From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id gD5BCr5XcmEpBQEAgWs5BA (envelope-from ) for ; Fri, 22 Oct 2021 08:18:38 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id OGLYBb5XcmHsPwAAbx9fmQ (envelope-from ) for ; Fri, 22 Oct 2021 06:18:38 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BBD0824763 for ; Fri, 22 Oct 2021 08:18:37 +0200 (CEST) Received: from localhost ([::1]:51426 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdnsy-00056x-Sf for larch@yhetil.org; Fri, 22 Oct 2021 02:18:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50280) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdnrc-00054z-JJ for guix-devel@gnu.org; Fri, 22 Oct 2021 02:17:13 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:56598) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdnrZ-0007b9-AN; Fri, 22 Oct 2021 02:17:11 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100b]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id EB5151AA2C; Thu, 21 Oct 2021 23:17:06 -0700 (PDT) From: Vagrant Cascadian To: 34717@debbugs.gnu.org Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <871s3his1i.fsf@gnu.org> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> Date: Thu, 21 Oct 2021 23:17:03 -0700 Message-ID: <87y26loa74.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: none client-ip=173.255.214.101; envelope-from=vagrant@debian.org; helo=cascadia.aikidev.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1634883517; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=0uhif/vnZ9HoishJwxKD5VagPNeD8N3EIPz+RNW623M=; b=P9NOrINkI8CMyNFx4PphKYaVw4PZYfyCATc5lojDZ5aqE5Vt/ZyYojtlh4gk5/ufou3DR6 QE+UANWHsCtnHcYHBzHDFMy1qbaTt0y0Go+Wz+nef+IDkMBFeT43u9JzsjZetbH3PigubI hL8Gbmyim1CWtRHjufJM4neqKDpULFtLs6KFb6eviVKbgM+quXtC5gI8JJz+y+BhZjjPcl +fiQ51szyNvXTddAz04KDyQ0f73nTcfH2SfxvNI/OfMBE+AwNYO/hWZ8MeMaENA8peCa7+ X7pfEBHCCxLiU2Eh9AmwfbMSq+OMQri1bFPMWn3TEM3Y3yMlGja8H2/Q5pc5Sw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1634883517; a=rsa-sha256; cv=none; b=jOEZ9SO01fDjn2hdxlZW9OIS5g1cgm+ShnJcgIQjdepVIwZgQvx9gwzZIwqna9JSXPerkp VonsRMoan5C70wkbOf1pR3mbl7BpjE8M0n+r2akIDVxjaJL07D/2ahqRISeoFEJDo2G3KT AUi17SpmWTpAn1zp91biq8pBKeJEuK3yzLbMtDpjUXoNviq7i0QITHCzoeXlDsKfNIXqE2 0FLekjJcOPS3BVywxsIG/F8QQoKizDgKmQg8rn8NU++iIMJl4527tS6V+wTdw/m89+6pYb LrlJkStFIG5HR+zB46sBa7RMZ4A8FZlDubaq3rdGiYDx1NoXlGa4c2MXiQn3vQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -4.03 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: BBD0824763 X-Spam-Score: -4.03 X-Migadu-Scanner: scn0.migadu.com X-TUID: 4HfZGSUJ+Xnh --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2019-03-08, Ludovic Court=C3=A8s wrote: > Vagrant Cascadian skribis: >> I'm not sure where it would be appropriate to add more comments >> regarding the GPL/Openssl incompatibilities; e.g. if someone were to >> propose adding one of the u-boot targets that requires it, they might >> just go ahead and re-add the openssl input... > > There=E2=80=99s always a risk. I guess we=E2=80=99ll have to be careful = when doing > reviews. > > In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case, W= DYT? > >> From ee613387c49ca60905e0a40af8af017828c8aec8 Mon Sep 17 00:00:00 2001 >> From: Vagrant Cascadian >> Date: Thu, 7 Mar 2019 21:50:58 +0000 >> Subject: [PATCH] gnu: u-boot: Remove openssl input. >> >> Fixes: https://bugs.gnu.org/34717 >> >> * gnu/packages/bootloaders (u-boot): Remove openssl from native-inputs. >> (u-boot-tools): Disable FIT_SIGNATURES in tests. > > Applied, thanks! For the last couple years guix has been applying simple workarounds in u-boot packages to disable the features that required openssl due to GPL/openssl license incompatibilities. I made an attempt at updating guix to u-boot 2021.10, which seems to have made openssl harder to workaround... many of the u-boot-BOARD packages now require it, and the previous workarounds to disable openssl in u-boot-tools seem ineffective. I see a few ways forward: * Dig deeper into figuring out how to disable the workarounds... * Refactor the code that uses openssl to use an alternate implementation. Upstream would welcome the fixes, at least in theory. Most promising candidate might be wolfssl, last I looked, but it may miss some features. * Convince upstream u-boot to relicense relevent GPLed portions of code with an openssl exception. Upstream is dubious about this being practical, largely due to the sheer number of potential contributors who would have to agree to it. * ??? While openssl 3.0 is licensed compatibly with GPLv3, u-boot has portions which are GPLv2-only, so that's not as attractive of a way forward as one might hope for... live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYXJXXwAKCRDcUY/If5cW qiiHAQC5L39PlUYNCXr5sP/1lAUhUbNmU3jJ4hgOFGbA/lDttAD/aUHpWqnDpciZ G8K2Ch9pNIi7Ui3glQ/WQW8jLEuQ0AM= =jM1/ -----END PGP SIGNATURE----- --=-=-=--