Wind River Support Network


LIN8-4104 : CLONE - Blacklisting GPLv3 ignored

Created: Jun 30, 2016    Updated: Dec 3, 2018
Resolved Date: Jul 11, 2016
Previous ID: LIN7-6486
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Build & Config
Host OS: Linux Ubuntu


The package that causes libgnutls-openssl to be pulled in incorrectly is iputils. The wpa-supplicant package also has an
implicit dependency on it, but just including it in the IMAGE_INSTALL does not cause the library to appear. However, the
wpa-supplicant package should be configured to use the openssl PACKAGECONFIG instead to avoid any issues on runtime (see
TestLayers/templates/default/template.conf for details).

LIN7-5808 describes the initial issue seen by the customer, and that issue has been patched. However there is a larger issue at hand here. The customer expects that blacklisted functionality which experiences issues should cause the build fail. The current behavior is that the system build a result that contained unlicensed content, and did not provide any clues. They discovered it in some subsequent testing. This could be a dangerous result for them (and us). They stated that they depend on us to make sure that our tools manage the licensing blacklisting reliably for them. 

Advertised behavior: 

--with-license-flags-blacklist=licenseType1, licenseType2, licenseType3...licenseTypeN

Use this option to set a comma-separated list of license types that are excluded from the platform project image. If you specify a license type, for example, GPLv3, to be blacklisted, any package specified to use that license type will not be included in the platform project image once built.

If you include a configure option that adds packages that require a specific license to function, and that license type is blacklisted, the full contents specified by the option will not install. This may create an unsupported configuration.
--with-license-flags-whitelist=licenseFlagType1, licenseFlagType2, licenseFlagType3...licenseTypeN

Use this option to set a comma-separated list of license flag types that are included automatically in the platform project image. Note that some software license types have legal requirements. As a result, you should consult your company's legal department's software policy regarding any license type you want to include.

For additional information, see About Obtaining Package Source not Provided by Wind River.
So, it looks like this is a defect - the build should fail or refuse to pull in the blacklisted items.

Steps to Reproduce

See build.tar.gz which contains an extremely minimal build script and layer using stock WRL 7  to reproduce the issue.
Directions to reproduce:

1.	Extract said tarball to a location where you wish to build the platform.
Please replace the extracted with the one attached to this Jira.
2.	Set the WORKSPACE variable to $PWD
3.     Set WRL7 variable to point to WRL7 install
4.	Run to perform the build
4.	Navigate to $WORKSPACE/_BuildWRLinux/Test_prj/export/dist/usr/lib and confirm that libgnutls-openssl is present.

Test_prj$ find export/dist -name libgnutls-openssl*

Other Downloads

Live chat