* [bug#50347] [RFC PATCH] lint: Warn about kernel modules with a suspect license.
@ 2021-09-02 21:42 Maxime Devos
2021-09-02 22:20 ` Maxime Devos
2021-09-06 8:23 ` zimoun
0 siblings, 2 replies; 4+ messages in thread
From: Maxime Devos @ 2021-09-02 21:42 UTC (permalink / raw)
To: 50347; +Cc: guix-devel
[-- Attachment #1.1: Type: text/plain, Size: 991 bytes --]
X-Debbugs-CC: guix-devel@gnu.org
[CC'ing guix-devel@gnu.org because a wider audience seems in order?]
Hi guix,
This patch adds a 'suspect-license' linter detecting some suspicious
values in the license fields of linux modules:
gnu/packages/file-systems.scm:1317:13: zfs@2.1.0: license appears incompatible with the Linux kernel
gnu/packages/linux.scm:1185:13: acpi-call-linux-module@1.2.1: license appears incompatible with the Linux kernel
gnu/packages/linux.scm:8205:15: ttyebus-linux-module@1.5-0.fe4332a: license appears incompatible with the Linux kernel
For zfs, the issue is the CDDL license. For the others, the issue
is the gpl3+ license. See the article by the SFLC for why this linter
detets ZFS:
<https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/#footnote-other-ZFS-copyright-holders>.
I wrote a little about the CDDL-GPL incompatibility issue
(most likely a GPL violation?) at <https://issues.guix.gnu.org/45692#43>.
Greetings,
Maxime.
[-- Attachment #1.2: 0001-lint-Warn-about-kernel-modules-with-a-suspect-licens.patch --]
[-- Type: text/x-patch, Size: 2736 bytes --]
From 851cf20b7d5aed45c3331781afef8de3961f4bb4 Mon Sep 17 00:00:00 2001
From: Maxime Devos <maximedevos@telenet.be>
Date: Thu, 2 Sep 2021 23:30:15 +0200
Subject: [PATCH] lint: Warn about kernel modules with a suspect license.
* guix/lint.scm
(check-suspect-license): New linter.
(%local-checkers)[suspect-license]: Register it.
---
guix/lint.scm | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/guix/lint.scm b/guix/lint.scm
index ffd3f7007e..3a7f3be327 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -34,6 +34,7 @@
#:use-module (guix store)
#:autoload (guix base16) (bytevector->base16-string)
#:use-module (guix base32)
+ #:use-module (guix build-system)
#:use-module (guix diagnostics)
#:use-module (guix download)
#:use-module (guix ftp-client)
@@ -1347,6 +1348,31 @@ of the propagated inputs it pulls in."
(make-warning package (G_ "invalid license field")
#:field 'license)))))
+(define (check-suspect-license package)
+ "Warn about suspicious license combinations in PACKAGE."
+ ;; Use 'build-system-name' instead of comparing the build
+ ;; system directly with 'linux-module-build-system' to avoid
+ ;; loading (guix build-system linux-module) when no Linux modules
+ ;; are linted.
+ (define linux-module?
+ (eq? 'linux-module
+ (build-system-name (package-build-system package))))
+ ;; This has plenty of false negatives and should
+ ;; have very few false positives.
+ (define gpl2-only-incompatible?
+ ;; The Linux kernel is GPL-2-only, so GPL3 and later are out.
+ ;; The GPL and CDDL appear to be incompatible, see
+ ;; <https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/>
+ ;; and <https://www.fsf.org/licensing/zfs-and-linux>.
+ (memq (package-license package)
+ (list gpl3 gpl3+ cddl1.0)))
+ (if (and linux-module? gpl2-only-incompatible?)
+ (list
+ (make-warning package
+ (G_ "license appears incompatible with the Linux kernel")
+ #:field 'license))
+ '()))
+
(define (current-vulnerabilities*)
"Like 'current-vulnerabilities', but return the empty list upon networking
or HTTP errors. This allows network-less operation and makes problems with
@@ -1762,6 +1788,10 @@ them for PACKAGE."
(description "Make sure the 'license' field is a <license> \
or a list thereof")
(check check-license))
+ (lint-checker
+ (name 'suspect-license)
+ (description "Detect some suspect combinations of licenses")
+ (check check-suspect-license))
(lint-checker
(name 'optional-tests)
(description "Make sure tests are only run when requested")
--
2.33.0
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [bug#50347] [RFC PATCH] lint: Warn about kernel modules with a suspect license.
2021-09-02 21:42 Maxime Devos
@ 2021-09-02 22:20 ` Maxime Devos
2021-09-06 8:23 ` zimoun
1 sibling, 0 replies; 4+ messages in thread
From: Maxime Devos @ 2021-09-02 22:20 UTC (permalink / raw)
To: 50347; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 166 bytes --]
I've discussed this with dstolfa on IRC:
https://logs.guix.gnu.org/guix/2021-09-02.log#234707
https://logs.guix.gnu.org/guix/2021-09-03.log
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug#50347] [RFC PATCH] lint: Warn about kernel modules with a suspect license
@ 2021-09-04 18:04 raid5atemyhomework
0 siblings, 0 replies; 4+ messages in thread
From: raid5atemyhomework @ 2021-09-04 18:04 UTC (permalink / raw)
To: guix-devel@gnu.org
Hi list,
I hope this topic gets attention. As far as I can tell, this is a blocker against 45692 getting merged.
I am already annoyed enough with 45692 (it has been about half a year or so since submitted) and will not prioritize updating the patch until I can expect the CDDL-GPL incompatibility issue to be resolved somehow. Thank you to Maxime Devos for at least reviewing the final key patch to *start* ZFS support.
I know a few people have asked me for help in getting ZFS working on *their* Guix systmes; I really hope they can speak up on public forums so that others know that ZFS support on Guix is desired by more than just me. Honestly, the only reason I use Guix is because this is the only FSF-recommended distribution with a recent ZFS available (I know how to code in Scheme, but only in anger; I prefer C++ or Haskell); but if Guix removes ZFS, I would rather install a non-FSF-recommended distribution than lose more of my homework to lousy RAID5 implementations.
Thanks
raid5atemyhomework
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [bug#50347] [RFC PATCH] lint: Warn about kernel modules with a suspect license.
2021-09-02 21:42 Maxime Devos
2021-09-02 22:20 ` Maxime Devos
@ 2021-09-06 8:23 ` zimoun
1 sibling, 0 replies; 4+ messages in thread
From: zimoun @ 2021-09-06 8:23 UTC (permalink / raw)
To: Maxime Devos, 50347; +Cc: guix-devel
Hi Maxime,
On Thu, 02 Sep 2021 at 23:42, Maxime Devos <maximedevos@telenet.be> wrote:
> This patch adds a 'suspect-license' linter detecting some suspicious
> values in the license fields of linux modules:
I do not know if it is worth to add a linter for really few corner
cases, IMHO.
> For zfs, the issue is the CDDL license. For the others, the issue
> is the gpl3+ license. See the article by the SFLC for why this linter
> detets ZFS:
>
> <https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/#footnote-other-ZFS-copyright-holders>.
The issue is about distributing binaries, IIUC. From my point of view,
a such linter should check X-license packages using any build-system but
“linked“ to incompatible X-license packages. Well, I do not know if it
is worth to automate this since it appears to me really sparse corner
cases.
Cheers,
simon
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-09-06 8:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-04 18:04 [bug#50347] [RFC PATCH] lint: Warn about kernel modules with a suspect license raid5atemyhomework
-- strict thread matches above, loose matches on Subject: below --
2021-09-02 21:42 Maxime Devos
2021-09-02 22:20 ` Maxime Devos
2021-09-06 8:23 ` zimoun
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.