[OE-core] [RFC PATCH 2/2] license_image.bbclass: check and reject packages which have incompatible licenses
Christopher Larson
kergoth at gmail.com
Wed Oct 9 18:15:17 UTC 2019
Does this obey the whitelist? Can I whitelist a gplv3 package to get it
installed, ideally with a warning rather than silent or error? I don't have
the code in front of me at the moment. I have a class in meta-mentor that
does this sort of check, so wanted to see how the implementations compare.
On a related note,
https://github.com/MentorEmbedded/meta-mentor/blob/master/meta-mentor-common/classes/incompatible-recipe-check.bbclass
+
https://github.com/MentorEmbedded/meta-mentor/blob/95d05dcc12651a7b246f91b240120f92d196b0de/meta-mel-support/recipes-core/packagegroups/packagegroup-tools-benchmark.bb#L10
might be of interest to you in your gplv2 work, perhaps? Specifically
handling the whitelisting.
On Wed, Oct 9, 2019 at 8:45 AM Alexander Kanavin <alex.kanavin at gmail.com>
wrote:
> The use case is setting INCOMPATIBLE_LICENSE per image,
> rather than as an awkward, and too strict global setting.
>
> This for example would allow building development images with gplv3 tools,
> but production images without them, and checking that nothing gpl3-licensed
> gets into the latter.
>
> Examples are provided via the selftest: three scenarios are tested:
>
> - bash is added to the image, with a default gpl3 license; this is rejected
> - bash is added to the image, with a "gpl3 & other" license; this is also
> rejected
> - bash is added to the image, with a "gpl3 | other" license; this is
> accepted, but
> only 'other' is added to the license manifest (this was already handled
> correctly
> previously).
>
> Eventually, this would allow deprecating the meta-gplv2 layer, while still
> enforcing the no-gpl3 rule where possible and needed.
>
> Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
> ---
> meta/classes/license_image.bbclass | 2 ++
> .../oeqa/selftest/cases/incompatible_lic.py | 29 +++++++++++++++++++
> 2 files changed, 31 insertions(+)
>
> diff --git a/meta/classes/license_image.bbclass
> b/meta/classes/license_image.bbclass
> index 3f102d0fbc3..e5cb1b8c77d 100644
> --- a/meta/classes/license_image.bbclass
> +++ b/meta/classes/license_image.bbclass
> @@ -47,6 +47,8 @@ def write_license_files(d, license_manifest, pkg_dic,
> rootfs=True):
> for pkg in sorted(pkg_dic):
> if bad_licenses:
> try:
> + if incompatible_pkg_license(d, bad_licenses,
> pkg_dic[pkg]["LICENSE"]):
> + bb.fatal("Package %s has an incompatible license
> %s and cannot be installed into the image." %(pkg, pkg_dic[pkg]["LICENSE"]))
> (pkg_dic[pkg]["LICENSE"], pkg_dic[pkg]["LICENSES"]) =
> \
>
> oe.license.manifest_licenses(pkg_dic[pkg]["LICENSE"],
> bad_licenses, canonical_license, d)
> diff --git a/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> index 8fb93af8a89..e80c9783122 100644
> --- a/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> +++ b/meta/lib/oeqa/selftest/cases/incompatible_lic.py
> @@ -39,3 +39,32 @@ class IncompatibleLicenseTests(OESelftestTestCase):
> # INCOMPATIBLE_LICENSE contains this license
> def test_incompatible_nonspdx_license(self):
> self.lic_test('incompatible-nonspdx-license', 'FooLicense',
> 'FooLicense')
> +
> +class IncompatibleLicensePerImageTests(OESelftestTestCase):
> + def default_config(self):
> + return """
> +IMAGE_INSTALL_append = "bash"
> +INCOMPATIBLE_LICENSE_pn-core-image-minimal = "GPL-3.0 LGPL-3.0"
> +"""
> +
> + def test_bash_default(self):
> + self.write_config(self.default_config())
> + error_msg = "ERROR: core-image-minimal-1.0-r0 do_rootfs: Package
> bash has an incompatible license GPLv3+ and cannot be installed into the
> image."
> +
> + result = bitbake('core-image-minimal', ignore_status=True)
> + if error_msg not in result.output:
> + raise AssertionError(result.output)
> +
> + def test_bash_and_license(self):
> + self.write_config(self.default_config() +
> '\nLICENSE_append_pn-bash = " & SomeLicense"')
> + error_msg = "ERROR: core-image-minimal-1.0-r0 do_rootfs: Package
> bash has an incompatible license GPLv3+ & SomeLicense and cannot be
> installed into the image."
> +
> + result = bitbake('core-image-minimal', ignore_status=True)
> + if error_msg not in result.output:
> + raise AssertionError(result.output)
> +
> + def test_bash_or_license(self):
> + self.write_config(self.default_config() +
> '\nLICENSE_append_pn-bash = " | SomeLicense"')
> +
> + bitbake('core-image-minimal')
> +
> --
> 2.17.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
--
Christopher Larson
kergoth at gmail dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Senior Software Engineer, Mentor Graphics
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20191009/a8310252/attachment.html>
More information about the Openembedded-core
mailing list