[Buildroot] [RFC 00/15] Automatically produce legal compliance info
Luca Ceresoli
luca at lucaceresoli.net
Sun Jan 29 15:11:33 UTC 2012
Hi,
during the latest Buildroot Developers Day in November 2011 and in this
mailing list there has been some discussion about introducing in Buildroot the
possibility to derive automatically legally relevant material, such as
licensing info and source tarballs for open source packages.
This is a first tentative implementation of these features.
This code is not yet fully working, but I wanted to share it with you to
receive some early comments. I also wanted to allow those who will participate
to the next Buildroot Developer Day next Friday to have an idea of this
proposal in advance, in case this were object of discussion during the
meeting.
My approach is based on the creation of a per-package _LICENSE constant in
eack .mk file, such as:
FOOBAR_LICENSE = GPL_V3
MYAPP_LICENSE = PROPRIETARY
This is the only effort required to the package creator. Where it is not
specified it defaults to "unknown".
My overall goal is to add a new 'make legal-info' target that:
- produces a manifest file listing all packages, including closed-source ones
(and, why not, prints out to stdout the same info);
- copies source code tarballs for all non-proprietary packages (although I'm
saving also tarballs for BSD-licensed packages for now);
- save the complete text of all license files that must be included in the
product documentation (typically COPYING and LICENSE files); this is to
simplify the work of who must provide these info to documentation writers.
This patchset implements the first two points, albeit with some issues that I
discuss below.
About the third point I devised a few different possible implementations, but
each of them has relevant drawbacks, so I left this point out for the moment.
Here's what is currently implmented:
$ make legal-info
busybox 1.19.3 GPL_V2_ONLY
bzip2 1.0.5 BSD
directfb 1.4.15 LGPL_V2.1
foobar 1.2.3.4 PROPRIETARY
freetype 2.4.8 unknown
iostat 2.2 GPL_V2
...
$ cat output/legal-info/manifest.csv
package,version,license
busybox,1.19.3,GPL_V2_ONLY
bzip2,1.0.5,BSD
directfb,1.4.15,LGPL_V2.1
foobar,1.2.3.4,PROPRIETARY
freetype,2.4.8,unknown
iostat,2.2,GPL_V2
...
$ ls output/legal-info/sources/
autoconf-2.65.tar.bz2
automake-1.11.1.tar.bz2
binutils-2.21.1.tar.bz2
busybox-1.19.3.tar.bz2
bzip2-1.0.5.tar.gz
DirectFB-1.4.15.tar.gz
fakeroot_1.9.5.tar.gz
freetype-2.4.8.tar.bz2
...
The implementation is somewhat similar to 'make external-deps'.
A $(PKG)-legal-info target is created for each package which echoes the
$(PKG)_LICENSE value and other info both to stdout and to the manifest file.
It also copies source tarball in $(BASE_DIR)/legal-info/sources unless
$(PKG)_LICENSE equals "PROPRIETARY".
A top-level 'legal-info' target collects all of these per-package targets.
The implementation takes only ~35 lines of code so it should be simple to
review.
Now the long list of open issues.
The semantics of the _LICENSE variable is still non well defined.
It might be a generic string (e.g. FOOBAR_LICENSE = modified 3-clause BSD),
or one from a well-defined list of known licenses.
The former interpretation is probably the more useful for producing a manifest
file. The latter might be useful to help an automated implementation of the
last goal listed above: save the complete text of all license files to a
directory.
This patchset has been tested only in a few configurations. The only one that
has been really tested with reasonable depth is presented in the last patch
of this series.
This might in turn grow this list of open issues as soon as different configs
are tested...
Some packages do not appear in the 'make legal-info' output. It looks
like they are all and only the Buildroot's internal toolchain files (gcc,
mpfr, mpc etc). I couldn't find where the cause is yet, but I'm sure a more
expert eye can enlighten me.
Copying the source tarball does not currently work for packages with
_SITE_METHOD equal to local, as there is no tarball associated to it.
Other methods, such as file and all versioning systems, are not tested, but
they should work as there's a tarball in the download dir.
Non-gentargets and non-autotargets packages are not tested. I guess they need
a $(PKG)-legal-info target to be defined manually.
It might be useful to remove the output/legal-info dir before populating it,
to be sure there are no remnants of previous runs. It would not have a big
additional cost, since the computations and copies must be done anyway.
Finally, there is no documentation yet. I will write some if the presented
approach is considered good.
The patches are logically divided in these parts:
- patches 1 to 4 introduce the mechanism to extract all the legal info;
this is the interesting part;
- patches 5 to 13 define the _LICENSE constant for some packages;
- patches 14 and 15 only add some testing stuff; they are not meant to be
merged.
Luca
Luca Ceresoli (15):
legal-info: new target to echo basic per-package legal info
legal-info: produce a manifest file with licensing info
legal-info: save source tarballs for all packages
legal-info: do not copy sources for proprietary packages
mpc: define license
linux: define license
m4: define license
busybox: define license
bzip2: define license
directfb: define license
iostat: define license
lzop: define license
tslib: define license
foobar: create a fake proprietary package (testing only)
Create a test config (testing only)
Makefile | 26 ++++++++++++++++++++++----
configs/legal_info_test_defconfig | 13 +++++++++++++
linux/linux.mk | 1 +
package/Config.in | 1 +
package/Makefile.package.in | 11 +++++++++++
package/busybox/busybox.mk | 1 +
package/bzip2/bzip2.mk | 1 +
package/directfb/directfb.mk | 1 +
package/foobar/Config.in | 5 +++++
package/foobar/foobar.mk | 13 +++++++++++++
package/foobar/source/foobar.c | 7 +++++++
package/iostat/iostat.mk | 1 +
package/lzop/lzop.mk | 1 +
package/m4/m4.mk | 1 +
package/mpc/mpc.mk | 1 +
package/tslib/tslib.mk | 1 +
16 files changed, 81 insertions(+), 4 deletions(-)
create mode 100644 configs/legal_info_test_defconfig
create mode 100644 package/foobar/Config.in
create mode 100644 package/foobar/foobar.mk
create mode 100644 package/foobar/source/foobar.c
--
1.7.5.4
More information about the buildroot
mailing list