Wind River Support Network

HomeDefectsLIN8-4104
Fixed

LIN8-4104 : CLONE - Blacklisting GPLv3 ignored

Created: Jun 30, 2016    Updated: Dec 3, 2018
Resolved Date: Jul 11, 2016
Previous ID: LIN7-6486
Found In Version: 8.0.0.6
Fix Version: 8.0.0.8
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Build & Config
Host OS: Linux Ubuntu

Description

The package that causes libgnutls-openssl to be pulled in incorrectly is iputils. The wpa-supplicant package also has an
implicit dependency on it, but just including it in the IMAGE_INSTALL does not cause the library to appear. However, the
wpa-supplicant package should be configured to use the openssl PACKAGECONFIG instead to avoid any issues on runtime (see
TestLayers/templates/default/template.conf for details).

LIN7-5808 describes the initial issue seen by the customer, and that issue has been patched. However there is a larger issue at hand here. The customer expects that blacklisted functionality which experiences issues should cause the build fail. The current behavior is that the system build a result that contained unlicensed content, and did not provide any clues. They discovered it in some subsequent testing. This could be a dangerous result for them (and us). They stated that they depend on us to make sure that our tools manage the licensing blacklisting reliably for them. 

Advertised behavior:
http://internal.wrs.com/engineering/engops/techpubs/docDrafts/WRLinux_&_Profiles/Linux_7.0_&_Profiles/Linux_Core_Reorg_7.0/wr_linux_platform_developers_guide_70/ 

says:
--with-license-flags-blacklist=licenseType1, licenseType2, licenseType3...licenseTypeN

Use this option to set a comma-separated list of license types that are excluded from the platform project image. If you specify a license type, for example, GPLv3, to be blacklisted, any package specified to use that license type will not be included in the platform project image once built.

If you include a configure option that adds packages that require a specific license to function, and that license type is blacklisted, the full contents specified by the option will not install. This may create an unsupported configuration.
----
--with-license-flags-whitelist=licenseFlagType1, licenseFlagType2, licenseFlagType3...licenseTypeN

Use this option to set a comma-separated list of license flag types that are included automatically in the platform project image. Note that some software license types have legal requirements. As a result, you should consult your company's legal department's software policy regarding any license type you want to include.

For additional information, see About Obtaining Package Source not Provided by Wind River.
-------------------
So, it looks like this is a defect - the build should fail or refuse to pull in the blacklisted items.

Steps to Reproduce

See build.tar.gz which contains an extremely minimal build script and layer using stock WRL 7  to reproduce the issue.
Directions to reproduce:

1.	Extract said tarball to a location where you wish to build the platform.
Please replace the extracted build.sh with the one attached to this Jira.
2.	Set the WORKSPACE variable to $PWD
3.     Set WRL7 variable to point to WRL7 install
4.	Run build.sh to perform the build
4.	Navigate to $WORKSPACE/_BuildWRLinux/Test_prj/export/dist/usr/lib and confirm that libgnutls-openssl is present.

Test_prj$ find export/dist -name libgnutls-openssl*
export/dist/usr/lib/libgnutls-openssl.so.27
export/dist/usr/lib/libgnutls-openssl.so.27.0.2

Other Downloads


Live chat
Online