[Buildroot] [RFC 00/15] Automatically produce legal compliance info

Arnout Vandecappelle arnout at mind.be
Tue Jan 31 07:15:23 UTC 2012 

On Sunday 29 January 2012 16:11:33 Luca Ceresoli wrote:
[snip]
>   $ make legal-info
>   busybox  1.19.3       GPL_V2_ONLY
>   bzip2    1.0.5        BSD
>   directfb 1.4.15       LGPL_V2.1
>   foobar   1.2.3.4      PROPRIETARY
>   freetype 2.4.8        unknown
>   iostat   2.2          GPL_V2

 Cool!

>   ...
>   $ cat output/legal-info/manifest.csv 
>   package,version,license
>   busybox,1.19.3,GPL_V2_ONLY
>   bzip2,1.0.5,BSD
>   directfb,1.4.15,LGPL_V2.1
>   foobar,1.2.3.4,PROPRIETARY
>   freetype,2.4.8,unknown
>   iostat,2.2,GPL_V2
>   ...

 Personally I'd have used tabs instead of commas, so it is still
human-readable.  Not sure how non-libreoffice spreadsheets deal with
that, though.

>   $ ls output/legal-info/sources/
>   autoconf-2.65.tar.bz2
>   automake-1.11.1.tar.bz2
>   binutils-2.21.1.tar.bz2
>   busybox-1.19.3.tar.bz2
>   bzip2-1.0.5.tar.gz
>   DirectFB-1.4.15.tar.gz
>   fakeroot_1.9.5.tar.gz
>   freetype-2.4.8.tar.bz2
>   ...

 I think these should be hardlinks instead of copies of the dl 
directory.  You can use 'cp -l', which I believe falls back to
actual copying if the target filesystem doesn't support hardlinks
(although I can't think of a filesystem that supports symlinks but
not hardlinks).

[snip]
> The implementation takes only ~35 lines of code so it should be simple to
> review.

 I'll try to do that the coming days.  Without Reviewed-by tag, since this 
is still RFC.

> 
> Now the long list of open issues.
> 
> The semantics of the _LICENSE variable is still non well defined.
> It might be a generic string (e.g. FOOBAR_LICENSE = modified 3-clause BSD),
> or one from a well-defined list of known licenses.
> The former interpretation is probably the more useful for producing a manifest
> file. The latter might be useful to help an automated implementation of the
> last goal listed above: save the complete text of all license files to a
> directory.

 I would pre-define a number of strings, for which a predefined license
text exists.  The packager should check if the license text is identical,
and attach 'dirty' or something to the name if not.


[snip]
> Copying the source tarball does not currently work for packages with
> _SITE_METHOD equal to local, as there is no tarball associated to it.
 That should be fixed for the final version.

> Other methods, such as file and all versioning systems, are not tested, but
> they should work as there's a tarball in the download dir.
> 
> Non-gentargets and non-autotargets packages are not tested. I guess they need
> a $(PKG)-legal-info target to be defined manually.
 Those packages should be converted anyway.


> It might be useful to remove the output/legal-info dir before populating it,
> to be sure there are no remnants of previous runs. It would not have a big
> additional cost, since the computations and copies must be done anyway.
 I agree.

[snip]

 Regards,
 Arnout

-- 
Arnout Vandecappelle                               arnout at mind be
Senior Embedded Software Architect                 +32-16-286540
Essensium/Mind                                     http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium                BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

More information about the buildroot mailing list