[yocto] Automated license incompatibility checks

Paul Eggleton paul.eggleton at linux.intel.com
Wed Jan 28 02:25:29 PST 2015 

Hi Clemens,

On Wednesday 28 January 2015 09:52:14 Clemens Lang wrote:
> I have written a bbclass that does license conflict checking before
> building images for distribution. I am wondering if that is something
> you as a project would be interested in integrating, e.g. into poky.
> 
> I am also looking for feedback to my approach and ideas on how to handle
> corner cases, such as the OpenSSL exception. To give you a short and
> rough overview and to avoid wasting your time with a code review before
> we discussed the general approach, here's the commit message for my
> 
> local change implementing this:
> > Implement automatic license conflict checking as QA check. This check
> > adds a hook to the do_rootfs task, gathers a list of packages to be
> > installed into the root file system, their licenses and dependency
> > relations. It then walks this list and removes all licenses or part of
> > license expressions that are not satisfiable using licenses from a
> > configurable whitelist. For example,
> > 
> >   (GPL-3.0 & LGPL-3.0+) | GPL-2.0
> > 
> > with a whitelist of "GPL-2.0" will be transformed to
> > 
> >   GPL-2.0
> > 
> > before running license conflict checking. This ensures none of the
> > licenses you don't want to distribute in your image is required to
> > fulfill all license constraints.
> > 
> > Afterwards, each package's license is checked against those of its
> > dependencies one by one. To detect conflicts, the two license
> > expressions are converted into conjunctive normal form, concatenated
> > with all relevant license conflicts read from a configuration file and
> > handed over to a SAT solver (currently minisat via the satispy python
> > library). If the solver indicates the expression is satisfiable, there
> > is no license conflict. If the expression cannot be solved, the
> > licenses conflict.

This sounds like something we should be handling in our INCOMPATIBLE_LICENSE 
check code, although it's not clear that we currently handle where 
alternatives to an incompatible license are available for a recipe/package, so 
that looks like it would be new functionality. You haven't mentioned 
INCOMPATIBLE_LICENSE - does your solution build on that, or replace it?

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre

More information about the yocto mailing list