[yocto] Automated license incompatibility checks

Clemens Lang clemens.lang at bmw-carit.de
Wed Jan 28 00:52:14 PST 2015 

Hi,

I have written a bbclass that does license conflict checking before
building images for distribution. I am wondering if that is something
you as a project would be interested in integrating, e.g. into poky.

I am also looking for feedback to my approach and ideas on how to handle
corner cases, such as the OpenSSL exception. To give you a short and
rough overview and to avoid wasting your time with a code review before
we discussed the general approach, here's the commit message for my
local change implementing this:

> Implement automatic license conflict checking as QA check. This check
> adds a hook to the do_rootfs task, gathers a list of packages to be
> installed into the root file system, their licenses and dependency
> relations. It then walks this list and removes all licenses or part of
> license expressions that are not satisfiable using licenses from a
> configurable whitelist. For example,
>   (GPL-3.0 & LGPL-3.0+) | GPL-2.0
> with a whitelist of "GPL-2.0" will be transformed to
>   GPL-2.0
> before running license conflict checking. This ensures none of the
> licenses you don't want to distribute in your image is required to
> fulfill all license constraints.
>
> Afterwards, each package's license is checked against those of its
> dependencies one by one. To detect conflicts, the two license
> expressions are converted into conjunctive normal form, concatenated
> with all relevant license conflicts read from a configuration file and
> handed over to a SAT solver (currently minisat via the satispy python
> library). If the solver indicates the expression is satisfiable, there
> is no license conflict. If the expression cannot be solved, the
> licenses conflict.

What are your thoughts on the additional minisat dependency? I assume it
would be possible to make it a requirement only if somebody is actually
using the bbclass?

Most distributions I checked do not currently ship satispy. Would
bundling it with poky (or wherever the bbclass + tests would go) be a
viable option?


-- 
Clemens Lang • Development Specialist
BMW Car IT GmbH • Lise-Meitner-Str. 14 • 89081 Ulm • http://bmw-carit.com
-------------------------------------------------------------------------
BMW Car IT GmbH
Geschäftsführer: Michael Würtenberger und Reinhard Stolle
Sitz und Registergericht: München HRB 134810
-------------------------------------------------------------------------

More information about the yocto mailing list