[Buildroot] [PATCH 1/8] package/mender: update legal info

Mirza Krak mirza.krak at northern.tech
Thu Aug 16 20:18:29 UTC 2018


On Thu, Aug 16, 2018 at 5:36 PM, Arnout Vandecappelle <arnout at mind.be> wrote:
>
>
> On 15/08/2018 09:37, Mirza Krak wrote:
>> On Wed, Aug 15, 2018 at 1:32 AM, Arnout Vandecappelle <arnout at mind.be> wrote:
>>>  Hi Mirza,
>>
>> Hi Arnout,
>>
>>>
>>> On 15-08-18 01:13, Mirza Krak wrote:
>
> [snip]
>>>> +MENDER_LICENSE_FILES = LICENSE LIC_FILES_CHKSUM.sha256
>>>
>>>  Instead of LIC_FILES_CHKSUM.sha256, we should actually include all the files
>>> mentioned in there in our license list. Well, actually, we can optimize it a
>>> little bit because there are some identical files.
>>>
>>>  Alternatively, you could include all of them, and for the .hash file you can
>>> just prepend 'sha256  ' to every line of LIC_FILES_CHKSUM.sha256 and append it
>>> to the .hash file, with the comment
>>>
>>> # From LIC_FILES_CHKSUM.sha256
>>>
>>>
>>>  On second thought, actually it is a good idea to include
>>> LIC_FILES_CHKSUM.sha256 as well, to detect when a new subpackage with a new
>>> license is added.
>>
>> I would really like to keep this as-is to avoid a heavy maintenance
>> burden. This file is maintained in the upstream package and would
>> rather not duplicate the work by extracting the information from
>> LIC_FILES_CHKSUM.sha256 to put it in mender.hash.
>>
>> The checksum check of LIC_FILES_CHKSUM.sha256 will handle the sanity
>> check of the LICENSE files, and all the licenses that are in
>> LIC_FILES_CHKSUM.sha256 are already mentioned in the mender.mk file:
>>
>>      MENDER_LICENSE = Apache-2.0, BSD-2-Clause, BSD-3-Clause, MIT, OLDAP-2.8
>>
>> This should cover it. Or are there any big drawbacks with this
>> approach that I am not seeing?
>
>  Well, we really want to collect the license text for all applicable licenses.
> So you should include at least one file for each license mentioned in
> MENDER_LICENSE. Since the checksums are already available, I thought the easiest
> would be to create part of the hash file from the existing file. Like:
>
> # Generated with sed '/^[A-Za-z0-9_]/s/^/sha256  /' LIC_FILES_CHKSUM.sha256
> # Apache-2.0 license.
> sha256  ceb1b36ff073bd13d9806d4615b931707768ca9023805620acc32dd1cfc2f680  LICENSE

Hmm, though I having some issues with trying to accommodate this.

Adding the following line to mender.hash:

    # BSD 2 Clause license.
sha256 8d427fd87bc9579ea368fde3d49f9ca22eac857f91a9dec7e3004bdfab7dee86
 vendor/github.com/pkg/errors/LICENSE

Does not do anything, when I run:

    $ make mender-legal-info
    >>> mender 1.4.0 Collecting legal info
    LICENSE: OK (sha256:
ceb1b36ff073bd13d9806d4615b931707768ca9023805620acc32dd1cfc2f680)
    LIC_FILES_CHKSUM.sha256: OK (sha256:
54d6f54a2815cc2e3cef4f7dde5a3aae20f09b2cde394d8d3f1dce5d8a79d738)

Inspecting other *.hash files in Buildroot, no one seems to reference
files that are outside of the "root source". Or should I specify the
path differently?

-- 
Mirza Krak | Embedded Solutions Architect | https://mender.io

 Northern.tech AS | @northerntechHQ



More information about the buildroot mailing list