[OE-core] [RFC PATCH 2/2] license_image.bbclass: check and reject packages which have incompatible licenses

Christopher Larson kergoth at gmail.com
Wed Oct 9 18:15:17 UTC 2019 

Does this obey the whitelist? Can I whitelist a gplv3 package to get it
installed, ideally with a warning rather than silent or error? I don't have
the code in front of me at the moment. I have a class in meta-mentor that
does this sort of check, so wanted to see how the implementations compare.
On a related note,
https://github.com/MentorEmbedded/meta-mentor/blob/master/meta-mentor-common/classes/incompatible-recipe-check.bbclass
+
https://github.com/MentorEmbedded/meta-mentor/blob/95d05dcc12651a7b246f91b240120f92d196b0de/meta-mel-support/recipes-core/packagegroups/packagegroup-tools-benchmark.bb#L10
might be of interest to you in your gplv2 work, perhaps? Specifically
handling the whitelisting.

On Wed, Oct 9, 2019 at 8:45 AM Alexander Kanavin <alex.kanavin at gmail.com>
wrote:

> The use case is setting INCOMPATIBLE_LICENSE per image,
> rather than as an awkward, and too strict global setting.
>
> This for example would allow building development images with gplv3 tools,
> but production images without them, and checking that nothing gpl3-licensed
> gets into the latter.
>
> Examples are provided via the selftest: three scenarios are tested:
>
> - bash is added to the image, with a default gpl3 license; this is rejected
> - bash is added to the image, with a "gpl3 & other" license; this is also
> rejected
> - bash is added to the image, with a "gpl3 | other" license; this is
> accepted, but
> only 'other' is added to the license manifest (this was already handled
> correctly
> previously).
>
> Eventually, this would allow deprecating the meta-gplv2 layer, while still
> enforcing the no-gpl3 rule where possible and needed.
>
> Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
> ---
>  meta/classes/license_image.bbclass            |  2 ++
>  .../oeqa/selftest/cases/incompatible_lic.py   | 29 +++++++++++++++++++
>  2 files changed, 31 insertions(+)
>
> diff --git a/meta/classes/license_image.bbclass
> b/meta/classes/license_image.bbclass
> index 3f102d0fbc3..e5cb1b8c77d 100644
> --- a/meta/classes/license_image.bbclass
> +++ b/meta/classes/license_image.bbclass
> @@ -47,6 +47,8 @@ def write_license_files(d, license_manifest, pkg_dic,
> rootfs=True):
>          for pkg in sorted(pkg_dic):
>              if bad_licenses:
>                  try:
> +                    if incompatible_pkg_license(d, bad_licenses,
> pkg_dic[pkg]["LICENSE"]):
> +                        bb.fatal("Package %s has an incompatible license
> %s and cannot be installed into the image." %(pkg, pkg_dic[pkg]["LICENSE"]))
>                      (pkg_dic[pkg]["LICENSE"], pkg_dic[pkg]["LICENSES"]) =
> \
>
>  oe.license.manifest_licenses(pkg_dic[pkg]["LICENSE"],
>                          bad_licenses, canonical_license, d)
> diff --git a/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> index 8fb93af8a89..e80c9783122 100644
> --- a/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> +++ b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> @@ -39,3 +39,32 @@ class IncompatibleLicenseTests(OESelftestTestCase):
>      # INCOMPATIBLE_LICENSE contains this license
>      def test_incompatible_nonspdx_license(self):
>          self.lic_test('incompatible-nonspdx-license', 'FooLicense',
> 'FooLicense')
> +
> +class IncompatibleLicensePerImageTests(OESelftestTestCase):
> +    def default_config(self):
> +        return """
> +IMAGE_INSTALL_append = "bash"
> +INCOMPATIBLE_LICENSE_pn-core-image-minimal = "GPL-3.0 LGPL-3.0"
> +"""
> +
> +    def test_bash_default(self):
> +        self.write_config(self.default_config())
> +        error_msg = "ERROR: core-image-minimal-1.0-r0 do_rootfs: Package
> bash has an incompatible license GPLv3+ and cannot be installed into the
> image."
> +
> +        result = bitbake('core-image-minimal', ignore_status=True)
> +        if error_msg not in result.output:
> +            raise AssertionError(result.output)
> +
> +    def test_bash_and_license(self):
> +        self.write_config(self.default_config() +
> '\nLICENSE_append_pn-bash = " & SomeLicense"')
> +        error_msg = "ERROR: core-image-minimal-1.0-r0 do_rootfs: Package
> bash has an incompatible license GPLv3+ & SomeLicense and cannot be
> installed into the image."
> +
> +        result = bitbake('core-image-minimal', ignore_status=True)
> +        if error_msg not in result.output:
> +            raise AssertionError(result.output)
> +
> +    def test_bash_or_license(self):
> +        self.write_config(self.default_config() +
> '\nLICENSE_append_pn-bash = " | SomeLicense"')
> +
> +        bitbake('core-image-minimal')
> +
> --
> 2.17.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>


-- 
Christopher Larson
kergoth at gmail dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Senior Software Engineer, Mentor Graphics
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20191009/a8310252/attachment.html>

More information about the Openembedded-core mailing list