Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Vagrant Cascadian <vagrant@debian.org>
To: 34717@debbugs.gnu.org
Cc: guix-devel@gnu.org
Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others
Date: Thu, 21 Oct 2021 23:17:03 -0700	[thread overview]
Message-ID: <87y26loa74.fsf@yucca> (raw)
In-Reply-To: <871s3his1i.fsf@gnu.org>

[-- Attachment #1: Type: text/plain, Size: 2157 bytes --]

On 2019-03-08, Ludovic Courtès wrote:
> Vagrant Cascadian <vagrant@debian.org> skribis:
>> I'm not sure where it would be appropriate to add more comments
>> regarding the GPL/Openssl incompatibilities; e.g. if someone were to
>> propose adding one of the u-boot targets that requires it, they might
>> just go ahead and re-add the openssl input...
>
> There’s always a risk.  I guess we’ll have to be careful when doing
> reviews.
>
> In addition, we can add a ‘lint’ checker for this case, WDYT?
>
>> From ee613387c49ca60905e0a40af8af017828c8aec8 Mon Sep 17 00:00:00 2001
>> From: Vagrant Cascadian <vagrant@debian.org>
>> Date: Thu, 7 Mar 2019 21:50:58 +0000
>> Subject: [PATCH] gnu: u-boot: Remove openssl input.
>>
>> Fixes: https://bugs.gnu.org/34717
>>
>> * gnu/packages/bootloaders (u-boot): Remove openssl from native-inputs.
>>   (u-boot-tools): Disable FIT_SIGNATURES in tests.
>
> Applied, thanks!

For the last couple years guix has been applying simple workarounds in
u-boot packages to disable the features that required openssl due to
GPL/openssl license incompatibilities.

I made an attempt at updating guix to u-boot 2021.10, which seems to
have made openssl harder to workaround... many of the u-boot-BOARD
packages now require it, and the previous workarounds to disable openssl
in u-boot-tools seem ineffective.

I see a few ways forward:

* Dig deeper into figuring out how to disable the workarounds...

* Refactor the code that uses openssl to use an alternate
  implementation. Upstream would welcome the fixes, at least in
  theory. Most promising candidate might be wolfssl, last I looked, but
  it may miss some features.

* Convince upstream u-boot to relicense relevent GPLed portions of code
  with an openssl exception. Upstream is dubious about this being
  practical, largely due to the sheer number of potential contributors
  who would have to agree to it.

* ???

While openssl 3.0 is licensed compatibly with GPLv3, u-boot has portions
which are GPLv2-only, so that's not as attractive of a way forward as
one might hope for...

live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

next      parent reply	other threads:[~2021-10-22  6:18 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <87tvgkiurn.fsf@ponder>
     [not found] ` <87zhq8f2zz.fsf@gnu.org>
     [not found]   ` <87ftrzuxmh.fsf@ponder>
     [not found]     ` <87o96m8f09.fsf@ponder>
     [not found]       ` <871s3his1i.fsf@gnu.org>
2021-10-22  6:17         ` Vagrant Cascadian [this message]
2021-10-22 20:35           ` bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Leo Famulari
2021-10-22 21:15             ` Vagrant Cascadian
2021-10-23  9:08               ` Maxime Devos
2021-10-22 21:17           ` Vagrant Cascadian
2021-10-23 19:44             ` Leo Famulari
2021-10-24  8:50               ` Dr. Arne Babenhauserheide

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87y26loa74.fsf@yucca \
    --to=vagrant@debian.org \
    --cc=34717@debbugs.gnu.org \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).