docs.lists.yoctoproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] dev-manual: warn about license compliance issues when static libraries are used
@ 2021-10-06  8:44 Michael Opdenacker
  2021-10-07 11:16 ` [docs] " Quentin Schulz
  0 siblings, 1 reply; 3+ messages in thread
From: Michael Opdenacker @ 2021-10-06  8:44 UTC (permalink / raw)
  To: docs; +Cc: Michael Opdenacker

This partly addresses [YOCTO #14407]

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
---
 documentation/dev-manual/common-tasks.rst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
index b81f51bf83..2c862dc1be 100644
--- a/documentation/dev-manual/common-tasks.rst
+++ b/documentation/dev-manual/common-tasks.rst
@@ -11158,6 +11158,23 @@ this function, you have to follow the following steps:
 For more usage information refer to :yocto_git:`the meta-spdxscanner repository
 </meta-spdxscanner/>`.
 
+Compliance Limitations with Executables Built from Static Libraries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When package A is added to an image (``RDEPENDS += "A"``), and depends on
+a static linked library package B (``DEPENDS += "B"``), package B will neither
+appear in the generated license manifest nor in the source tarballs generated
+by the archiving class. This occurs as the licensing and archiving classes
+assume that only packages included via :term:`RDEPENDS` end up in the image.
+
+As a result, potential obligations regarding license compliance for package B
+may not be met.
+
+The Yocto Project doesn't enable static libraries by default, in part because
+of this issue. Before a solution to this limitation is found, you need to
+keep in mind that if your root filesystem is built from static libraries,
+you will need to manually ensure that your deliveries are compliant
+with the licenses of these libraries.
 
 Copying Licenses that Do Not Exist
 ----------------------------------
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [docs] [PATCH] dev-manual: warn about license compliance issues when static libraries are used
  2021-10-06  8:44 [PATCH] dev-manual: warn about license compliance issues when static libraries are used Michael Opdenacker
@ 2021-10-07 11:16 ` Quentin Schulz
  2021-10-08 15:08   ` Michael Opdenacker
  0 siblings, 1 reply; 3+ messages in thread
From: Quentin Schulz @ 2021-10-07 11:16 UTC (permalink / raw)
  To: Michael Opdenacker; +Cc: docs

Hi Michael,

On Wed, Oct 06, 2021 at 10:44:55AM +0200, Michael Opdenacker wrote:
> This partly addresses [YOCTO #14407]
> 
> Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
> ---
>  documentation/dev-manual/common-tasks.rst | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
> index b81f51bf83..2c862dc1be 100644
> --- a/documentation/dev-manual/common-tasks.rst
> +++ b/documentation/dev-manual/common-tasks.rst
> @@ -11158,6 +11158,23 @@ this function, you have to follow the following steps:
>  For more usage information refer to :yocto_git:`the meta-spdxscanner repository
>  </meta-spdxscanner/>`.
>  
> +Compliance Limitations with Executables Built from Static Libraries
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +When package A is added to an image (``RDEPENDS += "A"``), and depends on

RDEPENDS does not exist as is.

If I may suggest:

s/``RDEPENDS += "A"``/via :term:`RDEPENDS` or :term:`RRECOMMENDS`
mechanism as well as explicitly included in the image recipe with
:term:`IMAGE_INSTALL`/

?
> +a static linked library package B (``DEPENDS += "B"``), package B will neither

For the first occurrence:
s/package B/recipe B/

> +appear in the generated license manifest nor in the source tarballs generated
> +by the archiving class. This occurs as the licensing and archiving classes

s/archiving/:ref:`archiver <ref-classes-archiver>`/
s/licensing/:ref:`license <ref-classes-license>`/

> +assume that only packages included via :term:`RDEPENDS` end up in the image.
> +

+ or :term:`RRECOMMENDS` ?

Cheers,
Quentin


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [docs] [PATCH] dev-manual: warn about license compliance issues when static libraries are used
  2021-10-07 11:16 ` [docs] " Quentin Schulz
@ 2021-10-08 15:08   ` Michael Opdenacker
  0 siblings, 0 replies; 3+ messages in thread
From: Michael Opdenacker @ 2021-10-08 15:08 UTC (permalink / raw)
  To: Quentin Schulz; +Cc: docs

Hi Quentin,

Many thanks for the review.

On 10/7/21 1:16 PM, Quentin Schulz wrote:
> Hi Michael,
>
> On Wed, Oct 06, 2021 at 10:44:55AM +0200, Michael Opdenacker wrote:
>> This partly addresses [YOCTO #14407]
>>
>> Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
>> ---
>>  documentation/dev-manual/common-tasks.rst | 17 +++++++++++++++++
>>  1 file changed, 17 insertions(+)
>>
>> diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
>> index b81f51bf83..2c862dc1be 100644
>> --- a/documentation/dev-manual/common-tasks.rst
>> +++ b/documentation/dev-manual/common-tasks.rst
>> @@ -11158,6 +11158,23 @@ this function, you have to follow the following steps:
>>  For more usage information refer to :yocto_git:`the meta-spdxscanner repository
>>  </meta-spdxscanner/>`.
>>  
>> +Compliance Limitations with Executables Built from Static Libraries
>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> +
>> +When package A is added to an image (``RDEPENDS += "A"``), and depends on
> RDEPENDS does not exist as is.
>
> If I may suggest:
>
> s/``RDEPENDS += "A"``/via :term:`RDEPENDS` or :term:`RRECOMMENDS`
> mechanism as well as explicitly included in the image recipe with
> :term:`IMAGE_INSTALL`/
>
> ?
>> +a static linked library package B (``DEPENDS += "B"``), package B will neither
> For the first occurrence:
> s/package B/recipe B/
>
>> +appear in the generated license manifest nor in the source tarballs generated
>> +by the archiving class. This occurs as the licensing and archiving classes
> s/archiving/:ref:`archiver <ref-classes-archiver>`/
> s/licensing/:ref:`license <ref-classes-license>`/
>
>> +assume that only packages included via :term:`RDEPENDS` end up in the image.
>> +
> + or :term:`RRECOMMENDS` ?


It all makes sense. I will include the changes that you propose.
Cheers
Michael.

-- 
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-08 15:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-06  8:44 [PATCH] dev-manual: warn about license compliance issues when static libraries are used Michael Opdenacker
2021-10-07 11:16 ` [docs] " Quentin Schulz
2021-10-08 15:08   ` Michael Opdenacker

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).