all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Vagrant Cascadian <vagrant@debian.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 34717@debbugs.gnu.org
Subject: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others
Date: Wed, 06 Mar 2019 20:17:10 -0800	[thread overview]
Message-ID: <87ftrzuxmh.fsf@ponder> (raw)
In-Reply-To: <87zhq8f2zz.fsf@gnu.org>

[-- Attachment #1: Type: text/plain, Size: 2941 bytes --]

On 2019-03-06, Ludovic Courtès wrote:
> Vagrant Cascadian <vagrant@debian.org> skribis:
>
>> The u-boot package definition includes openssl amoung it's inputs, but
>> is also a GPL2+ software project... but the GPL and OpenSSL licenses are
>> incompatible:
>>
>>   https://www.gnu.org/licenses/license-list.html#OpenSSL
>
> Thanks for bringing it up.
>
>> I'm not sure if there's a simple way to search for other packages with
>> license:gpl and openssl as an input in order to do a quick pass at
>> auditing... some packages may use the openssl binary as part of the
>> build process or tests, and not linking any GPLed code against it; in
>> those cases there would be no license conflict.
>
> openssl@1.0 has 7,029 dependent packages, so it may be hard to sort it
> out.  I wonder what would be the best way to approach it.

How many of them are also license:gpl* though? That would hopefully
reduce the scope somewhat, or maybe even significantly...

If "guix package --search= ..." could be extended to to also search
other fields, e.g. license: and dependencies: ... it might not be so
difficult a search.


>> In the Debian u-boot packaging, some of the features using openssl are
>> disabled, and some of the u-boot targets that require openssl are not
>> part of the packages. I'd be happy to help with making such adjustments
>> if this is deemed the better approach for u-boot specifically.
>
> That’d be great.  We could definitely remove the OpenSSL dependency when
> it’s not needed.

For what it's worth, I did do local builds of all the current u-boot-*
targets in guix with openssl removed from inputs, and the only one that
failed to build without openssl was u-boot-tools.


> In cases where it is needed, it would be nice to see what it’s used
> for.  Many projects use OpenSSL just for its cryptographic hash
> functions, for example, and there’s plenty of options to choose from if
> that’s all that’s needed (Gcrypt, Nettle, etc.).

I think it is using it for generating and verifying rsa signatures, and
probably other similar basic things. So far I had only thought about
gnutls, but if gcrypt or nettle are other options, then so much the
better.

I briefly looked at gnutls's openssl compatibility layers, but it didn't
seem to implement sufficiently similar include files, which is largely
all that it is doing.


> I guess this should be discussed with upstream.

I did bring it upstream a little over a year ago, and the response was
pretty much to rewrite it with gnutls, and I pointed out the most likely
files that needed updating:

  https://lists.denx.de/pipermail/u-boot/2017-November/312483.html
  https://lists.denx.de/pipermail/u-boot/2017-December/313616.html
  https://lists.denx.de/pipermail/u-boot/2017-December/313742.html

I suspect it's pretty much a "patches accepted" sort of scenario.


live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

  parent reply	other threads:[~2019-03-07  4:18 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-03  1:58 bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Vagrant Cascadian
2019-03-06 15:15 ` Ludovic Courtès
2019-03-06 18:12   ` Danny Milosavljevic
2019-03-08  9:59     ` Ludovic Courtès
2019-03-07  4:17   ` Vagrant Cascadian [this message]
2019-03-07 23:02     ` Vagrant Cascadian
2019-03-08 10:23       ` Ludovic Courtès
2019-03-08 19:14         ` Vagrant Cascadian
2019-03-09 21:57           ` Ludovic Courtès
2019-03-09 23:10             ` Vagrant Cascadian
2019-03-10  3:58               ` Jack Hill
2019-03-10 17:12               ` Ludovic Courtès
2021-10-22  6:17         ` Vagrant Cascadian
2021-10-22 20:35           ` Leo Famulari
2021-10-22 21:15             ` Vagrant Cascadian
2021-10-23  9:08               ` Maxime Devos
2021-10-22 21:17           ` Vagrant Cascadian
2021-10-23 19:44             ` Leo Famulari
2021-10-24  8:50               ` Dr. Arne Babenhauserheide
2019-03-08 10:08     ` Ludovic Courtès
2019-03-08 10:16       ` Ludovic Courtès
2019-03-15 23:55     ` Adonay Felipe Nogueira

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ftrzuxmh.fsf@ponder \
    --to=vagrant@debian.org \
    --cc=34717@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.