* [PATCH] dev-manual: warn about license compliance issues when static libraries are used
@ 2021-10-06 8:44 Michael Opdenacker
2021-10-07 11:16 ` [docs] " Quentin Schulz
0 siblings, 1 reply; 3+ messages in thread
From: Michael Opdenacker @ 2021-10-06 8:44 UTC (permalink / raw)
To: docs; +Cc: Michael Opdenacker
This partly addresses [YOCTO #14407]
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
---
documentation/dev-manual/common-tasks.rst | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
index b81f51bf83..2c862dc1be 100644
--- a/documentation/dev-manual/common-tasks.rst
+++ b/documentation/dev-manual/common-tasks.rst
@@ -11158,6 +11158,23 @@ this function, you have to follow the following steps:
For more usage information refer to :yocto_git:`the meta-spdxscanner repository
</meta-spdxscanner/>`.
+Compliance Limitations with Executables Built from Static Libraries
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When package A is added to an image (``RDEPENDS += "A"``), and depends on
+a static linked library package B (``DEPENDS += "B"``), package B will neither
+appear in the generated license manifest nor in the source tarballs generated
+by the archiving class. This occurs as the licensing and archiving classes
+assume that only packages included via :term:`RDEPENDS` end up in the image.
+
+As a result, potential obligations regarding license compliance for package B
+may not be met.
+
+The Yocto Project doesn't enable static libraries by default, in part because
+of this issue. Before a solution to this limitation is found, you need to
+keep in mind that if your root filesystem is built from static libraries,
+you will need to manually ensure that your deliveries are compliant
+with the licenses of these libraries.
Copying Licenses that Do Not Exist
----------------------------------
--
2.25.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [docs] [PATCH] dev-manual: warn about license compliance issues when static libraries are used
2021-10-06 8:44 [PATCH] dev-manual: warn about license compliance issues when static libraries are used Michael Opdenacker
@ 2021-10-07 11:16 ` Quentin Schulz
2021-10-08 15:08 ` Michael Opdenacker
0 siblings, 1 reply; 3+ messages in thread
From: Quentin Schulz @ 2021-10-07 11:16 UTC (permalink / raw)
To: Michael Opdenacker; +Cc: docs
Hi Michael,
On Wed, Oct 06, 2021 at 10:44:55AM +0200, Michael Opdenacker wrote:
> This partly addresses [YOCTO #14407]
>
> Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
> ---
> documentation/dev-manual/common-tasks.rst | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
> index b81f51bf83..2c862dc1be 100644
> --- a/documentation/dev-manual/common-tasks.rst
> +++ b/documentation/dev-manual/common-tasks.rst
> @@ -11158,6 +11158,23 @@ this function, you have to follow the following steps:
> For more usage information refer to :yocto_git:`the meta-spdxscanner repository
> </meta-spdxscanner/>`.
>
> +Compliance Limitations with Executables Built from Static Libraries
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +When package A is added to an image (``RDEPENDS += "A"``), and depends on
RDEPENDS does not exist as is.
If I may suggest:
s/``RDEPENDS += "A"``/via :term:`RDEPENDS` or :term:`RRECOMMENDS`
mechanism as well as explicitly included in the image recipe with
:term:`IMAGE_INSTALL`/
?
> +a static linked library package B (``DEPENDS += "B"``), package B will neither
For the first occurrence:
s/package B/recipe B/
> +appear in the generated license manifest nor in the source tarballs generated
> +by the archiving class. This occurs as the licensing and archiving classes
s/archiving/:ref:`archiver <ref-classes-archiver>`/
s/licensing/:ref:`license <ref-classes-license>`/
> +assume that only packages included via :term:`RDEPENDS` end up in the image.
> +
+ or :term:`RRECOMMENDS` ?
Cheers,
Quentin
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [docs] [PATCH] dev-manual: warn about license compliance issues when static libraries are used
2021-10-07 11:16 ` [docs] " Quentin Schulz
@ 2021-10-08 15:08 ` Michael Opdenacker
0 siblings, 0 replies; 3+ messages in thread
From: Michael Opdenacker @ 2021-10-08 15:08 UTC (permalink / raw)
To: Quentin Schulz; +Cc: docs
Hi Quentin,
Many thanks for the review.
On 10/7/21 1:16 PM, Quentin Schulz wrote:
> Hi Michael,
>
> On Wed, Oct 06, 2021 at 10:44:55AM +0200, Michael Opdenacker wrote:
>> This partly addresses [YOCTO #14407]
>>
>> Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
>> ---
>> documentation/dev-manual/common-tasks.rst | 17 +++++++++++++++++
>> 1 file changed, 17 insertions(+)
>>
>> diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst
>> index b81f51bf83..2c862dc1be 100644
>> --- a/documentation/dev-manual/common-tasks.rst
>> +++ b/documentation/dev-manual/common-tasks.rst
>> @@ -11158,6 +11158,23 @@ this function, you have to follow the following steps:
>> For more usage information refer to :yocto_git:`the meta-spdxscanner repository
>> </meta-spdxscanner/>`.
>>
>> +Compliance Limitations with Executables Built from Static Libraries
>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> +
>> +When package A is added to an image (``RDEPENDS += "A"``), and depends on
> RDEPENDS does not exist as is.
>
> If I may suggest:
>
> s/``RDEPENDS += "A"``/via :term:`RDEPENDS` or :term:`RRECOMMENDS`
> mechanism as well as explicitly included in the image recipe with
> :term:`IMAGE_INSTALL`/
>
> ?
>> +a static linked library package B (``DEPENDS += "B"``), package B will neither
> For the first occurrence:
> s/package B/recipe B/
>
>> +appear in the generated license manifest nor in the source tarballs generated
>> +by the archiving class. This occurs as the licensing and archiving classes
> s/archiving/:ref:`archiver <ref-classes-archiver>`/
> s/licensing/:ref:`license <ref-classes-license>`/
>
>> +assume that only packages included via :term:`RDEPENDS` end up in the image.
>> +
> + or :term:`RRECOMMENDS` ?
It all makes sense. I will include the changes that you propose.
Cheers
Michael.
--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-08 15:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-06 8:44 [PATCH] dev-manual: warn about license compliance issues when static libraries are used Michael Opdenacker
2021-10-07 11:16 ` [docs] " Quentin Schulz
2021-10-08 15:08 ` Michael Opdenacker
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).