapeli <mikko.rapeli@bmw.de> wrote:
> Qualcomm, I know that one :( As integrator for a product
> you must minimize the impact of the BSP SW delivery and thus allow only
> bootloader, kernel and low level libraries to be compiled using the
> BSP vendor delivery, e.g. their meta layers. I BBMASK away most of their
> high level SW changes, e.g. systemd and other odd patches which I don't need.

At Daimler, I put my foot down, and forced them to cleanly rewrite the
BSP into an actual BSP layer before we would set up official builds
with it. It took several months, but eventually we got there.

Alex

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

Yes I did something similar initially using BBMASK to minimize the
build and in the end requesting them to supply a more minimal build
setup. The end result was not a pure BSP layer because we needed some
other things to be able to use other parts of the HW. We could
probably have done that our self but did not really have the time to
set up our own solution for it.

Mans

Den fre 8 apr. 2022 kl 11:22 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
>
> On Fri, 8 Apr 2022 at 10:32, Mikko Rapeli <mikko.rapeli@bmw.de> wrote:
> > Qualcomm, I know that one :( As integrator for a product
> > you must minimize the impact of the BSP SW delivery and thus allow only
> > bootloader, kernel and low level libraries to be compiled using the
> > BSP vendor delivery, e.g. their meta layers. I BBMASK away most of their
> > high level SW changes, e.g. systemd and other odd patches which I don't need.
>
> At Daimler, I put my foot down, and forced them to cleanly rewrite the
> BSP into an actual BSP layer before we would set up official builds
> with it. It took several months, but eventually we got there.
>
> Alex

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

I am currently on Thud so I am missing the support from what I can
tell to set INCOMPATIBLE_LICENSE per image. I have tried to find the
commit that adds that support but am having some problems finding it.
Do you maybe know what I should look for to find the commit that adds
this support?

Thanks

Den fre 8 apr. 2022 kl 10:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
>
> Hello Mans,
>
> please refer to the tests we have for the feature:
> https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
> (line 95 and below)
>
> The key bit is:
> INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
> e.g. apply the restriction only to core-image-minimal.
>
> Alex
>
> On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
> >
> > Hi Alex,
> >
> > Could you maybe clarify what you mean with "setting
> > INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> > specific image that is used when you build an image for release to the
> > customer and then one image for development?
> >
> > Thanks
> >
> > Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > >
> > > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > > enable gpl3 ban only in the images that ship to the customers and not
> > > across the entire build. Then carefully look at what pulls in bash
> > > into those images and why, and reconfigure those pieces to not do that
> > > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > > posix shell.
> > >
> > > Alex
> > >
> > > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > > but from what I can understand most companies will not be able to
> > > > comply with this license without allowing the customer to compile and
> > > > deploy a new version of any GPLv3 package to the target. I know it is
> > > > possible to comply with this but we are using secure boot and have not
> > > > the time and probably no interest in setting up a solution for
> > > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > > several issues. We have made sure that we don't include GPLv3 in the
> > > > image build using a manual process but would like to use
> > > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > > packages even if it is only part of the SDK and also for native
> > > > packages that are not part of the image build.
> > > >
> > > > I cannot be the only one with this problem so how are other companies
> > > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > > Are you setting up a parallel process for checking for any
> > > > incompatible licenses issues?
> > > >
> > > > A more specific issue is that there are so many packages with bash
> > > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > > solved that? Currently we have done some pretty uggly hacks which I am
> > > > not that happy with but we needed to keep it out of the image.
> > > >
> > > > Thanks
> > > >
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > Links: You receive all messages sent to this group.
> > > > View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> > > > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> > > > Group Owner: yocto+owner@lists.yoctoproject.org
> > > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > >

Re: [yocto] [Question] How to handle GPLv3 packages?

[Alexander Kanavin]

Thud has been EOL for a long time. You can see when the support been
added here (end of 2019 it seems):
https://git.yoctoproject.org/poky/log/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next

Alex

On Fri, 8 Apr 2022 at 18:56, Måns <mans.zigher@gmail.com> wrote:
>
> I am currently on Thud so I am missing the support from what I can
> tell to set INCOMPATIBLE_LICENSE per image. I have tried to find the
> commit that adds that support but am having some problems finding it.
> Do you maybe know what I should look for to find the commit that adds
> this support?
>
> Thanks
>
> Den fre 8 apr. 2022 kl 10:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> >
> > Hello Mans,
> >
> > please refer to the tests we have for the feature:
> > https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
> > (line 95 and below)
> >
> > The key bit is:
> > INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
> > e.g. apply the restriction only to core-image-minimal.
> >
> > Alex
> >
> > On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
> > >
> > > Hi Alex,
> > >
> > > Could you maybe clarify what you mean with "setting
> > > INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> > > specific image that is used when you build an image for release to the
> > > customer and then one image for development?
> > >
> > > Thanks
> > >
> > > Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > >
> > > > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > > > enable gpl3 ban only in the images that ship to the customers and not
> > > > across the entire build. Then carefully look at what pulls in bash
> > > > into those images and why, and reconfigure those pieces to not do that
> > > > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > > > posix shell.
> > > >
> > > > Alex
> > > >
> > > > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > > > but from what I can understand most companies will not be able to
> > > > > comply with this license without allowing the customer to compile and
> > > > > deploy a new version of any GPLv3 package to the target. I know it is
> > > > > possible to comply with this but we are using secure boot and have not
> > > > > the time and probably no interest in setting up a solution for
> > > > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > > > several issues. We have made sure that we don't include GPLv3 in the
> > > > > image build using a manual process but would like to use
> > > > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > > > packages even if it is only part of the SDK and also for native
> > > > > packages that are not part of the image build.
> > > > >
> > > > > I cannot be the only one with this problem so how are other companies
> > > > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > > > Are you setting up a parallel process for checking for any
> > > > > incompatible licenses issues?
> > > > >
> > > > > A more specific issue is that there are so many packages with bash
> > > > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > > > solved that? Currently we have done some pretty uggly hacks which I am
> > > > > not that happy with but we needed to keep it out of the image.
> > > > >
> > > > > Thanks
> > > > >
> > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > Links: You receive all messages sent to this group.
> > > > > View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> > > > > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> > > > > Group Owner: yocto+owner@lists.yoctoproject.org
> > > > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > >

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

Yes I know. Not sure why QC is stuck on Thud. Even newer releases from
QC for the target that we are working on is stuck at Thud.

Mans

Den fre 8 apr. 2022 kl 18:59 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
>
> Thud has been EOL for a long time. You can see when the support been
> added here (end of 2019 it seems):
> https://git.yoctoproject.org/poky/log/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next
>
> Alex
>
> On Fri, 8 Apr 2022 at 18:56, Måns <mans.zigher@gmail.com> wrote:
> >
> > I am currently on Thud so I am missing the support from what I can
> > tell to set INCOMPATIBLE_LICENSE per image. I have tried to find the
> > commit that adds that support but am having some problems finding it.
> > Do you maybe know what I should look for to find the commit that adds
> > this support?
> >
> > Thanks
> >
> > Den fre 8 apr. 2022 kl 10:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > >
> > > Hello Mans,
> > >
> > > please refer to the tests we have for the feature:
> > > https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
> > > (line 95 and below)
> > >
> > > The key bit is:
> > > INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
> > > e.g. apply the restriction only to core-image-minimal.
> > >
> > > Alex
> > >
> > > On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
> > > >
> > > > Hi Alex,
> > > >
> > > > Could you maybe clarify what you mean with "setting
> > > > INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> > > > specific image that is used when you build an image for release to the
> > > > customer and then one image for development?
> > > >
> > > > Thanks
> > > >
> > > > Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > >
> > > > > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > > > > enable gpl3 ban only in the images that ship to the customers and not
> > > > > across the entire build. Then carefully look at what pulls in bash
> > > > > into those images and why, and reconfigure those pieces to not do that
> > > > > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > > > > posix shell.
> > > > >
> > > > > Alex
> > > > >
> > > > > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > > > > but from what I can understand most companies will not be able to
> > > > > > comply with this license without allowing the customer to compile and
> > > > > > deploy a new version of any GPLv3 package to the target. I know it is
> > > > > > possible to comply with this but we are using secure boot and have not
> > > > > > the time and probably no interest in setting up a solution for
> > > > > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > > > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > > > > several issues. We have made sure that we don't include GPLv3 in the
> > > > > > image build using a manual process but would like to use
> > > > > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > > > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > > > > packages even if it is only part of the SDK and also for native
> > > > > > packages that are not part of the image build.
> > > > > >
> > > > > > I cannot be the only one with this problem so how are other companies
> > > > > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > > > > Are you setting up a parallel process for checking for any
> > > > > > incompatible licenses issues?
> > > > > >
> > > > > > A more specific issue is that there are so many packages with bash
> > > > > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > > > > solved that? Currently we have done some pretty uggly hacks which I am
> > > > > > not that happy with but we needed to keep it out of the image.
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > > Links: You receive all messages sent to this group.
> > > > > > View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> > > > > > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> > > > > > Group Owner: yocto+owner@lists.yoctoproject.org
> > > > > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> > > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > >

Re: [yocto] [Question] How to handle GPLv3 packages?

[Alexander Kanavin]

It's a contracting issue. You need to specify in writing that the
vendor cannot provide ancient Yocto. Otherwise they won't bother.

Alex

On Mon, 11 Apr 2022 at 09:13, Måns <mans.zigher@gmail.com> wrote:
>
> Yes I know. Not sure why QC is stuck on Thud. Even newer releases from
> QC for the target that we are working on is stuck at Thud.
>
> Mans
>
> Den fre 8 apr. 2022 kl 18:59 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> >
> > Thud has been EOL for a long time. You can see when the support been
> > added here (end of 2019 it seems):
> > https://git.yoctoproject.org/poky/log/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next
> >
> > Alex
> >
> > On Fri, 8 Apr 2022 at 18:56, Måns <mans.zigher@gmail.com> wrote:
> > >
> > > I am currently on Thud so I am missing the support from what I can
> > > tell to set INCOMPATIBLE_LICENSE per image. I have tried to find the
> > > commit that adds that support but am having some problems finding it.
> > > Do you maybe know what I should look for to find the commit that adds
> > > this support?
> > >
> > > Thanks
> > >
> > > Den fre 8 apr. 2022 kl 10:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > >
> > > > Hello Mans,
> > > >
> > > > please refer to the tests we have for the feature:
> > > > https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
> > > > (line 95 and below)
> > > >
> > > > The key bit is:
> > > > INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
> > > > e.g. apply the restriction only to core-image-minimal.
> > > >
> > > > Alex
> > > >
> > > > On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
> > > > >
> > > > > Hi Alex,
> > > > >
> > > > > Could you maybe clarify what you mean with "setting
> > > > > INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> > > > > specific image that is used when you build an image for release to the
> > > > > customer and then one image for development?
> > > > >
> > > > > Thanks
> > > > >
> > > > > Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > > >
> > > > > > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > > > > > enable gpl3 ban only in the images that ship to the customers and not
> > > > > > across the entire build. Then carefully look at what pulls in bash
> > > > > > into those images and why, and reconfigure those pieces to not do that
> > > > > > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > > > > > posix shell.
> > > > > >
> > > > > > Alex
> > > > > >
> > > > > > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > > > > > but from what I can understand most companies will not be able to
> > > > > > > comply with this license without allowing the customer to compile and
> > > > > > > deploy a new version of any GPLv3 package to the target. I know it is
> > > > > > > possible to comply with this but we are using secure boot and have not
> > > > > > > the time and probably no interest in setting up a solution for
> > > > > > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > > > > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > > > > > several issues. We have made sure that we don't include GPLv3 in the
> > > > > > > image build using a manual process but would like to use
> > > > > > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > > > > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > > > > > packages even if it is only part of the SDK and also for native
> > > > > > > packages that are not part of the image build.
> > > > > > >
> > > > > > > I cannot be the only one with this problem so how are other companies
> > > > > > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > > > > > Are you setting up a parallel process for checking for any
> > > > > > > incompatible licenses issues?
> > > > > > >
> > > > > > > A more specific issue is that there are so many packages with bash
> > > > > > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > > > > > solved that? Currently we have done some pretty uggly hacks which I am
> > > > > > > not that happy with but we needed to keep it out of the image.
> > > > > > >
> > > > > > > Thanks
> > > > > > >
> > > > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > > > Links: You receive all messages sent to this group.
> > > > > > > View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> > > > > > > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> > > > > > > Group Owner: yocto+owner@lists.yoctoproject.org
> > > > > > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> > > > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > > >

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

This is my first time working with them so I am learning a lot but
never encountered anything like it. Trying to look into what it would
require to move to a newer version it appears as if they have set up
their layers inside the poky dir and then they are using COREBASE when
one layer depends on the content of another layer. So again something
that should have been fairly simple will now require some additional
work. But thanks for all your help I appreciate it. I am getting a bit
off topic in this thread.

For anyone having issues with enabling INCOMPATIBLE_LICENSE make sure
to set it per image but before that you will have to make sure you are
not including any packages that have the incompatible license there is
some tedious work but it needs to be done.

Thanks

Den mån 11 apr. 2022 kl 09:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
>
> It's a contracting issue. You need to specify in writing that the
> vendor cannot provide ancient Yocto. Otherwise they won't bother.
>
> Alex
>
> On Mon, 11 Apr 2022 at 09:13, Måns <mans.zigher@gmail.com> wrote:
> >
> > Yes I know. Not sure why QC is stuck on Thud. Even newer releases from
> > QC for the target that we are working on is stuck at Thud.
> >
> > Mans
> >
> > Den fre 8 apr. 2022 kl 18:59 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > >
> > > Thud has been EOL for a long time. You can see when the support been
> > > added here (end of 2019 it seems):
> > > https://git.yoctoproject.org/poky/log/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next
> > >
> > > Alex
> > >
> > > On Fri, 8 Apr 2022 at 18:56, Måns <mans.zigher@gmail.com> wrote:
> > > >
> > > > I am currently on Thud so I am missing the support from what I can
> > > > tell to set INCOMPATIBLE_LICENSE per image. I have tried to find the
> > > > commit that adds that support but am having some problems finding it.
> > > > Do you maybe know what I should look for to find the commit that adds
> > > > this support?
> > > >
> > > > Thanks
> > > >
> > > > Den fre 8 apr. 2022 kl 10:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > >
> > > > > Hello Mans,
> > > > >
> > > > > please refer to the tests we have for the feature:
> > > > > https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
> > > > > (line 95 and below)
> > > > >
> > > > > The key bit is:
> > > > > INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
> > > > > e.g. apply the restriction only to core-image-minimal.
> > > > >
> > > > > Alex
> > > > >
> > > > > On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
> > > > > >
> > > > > > Hi Alex,
> > > > > >
> > > > > > Could you maybe clarify what you mean with "setting
> > > > > > INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> > > > > > specific image that is used when you build an image for release to the
> > > > > > customer and then one image for development?
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > > > >
> > > > > > > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > > > > > > enable gpl3 ban only in the images that ship to the customers and not
> > > > > > > across the entire build. Then carefully look at what pulls in bash
> > > > > > > into those images and why, and reconfigure those pieces to not do that
> > > > > > > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > > > > > > posix shell.
> > > > > > >
> > > > > > > Alex
> > > > > > >
> > > > > > > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > > > > > > but from what I can understand most companies will not be able to
> > > > > > > > comply with this license without allowing the customer to compile and
> > > > > > > > deploy a new version of any GPLv3 package to the target. I know it is
> > > > > > > > possible to comply with this but we are using secure boot and have not
> > > > > > > > the time and probably no interest in setting up a solution for
> > > > > > > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > > > > > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > > > > > > several issues. We have made sure that we don't include GPLv3 in the
> > > > > > > > image build using a manual process but would like to use
> > > > > > > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > > > > > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > > > > > > packages even if it is only part of the SDK and also for native
> > > > > > > > packages that are not part of the image build.
> > > > > > > >
> > > > > > > > I cannot be the only one with this problem so how are other companies
> > > > > > > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > > > > > > Are you setting up a parallel process for checking for any
> > > > > > > > incompatible licenses issues?
> > > > > > > >
> > > > > > > > A more specific issue is that there are so many packages with bash
> > > > > > > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > > > > > > solved that? Currently we have done some pretty uggly hacks which I am
> > > > > > > > not that happy with but we needed to keep it out of the image.
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > >
> > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > > > > Links: You receive all messages sent to this group.
> > > > > > > > View/Reply Online (#56672): https://lists.yoctoproject.org/g/yocto/message/56672
> > > > > > > > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1686489
> > > > > > > > Group Owner: yocto+owner@lists.yoctoproject.org
> > > > > > > > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [alex.kanavin@gmail.com]
> > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-
> > > > > > > >

Re: [yocto] [Question] How to handle GPLv3 packages?

[Khem Raj]

On Mon, Apr 11, 2022 at 1:29 AM Mans Zigher <mans.zigher@gmail.com> wrote:
>
> This is my first time working with them so I am learning a lot but
> never encountered anything like it. Trying to look into what it would
> require to move to a newer version it appears as if they have set up
> their layers inside the poky dir and then they are using COREBASE when
> one layer depends on the content of another layer. So again something
> that should have been fairly simple will now require some additional
> work. But thanks for all your help I appreciate it. I am getting a bit
> off topic in this thread.

This will be valiant effort but my advice is don't go alone if you
want to undertake this
SOC sdks have lot of nitty gritty issues that will pop up along the
way and unless you
have someone from SOC suppliers actively supporting you on this upgrade you will
burn your time to no end.

>
> For anyone having issues with enabling INCOMPATIBLE_LICENSE make sure
> to set it per image but before that you will have to make sure you are
> not including any packages that have the incompatible license there is
> some tedious work but it needs to be done.

Perhaps a write-up will be beneficial for someone who trips into these
issues in future.

>
> Thanks
>
> Den mån 11 apr. 2022 kl 09:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> >
> > It's a contracting issue. You need to specify in writing that the
> > vendor cannot provide ancient Yocto. Otherwise they won't bother.
> >
> > Alex
> >
> > On Mon, 11 Apr 2022 at 09:13, Måns <mans.zigher@gmail.com> wrote:
> > >
> > > Yes I know. Not sure why QC is stuck on Thud. Even newer releases from
> > > QC for the target that we are working on is stuck at Thud.
> > >
> > > Mans
> > >
> > > Den fre 8 apr. 2022 kl 18:59 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > >
> > > > Thud has been EOL for a long time. You can see when the support been
> > > > added here (end of 2019 it seems):
> > > > https://git.yoctoproject.org/poky/log/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next
> > > >
> > > > Alex
> > > >
> > > > On Fri, 8 Apr 2022 at 18:56, Måns <mans.zigher@gmail.com> wrote:
> > > > >
> > > > > I am currently on Thud so I am missing the support from what I can
> > > > > tell to set INCOMPATIBLE_LICENSE per image. I have tried to find the
> > > > > commit that adds that support but am having some problems finding it.
> > > > > Do you maybe know what I should look for to find the commit that adds
> > > > > this support?
> > > > >
> > > > > Thanks
> > > > >
> > > > > Den fre 8 apr. 2022 kl 10:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > > >
> > > > > > Hello Mans,
> > > > > >
> > > > > > please refer to the tests we have for the feature:
> > > > > > https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
> > > > > > (line 95 and below)
> > > > > >
> > > > > > The key bit is:
> > > > > > INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
> > > > > > e.g. apply the restriction only to core-image-minimal.
> > > > > >
> > > > > > Alex
> > > > > >
> > > > > > On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
> > > > > > >
> > > > > > > Hi Alex,
> > > > > > >
> > > > > > > Could you maybe clarify what you mean with "setting
> > > > > > > INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> > > > > > > specific image that is used when you build an image for release to the
> > > > > > > customer and then one image for development?
> > > > > > >
> > > > > > > Thanks
> > > > > > >
> > > > > > > Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > > > > >
> > > > > > > > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > > > > > > > enable gpl3 ban only in the images that ship to the customers and not
> > > > > > > > across the entire build. Then carefully look at what pulls in bash
> > > > > > > > into those images and why, and reconfigure those pieces to not do that
> > > > > > > > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > > > > > > > posix shell.
> > > > > > > >
> > > > > > > > Alex
> > > > > > > >
> > > > > > > > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > > > > > > >
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > > > > > > > but from what I can understand most companies will not be able to
> > > > > > > > > comply with this license without allowing the customer to compile and
> > > > > > > > > deploy a new version of any GPLv3 package to the target. I know it is
> > > > > > > > > possible to comply with this but we are using secure boot and have not
> > > > > > > > > the time and probably no interest in setting up a solution for
> > > > > > > > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > > > > > > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > > > > > > > several issues. We have made sure that we don't include GPLv3 in the
> > > > > > > > > image build using a manual process but would like to use
> > > > > > > > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > > > > > > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > > > > > > > packages even if it is only part of the SDK and also for native
> > > > > > > > > packages that are not part of the image build.
> > > > > > > > >
> > > > > > > > > I cannot be the only one with this problem so how are other companies
> > > > > > > > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > > > > > > > Are you setting up a parallel process for checking for any
> > > > > > > > > incompatible licenses issues?
> > > > > > > > >
> > > > > > > > > A more specific issue is that there are so many packages with bash
> > > > > > > > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > > > > > > > solved that? Currently we have done some pretty uggly hacks which I am
> > > > > > > > > not that happy with but we needed to keep it out of the image.
> > > > > > > > >
> > > > > > > > > Thanks
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> You automatically follow any topics you start or reply to.
> View/Reply Online (#56717): https://lists.yoctoproject.org/g/yocto/message/56717
> Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1997914
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [yocto] [Question] How to handle GPLv3 packages?

[Måns]

Hi,

Thanks for the advice. I am right now unsure how to solve it since I
am on thud but I will continue to work on this so once I get this done
and I have a solution that works I will try and remember to come back
and try to write something together for anyone else encountering this
issue.

/Måns

Den mån 11 apr. 2022 kl 18:20 skrev Khem Raj <raj.khem@gmail.com>:
>
> On Mon, Apr 11, 2022 at 1:29 AM Mans Zigher <mans.zigher@gmail.com> wrote:
> >
> > This is my first time working with them so I am learning a lot but
> > never encountered anything like it. Trying to look into what it would
> > require to move to a newer version it appears as if they have set up
> > their layers inside the poky dir and then they are using COREBASE when
> > one layer depends on the content of another layer. So again something
> > that should have been fairly simple will now require some additional
> > work. But thanks for all your help I appreciate it. I am getting a bit
> > off topic in this thread.
>
> This will be valiant effort but my advice is don't go alone if you
> want to undertake this
> SOC sdks have lot of nitty gritty issues that will pop up along the
> way and unless you
> have someone from SOC suppliers actively supporting you on this upgrade you will
> burn your time to no end.
>
> >
> > For anyone having issues with enabling INCOMPATIBLE_LICENSE make sure
> > to set it per image but before that you will have to make sure you are
> > not including any packages that have the incompatible license there is
> > some tedious work but it needs to be done.
>
> Perhaps a write-up will be beneficial for someone who trips into these
> issues in future.
>
> >
> > Thanks
> >
> > Den mån 11 apr. 2022 kl 09:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > >
> > > It's a contracting issue. You need to specify in writing that the
> > > vendor cannot provide ancient Yocto. Otherwise they won't bother.
> > >
> > > Alex
> > >
> > > On Mon, 11 Apr 2022 at 09:13, Måns <mans.zigher@gmail.com> wrote:
> > > >
> > > > Yes I know. Not sure why QC is stuck on Thud. Even newer releases from
> > > > QC for the target that we are working on is stuck at Thud.
> > > >
> > > > Mans
> > > >
> > > > Den fre 8 apr. 2022 kl 18:59 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > >
> > > > > Thud has been EOL for a long time. You can see when the support been
> > > > > added here (end of 2019 it seems):
> > > > > https://git.yoctoproject.org/poky/log/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next
> > > > >
> > > > > Alex
> > > > >
> > > > > On Fri, 8 Apr 2022 at 18:56, Måns <mans.zigher@gmail.com> wrote:
> > > > > >
> > > > > > I am currently on Thud so I am missing the support from what I can
> > > > > > tell to set INCOMPATIBLE_LICENSE per image. I have tried to find the
> > > > > > commit that adds that support but am having some problems finding it.
> > > > > > Do you maybe know what I should look for to find the commit that adds
> > > > > > this support?
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Den fre 8 apr. 2022 kl 10:16 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > > > >
> > > > > > > Hello Mans,
> > > > > > >
> > > > > > > please refer to the tests we have for the feature:
> > > > > > > https://git.yoctoproject.org/poky/tree/meta/lib/oeqa/selftest/cases/incompatible_lic.py?h=master-next#n95
> > > > > > > (line 95 and below)
> > > > > > >
> > > > > > > The key bit is:
> > > > > > > INCOMPATIBLE_LICENSE:pn-core-image-minimal = "GPL-3.0* LGPL-3.0*"
> > > > > > > e.g. apply the restriction only to core-image-minimal.
> > > > > > >
> > > > > > > Alex
> > > > > > >
> > > > > > > On Fri, 8 Apr 2022 at 08:06, Måns <mans.zigher@gmail.com> wrote:
> > > > > > > >
> > > > > > > > Hi Alex,
> > > > > > > >
> > > > > > > > Could you maybe clarify what you mean with "setting
> > > > > > > > INCOMPATIBLE_LICENSE per image"? Do you mean that you have one
> > > > > > > > specific image that is used when you build an image for release to the
> > > > > > > > customer and then one image for development?
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > >
> > > > > > > > Den ons 6 apr. 2022 kl 11:04 skrev Alexander Kanavin <alex.kanavin@gmail.com>:
> > > > > > > > >
> > > > > > > > > I'd suggest you start by setting INCOMPATIBLE_LICENSE per image, e.g.
> > > > > > > > > enable gpl3 ban only in the images that ship to the customers and not
> > > > > > > > > across the entire build. Then carefully look at what pulls in bash
> > > > > > > > > into those images and why, and reconfigure those pieces to not do that
> > > > > > > > > (e.g. by reconfiguring the PACKAGECONFIGs), or rewrite the scripts in
> > > > > > > > > posix shell.
> > > > > > > > >
> > > > > > > > > Alex
> > > > > > > > >
> > > > > > > > > On Wed, 6 Apr 2022 at 10:59, Mans Zigher <mans.zigher@gmail.com> wrote:
> > > > > > > > > >
> > > > > > > > > > Hi,
> > > > > > > > > >
> > > > > > > > > > I cannot use GPLv3 packages in our image build. I am no legal expert
> > > > > > > > > > but from what I can understand most companies will not be able to
> > > > > > > > > > comply with this license without allowing the customer to compile and
> > > > > > > > > > deploy a new version of any GPLv3 package to the target. I know it is
> > > > > > > > > > possible to comply with this but we are using secure boot and have not
> > > > > > > > > > the time and probably no interest in setting up a solution for
> > > > > > > > > > allowing customers to be able to deploy GPLv3 packages on the target.
> > > > > > > > > > We are trying to make use of INCOMPATIBLE_LICENSE but that results in
> > > > > > > > > > several issues. We have made sure that we don't include GPLv3 in the
> > > > > > > > > > image build using a manual process but would like to use
> > > > > > > > > > INCOMPATIBLE_LICENSE to alert any developer about the issue. It seems
> > > > > > > > > > like INCOMPATIBLE_LICENSE is a bit harsh since it will catch any
> > > > > > > > > > packages even if it is only part of the SDK and also for native
> > > > > > > > > > packages that are not part of the image build.
> > > > > > > > > >
> > > > > > > > > > I cannot be the only one with this problem so how are other companies
> > > > > > > > > > solving this issue? Are they just not using the INCOMPATIBLE_LICENSE?
> > > > > > > > > > Are you setting up a parallel process for checking for any
> > > > > > > > > > incompatible licenses issues?
> > > > > > > > > >
> > > > > > > > > > A more specific issue is that there are so many packages with bash
> > > > > > > > > > dependencies which are pulling in bash which is GPLv3 so how have you
> > > > > > > > > > solved that? Currently we have done some pretty uggly hacks which I am
> > > > > > > > > > not that happy with but we needed to keep it out of the image.
> > > > > > > > > >
> > > > > > > > > > Thanks
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > You automatically follow any topics you start or reply to.
> > View/Reply Online (#56717): https://lists.yoctoproject.org/g/yocto/message/56717
> > Mute This Topic: https://lists.yoctoproject.org/mt/90285507/1997914
> > Group Owner: yocto+owner@lists.yoctoproject.org
> > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [raj.khem@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >