Wind River Support Network

HomeDefectsLIN7-5808
Fixed

LIN7-5808 : Blacklist bypassed gnutls

Created: Mar 14, 2016    Updated: Sep 8, 2018
Resolved Date: Mar 27, 2016
Found In Version: 7.0.0.11
Fix Version: 7.0.0.14
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace
Host OS: Linux 64
Architecture: IA64

Description

The correct behavior would be for gnutls to be granted a license exception only for the host build and not globally.

The libgnutls package is mostly licensed LGPLv2, except for the specific RPM containing the openssl implementation and another with some binaries:
$ grep LICENSE layers/oe-core/meta/recipes-support/gnutls/gnutls.inc
LICENSE = "GPLv3+ & LGPLv2.1+"
LICENSE_${PN} = "LGPLv2.1+"
LICENSE_${PN}-xx = "LGPLv2.1+"
LICENSE_${PN}-bin = "GPLv3+"
LICENSE_${PN}-openssl = "GPLv3+"

It is believed that package is incorrectly allowed to install because gnutls is added to the license white-list due it being used by the build system:

$ grep WHITELIST layers/oe-core/meta/conf/distro/include/default-distrovars.inc
# This is a list of packages that are used by the build system to build the distribution, they are not directly part of the distribution.
HOSTTOOLS_WHITELIST_GPL-3.0 ?= ""
WHITELIST_GPL-3.0 ?= "less"
LGPLv2_WHITELIST_GPL-3.0 ?= "libassuan gnutls libtasn1 libidn gcc-source libgcc libgcc-initial gcc-runtime"

The correct behavior would be for gnutls to be granted a license exception only for the host build and not globally.

Gnutls is required by several tools on the target (wpa-supplicant, ping6), but these tools can also be configured to use libopenssl instead of libgnutls. 

Steps to Reproduce

# Add GPLv3 and LGPLv3 to the license blacklist, so they don’t deploy RPMs with those licenses. 

configure --enable-board=intel-x86-64 --enable-kernel=standard --with-license-blacklist=GPLv3,LGPLv3 --enable-reconfig --enable-rootfs=glibc-core --with-rcpl-version=0011

$ make wpa-supplicant.addpkg && make

# However, the libgnutls-openssl RPM (licensed under the GPLv3) can still get installed in the distribution:
bitbake_build/tmp/work/core2-64-wrs-linux/gnutls/3.3.5-r0$ find ./ -name *openssl*
./image/usr/include/gnutls/openssl.h
./image/usr/lib64/libgnutls-openssl.so
./image/usr/lib64/libgnutls-openssl.la
./image/usr/lib64/libgnutls-openssl.so.27
./image/usr/lib64/libgnutls-openssl.so.27.0.2

Other Downloads


Live chat
Online