From unknown Thu Jun 12 06:44:39 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#34717 <34717@debbugs.gnu.org> To: bug#34717 <34717@debbugs.gnu.org> Subject: Status: GPL and Openssl incompatibilities in u-boot and possibly others Reply-To: bug#34717 <34717@debbugs.gnu.org> Date: Thu, 12 Jun 2025 13:44:39 +0000 retitle 34717 GPL and Openssl incompatibilities in u-boot and possibly othe= rs reassign 34717 guix submitter 34717 Vagrant Cascadian severity 34717 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 02 20:58:40 2019 Received: (at submit) by debbugs.gnu.org; 3 Mar 2019 01:58:40 +0000 Received: from localhost ([127.0.0.1]:57985 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0GOm-00028W-Cc for submit@debbugs.gnu.org; Sat, 02 Mar 2019 20:58:40 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49181) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0GOk-00028J-0L for submit@debbugs.gnu.org; Sat, 02 Mar 2019 20:58:38 -0500 Received: from lists.gnu.org ([209.51.188.17]:50831) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h0GOe-0007Go-NZ for submit@debbugs.gnu.org; Sat, 02 Mar 2019 20:58:32 -0500 Received: from eggs.gnu.org ([209.51.188.92]:35329) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0GOd-0003zL-P7 for bug-guix@gnu.org; Sat, 02 Mar 2019 20:58:32 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h0GOc-0007Eq-Cp for bug-guix@gnu.org; Sat, 02 Mar 2019 20:58:31 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:54026) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0GOc-0007CS-4f for bug-guix@gnu.org; Sat, 02 Mar 2019 20:58:30 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100e]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 9DC5A1AA27 for ; Sat, 2 Mar 2019 17:58:25 -0800 (PST) From: Vagrant Cascadian To: bug-guix@gnu.org Subject: GPL and Openssl incompatibilities in u-boot and possibly others Date: Sat, 02 Mar 2019 17:58:20 -0800 Message-ID: <87tvgkiurn.fsf@ponder> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 173.255.214.101 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain The u-boot package definition includes openssl amoung it's inputs, but is also a GPL2+ software project... but the GPL and OpenSSL licenses are incompatible: https://www.gnu.org/licenses/license-list.html#OpenSSL It doesn't explain the details of *why* they're incompatibly, which is astoundingly unhelpful. The best explanation I've found is here: https://people.gnome.org/~markmc/openssl-and-the-gpl.html Essentially, the Openssl/SSLeay license(s) place additional restrictions requiring "advertising" clause when distributing in binary form, while the GPL forbids placing additional restrictions on distribution. I'm not sure if there's a simple way to search for other packages with license:gpl and openssl as an input in order to do a quick pass at auditing... some packages may use the openssl binary as part of the build process or tests, and not linking any GPLed code against it; in those cases there would be no license conflict. Since I believe the incompatibility is only invoked when distributing binaries, GNU Guix may be in an interesting position to at least make a simple workaround for affected packages by using: (arguments `(#:substitutable? #f)) Thus disabling substitutes. Though it poses a curious philosophical question weather that is an acceptible/appropriate workaround for GNU Guix... In the Debian u-boot packaging, some of the features using openssl are disabled, and some of the u-boot targets that require openssl are not part of the packages. I'd be happy to help with making such adjustments if this is deemed the better approach for u-boot specifically. Other more long-term approaches: Patch (and submit upstream) the affected packages to support using other GPL compatible libraries, such as gnutls. If upstream is reasonably able to add a license exception, that could also resolve the issue: https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXHs0vAAKCRDcUY/If5cW qpx5AQD1tIZOPkaVIfPvFxiCO5fh+3pHugUaX4ysih2phFjTAAEAvlbLHriinnPU PbP4TpS6+1WPLiuGiADU1wz75h8LZQk= =iuiX -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 06 10:15:34 2019 Received: (at 34717) by debbugs.gnu.org; 6 Mar 2019 15:15:34 +0000 Received: from localhost ([127.0.0.1]:34578 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1YGc-0001C7-Dg for submit@debbugs.gnu.org; Wed, 06 Mar 2019 10:15:34 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:60210) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1YGa-0001By-42 for 34717@debbugs.gnu.org; Wed, 06 Mar 2019 10:15:33 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id CB744A9B4; Wed, 6 Mar 2019 16:15:30 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8RDqM6qBJntS; Wed, 6 Mar 2019 16:15:30 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id D1AEEA939; Wed, 6 Mar 2019 16:15:29 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others References: <87tvgkiurn.fsf@ponder> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 16 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 06 Mar 2019 16:15:28 +0100 In-Reply-To: <87tvgkiurn.fsf@ponder> (Vagrant Cascadian's message of "Sat, 02 Mar 2019 17:58:20 -0800") Message-ID: <87zhq8f2zz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 34717 Cc: 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hi Vagrant, Vagrant Cascadian skribis: > The u-boot package definition includes openssl amoung it's inputs, but > is also a GPL2+ software project... but the GPL and OpenSSL licenses are > incompatible: > > https://www.gnu.org/licenses/license-list.html#OpenSSL Thanks for bringing it up. > I'm not sure if there's a simple way to search for other packages with > license:gpl and openssl as an input in order to do a quick pass at > auditing... some packages may use the openssl binary as part of the > build process or tests, and not linking any GPLed code against it; in > those cases there would be no license conflict. openssl@1.0 has 7,029 dependent packages, so it may be hard to sort it out. I wonder what would be the best way to approach it. > Since I believe the incompatibility is only invoked when distributing > binaries, GNU Guix may be in an interesting position to at least make a > simple workaround for affected packages by using: > > (arguments `(#:substitutable? #f)) > > Thus disabling substitutes. Though it poses a curious philosophical > question weather that is an acceptible/appropriate workaround for GNU > Guix... Hmm yeah, that doesn=E2=80=99t sound right. :-) > In the Debian u-boot packaging, some of the features using openssl are > disabled, and some of the u-boot targets that require openssl are not > part of the packages. I'd be happy to help with making such adjustments > if this is deemed the better approach for u-boot specifically. That=E2=80=99d be great. We could definitely remove the OpenSSL dependency= when it=E2=80=99s not needed. In cases where it is needed, it would be nice to see what it=E2=80=99s used for. Many projects use OpenSSL just for its cryptographic hash functions, for example, and there=E2=80=99s plenty of options to choose fro= m if that=E2=80=99s all that=E2=80=99s needed (Gcrypt, Nettle, etc.). I guess this should be discussed with upstream. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 06 13:13:01 2019 Received: (at 34717) by debbugs.gnu.org; 6 Mar 2019 18:13:01 +0000 Received: from localhost ([127.0.0.1]:34654 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1b2L-0007Yl-4O for submit@debbugs.gnu.org; Wed, 06 Mar 2019 13:13:01 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:59952) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1b2J-0007Yd-HZ for 34717@debbugs.gnu.org; Wed, 06 Mar 2019 13:13:00 -0500 Received: from localhost (178.113.143.124.wireless.dyn.drei.com [178.113.143.124]) by dd26836.kasserver.com (Postfix) with ESMTPSA id C37E933610B9; Wed, 6 Mar 2019 19:12:57 +0100 (CET) Date: Wed, 6 Mar 2019 19:12:52 +0100 From: Danny Milosavljevic To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Message-ID: <20190306191252.577335c1@scratchpost.org> In-Reply-To: <87zhq8f2zz.fsf@gnu.org> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/jPsCwQ_WMPfIlcICTkXEN.k"; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34717 Cc: Vagrant Cascadian , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/jPsCwQ_WMPfIlcICTkXEN.k Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, > openssl@1.0 has 7,029 dependent packages, so it may be hard to sort it > out. I wonder what would be the best way to approach it. I can't believe I seriously suggest the following but: A license algebra and guix commands that automate part of the lawyering, by using the "license" field of the packages, which would now have at least "and-license" and "or-license" operators and maybe also finer-grained ones, and a placeholder for "it's too difficult, sort it out manually" (maybe just detect the list we have now as "it's too difficult"). If we do it, we should add a disclaimer that it doesn't replace the need for legal counsel entirely. --Sig_/jPsCwQ_WMPfIlcICTkXEN.k Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlyADaQACgkQ5xo1VCww uqUcfQf/evYYUJTPsIxtOB2gIzcrO3GAluInaWhNSbYX29HbvxukUou4FEBxMqd5 qxm6G8jaKiwwSm9KgDEmp6hQ6B/nWzKHq0ZjSryX3QWG3nO/wr8rw3BtgWv/bAr0 IKhcw9lO+dV9OXDN6LLM/8oQ83hyyJpez2NkHQaOAJQ2bl5dNnMErtwFSZ2FCb+b R0Y3sJOb6Ni5eQ1iCHWaQqWjyMsV+7+dKHMqZ66jX/nKcfw7DTCEdmtFFPW/0nqL H/tzqTwaQtQp5WboYu2n8rPbHBEc4xRSCADgCIh7bOFgpN5rTM6aMicSfOjdFsuo vPqUYRv0OnCiMgrzBlu1BYLpbj3fyg== =dirL -----END PGP SIGNATURE----- --Sig_/jPsCwQ_WMPfIlcICTkXEN.k-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 06 23:17:24 2019 Received: (at 34717) by debbugs.gnu.org; 7 Mar 2019 04:17:24 +0000 Received: from localhost ([127.0.0.1]:34853 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1kTE-0007d8-5x for submit@debbugs.gnu.org; Wed, 06 Mar 2019 23:17:24 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:43360) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1kTC-0007cw-MC for 34717@debbugs.gnu.org; Wed, 06 Mar 2019 23:17:23 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100e]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id C1D561AA27; Wed, 6 Mar 2019 20:17:15 -0800 (PST) From: Vagrant Cascadian To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <87zhq8f2zz.fsf@gnu.org> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> Date: Wed, 06 Mar 2019 20:17:10 -0800 Message-ID: <87ftrzuxmh.fsf@ponder> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2019-03-06, Ludovic Court=C3=A8s wrote: > Vagrant Cascadian skribis: > >> The u-boot package definition includes openssl amoung it's inputs, but >> is also a GPL2+ software project... but the GPL and OpenSSL licenses are >> incompatible: >> >> https://www.gnu.org/licenses/license-list.html#OpenSSL > > Thanks for bringing it up. > >> I'm not sure if there's a simple way to search for other packages with >> license:gpl and openssl as an input in order to do a quick pass at >> auditing... some packages may use the openssl binary as part of the >> build process or tests, and not linking any GPLed code against it; in >> those cases there would be no license conflict. > > openssl@1.0 has 7,029 dependent packages, so it may be hard to sort it > out. I wonder what would be the best way to approach it. How many of them are also license:gpl* though? That would hopefully reduce the scope somewhat, or maybe even significantly... If "guix package --search=3D ..." could be extended to to also search other fields, e.g. license: and dependencies: ... it might not be so difficult a search. >> In the Debian u-boot packaging, some of the features using openssl are >> disabled, and some of the u-boot targets that require openssl are not >> part of the packages. I'd be happy to help with making such adjustments >> if this is deemed the better approach for u-boot specifically. > > That=E2=80=99d be great. We could definitely remove the OpenSSL dependen= cy when > it=E2=80=99s not needed. For what it's worth, I did do local builds of all the current u-boot-* targets in guix with openssl removed from inputs, and the only one that failed to build without openssl was u-boot-tools. > In cases where it is needed, it would be nice to see what it=E2=80=99s us= ed > for. Many projects use OpenSSL just for its cryptographic hash > functions, for example, and there=E2=80=99s plenty of options to choose f= rom if > that=E2=80=99s all that=E2=80=99s needed (Gcrypt, Nettle, etc.). I think it is using it for generating and verifying rsa signatures, and probably other similar basic things. So far I had only thought about gnutls, but if gcrypt or nettle are other options, then so much the better. I briefly looked at gnutls's openssl compatibility layers, but it didn't seem to implement sufficiently similar include files, which is largely all that it is doing. > I guess this should be discussed with upstream. I did bring it upstream a little over a year ago, and the response was pretty much to rewrite it with gnutls, and I pointed out the most likely files that needed updating: https://lists.denx.de/pipermail/u-boot/2017-November/312483.html https://lists.denx.de/pipermail/u-boot/2017-December/313616.html https://lists.denx.de/pipermail/u-boot/2017-December/313742.html I suspect it's pretty much a "patches accepted" sort of scenario. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXICbRwAKCRDcUY/If5cW qslIAP9ScQrLSi6R54J1NV5/L6Uh/os0qMg+RiswaDGV+kWtvQEAlfpxaLRUbI7+ Bt+71U4GBtM71PoXnDh1xExzjF9A5Ag= =JlTa -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 07 18:02:48 2019 Received: (at 34717) by debbugs.gnu.org; 7 Mar 2019 23:02:48 +0000 Received: from localhost ([127.0.0.1]:35681 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h222K-0006M1-Bs for submit@debbugs.gnu.org; Thu, 07 Mar 2019 18:02:48 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:45026) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h222I-0006Ln-I9 for 34717@debbugs.gnu.org; Thu, 07 Mar 2019 18:02:47 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100e]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 8CF221AA27; Thu, 7 Mar 2019 15:02:39 -0800 (PST) From: Vagrant Cascadian To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <87ftrzuxmh.fsf@ponder> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> Date: Thu, 07 Mar 2019 15:02:30 -0800 Message-ID: <87o96m8f09.fsf@ponder> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: Danny Milosavljevic , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2019-03-06, Vagrant Cascadian wrote: > On 2019-03-06, Ludovic Court=C3=A8s wrote: >> Vagrant Cascadian skribis: >>> The u-boot package definition includes openssl amoung it's inputs, but >>> is also a GPL2+ software project... but the GPL and OpenSSL licenses are >>> incompatible: >>> >>> https://www.gnu.org/licenses/license-list.html#OpenSSL ... >>> In the Debian u-boot packaging, some of the features using openssl are >>> disabled, and some of the u-boot targets that require openssl are not >>> part of the packages. I'd be happy to help with making such adjustments >>> if this is deemed the better approach for u-boot specifically. >> >> That=E2=80=99d be great. We could definitely remove the OpenSSL depende= ncy when >> it=E2=80=99s not needed. > > For what it's worth, I did do local builds of all the current u-boot-* > targets in guix with openssl removed from inputs, and the only one that > failed to build without openssl was u-boot-tools. I've tested that the attached patch builds all u-boot-* targets on x86_64 (cross-building most of them), with openssl removed from native-inputs. Unfortunately, u-boot-tools fails it's tests on aarch64 and armhf, but that appears to be the case with or without this patch, so it's no worse off than it was... I'm not sure where it would be appropriate to add more comments regarding the GPL/Openssl incompatibilities; e.g. if someone were to propose adding one of the u-boot targets that requires it, they might just go ahead and re-add the openssl input... live well, vagrant --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-gnu-u-boot-Remove-openssl-input.patch Content-Transfer-Encoding: quoted-printable From=20ee613387c49ca60905e0a40af8af017828c8aec8 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Thu, 7 Mar 2019 21:50:58 +0000 Subject: [PATCH] gnu: u-boot: Remove openssl input. Fixes: https://bugs.gnu.org/34717 * gnu/packages/bootloaders (u-boot): Remove openssl from native-inputs. (u-boot-tools): Disable FIT_SIGNATURES in tests. =2D-- gnu/packages/bootloaders.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index b0617f452a..15953ab75e 100644 =2D-- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -391,7 +391,6 @@ tree binary files. These are board description files u= sed by Linux and BSD.") ("dtc" ,dtc) ("flex" ,flex) ("lz4" ,lz4) =2D ("openssl" ,openssl) ("python-2" ,python-2) ("python2-coverage" ,python2-coverage) ("python2-pytest" ,python2-pytest) @@ -440,9 +439,14 @@ also initializes the boards (RAM etc).") (("def test_ctrl_c") "@pytest.mark.skip(reason=3D'Guix has problems with SIGINT') def test_ctrl_c")) =2D ;; This test requires a sound system, which is un-used in u= -boot-tools. (for-each (lambda (file) (substitute* file + ;; Disable signatures, due to GPL/Openssl + ;; license incompatibilities. See + ;; https://bugs.gnu.org/34717 for detail= s. + (("CONFIG_FIT_SIGNATURE=3Dy") "CONFIG_FI= T_SIGNATURE=3Dn") + ;; This test requires a sound system, wh= ich is un-used + ;; in u-boot-tools. (("CONFIG_SOUND=3Dy") "CONFIG_SOUND=3Dn"= ))) (find-files "configs" "sandbox_.*defconfig$"= )) #t)) =2D-=20 2.20.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXIGjCAAKCRDcUY/If5cW qtC9AQCxXgZ4A+ZUWsro4IGGBHoxoNvhGIxLvlKKKhjU3IFtJwEAyLgcEDnw6zlK 3gBaT/P4/RQGQJh9nPCsyM31s/KkcA4= =fg6f -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 08 04:59:47 2019 Received: (at 34717) by debbugs.gnu.org; 8 Mar 2019 09:59:47 +0000 Received: from localhost ([127.0.0.1]:35845 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2CI7-0005zu-Bv for submit@debbugs.gnu.org; Fri, 08 Mar 2019 04:59:47 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60775) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2CI5-0005zf-R2 for 34717@debbugs.gnu.org; Fri, 08 Mar 2019 04:59:46 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52226) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h2CHy-00026J-Dk; Fri, 08 Mar 2019 04:59:39 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39128 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1h2CHw-0000Ii-92; Fri, 08 Mar 2019 04:59:36 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Danny Milosavljevic Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <20190306191252.577335c1@scratchpost.org> (Danny Milosavljevic's message of "Wed, 6 Mar 2019 19:12:52 +0100") References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <20190306191252.577335c1@scratchpost.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 08 Mar 2019 10:59:34 +0100 Message-ID: <87imwtit4p.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: Vagrant Cascadian , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Danny Milosavljevic skribis: > I can't believe I seriously suggest the following but: > > A license algebra [...] Yeah, licensing is anything but an algebra, so let=E2=80=99s not take that = path. :-) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 08 05:08:47 2019 Received: (at 34717) by debbugs.gnu.org; 8 Mar 2019 10:08:47 +0000 Received: from localhost ([127.0.0.1]:35851 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2CQp-0006Em-BT for submit@debbugs.gnu.org; Fri, 08 Mar 2019 05:08:47 -0500 Received: from eggs.gnu.org ([209.51.188.92]:35307) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2CQl-0006ET-UQ for 34717@debbugs.gnu.org; Fri, 08 Mar 2019 05:08:46 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52847) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h2CQf-0001fV-CQ; Fri, 08 Mar 2019 05:08:37 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39158 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1h2CQe-0006I2-RG; Fri, 08 Mar 2019 05:08:37 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 08 Mar 2019 11:08:34 +0100 In-Reply-To: <87ftrzuxmh.fsf@ponder> (Vagrant Cascadian's message of "Wed, 06 Mar 2019 20:17:10 -0800") Message-ID: <87bm2lispp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Vagrant Cascadian skribis: > On 2019-03-06, Ludovic Court=C3=A8s wrote: [...] >> openssl@1.0 has 7,029 dependent packages, so it may be hard to sort it >> out. I wonder what would be the best way to approach it. > > How many of them are also license:gpl* though? That would hopefully > reduce the scope somewhat, or maybe even significantly... > > If "guix package --search=3D ..." could be extended to to also search > other fields, e.g. license: and dependencies: ... it might not be so > difficult a search. Here=E2=80=99s an estimate: --8<---------------cut here---------------start------------->8--- $ guix package -s "" |recsel -e 'license ~ "GPL"' -e 'dependencies ~ "opens= sl"' |grep ^name| wc -l 265 --8<---------------cut here---------------end--------------->8--- You can view the list of packages like this: --8<---------------cut here---------------start------------->8--- guix package -s "" |recsel -e 'license ~ "GPL"' -e 'dependencies ~ "openssl= "' -p name,version --8<---------------cut here---------------end--------------->8--- >>> In the Debian u-boot packaging, some of the features using openssl are >>> disabled, and some of the u-boot targets that require openssl are not >>> part of the packages. I'd be happy to help with making such adjustments >>> if this is deemed the better approach for u-boot specifically. >> >> That=E2=80=99d be great. We could definitely remove the OpenSSL depende= ncy when >> it=E2=80=99s not needed. > > For what it's worth, I did do local builds of all the current u-boot-* > targets in guix with openssl removed from inputs, and the only one that > failed to build without openssl was u-boot-tools. Not that bad! >> In cases where it is needed, it would be nice to see what it=E2=80=99s u= sed >> for. Many projects use OpenSSL just for its cryptographic hash >> functions, for example, and there=E2=80=99s plenty of options to choose = from if >> that=E2=80=99s all that=E2=80=99s needed (Gcrypt, Nettle, etc.). > > I think it is using it for generating and verifying rsa signatures, and > probably other similar basic things. So far I had only thought about > gnutls, but if gcrypt or nettle are other options, then so much the > better. > > I briefly looked at gnutls's openssl compatibility layers, but it didn't > seem to implement sufficiently similar include files, which is largely > all that it is doing. Yeah, GnuTLS=E2=80=99 OpenSSL compat layer has been bitrotting since foreve= r. But really rather than GnuTLS they should target one of these crypto libraries, which seem to be a better fit. >> I guess this should be discussed with upstream. > > I did bring it upstream a little over a year ago, and the response was > pretty much to rewrite it with gnutls, and I pointed out the most likely > files that needed updating: > > https://lists.denx.de/pipermail/u-boot/2017-November/312483.html > https://lists.denx.de/pipermail/u-boot/2017-December/313616.html > https://lists.denx.de/pipermail/u-boot/2017-December/313742.html > > I suspect it's pretty much a "patches accepted" sort of scenario. I guess =E2=80=9Cwe=E2=80=9D should consider doing it at some point. Chang= ing the RSA signature code to use another API can=E2=80=99t be that hard=E2=84=A2. ;-) I see from the message above that PEM encoding/decoding may also be needed, which Gcrypt doesn=E2=80=99t provide. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 08 05:16:57 2019 Received: (at 34717) by debbugs.gnu.org; 8 Mar 2019 10:16:57 +0000 Received: from localhost ([127.0.0.1]:35856 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2CYj-0006S2-AV for submit@debbugs.gnu.org; Fri, 08 Mar 2019 05:16:57 -0500 Received: from eggs.gnu.org ([209.51.188.92]:37770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2CYf-0006Rn-Lk for 34717@debbugs.gnu.org; Fri, 08 Mar 2019 05:16:54 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53422) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h2CYa-00025S-Gz; Fri, 08 Mar 2019 05:16:48 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39176 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1h2CYa-0007Ym-26; Fri, 08 Mar 2019 05:16:48 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87bm2lispp.fsf@gnu.org> Date: Fri, 08 Mar 2019 11:16:45 +0100 In-Reply-To: <87bm2lispp.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Fri, 08 Mar 2019 11:08:34 +0100") Message-ID: <877ed9isc2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s skribis: > Here=E2=80=99s an estimate: Oops, I was doing an =E2=80=9Cor=E2=80=9D instead of an =E2=80=9Cand=E2=80= =9D; here=E2=80=99s the fix: --8<---------------cut here---------------start------------->8--- $ guix package -s "" |recsel -e 'license ~ "GPL" && dependencies ~ "openssl= "' |grep ^name | wc -l 154 --8<---------------cut here---------------end--------------->8--- Still a lot, and that doesn=E2=80=99t take into account indirect GPL depend= ents. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 08 05:23:21 2019 Received: (at 34717) by debbugs.gnu.org; 8 Mar 2019 10:23:21 +0000 Received: from localhost ([127.0.0.1]:35860 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2Cev-0006cQ-4X for submit@debbugs.gnu.org; Fri, 08 Mar 2019 05:23:21 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39326) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2Ces-0006cC-Pj for 34717@debbugs.gnu.org; Fri, 08 Mar 2019 05:23:19 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53851) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h2Cek-0001dr-N6; Fri, 08 Mar 2019 05:23:10 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39188 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1h2Cei-0008PX-I0; Fri, 08 Mar 2019 05:23:09 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 08 Mar 2019 11:23:05 +0100 In-Reply-To: <87o96m8f09.fsf@ponder> (Vagrant Cascadian's message of "Thu, 07 Mar 2019 15:02:30 -0800") Message-ID: <871s3his1i.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: Danny Milosavljevic , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Vagrant Cascadian skribis: > I've tested that the attached patch builds all u-boot-* targets on > x86_64 (cross-building most of them), with openssl removed from > native-inputs. > > Unfortunately, u-boot-tools fails it's tests on aarch64 and armhf, but > that appears to be the case with or without this patch, so it's no worse > off than it was... This can be fixed separately then. > I'm not sure where it would be appropriate to add more comments > regarding the GPL/Openssl incompatibilities; e.g. if someone were to > propose adding one of the u-boot targets that requires it, they might > just go ahead and re-add the openssl input... There=E2=80=99s always a risk. I guess we=E2=80=99ll have to be careful wh= en doing reviews. In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case, WDY= T? > From ee613387c49ca60905e0a40af8af017828c8aec8 Mon Sep 17 00:00:00 2001 > From: Vagrant Cascadian > Date: Thu, 7 Mar 2019 21:50:58 +0000 > Subject: [PATCH] gnu: u-boot: Remove openssl input. > > Fixes: https://bugs.gnu.org/34717 > > * gnu/packages/bootloaders (u-boot): Remove openssl from native-inputs. > (u-boot-tools): Disable FIT_SIGNATURES in tests. Applied, thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 08 14:14:17 2019 Received: (at 34717) by debbugs.gnu.org; 8 Mar 2019 19:14:17 +0000 Received: from localhost ([127.0.0.1]:36678 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2Kwj-0001NR-3Y for submit@debbugs.gnu.org; Fri, 08 Mar 2019 14:14:17 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:46814) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2Kwg-0001NB-Qt for 34717@debbugs.gnu.org; Fri, 08 Mar 2019 14:14:15 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100e]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id B2DE41AA27; Fri, 8 Mar 2019 11:14:08 -0800 (PST) From: Vagrant Cascadian To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <871s3his1i.fsf@gnu.org> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> Date: Fri, 08 Mar 2019 11:14:02 -0800 Message-ID: <87k1h9i3gl.fsf@ponder> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: Danny Milosavljevic , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2019-03-08, Ludovic Court=C3=A8s wrote: > Vagrant Cascadian skribis: >> I'm not sure where it would be appropriate to add more comments >> regarding the GPL/Openssl incompatibilities; e.g. if someone were to >> propose adding one of the u-boot targets that requires it, they might >> just go ahead and re-add the openssl input... > > There=E2=80=99s always a risk. I guess we=E2=80=99ll have to be careful = when doing > reviews. Sure. I was thinking maybe putting a comment in the native-inputs where "openssl" was removed, but wasn't sure what the conventions might be. > In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case, W= DYT? Does the lint checker have a way to identify a confidence level, e.g. *maybe* it has this issue vs. *certainly*? Is there a way to override the lint checker issues for known false positives? Otherwise, it might just be annoying noise for packagers where it isn't appropriate. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXIK+/AAKCRDcUY/If5cW quhvAQDhH6LGasQ+bEPiayw0lRVOy+wQ1G9tonnTYZf7Slg8WwD/YHtuLplr6HTf Q13lEIYqEm/OZi4pan+meRF64kwAxAs= =zy4Q -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 09 16:57:32 2019 Received: (at 34717) by debbugs.gnu.org; 9 Mar 2019 21:57:33 +0000 Received: from localhost ([127.0.0.1]:37479 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2jyG-0004JK-L2 for submit@debbugs.gnu.org; Sat, 09 Mar 2019 16:57:32 -0500 Received: from eggs.gnu.org ([209.51.188.92]:38979) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2jyE-0004J7-Tt for 34717@debbugs.gnu.org; Sat, 09 Mar 2019 16:57:31 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:37254) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h2jy8-000715-Nw; Sat, 09 Mar 2019 16:57:24 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39196 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1h2jy8-0004kR-7C; Sat, 09 Mar 2019 16:57:24 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87k1h9i3gl.fsf@ponder> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 19 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sat, 09 Mar 2019 22:57:21 +0100 In-Reply-To: <87k1h9i3gl.fsf@ponder> (Vagrant Cascadian's message of "Fri, 08 Mar 2019 11:14:02 -0800") Message-ID: <87h8cb4sou.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: Danny Milosavljevic , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Vagrant Cascadian skribis: > On 2019-03-08, Ludovic Court=C3=A8s wrote: >> Vagrant Cascadian skribis: >>> I'm not sure where it would be appropriate to add more comments >>> regarding the GPL/Openssl incompatibilities; e.g. if someone were to >>> propose adding one of the u-boot targets that requires it, they might >>> just go ahead and re-add the openssl input... >> >> There=E2=80=99s always a risk. I guess we=E2=80=99ll have to be careful= when doing >> reviews. > > Sure. I was thinking maybe putting a comment in the native-inputs where > "openssl" was removed, but wasn't sure what the conventions might be. Yeah that would have worked I guess. >> In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case, = WDYT? > > Does the lint checker have a way to identify a confidence level, > e.g. *maybe* it has this issue vs. *certainly*? Is there a way to > override the lint checker issues for known false positives? Otherwise, > it might just be annoying noise for packagers where it isn't > appropriate. No it doesn=E2=80=99t have that notion of a confidence level. The warning could be triggered only when a package is GPL=E2=80=99d and has= a direct dependency on OpenSSL (we=E2=80=99d forget about indirect dependenci= es in this case.) The noise would be rather limited and justified in this case, I think. WDYT? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 09 18:11:33 2019 Received: (at 34717) by debbugs.gnu.org; 9 Mar 2019 23:11:33 +0000 Received: from localhost ([127.0.0.1]:37509 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2l7t-00060J-K3 for submit@debbugs.gnu.org; Sat, 09 Mar 2019 18:11:33 -0500 Received: from cascadia.aikidev.net ([173.255.214.101]:48766) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2l7r-000603-I7 for 34717@debbugs.gnu.org; Sat, 09 Mar 2019 18:11:32 -0500 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100e]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id D9E521AA27; Sat, 9 Mar 2019 15:11:23 -0800 (PST) From: Vagrant Cascadian To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <87h8cb4sou.fsf@gnu.org> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87k1h9i3gl.fsf@ponder> <87h8cb4sou.fsf@gnu.org> Date: Sat, 09 Mar 2019 15:10:54 -0800 Message-ID: <871s3f1w5d.fsf@ponder> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: Danny Milosavljevic , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2019-03-09, Ludovic Court=C3=A8s wrote: > Vagrant Cascadian skribis: >> On 2019-03-08, Ludovic Court=C3=A8s wrote: >>> Vagrant Cascadian skribis: >>> In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case,= WDYT? >> >> Does the lint checker have a way to identify a confidence level, >> e.g. *maybe* it has this issue vs. *certainly*? Is there a way to >> override the lint checker issues for known false positives? Otherwise, >> it might just be annoying noise for packagers where it isn't >> appropriate. > > No it doesn=E2=80=99t have that notion of a confidence level. And I presume no overrides either, given no comment about that? > The warning could be triggered only when a package is GPL=E2=80=99d and h= as a > direct dependency on OpenSSL (we=E2=80=99d forget about indirect dependen= cies in > this case.) The noise would be rather limited and justified in this > case, I think. WDYT? The openssl package currently ships the "openssl" binary, as well as the libraries. I suspect there are at least three potential cases where a package might depend on it: * Calls the "openssl" binary as part of test suite or run-time. No licensing compatibility issue, no worries! * Using include files from the openssl headers; I guess you could search for "include .* openssl/*.h" in the source code. Might get some false positives. Can be run without actually even building it. * Linking against the library which should actually be easy to detect with ldd or other tools. Would need to build and then run the checks to be sure. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXIRIAAAKCRDcUY/If5cW qqQ6AP9s1kqBzKCk/E1isIYoAqG4Wm5vclZ2dGtd0XZ8WJFTqwD/VHC5r3ue4Giv pg+mJl6s5mVQsGLYLjE1PWsRv8RmXQo= =ljv9 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 09 22:59:04 2019 Received: (at 34717) by debbugs.gnu.org; 10 Mar 2019 03:59:04 +0000 Received: from localhost ([127.0.0.1]:37594 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2pc8-0004bu-Ft for submit@debbugs.gnu.org; Sat, 09 Mar 2019 22:59:04 -0500 Received: from minsky.hcoop.net ([104.248.1.95]:48120) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h2pc6-0004bO-4O for 34717@debbugs.gnu.org; Sat, 09 Mar 2019 22:59:03 -0500 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1h2pbz-0002nL-GU for 34717@debbugs.gnu.org; Sat, 09 Mar 2019 22:58:56 -0500 Date: Sat, 9 Mar 2019 22:58:22 -0500 (EST) From: Jack Hill X-X-Sender: jackhill@marsh.hcoop.net To: 34717@debbugs.gnu.org Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <871s3f1w5d.fsf@ponder> Message-ID: References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87k1h9i3gl.fsf@ponder> <87h8cb4sou.fsf@gnu.org> <871s3f1w5d.fsf@ponder> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Hopefully the OpenSSL re-licensing [0] will help with this problem in the long-term. At least for code that can be distributed under GPLv3, which may include u-boot [1]. Best, Jack [0] https://www.openssl.org/blog/blog/2018/03/01/last-license/ [1] https://www.denx.de/wiki/U-Boot/Licensing From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 10 13:13:07 2019 Received: (at 34717) by debbugs.gnu.org; 10 Mar 2019 17:13:07 +0000 Received: from localhost ([127.0.0.1]:38255 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h320Z-0003A6-0N for submit@debbugs.gnu.org; Sun, 10 Mar 2019 13:13:07 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43964) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h320X-00039b-9p for 34717@debbugs.gnu.org; Sun, 10 Mar 2019 13:13:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50442) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h320Q-0003qw-7O; Sun, 10 Mar 2019 13:12:58 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=41234 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1h320O-00053R-Rv; Sun, 10 Mar 2019 13:12:57 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87k1h9i3gl.fsf@ponder> <87h8cb4sou.fsf@gnu.org> <871s3f1w5d.fsf@ponder> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 20 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 10 Mar 2019 18:12:54 +0100 In-Reply-To: <871s3f1w5d.fsf@ponder> (Vagrant Cascadian's message of "Sat, 09 Mar 2019 15:10:54 -0800") Message-ID: <87tvga3b6x.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: Danny Milosavljevic , 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Vagrant Cascadian skribis: > On 2019-03-09, Ludovic Court=C3=A8s wrote: >> Vagrant Cascadian skribis: >>> On 2019-03-08, Ludovic Court=C3=A8s wrote: >>>> Vagrant Cascadian skribis: >>>> In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case= , WDYT? >>> >>> Does the lint checker have a way to identify a confidence level, >>> e.g. *maybe* it has this issue vs. *certainly*? Is there a way to >>> override the lint checker issues for known false positives? Otherwise, >>> it might just be annoying noise for packagers where it isn't >>> appropriate. >> >> No it doesn=E2=80=99t have that notion of a confidence level. > > And I presume no overrides either, given no comment about that? We could arrange for this lint =E2=80=9Cchecker=E2=80=9D to honor some per-= package property that would silence it. We do that with the =E2=80=98cve=E2=80=99 = checker and the =E2=80=98lint-hidden-cve=E2=80=99 property. >> The warning could be triggered only when a package is GPL=E2=80=99d and = has a >> direct dependency on OpenSSL (we=E2=80=99d forget about indirect depende= ncies in >> this case.) The noise would be rather limited and justified in this >> case, I think. WDYT? > > The openssl package currently ships the "openssl" binary, as well as the > libraries. I suspect there are at least three potential cases where a > package might depend on it: > > * Calls the "openssl" binary as part of test suite or run-time. No > licensing compatibility issue, no worries! > > * Using include files from the openssl headers; I guess you could search > for "include .* openssl/*.h" in the source code. Might get some false > positives. Can be run without actually even building it. > > * Linking against the library which should actually be easy to detect > with ldd or other tools. Would need to build and then run the checks to > be sure. So for the 1st case we=E2=80=99d definitely need that property to tell =E2= =80=98lint=E2=80=99 that everything is known-good. =E2=80=98guix lint=E2=80=99 does very inexpensive tests, so unpacking the t= arball and grepping it would be beyond its scope. However, if we can provide the warning and people have a way to silence it, I guess we=E2=80=99re fine? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 15 20:04:19 2019 Received: (at submit) by debbugs.gnu.org; 16 Mar 2019 00:04:19 +0000 Received: from localhost ([127.0.0.1]:45662 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h4woB-0007Vg-Qg for submit@debbugs.gnu.org; Fri, 15 Mar 2019 20:04:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35851) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h4wo9-0007VR-Qe for submit@debbugs.gnu.org; Fri, 15 Mar 2019 20:04:14 -0400 Received: from lists.gnu.org ([209.51.188.17]:48501) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h4wo2-0005ET-Cb for submit@debbugs.gnu.org; Fri, 15 Mar 2019 20:04:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50190) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h4wo1-0000uc-0D for bug-guix@gnu.org; Fri, 15 Mar 2019 20:04:06 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_LOW, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h4wgO-0008CD-Nh for bug-guix@gnu.org; Fri, 15 Mar 2019 19:56:13 -0400 Received: from relay4-d.mail.gandi.net ([217.70.183.196]:39109) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h4wgO-00085v-8a for bug-guix@gnu.org; Fri, 15 Mar 2019 19:56:12 -0400 X-Originating-IP: 181.223.68.64 Received: from [192.168.1.100] (unknown [181.223.68.64]) (Authenticated sender: adfeno@hyperbola.info) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id BC6C5E0003 for ; Fri, 15 Mar 2019 23:56:07 +0000 (UTC) Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others To: bug-guix@gnu.org References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> From: Adonay Felipe Nogueira Openpgp: preference=signencrypt Autocrypt: addr=adfeno@hyperbola.info; prefer-encrypt=mutual; keydata= xsPuBFSdo9IRDACmvQCvDZOHZ33gwVtn//XtEmnlcl1yR6j06qvh2E22aK3bmom1y6HfgAVq l+3R16sL27Y0cEeM12Xl2h1HrFiT3Hd/LGWNVC/osPAKrrs6bMRh3uUdOVWeVuM/7c6n5hvx PAkZ6s70w1+y1ilG19aEpezFybAb9oE7+qBLjKAZPgceHeOxUthdfqDDqc/oenCGVEQNvPzK jQVzE+NnB3KdbGNQKFjTuWutxHjMY61H06a824vMd4SU5ReHlDnhCfasJUYcT6ykijf5xeCU icLvLowZl3rCjzjxFxKGnfh/vT6LqMNlfLfTKMR8zmXKHXC+KJjQG3Ohl++7BTGxIrxZtAr6 MKeNczQng0xJtGI/gSus+8Rt9GycMJ/TZh+CrMsRiWmleONsl2fYO5pd4P+hDcttVOmdI/dj H3yycUt5nzgezid+O2NzsjJNNAgDy9uxOLa01aBpaSR94IsYPCxaHh9rBo27v5L8lm2DZTmy CdTdJ/g7OETOSKGmrGywwmsBAO9f4sVideYrDJbEUcXkFSH19ctJYCgLHscWzpypGsQNC/9X iq7fMCS5kAkK/ZcsPeaI4VIDkFJAF22oJyCvJwLWpaQKXBLAFYcAltEHfjdgrrYlexlgQ7SX yX136hD8HJTe1oc2qHN/CXa+LDvxhhNLIgagKP13IIt8AS7U+3YsrCSgu1fjDpxoEP2+xXTS jjcDmnJIWv1oDjIp57OfpKokvHtEsMgXrZI4Ft3ftpzN6o/YWVQeJ7VBdVeKPkzukMfHu04q 1O6TcfSVGLSjrSdTD8/0LcRmwEwgxRBbhp3kxmnUqV+/C/Cj1G2LurKBdqC/rGTSgR1TeQji rTDvV4aReZ8swQS8dGoO4CoxG3ZVz0nsLs7Nl/wRoIMXVo/yMd03LIySSJuATWD6+0LOL5PT gsIRYpBw3jcLTAwPsQd8M8CH9b07qGJ4roVkhEj3R09WeDmSSCLcyQERTzA3EskuaDF8qrRj q68/6kZwhsmssBzAH1PWnFpBAqEaoyQZUisoCffbQwM31oYt04Ng7JXqKHVE+ZchcujtijK5 bPz9ARgL/11E5yq9Z9x+OIxVx1lhMadwH/ze2CrTUIMTo9ZAp8tBqDvXOr43FHPTYio0wycl /anW2D6+4Q49/gK8GQS4xWo/jZnCjOaVIPRbH+y/HE4eXBwKA9UKHpYdZuL2z1zFLYvZd/LT rX66q/+8YMETsu86e4J76lE0WhljWdseM4RFmKlPepSttgCS6iRcWZeuhpknqpOILBwNUtFA Dnqbe9y5ZQ8xETy4/nDMIeWmiHIhQ5bzm+dzOVwtqOpDpTvMzZbU3buBCsZFVrzxuXa66sJu W3fhc//cJ6GTlKz404tAuJrVr9q+uB4OOlkjoUYOIYnwwmKhZaqaUQDTpvK67QhWCZiDHJ/J bvuMCv/XCVh/1IdTbe518jVzfcYjlyxcSHFq8TxiGhJYaBFF4vPC9+vf7l2fQVhDzzpBqMVH 5k9nGJXJ9M0mDO9e8O4CkV55YXzVQFVipiaGyd9DBKcWHAyprxj20MBkP0npXfGErkADCUEp 1MpKt0p3U3BJkoi2Ms0uQWRvbmF5IEZlbGlwZSBOb2d1ZWlyYSA8YWRmZW5vQGh5cGVyYm9s YS5pbmZvPsJ6BBMRCAAiBQJZkFYUAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDI 1uFSAe6docKxAQCAKQxT1MlVJyXdFC7sGFH00jlHeybp6qgOVfJvpqLPGgD+ITwpdjy3RD2c kuENzAKzvom8pnDrNW+oIIIYUaE5gMTOw00EVJ2j0hAQAPcu3bLnt0CqcF49mN0m7z13Fiqv wLRxJe2sEeduZl146rqyNdv4XmaCSdsbgThfw7sW60/J4Gyianv2uzm9E4DpnSh/Ie4LGqXC UALnIYhxeILOo8CvFW1hkF/AgZp0CNoXrP786Nh0rksHfwps0B7b6Vy/E0blioaijvUS2z3/ DKY6CXb7D8wRi64qTMarLaifRzIR/pbX29uBB2McOeoswSFob/McMA7AHp3p+lttR5J8eLc3 Ckj7OuJCY74XIAGq2B64RPmn617BD9ym83M3fcbEXgDBQtvLjznfKNzeMXOLXN/7/qKm1Sza 5NpeAGDg0YvXg6qIi0iyJw4RVzdCiqacO+G3Am/Ge2XDKsuBgsEf1YjlENINGS/ZmqfZd0sH jCJHb/YOlEzVw8HVMzeES8aUOBDh+d2aWhYx30jXuFbMqvuOh4t7JZjBy8TQVuvVhIps0Qyu /YnNxKzZ2F9keaN854KRtcGxaD/wOGpgoAOlyhH+pXVTTl3GCMCHonJ6Sn+jNGa6+oX7HF8h wSevwzQ11WThTPmUTlPU96jN5kqE6qLKBo2msu2MxVQRo1kLlHCRfjvbNGf2iZXRKI+RARgv a+7NZPtYDs1Sg/zw7HgUowImT6JGcN0ZgAMqw/V2nALvW+Caq03GCNiWR2elB/jmhHR+3Brj 18fsc25HAAMFEADViuPfdUqFHzmKgVdRH5A8NIZNTT/MMrYCqv5PAkEhnsXLXeHHV7a0cbfx 3yf86Pv8XMtBItShUVQ9UPVvmFW3ew5cqCCUF5MzrbOXrrso+78yflYjbh55Sf1HelG11eBT xs2auCgMWVsxRjgk9sbzh0j+R9MCMXHw0H/x63BS+due6Z0PYlsgXxbtWxB0P7kiYekXn6xo MeJco9CbWufnWdK4J5WylILQPNwI8uwrj56TUmh3PFnC2UmUa+KQ9m5gWHOIybWYZf4TTXBi N6gvhUqN9IpGFaNG26sWWiOpEWAiVTwPE/lSB+yibouSfE3XLw1Q+FH7TqwmtVS6Kj+yC4Z7 GlDcmqlQxJhBdXTEpTk0rA1Bs4okjqVoQRpLPYUFkhVA15jJGrewUJuUhL128gL2Ek0A14FW +zmi0Wi3tIrUQXovGy7eorIgq7M3/ri0ibbrS5jE4yfIZG/8nb1S/RX5JEwEaoe7izi+1GIi GkCRkzGT3VqG78ppH2166Bq9qDwGf3T/CmLMDNpxsc1qt857nz7RFBMM+dNs5h/Bh0t++i01 JJd/ykqdfUL8nHRwDO1Fkz/R5wugeJ/dB0TcqpnArjtTc+KVN/lRYfltEc5j0DqvFRwk3Ztd 5KocWrWD/MBAvZVYKzJ9Bov9FGRUIGDDTJyo5VVCSe1IeSYa9sJhBBgRCgAJBQJUnaPSAhsM AAoJEMjW4VIB7p2h7ewBAMBCaE8lh2MyK8PBZ2rOSEYIQNjxADPt9Mri7CLnZxtPAQCwCO+a x4WXJV0T1ZOOFa/esCB72RkEVZ7ArkTKQDnVng== Message-ID: <9137e5b2-4fbb-c908-2b00-64c086d5f318@hyperbola.info> Date: Fri, 15 Mar 2019 20:55:43 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Icedove/52.9.1 MIME-Version: 1.0 In-Reply-To: <87ftrzuxmh.fsf@ponder> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zn4iu9YZS9ktYt1C4BnP2qKPauwpjAcDq" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 217.70.183.196 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --zn4iu9YZS9ktYt1C4BnP2qKPauwpjAcDq Content-Type: multipart/mixed; boundary="DwWt7XVbu1VZMkI082NKiSHX83slxV81e"; protected-headers="v1" From: Adonay Felipe Nogueira To: bug-guix@gnu.org Message-ID: <9137e5b2-4fbb-c908-2b00-64c086d5f318@hyperbola.info> Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> In-Reply-To: <87ftrzuxmh.fsf@ponder> --DwWt7XVbu1VZMkI082NKiSHX83slxV81e Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi there! :D Em 07/03/2019 01:17, Vagrant Cascadian escreveu: > How many of them are also license:gpl* though? That would hopefully My Guix pull is from commit d22d246a256814784dfb03437949bdc2efd746a5. I made a little recsel trick to get all packages licensed under [A]GPL (any version) and which are dependent on any package licensed under OpenSSL. However, this doesn't check if the [A]GPL'd packages use the OpenSSL'd dependencies' library or the object code/executable. That said, there might be plenty of false entries here. ------------------------------------------------------------------------ $ guix package -s '' | recsel -CR "name,version" -e 'license ~ "([[:space:]]|^)[A]?GPL" && dependencies ~ "([[:space:]]|^)('$(guix package -s '' | recsel -CR 'name,version' -e 'license ~ "OpenSSL"' | tr '\n' '|' | sed 's/[[:space:]]/@/g; s/\(\.\)/\\\1/g; s/|\($\)/\1/g')')([[:space:]]|$)"' | sed 's/ /@/g' | tr '\n' ' ' ------------------------------------------------------------------------ This gives the following list: ------------------------------------------------------------------------ neon@0.30.2 fetchmail@6.3.26 git-crypt@0.5.0 socat@1.7.3.2 scribus@1.5.4 389-ds-base@1.4.0.13 bigloo@4.3e1 kdelibs4support@5.55.0 munge@0.5.13 gnunet@0.10.1 mupdf@1.14.0 slurm@17.11.3 sssd@1.16.2 wesnoth@1.14.6 yapet@1.1 keepalived@2.0.5 perl-net-ssleay@1.85 r-ggally@1.4.0 john-the-ripper-jumbo@1.8.0-1 psyclpc@20160821-2.61cf9aa hexchat@2.14.2 glusterfs@3.10.12 openvpn@2.4.7 libesmtp@1.0.6 httping@2.5 clamav@0.101.1 python2-mysqlclient@1.3.13 python-mysqlclient@1.3.13 openrct2@0.2.1 calibre@3.35.0 encfs@1.9.5 mosh@1.3.2 qbittorrent@4.1.5 mongodb@3.4.10 wimlib@1.13.0 libsignal-protocol-c@2.3.2 kicad@5.0.0 stunnel@5.48 ceph@13.2.2 looking-glass-client@a12-182c475 warzone2100@3.2.3 linuxdcpp@1.1.0 openvswitch@2.10.1 transmission@2.94 gvpe@3.1 ppp@2.4.7 libgit2@0.27.7 u-boot-novena@2019.01 uwsgi@2.0.18 icecast@2.4.4 rdesktop@1.8.4 gandi.cli@1.3 thc-ipv6@3.4-0.4bb7257 linux-libre-arm-omap2plus@4.20.13 linux-libre-arm-omap2plus@4.19.26 linux-libre-arm-omap2plus@4.14.104 linux-libre-arm-generic@4.20.13 linux-libre-arm-generic@4.19.26 linux-libre-arm-generic@4.14.104 cadaver@0.23.3 rtorrent@0.9.6 libmesode@0.9.2 restbed@4.6-1.6eb385f virtuoso-ose@7.2.5 libtorrent@0.13.6 libstrophe@0.9.2 jupyter-guile-kernel@0.0.0-1.a7db924 clementine@1.3.1-2.4619a4c linux-libre@4.9.161 linux-libre@4.4.176 linux-libre@4.20.13 linux-libre@4.19.26 linux-libre@4.14.104 synergy@1.10.1 moc@2.5.2 netsurf@3.8 git-minimal@2.21.0 kodi@18.1 mysql@5.7.23 strongswan@5.6.3 perl-crypt-openssl-rsa@0.31 perl-crypt-openssl-random@0.13 libcmis@0.5.2 git@2.21.0 hydra@20151030.1ff48da perl-crypt-openssl-bignum@0.09 links@2.18 neomutt@20180716 u-boot-tools@2019.01 burp@2.3.0 u-boot-nintendo-nes-classic-edition@2019.01 cgit@1.2.1 dillo@3.0.5 isync@1.3.0 testdisk@7.0 r-git2r@0.24.0 khtml@5.55.0 tinc@1.0.35 4store@1.1.6 u-boot-a20-olinuxino-micro@2019.01 u-boot-a20-olinuxino-lime2@2019.01 efitools@1.9.2 u-boot-a20-olinuxino-lime@2019.01 u-boot-bananapi-m2-ultra@2019.01 u-boot-am335x-boneblack@2019.01 u-boot-vexpress-ca9x4@2019.01 profanity@0.5.1 virt-viewer@7.0 irssi@1.1.2 wesnoth-server@1.14.6 u-boot-puma-rk3399@2019.01 u-boot-pine64-plus@2019.01 mariadb@10.1.37 u-boot-cubietruck@2019.01 u-boot-cubieboard@2019.01 u-boot-wandboard@2019.01 u-boot-mx6cuboxi@2019.01 u-boot-pinebook@2019.01 u-boot-malta@2019.01 xen@4.11.1 faust@2.5.23 mutt@1.11.3 sbsigntools@0.9.2 ------------------------------------------------------------------------ --=20 - P=C3=A1gina com formas de contato: https://libreplanet.org/wiki/User:Adfeno#vCard - Ativista do software livre (n=C3=A3o confundir com o gratuito). Avaliad= or da liberdade de software e de sites. - P=C3=A1gina com lista de contribui=C3=A7=C3=B5es: https://libreplanet.org/wiki/User:Adfeno#Contribs - Para uso em escrit=C3=B3rios e trabalhos, favor enviar arquivos do padr= =C3=A3o internacional OpenDocument/ODF 1.2 (ISO/IEC 26300-1:2015 e correlatos). S=C3=A3o os .odt/.ods/.odp/odg. O LibreOffice =C3=A9 a su=C3= =ADte de escrit=C3=B3rio recomendada para editar tais arquivos. - Para outros formatos de arquivos, veja: https://libreplanet.org/wiki/User:Adfeno#Arquivos - Gosta do meu trabalho? Contrate-me ou doe algo para mim! https://libreplanet.org/wiki/User:Adfeno#Suporte - Use comunica=C3=A7=C3=B5es sociais federadas padronizadas, onde o "soci= al" permanece independente do fornecedor. #DeleteWhatsApp. Use #XMPP (https://libreplanet.org/wiki/XMPP.pt), #DeleteFacebook #DeleteInstagram #DeleteTwitter #DeleteYouTube. Use #ActivityPub via #Mastodon (https://joinmastodon.org/). - #DeleteNetflix #CancelNetflix. Evite #DRM: https://www.defectivebydesign.org/ --DwWt7XVbu1VZMkI082NKiSHX83slxV81e-- --zn4iu9YZS9ktYt1C4BnP2qKPauwpjAcDq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlyMO4kACgkQyNbhUgHunaHFYgD/YNIHwmvruAOy9xY4wa7yyU3L PagKrpQznuOcRBcFAQEBAJLFKYiRp48AqxpLeG3HT3DAYCWcTKLQQHcom07ueu25 =Fomx -----END PGP SIGNATURE----- --zn4iu9YZS9ktYt1C4BnP2qKPauwpjAcDq-- From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 22 02:17:14 2021 Received: (at 34717) by debbugs.gnu.org; 22 Oct 2021 06:17:14 +0000 Received: from localhost ([127.0.0.1]:59159 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdnre-0003ZF-1V for submit@debbugs.gnu.org; Fri, 22 Oct 2021 02:17:14 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:40900) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdnrc-0003Z0-Ol for 34717@debbugs.gnu.org; Fri, 22 Oct 2021 02:17:13 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100b]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id EB5151AA2C; Thu, 21 Oct 2021 23:17:06 -0700 (PDT) From: Vagrant Cascadian To: 34717@debbugs.gnu.org Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <871s3his1i.fsf@gnu.org> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> Date: Thu, 21 Oct 2021 23:17:03 -0700 Message-ID: <87y26loa74.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: guix-devel@gnu.org, Danny Milosavljevic , Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2019-03-08, Ludovic Court=C3=A8s wrote: > Vagrant Cascadian skribis: >> I'm not sure where it would be appropriate to add more comments >> regarding the GPL/Openssl incompatibilities; e.g. if someone were to >> propose adding one of the u-boot targets that requires it, they might >> just go ahead and re-add the openssl input... > > There=E2=80=99s always a risk. I guess we=E2=80=99ll have to be careful = when doing > reviews. > > In addition, we can add a =E2=80=98lint=E2=80=99 checker for this case, W= DYT? > >> From ee613387c49ca60905e0a40af8af017828c8aec8 Mon Sep 17 00:00:00 2001 >> From: Vagrant Cascadian >> Date: Thu, 7 Mar 2019 21:50:58 +0000 >> Subject: [PATCH] gnu: u-boot: Remove openssl input. >> >> Fixes: https://bugs.gnu.org/34717 >> >> * gnu/packages/bootloaders (u-boot): Remove openssl from native-inputs. >> (u-boot-tools): Disable FIT_SIGNATURES in tests. > > Applied, thanks! For the last couple years guix has been applying simple workarounds in u-boot packages to disable the features that required openssl due to GPL/openssl license incompatibilities. I made an attempt at updating guix to u-boot 2021.10, which seems to have made openssl harder to workaround... many of the u-boot-BOARD packages now require it, and the previous workarounds to disable openssl in u-boot-tools seem ineffective. I see a few ways forward: * Dig deeper into figuring out how to disable the workarounds... * Refactor the code that uses openssl to use an alternate implementation. Upstream would welcome the fixes, at least in theory. Most promising candidate might be wolfssl, last I looked, but it may miss some features. * Convince upstream u-boot to relicense relevent GPLed portions of code with an openssl exception. Upstream is dubious about this being practical, largely due to the sheer number of potential contributors who would have to agree to it. * ??? While openssl 3.0 is licensed compatibly with GPLv3, u-boot has portions which are GPLv2-only, so that's not as attractive of a way forward as one might hope for... live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYXJXXwAKCRDcUY/If5cW qiiHAQC5L39PlUYNCXr5sP/1lAUhUbNmU3jJ4hgOFGbA/lDttAD/aUHpWqnDpciZ G8K2Ch9pNIi7Ui3glQ/WQW8jLEuQ0AM= =jM1/ -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 22 16:35:46 2021 Received: (at 34717) by debbugs.gnu.org; 22 Oct 2021 20:35:46 +0000 Received: from localhost ([127.0.0.1]:33853 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1me1GU-0006c7-Hs for submit@debbugs.gnu.org; Fri, 22 Oct 2021 16:35:46 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:49511) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1me1GS-0006br-2v for 34717@debbugs.gnu.org; Fri, 22 Oct 2021 16:35:44 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 03D9D5C0159; Fri, 22 Oct 2021 16:35:39 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Fri, 22 Oct 2021 16:35:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=YvQVcQ+oSUsuKuowct4oBwsm 68gx4q70PoLwkAJ3wCU=; b=LujIpu3mjNryO2Bk0yy5/yrywPAt7dpc1gCQ7zdh tFYETyQzrqi9U0090+Ed6jr9vHF9OYfbQsBmov3huO6EKH+K1yNfq15IHJ+wZUlH 8kKJcj5CgKYNMC1ICtr2RXovOMAykACnqeMKybfT9EAtGTPSl1vf2tRLCEyw0EAq ejo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=YvQVcQ +oSUsuKuowct4oBwsm68gx4q70PoLwkAJ3wCU=; b=SH9ifxbbbu/iSShRXtnr6Z rwzs8i6szL34ORdKeJ98fWmeUMKG3Ug+TWlOwxoJhHwrGsMTfLzUtwuZZoJmCMNH MrTD25isy5h614VnTrVN2w+0Y34iLjEuRQSaqo5/6DzoJv6fMBRappW4IK1kp2/n 2uiyl7bF4wM5f1RvADu1uwE72WyCZxAgm0S5R/hCd/2Jn3z+gfFBpLLIB5y/+Tyy TqG5N7vy4D6v4v7GK3w9Ejy/6CXXPbFQ3AAuwD38qNeJICJ6Md49Snm3gMyl+jtW sb48yqDf7jjH9+iYquh7TnGt3z7YN2KuQpXxIuOPRlPN/HhWoPeeofPDOowQ02Lw == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddvkedgudegkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheff vefgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh gvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 22 Oct 2021 16:35:38 -0400 (EDT) Date: Fri, 22 Oct 2021 16:35:37 -0400 From: Leo Famulari To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Message-ID: References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87y26loa74.fsf@yucca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87y26loa74.fsf@yucca> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34717 Cc: guix-devel@gnu.org, 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Thu, Oct 21, 2021 at 11:17:03PM -0700, Vagrant Cascadian wrote: > While openssl 3.0 is licensed compatibly with GPLv3, u-boot has portions > which are GPLv2-only, so that's not as attractive of a way forward as > one might hope for... What are other distros doing? Surely we can't be the only group distributing u-boot? From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 22 17:15:12 2021 Received: (at 34717) by debbugs.gnu.org; 22 Oct 2021 21:15:12 +0000 Received: from localhost ([127.0.0.1]:33873 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1me1se-0007aZ-AU for submit@debbugs.gnu.org; Fri, 22 Oct 2021 17:15:12 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:42568) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1me1sc-0007aH-7B for 34717@debbugs.gnu.org; Fri, 22 Oct 2021 17:15:10 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100b]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id 64C741AA2C; Fri, 22 Oct 2021 14:15:04 -0700 (PDT) From: Vagrant Cascadian To: Leo Famulari Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87y26loa74.fsf@yucca> Date: Fri, 22 Oct 2021 14:15:00 -0700 Message-ID: <87fsssoj6z.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: guix-devel@gnu.org, 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2021-10-22, Leo Famulari wrote: > On Thu, Oct 21, 2021 at 11:17:03PM -0700, Vagrant Cascadian wrote: >> While openssl 3.0 is licensed compatibly with GPLv3, u-boot has portions >> which are GPLv2-only, so that's not as attractive of a way forward as >> one might hope for... > > What are other distros doing? Surely we can't be the only group > distributing u-boot? Both fedora and (recently) debian have openssl declared as a system library, invoking the GPL's system library exception... which I personally find at best to be a grey area workaround. I wouldn't be surprised if most distros simply ignore the issue entirely. Interestingly, today I was called in on a relevent discussion on the u-boot mailing list: https://lists.denx.de/pipermail/u-boot/2021-October/464529.html Though, it is *possible* that various u-boot-BOARD in some cases doesn't include any openssl code at all in the resulting binaries, but builds some tools used during the build process, that are then used to produce various cryptographic signatures in the build: https://lists.denx.de/pipermail/u-boot/2021-October/464533.html If that's true, it should be ok for various boards (though the possibility of openssl code getting linked in would be hard to catch). u-boot-tools would still need a viable workaround, though. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYXMp1QAKCRDcUY/If5cW qu0wAP9qDXN8FxaMiOU6E/dilauNpVEPnvqtYhi1pxXb7Z2z4AD5AVhfL9squoCc XofEkqgqQEIlUdOZMN3DLHt7yIJjwQE= =05U9 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 22 17:17:44 2021 Received: (at 34717) by debbugs.gnu.org; 22 Oct 2021 21:17:44 +0000 Received: from localhost ([127.0.0.1]:33878 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1me1v5-0007eR-S4 for submit@debbugs.gnu.org; Fri, 22 Oct 2021 17:17:44 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:42582) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1me1v4-0007eE-5a for 34717@debbugs.gnu.org; Fri, 22 Oct 2021 17:17:42 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100b]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id BAC911AA2C; Fri, 22 Oct 2021 14:17:36 -0700 (PDT) From: Vagrant Cascadian To: 34717@debbugs.gnu.org Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others In-Reply-To: <87y26loa74.fsf@yucca> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87y26loa74.fsf@yucca> Date: Fri, 22 Oct 2021 14:17:33 -0700 Message-ID: <87cznwoj2q.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 Cc: guix-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2021-10-21, Vagrant Cascadian wrote: > For the last couple years guix has been applying simple workarounds in > u-boot packages to disable the features that required openssl due to > GPL/openssl license incompatibilities. > > I made an attempt at updating guix to u-boot 2021.10, which seems to > have made openssl harder to workaround... many of the u-boot-BOARD > packages now require it, and the previous workarounds to disable openssl > in u-boot-tools seem ineffective. > > I see a few ways forward: > > * Dig deeper into figuring out how to disable the workarounds... > > * Refactor the code that uses openssl to use an alternate > implementation. Upstream would welcome the fixes, at least in > theory. Most promising candidate might be wolfssl, last I looked, but > it may miss some features. > > * Convince upstream u-boot to relicense relevent GPLed portions of code > with an openssl exception. Upstream is dubious about this being > practical, largely due to the sheer number of potential contributors > who would have to agree to it. * Disable substitutes for relevent packages. Technically correct as license incompatibility is only triggered on transmission of binary, though maybe missing something about the spirit of the GPL. live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCYXMqbgAKCRDcUY/If5cW qiKaAQCTLWxn3fODFSj+gOHuQj7N6Wil2ZgQJc66DZVDdZMeNgEA8ik5/Qy0+9ve vxdJc9+IuMgQNxa8gkzTnNuZUsGNOA0= =Npsj -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 23 05:08:35 2021 Received: (at 34717) by debbugs.gnu.org; 23 Oct 2021 09:08:35 +0000 Received: from localhost ([127.0.0.1]:34355 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1meD0y-0000lQ-QP for submit@debbugs.gnu.org; Sat, 23 Oct 2021 05:08:35 -0400 Received: from michel.telenet-ops.be ([195.130.137.88]:46466) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1meD0t-0000lD-Dr for 34717@debbugs.gnu.org; Sat, 23 Oct 2021 05:08:32 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by michel.telenet-ops.be with bizsmtp id 9M8Q2600D4UW6Th06M8R2D; Sat, 23 Oct 2021 11:08:25 +0200 Message-ID: Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others From: Maxime Devos To: Vagrant Cascadian , Leo Famulari Date: Sat, 23 Oct 2021 09:08:24 +0000 In-Reply-To: <87fsssoj6z.fsf@yucca> References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87y26loa74.fsf@yucca> <87fsssoj6z.fsf@yucca> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1634980105; bh=XjnvC9AI3aMMaf2k9Jy1H0sqfNljvn+cA3giVZoCbvk=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=P16hy9wQceinNRbZ2vITv4NVFashFuqT3rKCG0ynS9WJVayaJoMcfY88pa+O3Nvs2 HFqzpYt6mRMUdlJixRE1yfRiJJAtLGzIXNQF2w0g/Lkz1u/b9T8haz0JImOlD6i/mD QQF+b/pqk4Ppco8k5PM59wg0paLgZaWYpDY/VTAg+WIeVfrb9kjrm6w5vWyP8vbBVK CfLTHciaIJiFvIvc6L3dNh5narRMQM4rkugdFnfW/Xzsvx+MBCLUBq0Za7pxs5gBhD 8snaauFXE9q6PVKQNLoZVStql3j81wv+xcEBoAcT3bu0BxN0uWODEcTIGuLFTpLHTw 6r8Un6EmloZdg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34717 Cc: guix-devel@gnu.org, 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Vagrant Cascadian schreef op vr 22-10-2021 om 14:15 [-0700]: > [...] > Though, it is *possible* that various u-boot-BOARD in some cases > doesn't > include any openssl code at all in the resulting binaries, but builds > some tools used during the build process, that are then used to > produce > various cryptographic signatures in the build: > >   https://lists.denx.de/pipermail/u-boot/2021-October/464533.html > > If that's true, it should be ok for various boards (though the > possibility of openssl code getting linked in would be hard to > catch). Add openssl to #:disallowed-references. Then the build will fail if the store item has a reference to openssl. This most likely won't catch uses of the _static_ OpenSSL libraries though, so the "openssl:static" input would need to be removed for this approach to work. Greetings, Maxime. -- not hacking on guix for a while, only occassionally looking at IRC logs and bug reports. E-mails are unsigned until backup is located. From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 23 15:44:17 2021 Received: (at 34717) by debbugs.gnu.org; 23 Oct 2021 19:44:17 +0000 Received: from localhost ([127.0.0.1]:37345 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1meMwC-0003wH-UK for submit@debbugs.gnu.org; Sat, 23 Oct 2021 15:44:17 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:40019) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1meMw7-0003vy-Qx for 34717@debbugs.gnu.org; Sat, 23 Oct 2021 15:44:15 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 907805C0771; Sat, 23 Oct 2021 15:44:05 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Sat, 23 Oct 2021 15:44:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=PZVMTb8F9/CxgZEFajlNwdj7 XYKM6udYcrlvzx+I/ZI=; b=pFeMMk1o7sgeMOlxbbsOMRNGfLJiV4ddVdg8TyDk D+3TJPiuTwJEgYzcbRziU4m1ind5S98sZWwxiQPks246p+eo+vxzbyo+NoVYb08C pjTRa35No5ICH6QTUBZsusDwlYZnXzP8EpNK97kYr33VAhW77DSLvROu5XVQubFY NGI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=PZVMTb 8F9/CxgZEFajlNwdj7XYKM6udYcrlvzx+I/ZI=; b=g8Yf2xBoe2injxtA5pXhF5 5CBgTf08ekrEKy3a7OtnUZqqh7jf9OalzKS8fG0AHvQE7qoke7odq3FaIGdZsnOR /Ba2WpllUdEVDg/gcQICscNtFpn+jnZ/Qatf6PwJC1nITTCukFv3ybHbsA22y4Yi nGcsy/QpRuVptKlbZHYbwEpVL7Lso9dl5nuRnBd9tyjbdMbRaUqDymIlPBfS8EpJ wFh2JFh5cp2ksjUKZHO2PFowXU34jw1BT01Kl7LUAMKkU9smNEuWFEO6HB1zpYp/ L7lbqwP6y0MLkPvB38zcWUZcwfhjJg/5w67rJxJ2n++hQoV9CaLxi/d14efUnLyA == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvdeftddgudefvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheff vefgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh gvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 23 Oct 2021 15:44:04 -0400 (EDT) Date: Sat, 23 Oct 2021 15:44:02 -0400 From: Leo Famulari To: Vagrant Cascadian Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Message-ID: References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87y26loa74.fsf@yucca> <87cznwoj2q.fsf@yucca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87cznwoj2q.fsf@yucca> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34717 Cc: guix-devel@gnu.org, 34717@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Fri, Oct 22, 2021 at 02:17:33PM -0700, Vagrant Cascadian wrote: > * Disable substitutes for relevent packages. Technically correct as > license incompatibility is only triggered on transmission of binary, > though maybe missing something about the spirit of the GPL. Maybe, but did anyone with standing ever take action regarding these licensing incompatibilities? Perhaps, looking at these issues too closely is also missing something about the spirit of the GPL. From debbugs-submit-bounces@debbugs.gnu.org Sun Oct 24 04:53:41 2021 Received: (at submit) by debbugs.gnu.org; 24 Oct 2021 08:53:41 +0000 Received: from localhost ([127.0.0.1]:37902 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1meZG8-0005SU-Dy for submit@debbugs.gnu.org; Sun, 24 Oct 2021 04:53:41 -0400 Received: from lists.gnu.org ([209.51.188.17]:45994) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1meZG6-0005SG-SR for submit@debbugs.gnu.org; Sun, 24 Oct 2021 04:53:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41628) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1meZG3-0006aF-0h; Sun, 24 Oct 2021 04:53:35 -0400 Received: from mout.web.de ([212.227.17.11]:50667) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1meZG1-00047A-1I; Sun, 24 Oct 2021 04:53:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1635065594; bh=yj2KXM+pSZ9uUlhCwbHtsED7dyx7NfECBhxKWJ+g8L8=; h=X-UI-Sender-Class:References:From:To:Cc:Subject:Date:In-reply-to; b=AA4FE4TgOKtcb9Rpafz8qhzKlfnk/lq/XOtSOYLwa+KtqkCs1KDMjw2lzHuZRu3zW Lr2mk3Rmh2SV5Vbw7ixumvtq6tMHUyfWU0cIqlW5ygpAJeIIyj9TJB0tai8+BJMsEP AnDAuN4c+rcjq3AetJNVRL1ohH1+e1u5gUzIRgbE= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from fluss ([84.149.88.101]) by smtp.web.de (mrweb102 [213.165.67.124]) with ESMTPSA (Nemesis) id 0M8Qpi-1msVEO0PlC-00vwQL; Sun, 24 Oct 2021 10:53:14 +0200 References: <87tvgkiurn.fsf@ponder> <87zhq8f2zz.fsf@gnu.org> <87ftrzuxmh.fsf@ponder> <87o96m8f09.fsf@ponder> <871s3his1i.fsf@gnu.org> <87y26loa74.fsf@yucca> <87cznwoj2q.fsf@yucca> User-agent: mu4e 1.6.6; emacs 27.2 From: "Dr. Arne Babenhauserheide" To: Leo Famulari Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others Date: Sun, 24 Oct 2021 10:50:44 +0200 In-reply-to: Message-ID: <87v91m3itj.fsf@web.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Provags-ID: V03:K1:bcjjfypSKWKYnQMU/lNTFBNrT4toAictN4uwgCtn1RSzYgsvHEW AsLN0WH7CWRCuCLSQB/ertJ6qFVGEPf9WnvT8UUhZP0ariN62eiLe9F1HFdJ35+KlgMSqMg K5XjztNDxYxceHuMU/oFCSTPWjyzGykOQKId5La/+R9su9cHS/5SCiswvLjiz5ysbgZprzq /cxIz0TLs3sZpHuTZ/7bQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:vP11mc8yWIg=:GcgdGu6QCkRXjBkZm/XyoA J2LWwg9mnT1IhC7Bl3lmoRGSbMU8tFcfZ694kfnglG5yRL4mHEydHT3zJ9dxzQvbw8lWlO3Cg nlfGJDTCCVpdNBk7pO1SsNCg/Zp9WaTsGnJS9aZmD3kHYNTQok+e2cuTxHDFoHB2KPrFU6O8h wjY/Rrk+xIQ9Ri7kbHJQfNzkvLcnhZYzjKdza58xFlFquJ/uGmI96TVJVZS9vnZppebm+2R1F 7xfPLC1xGTvfEtCsMxbi5tDdJv/mxU+IG6BIYZjZMaBmEs0BRsFsGvSohk/PcEtXp1s+29YdG zi0XSxQ3H9zoyIw4ST4c1NxJF7T8R59oZJmQHi7gPrIb0hFqNDtLVNNhjw43fomPtnZbVtEfn sYV+T2oERA6kj48LfiEjCrBUNDYlPASQvOLLKsTjGAcwvaLZ98vRfXdcRd3gcpF4klGnuhAj4 Jp+m0iICdbP/8xkjR4CB+SsmtOc4e7PyhuSWM8ERO007rhdiJieS/EYJbF5pFyKNixOES2ZVm rtg3xn5B/WGbDT6VA+kK96GhaohPvO4Xmyit1kwMxqZnoWQirILUqJCe/m3O3wVHAWTjut93+ lGC7JKn/KwBiTc1EKrj1Op3aSPzSgsBbkijQbxr+FFHuJ6OpckaGj6WRvkPjqeronII0JJatv LCMouDmGVw+Fg6KsRv9Vg//3VNd2sWmw6qYKNOh7BPf/U0pifcuP6FfHPvK8pHliC1LHtJHR6 XOULCPzFD9G9zdaNsC3mf7kLQK6uw6bDerjIcIKtQ9ppiUfkS1HutztH4+qzPwdo1DS9aSHGF Rrwu+Vr8oyk9ICoYhQOxz+QtvuFxprcWBmmIlFE5L1J2dmmdPSL22ZJ9Sqo6uPqzFKF9ZsWgH +dDXmPwEqwdWYRUE55zUblZS9iN46N833q40RaGDniUCtKBRc55efi/kg+R06hWoBgrE8HKmV 5snl+BEDW5SVokfhPDLF7SJjIS2mTRRAux0AIGsAINs5jKZGHaCA1IzcMmgLR5H3RmwGUtQny UqOj/+I5K/ZLrrL0MBrEf3PPGLY5vP/5BCPI81xWwXTqfregqo8xvvTfn3EkbpcqiuQUGoMbS MyJZGHzuvd/UAk= Received-SPF: pass client-ip=212.227.17.11; envelope-from=arne_bab@web.de; helo=mout.web.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: Vagrant Cascadian , guix-devel@gnu.org, 34717@debbugs.gnu.org, bug-guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Fri, Oct 22, 2021 at 02:17:33PM -0700, Vagrant Cascadian wrote: >> * Disable substitutes for relevent packages. Technically correct as >> license incompatibility is only triggered on transmission of binary, >> though maybe missing something about the spirit of the GPL. > > Maybe, but did anyone with standing ever take action regarding these > licensing incompatibilities? > > Perhaps, looking at these issues too closely is also missing something > about the spirit of the GPL. It just needs one person. Also see this weeks newsletter from Cory Doctorov on the lawsuit against Vizio. It might soon only take one user. Best get licensing problems fixed sooner than later. GPLv2-only is a problem quickly getting closer. Best wishes, Arne =2D-=20 Unpolitisch sein hei=C3=9Ft politisch sein, ohne es zu merken. draketo.de --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAmF1HvgQHGFybmVfYmFi QHdlYi5kZQAKCRAT741FJAPD6/qtEAC9pCyi8fl/5PBk0nmMvs5bb4M+v4FbFxMf 1Z4Bg/hkdQU0HTOvaw8pjhtFArQAFS8Jz37iUT6yPpb/GT/MkjIk/f8g2XaYZYZV 3k8FXczHibnOcR2+7giwg35bZfdGjEkS0vQUtCg8tV/gWTYiGJpkzePpUwjHtAGR jemUZZA2rVvoJMqEV+RdUkl/OdKE2JvkbHWjiihcNUw9W6wrkSpJUTIpktnRLBxe EiWLnDw5dcjTap9dEH9+XbDdKOXpTM8Sh2CcMHbLZ7lXmEekcB5ZX5vlFl+2siUm rFom/YWE8yZmynBu5p4JYvBO+T07YjhrTx4O9qgod8FFVdrAJ68vl5xDFLClguN0 STPH8vYsWQDY9tToj43FDNMFHO2okSLdGWG/a+svg2EFH0SyVvvsin42ggnYPvCp nGPSJrncVb2BPg+jmF8TAb1txBeT7rUlDxvnyiH0ULUAkSPQygE3SVU5hHpFjz1A 43rSHSw7MZkfxQ0PFGtYofGncyaftsoZAS/ElaWJ+dR5FbIZ7nI7p7aCwgosqGOb 6qLV98olMOy3kDRmaKwyXqenn/Jpu54udZeNBJreqqcQD9d7FOGLWsG0JfxmjTGw H9R05IX5TRG6VchgBNQTPLUAWC4lziPt/zeYvn2Lm7at42vD4QUwrynn/6mk/oXj Nu9g92SPbojEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAmF1HvgQHGFy bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSG1sBACEdX446VpzJPJPH2Hy9g8QF/A1 1AI3Ym5l9SWZdcbd8pMYuvQm81XrBKrlIOt/hg2d+y8KxREWdwOukfPBErygiKhU 2PkENsjaDtutXUXQB9INOJeKZyx/YyiP7FC0HhHZz1jSNatONo6pfa7TxKUVpmfa xxddzJWGZ0bMpvvXKQ== =GfL2 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 15 05:44:41 2025 Received: (at 34717) by debbugs.gnu.org; 15 Apr 2025 09:44:41 +0000 Received: from localhost ([127.0.0.1]:50743 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u4cqP-0005n1-AC for submit@debbugs.gnu.org; Tue, 15 Apr 2025 05:44:41 -0400 Received: from mail.z572.online ([88.99.160.180]:59400) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u4cqL-0005mo-No for 34717@debbugs.gnu.org; Tue, 15 Apr 2025 05:44:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me; t=1744710664; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=4UKcA7cQQwdh4xs2nTXHLXjWWpLtbi/eb5MoFfw2EZ4=; b=uGZLuP0ow/ajYTKXm+Ok0ylZi/yinslI89VHN24x5vs/45rR75BdMhiG4i+SbD/s13bXn1 ikj1hhD+mklss0BBFfxmhaYjoAVRLoDztPUeevCxV9DbxLOD/M8QRN6JKaFaMiJCt1j2VW B60AQkhYX5xk575kgyKdzJq5Vk4FLe8= Received: from m (mail1.85362086.com [107.174.64.25]) by mail.z572.online (OpenSMTPD) with ESMTPSA id c5d61839 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <34717@debbugs.gnu.org>; Tue, 15 Apr 2025 09:51:02 +0000 (UTC) From: Z572 To: 34717@debbugs.gnu.org Subject: Re: GPL and Openssl incompatibilities in u-boot and possibly others. User-Agent: mu4e 1.12.9; emacs 30.0.92 Date: Tue, 15 Apr 2025 17:44:25 +0800 Message-ID: <875xj54v46.fsf@z572.online> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 4.5 (++++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, If I'm not mistaken, new openssl3 is asl2.0, u-boot is gpl2+, I think the licenses of these two should not conflict now, maybe we can add openssl3 to u-boot dependencies now. Content analysis details: (4.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [88.99.160.180 listed in sa-accredit.habeas.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: z572.online (online)] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [88.99.160.180 listed in bl.score.senderscore.com] 2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD X-Debbugs-Envelope-To: 34717 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.5 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, If I'm not mistaken, new openssl3 is asl2.0, u-boot is gpl2+, I think the licenses of these two should not conflict now, maybe we can add openssl3 to u-boot dependencies now. Content analysis details: (2.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [88.99.160.180 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [88.99.160.180 listed in bl.score.senderscore.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: z572.online (online)] -0.0 SPF_PASS SPF: sender matches SPF record 1.0 BULK_RE_SUSP_NTLD Precedence bulk and RE: from a suspicious TLD 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager --=-=-= Content-Type: text/plain Hi, If I'm not mistaken, new openssl3 is asl2.0, u-boot is gpl2+, I think the licenses of these two should not conflict now, maybe we can add openssl3 to u-boot dependencies now. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmf+KnkACgkQO1qpk+Gi 3/BaqQ/9F3ZKnMb+kdUq3tljWYp/f0iwYI5gkQSsv2r93gyOdHgH2lyNCLyJBk6S wVehQLQn/l3EhAz3Pfs1ovRnVRW8IS8aUBIXQnzgGM8lMyxVwUfkBOccAEts16T7 tkihW66Lh2cnZ0GucByKVFd79tiI2BB8dGVJBeANH1hat95VP/OpLV2T/kc5AmQ7 2Uxm7IeKzApiu8tZdVHLsFEKKSjWWNkdD3D+qTYMqaggwChi/6CPyiuAJLrMVxL8 SP1NgJb20HZEt+Eji342lLJgWyJN3VfizOz94F1sPg+OmA9CwVvnet6LN9qaWB4Y a/+CuHqcHHbXiHlEfi6plAytcZBn31y5CHw3Yg6rtXNsOy/to+rK1SamEl3dRqmG 0UHFFigM4+Jrsan1/g0qXPMyEKqX3O8GHy82k/EOzD7ojpesMTbHNig2zLxyViuI r8/JWB0MoQoeUO4WxQ1Th+a2whCD3DWNsZg1ZXS4mW31qWyPWzHS9BpMiMtALgCZ T0SIYTODWJQqL/qknj6zD1WpOmUtp9fxnRs2LIs8HU61iImpRgNWys0FZVwsTb3p lAOd5P9d0R1Z1QhndAkr++CwjaFEhi0/Uwlu3bqyaBgV5ML/DFrdorLtE6EJaK0R iGtMMukckYDez53VMB2/JVy5NPMEfPitYKipv3AbOdfS/m8Xwwo= =H37N -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 23 11:45:20 2025 Received: (at 34717) by debbugs.gnu.org; 23 Apr 2025 15:45:20 +0000 Received: from localhost ([127.0.0.1]:58402 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u7cHm-0006wm-Ty for submit@debbugs.gnu.org; Wed, 23 Apr 2025 11:45:20 -0400 Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]:44082) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u7cHi-0006tV-Ga for 34717@debbugs.gnu.org; Wed, 23 Apr 2025 11:45:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org; s=1.vagrant.user; t=1745423107; bh=Wn3jQkAkPUOOhvuFBzsoTtXR/9EZSva4dJpT0eROyCU=; h=From:To:Subject:In-Reply-To:References:Date:From; b=AXqQIyamakfxYGgDK8Z0usji5GgMFdWqO5hb22RR6LtfWe51KoLXkLaJUvXi+VcKY 81ktfJ0uY5VM5hVgj9fmdtmTwF881x4mBNn1sNtG7cbgaoWfh/Q9k4zl8dBP4asi7g 9Zxe228ylzoyoFHLnUot8neRfXlwJq96t34vY4CRMFYn8vq41Swy5TPk0Pm8BsUotY ayFY+pEgr6wIlUN1oTWlBnZDsC60SFaKplVsJuBMlZCub6vrs6srchnGI0lmVASvMI f4ocmDSpBipmfjUZ+a2cQxoEMrx1CIxYUrAlTUU4azW+zDVzbcP53oXVS9vHTLgBe0 oTpUlW3vxpSOA== Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50]) by cascadia.aikidev.net (Postfix) with ESMTPSA id 6133F80D0; Wed, 23 Apr 2025 08:45:07 -0700 (PDT) From: Vagrant Cascadian To: Z572 , 34717@debbugs.gnu.org Subject: Re: bug#34717: GPL and Openssl incompatibilities in u-boot and possibly others. In-Reply-To: <875xj54v46.fsf@z572.online> References: <87tvgkiurn.fsf@ponder> <875xj54v46.fsf@z572.online> Date: Wed, 23 Apr 2025 08:45:01 -0700 Message-ID: <8734dyrif6.fsf@wireframe> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34717 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain On 2025-04-15, Z572 wrote: > Hi, If I'm not mistaken, new openssl3 is asl2.0, u-boot is gpl2+, I > think the licenses of these two should not conflict now, maybe we can > add openssl3 to u-boot dependencies now. This appears to be an oversight in the packaging of u-boot in Guix license field, as significant portions of u-boot are GPLv2-only which is not compatible with asl2.0... In Debian, numerous licenses other than GPL-2.0+ are documented: https://tracker.debian.org/media/packages/u/u-boot/copyright-2025.01-3 live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCaAkK/QAKCRDcUY/If5cW qp8HAP0UXun20iUcq7hwEfWWEzMCNkvbM49ddPAvCIIs41Qp9AD+Pg2KpyrLTf9T sQLBMG/1EVZ+tHvWHFvwezZDmIHv5Qk= =lT5A -----END PGP SIGNATURE----- --=-=-=--