GNU bug report logs -
#50347
[RFC PATCH] lint: Warn about kernel modules with a suspect license.
Previous Next
Reported by: Maxime Devos <maximedevos <at> telenet.be>
Date: Thu, 2 Sep 2021 21:44:01 UTC
Severity: normal
Tags: patch
Done: Maxime Devos <maximedevos <at> telenet.be>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50347 in the body.
You can then email your comments to 50347 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-devel <at> gnu.org, guix-patches <at> gnu.org
:
bug#50347
; Package
guix-patches
.
(Thu, 02 Sep 2021 21:44:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Maxime Devos <maximedevos <at> telenet.be>
:
New bug report received and forwarded. Copy sent to
guix-devel <at> gnu.org, guix-patches <at> gnu.org
.
(Thu, 02 Sep 2021 21:44:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
X-Debbugs-CC: guix-devel <at> gnu.org
[CC'ing guix-devel <at> gnu.org because a wider audience seems in order?]
Hi guix,
This patch adds a 'suspect-license' linter detecting some suspicious
values in the license fields of linux modules:
gnu/packages/file-systems.scm:1317:13: zfs <at> 2.1.0: license appears incompatible with the Linux kernel
gnu/packages/linux.scm:1185:13: acpi-call-linux-module <at> 1.2.1: license appears incompatible with the Linux kernel
gnu/packages/linux.scm:8205:15: ttyebus-linux-module <at> 1.5-0.fe4332a: license appears incompatible with the Linux kernel
For zfs, the issue is the CDDL license. For the others, the issue
is the gpl3+ license. See the article by the SFLC for why this linter
detets ZFS:
<https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/#footnote-other-ZFS-copyright-holders>.
I wrote a little about the CDDL-GPL incompatibility issue
(most likely a GPL violation?) at <https://issues.guix.gnu.org/45692#43>.
Greetings,
Maxime.
[0001-lint-Warn-about-kernel-modules-with-a-suspect-licens.patch (text/x-patch, inline)]
From 851cf20b7d5aed45c3331781afef8de3961f4bb4 Mon Sep 17 00:00:00 2001
From: Maxime Devos <maximedevos <at> telenet.be>
Date: Thu, 2 Sep 2021 23:30:15 +0200
Subject: [PATCH] lint: Warn about kernel modules with a suspect license.
* guix/lint.scm
(check-suspect-license): New linter.
(%local-checkers)[suspect-license]: Register it.
---
guix/lint.scm | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/guix/lint.scm b/guix/lint.scm
index ffd3f7007e..3a7f3be327 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -34,6 +34,7 @@
#:use-module (guix store)
#:autoload (guix base16) (bytevector->base16-string)
#:use-module (guix base32)
+ #:use-module (guix build-system)
#:use-module (guix diagnostics)
#:use-module (guix download)
#:use-module (guix ftp-client)
@@ -1347,6 +1348,31 @@ of the propagated inputs it pulls in."
(make-warning package (G_ "invalid license field")
#:field 'license)))))
+(define (check-suspect-license package)
+ "Warn about suspicious license combinations in PACKAGE."
+ ;; Use 'build-system-name' instead of comparing the build
+ ;; system directly with 'linux-module-build-system' to avoid
+ ;; loading (guix build-system linux-module) when no Linux modules
+ ;; are linted.
+ (define linux-module?
+ (eq? 'linux-module
+ (build-system-name (package-build-system package))))
+ ;; This has plenty of false negatives and should
+ ;; have very few false positives.
+ (define gpl2-only-incompatible?
+ ;; The Linux kernel is GPL-2-only, so GPL3 and later are out.
+ ;; The GPL and CDDL appear to be incompatible, see
+ ;; <https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/>
+ ;; and <https://www.fsf.org/licensing/zfs-and-linux>.
+ (memq (package-license package)
+ (list gpl3 gpl3+ cddl1.0)))
+ (if (and linux-module? gpl2-only-incompatible?)
+ (list
+ (make-warning package
+ (G_ "license appears incompatible with the Linux kernel")
+ #:field 'license))
+ '()))
+
(define (current-vulnerabilities*)
"Like 'current-vulnerabilities', but return the empty list upon networking
or HTTP errors. This allows network-less operation and makes problems with
@@ -1762,6 +1788,10 @@ them for PACKAGE."
(description "Make sure the 'license' field is a <license> \
or a list thereof")
(check check-license))
+ (lint-checker
+ (name 'suspect-license)
+ (description "Detect some suspect combinations of licenses")
+ (check check-suspect-license))
(lint-checker
(name 'optional-tests)
(description "Make sure tests are only run when requested")
--
2.33.0
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#50347
; Package
guix-patches
.
(Thu, 02 Sep 2021 22:22:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 50347 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
I've discussed this with dstolfa on IRC:
https://logs.guix.gnu.org/guix/2021-09-02.log#234707
https://logs.guix.gnu.org/guix/2021-09-03.log
Greetings,
Maxime.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#50347
; Package
guix-patches
.
(Mon, 06 Sep 2021 08:31:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 50347 <at> debbugs.gnu.org (full text, mbox):
Hi Maxime,
On Thu, 02 Sep 2021 at 23:42, Maxime Devos <maximedevos <at> telenet.be> wrote:
> This patch adds a 'suspect-license' linter detecting some suspicious
> values in the license fields of linux modules:
I do not know if it is worth to add a linter for really few corner
cases, IMHO.
> For zfs, the issue is the CDDL license. For the others, the issue
> is the gpl3+ license. See the article by the SFLC for why this linter
> detets ZFS:
>
> <https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/#footnote-other-ZFS-copyright-holders>.
The issue is about distributing binaries, IIUC. From my point of view,
a such linter should check X-license packages using any build-system but
“linked“ to incompatible X-license packages. Well, I do not know if it
is worth to automate this since it appears to me really sparse corner
cases.
Cheers,
simon
Reply sent
to
Maxime Devos <maximedevos <at> telenet.be>
:
You have taken responsibility.
(Wed, 08 Sep 2021 20:43:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Maxime Devos <maximedevos <at> telenet.be>
:
bug acknowledged by developer.
(Wed, 08 Sep 2021 20:43:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 50347-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
zimoun schreef op ma 06-09-2021 om 10:23 [+0200]:
> Hi Maxime,
>
> On Thu, 02 Sep 2021 at 23:42, Maxime Devos <maximedevos <at> telenet.be> wrote:
>
> > This patch adds a 'suspect-license' linter detecting some suspicious
> > values in the license fields of linux modules:
>
> I do not know if it is worth to add a linter for really few corner
> cases, IMHO.
>
> > For zfs, the issue is the CDDL license. For the others, the issue
> > is the gpl3+ license. See the article by the SFLC for why this linter
> > detets ZFS:
> >
> > <https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/#footnote-other-ZFS-copyright-holders>;.
>
> The issue is about distributing binaries, IIUC. From my point of view,
> a such linter should check X-license packages using any build-system but
> “linked“ to incompatible X-license packages. Well, I do not know if it
> is worth to automate this since it appears to me really sparse corner
> cases.
It appears that the proposed linter isn't very useful.
Closing.
Greetings,
Maxime
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Thu, 07 Oct 2021 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 201 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.