The code in this file uses oe.qa, but it was not imported resulting an
an exception when a license error was detected
(From OE-Core rev: e44cb7c5b7281d614ed51fdec06dad0a7211528a)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Moves the code that skips packages with incompatible licenses to the
library code so that it can be called in other locations
(From OE-Core rev: 86eb409e3c1b30110869ec5a0027ae2d48bbfe7f)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Moves several of the functions in license.bbclass to be library code
New function dependencies were manually verified using bitbake-dumpsigs
to ensure that bitbake identified the same dependencies even though they
are now in library code (although the new function names mean that the
task hashes still change)
(From OE-Core rev: 0333e04e353991260c5f67a72f80f3ab9dcf526a)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Where there isn't a copyright statement, add one to make it explicit.
Also add license identifiers as MIT if there isn't one.
(From OE-Core rev: bb731d1f3d2a1d50ec0aed864dbca54cf795b040)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We want to use SPDX identifiers in LICENSE variables. There is now a
conversion script to make most of the translations. Add a list of
strings which have been replaced so we can show warnings to users
if they're still used anywhere.
Add checks to the package as insane check. This is currently a warning
by default but can be turned off or made an error as per the other standard
checks.
(From OE-Core rev: 9379f80f484f94686a4d494e9e237fadfb72a938)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This re-writes the INCOMPATIBLE_LICENSE checking code to replace
the WHITELIST_<lic> with
INCOMPATIBLE_LICENSE_EXCEPTIONS = '<pkg>:<lic> <pkg>:<lic> ...'
This initial change leaves most of the code structure in place,
but the code in base.bbclass needs to be re-written to make
the check more consistent around packages (PKGS) and not recipe
names (PN). This also is taking into account the changes for SPDX
licenses.
The aim is to provide a mode consistent variable where the variable
name is known and can easily be queried.
(From OE-Core rev: 0d19c45ba6cf43518f380ca5afe9753a2eda0691)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The previous commit introduced a small logic error. Fix the renaming issue.
(From OE-Core rev: b01e10b27d23ea1b4ac58376c2423505a70832d6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since Python 3.8 visit_Num(), visit_Str() and so on are all deprecated
and replaced with visit_Constant. We can't yet remove the deprecated
functions until we require 3.8, but we can implement visit_Constant to
silence the deprecation warnings.
(From OE-Core rev: abc93390a3f19bc4cc159c5690a478b9e2270906)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GPLv2 and GPLv2+ are two difference licenses with different meanings
and we can't just pretend they're the same thing. Change the code
to treat them separately.
(From OE-Core rev: d1baf74ac92fe0c8c32dff101fd77d77f70fd583)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds SPDX license headers in place of the wide assortment of things
currently in our script headers. We default to GPL-2.0-only except for the
oeqa code where it was clearly submitted and marked as MIT on the most part
or some scripts which had the "or later" GPL versioning.
The patch also drops other obsolete bits of file headers where they were
encoountered such as editor modelines, obsolete maintainer information or
the phrase "All rights reserved" which is now obsolete and not required in
copyright headers (in this case its actually confusing for licensing as all
rights were not reserved).
More work is needed for OE-Core but this takes care of the bulk of the scripts
and meta/lib directories.
The top level LICENSE files are tweaked to match the new structure and the
SPDX naming.
(From OE-Core rev: f8c9c511b5f1b7dbd45b77f345cb6c048ae6763e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix handling of escape characters in regexs and hence fix python
Deprecation warnings which will be problematic in python 3.8.
Note that some show up as:
"""
meta/classes/package.bbclass:1293: DeprecationWarning: invalid escape sequence \.
"""
where the problem isn't on 1293 in package.bbclass but in some _prepend to a
package.bbclass function in a different file like mesa.inc, often from
do_package_split() calls.
(From OE-Core rev: 4b1c0c7d5525fc4cea9e0f02ec54e92a6fbc6199)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When faced with multiple sets of licenses combined with | (OR), it was
possible for oe.license.is_included() to choose a set of licenses with
a blacklisted license and then report failure, even if choosing
another set of licenses would have resulted in a successful
result. This happened when the chosen set still contained more
whitelisted licenses than the other set.
This change makes sure a set with any blacklisted license is always
considered with a lower weight than a set with only whitelisted
licenses.
Example: Faced with the license string "GPL-3.0 & GPL-2.0 & LGPL-2.1 |
Proprietary" and with "GPL-3.0" being blacklisted, the old code would
report a failure since "GPL-3.0 & GPL-2.0 & LGPL-2.1" still contains
more whitelisted licenses than "Proprietary" does.
This change also adds a unit test for oe.license.is_included().
(From OE-Core rev: 312b4d6175e189852c0787ca2fe99b99ce92d1bd)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LICENSE should be a superset of all LICENSE_<pkg> values. That is,
LICENSE should contain all licenses and LICENSE_<pkg> can be used to
"filter" this on a per-package basis. LICENSE_<pkg> shouldn't contain
anything that isn't specified in LICENSE.
This patch implements simple checking of LICENSE_<pkg> values. It does
do not do advanced parsing/matching of license expressions, but,
checks that all licenses mentioned in LICENSE_<pkg> are also specified in
LICENSE. A warning is printed if problems are found.
(From OE-Core rev: 0f4163a12ea431d0ba6265880ee1e557333d3211)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Iterators now return views, not lists in python3. Where we need
lists, handle this explicitly.
(From OE-Core rev: caebd862bac7eed725e0f0321bf50793671b5312)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When INCOMPATIBLE_LICENSE's is specified it need to be removed from
license.manifest and also avoid copy to target image.
Add ManifestVisitor that walk the license string searching for
INCOMPATIBLE_LICENSE's if found remove it.
[YOCTO #6765]
(From OE-Core rev: d1278570041029d7c9fc6ce657e9a1701a421841)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Create get_elements and visit_elements in LicenseVisitor based
on visit_string this allow to do modifications on elements before
parsing with AST.
(From OE-Core rev: c16cf0a0331d128e4ba7341fe28510a9bfb7ee16)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add dont_want_licenses as parameter to license_ok function and move it
to oe.license module in order to use in other modules.
(From OE-Core rev: 243fe3a4583a21ad6c0b2a26196ed18d41740f7a)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Strictly speaking not all of these characters are operators, so reword
the message to describe them as separators. Also use the standard
"recipename: message" format.
(From OE-Core rev: 9e5da3e83f2a5d43620e07a31728b7427329d8f4)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
StandardError is removed in python3, replace with Exception class instead.
(From OE-Core rev: a37ae30b9766df346ca57755530024a0b7d5f86b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
actually if a package has a license in its LICENSE variable
which is not in the whitelist nor in the blacklist and even
if an other license in this variable is in the whitelist,
the package gets excluded and is not taken in account in the
copyleft_compliance.
This patch solves this by excluding a recipe _only_ if the
LICENSE variable includes a pattern from the blacklist and
including a recipe only if it includes a variable from the
whitelist _and_ none from the blacklist.
Example in busybox which has LICENSE="GPLv2 & BSD-4-Clause",
with the actual behaviour (where he blacklist contains only
CLOSED Proprietary) we get :
DEBUG: copyleft: busybox-1.19.4 is excluded: recipe has excluded licenses: BSD-4-Clause
which is not sane because busybox is covered by a copyleft license
which is GPLv2 and should match the default whitelist which is
GPL* LGPL*.
(From OE-Core rev: 987d06447d2eacf2e01f08e29469c00fbb0ef1db)
Signed-off-by: Eric Bénard <eric@eukrea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Given a license string and whitelist and blacklist, determine if the
license string matches the whitelist and does not match the blacklist.
When encountering an OR, it prefers the side with the highest weight (more
included licenses). It then checks the inclusion of the flattened list of
licenses from there.
Returns a tuple holding the boolean state and a list of the applicable
licenses which were excluded (or None, if the state is True)
Examples:
is_included, excluded = oe.license.is_included(licensestr, ['GPL*', 'LGPL*'])
is_included, excluded = oe.license.is_included(licensestr, blacklist=['Proprietary', 'CLOSED'])
(From OE-Core rev: 7903433898b4683a1c09cc9a6a379421bc9bbd58)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This flattens a license tree by selecting one side of each OR operation
(chosen via the user supplied function).
(From OE-Core rev: 6984961314c8ba2aceab9acabb658f96ed249fef)
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In addition to moving this functionality to oe.license, makes the string
preparation more picky before passing it off to the ast compilation. This
ensures that LICENSE entries like 'GPL/BSD' are seen as invalid (due to the
presence of the unsupported '/').
(From OE-Core rev: 20d4068045c76e9dc2aff0c152dd02d6a109c9dd)
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
