Open-Source Licenses Made Easy with Buildroot and Yocto for Embedded Linux
Open-Source Licenses Made Easy with Buildroot and Yocto for Embedded Linux
Disclaimer :
This is a very short intro to the license systems.
I am not a lawyer and you should not interpret this article as legal advice of any kind. Information is provided on an as-is basis. For a legal consultation, please contact your legal advisor.
In this article I will try to explain what are the copyrights/copyleft, what are the popular opensource software licenses, and how to make sure that your Embedded Linux system complies with them using popular build systems ; Buildroot or YOCTO project.
- What “Copyrights” really means?
- Free burger vs free software ?
- What is Copyleft ?
- Copyleft vs Non-copyleft ?
- Popular open source licenses
- When should you contribute back your changes ?
- Are you using the opensource code in the right way ? case studies
- Licenses and Embedded Linux
- Generate license information from Builroot
- Generate license information from YOCTO
- Other useful tools
What “Copyrights” really means?
Once in a while, you will hear the term Copyright in the context of movies, music, books, or photos, so what are copyrights ?
Frida’s passion is drawing; she decided to draw a cat; her drawing of a cat on paper is copyright protected, in the moment she drew it! and the sole property of its creator “Frida”. Note that; this cat drawing needs to be stored somehow — a poem can’t be copyrighted unless it’s written or recorded on a reproducible medium- and “Frida’s cat drawing” can’t be copied or used on a mug or a t-shirt for example or any derivative works without her written approval — for the lifetime of this copyright.
On the other hand, Frida doesn’t have exclusive rights on the depiction of cats, as copyrights protect not the ideas, but it protects the expression of that idea.
And this is the biggest difference between a patent and a copyright, as patents can protect the ideas themselves, so they have a harder processes and shorter lifetime compared to the copy rights (a copyrights don’t need to be registered to have a legal power for anything produced after 1989).
Copyrights come with some limitations on the creator :
Work for hire:
If your creation was made as part of your employment that you got paid for, the copyrights are owned by the employer.
Fair use:
Anyone rather than the creator, can make limited uses of the copyrighted material for purposes of criticizing or commenting on it.
Transformative derivative work:
If the work is based on a copyrighted material, but it has been altered fundamentally so that it can be copyrighted itself, the original creator has no rights over it.
Public domain:
The work transfers to the public domain and has no copyrights after the expiration of the copyright lifetime, and it varies between 70 years after the owner’s death to 120 years for anything with an anonymous author.
Proprietary software
In software world, the software which has this kind of copyrights is called “proprietary software” and most of the time it would not be free and will cost you money at least when you try to modify and redistribute it … not all proprietary software are closed source, but most of them are.
Windows and Adobe Photoshop are examples of proprietary software.
There are a lot of books about copyrights and even specialized law firms, but this summary is important to understand how the software license works.
Free burger vs free software ?
When people hear the term “Free Software” they directly associate it with a Free Burgers, but this is not the case! When we say free software, we mean the kind of freedom of speech.
See GNU for a definition of Free Software.
We can’t mention the free software without mentioning Richard Stallman; he is an American “free software” activist and a programmer; he launched the GNU project in September 1983 to create a Unix-like OS composed entirely of free software, and his initiative revolutionized the computer industry for good ! Read more about him here.
Free Software licenses fall into two main categories:
1. Copyleft licenses
2. Non-copyleft licenses
Now, lets dive into each type …
What is Copyleft ?
After discussing the copyrights, And how the authors restrict others from copying their work, on the contrary some people don’t mind others to use or modify their work — under some conditions — this is called “copyleft” and other people just don’t care how you will use their creative work at all and have almost no conditions, and this is called Non-CopyLeft.
So in copyleft licenses, the original creator asks for reciprocity in the freedom given to a user. The result is that when you receive software under a copyleft software license and distribute a modified versions of it, you must do so under the same license, and give the Same freedoms to the new users. It’s an incentive to contribute back the changes you have done, instead of keeping them secret; it’s a win-win situation and helps to keep the projects alive and growing.
Linux OS is an example of an free open source software, published under a copyleft license (GPLv2), and because of this license it became one of the most important pieces of software ever existed, and the largest open source project ever with Roughly 15,600 developers !
Copyleft vs Non-copyleft ?
Popular copyleft licenses
GPL “GNU General Public License”
Covers around 55% of the free software projects Including
the Linux kernel, Busybox and many applications
It is a copyleft license that:
- Requires derivative works to be released under the same license
- Programs linked with a library released under the GPL must also be released under the GPL
Some programs covered by version 2 (Linux kernel, Busybox and others)
More and more programs covered by version 3, released in 2007
Major change for the embedded market:
the requirement that the user must be able to run the modified versions on the device, if the device is a consumer device
No obligation when the software is not distributed You can keep your
modifications secret until the product delivery
It is then authorized to distribute binary versions, if one of the following conditions is met:
- Convey the binary with a copy of the source on a physical medium
- Convey the binary with a written offer valid for 3 years that indicates how to fetch the source code
- Convey the binary with the network address of a location where the source code can be found
- See section 6. of the GPL license
In all cases, the attribution and the license must be preserved See section 4. and 5.
LGPL — GNU Lesser General Public License
Covers around 10% of the free software projects
A copyleft license that:
- Requires modified versions must be released under the same license
- But, programs linked against a library under the LGPL do not need to be released under the LGPL and can be kept proprietary.
- However, the user must keep the ability to update the library independently from the program. Dynamic linking is the easiest solution. Statically linked executables are only possible if the developer provides a way to relink with an update (with source code or linkable object files).
Used instead of the GPL for most of the libraries, including the C libraries Some exceptions: MySQL, or Qt <= 4.4 Also available in two versions, v2 and v3
Non-copyleft
licenses have no such requirements, and modified versions can be kept proprietary, but they still require attribution(mentioning).
A large family of non-copyleft licenses that are relatively similar in their requirements.
A few examples:
- Apache license (around 4%)
- BSD license (around 6%)
- MIT license (around 4%)
- X11 license
- Artistic license (around 9 %)
You must give credit to the author, and mention that you are using a component with the license name x
MIT Open Source Software License
MIT has long been a very popular open source software license, nearly half of all licensed repositories on GitHub are opting for the MIT license.
A Non-copyleft license that:
- easy choice for developers, It’s short and to the point.
- It tells downstream users what they can’t do
When should you contribute back your changes ?
You make modifications to the Linux kernel (to add drivers or adapt to your board), to Busybox, U-Boot or other GPL software
- You must release the modified versions under the same license and be ready to distribute the source code to your customers
You make modifications to the C library or any other LGPL library
- You must release the modified versions under the same license
You create an application that relies on LGPL libraries
- You can keep your application proprietary, but you must link dynamically with the LGPL libraries
You make modifications to a non-copyleft licensed software
- You can keep your modifications proprietary, but you must still credit the authors
Are you using the opensource code in the right way ?
On February 2010, Samsung was forced to release it’s state of the Art Smart TV firmware (LN52A650) for free under GPLv2, after a lawsuit by busybox was filed naming fourteen defendants including Samsung and others.
which was used later as a reference by the SamyGO community project and used by many of Samsung chines competitors to create smart TVs.
On May 2018, Tesla has finally compiled with GPL license for the open source software they use in their cars after 5 years of community pressure!
Tesla, is a software-heavy company and it has been using a lot of open source software to build its operating system and features, such as Linux Kernel, Buildroot, Busybox, QT, and more.
You can check the code and even build it yourself on GitHub.
https://github.com/teslamotors/buildroot
https://github.com/teslamotors/linux
Licenses and Embedded Linux (Buildroot & YOCTO)
After you are now familiar with the difference licenses it’s time to see how to keep track of which licenses are used within your project to make sure before the production that you aren’t breaking any of them.
I will cover here some basic tools and commands you can use to confirm this in the most 2 famous embedded Linux build tools in the market.
1. Buildroot and Open Source License Compliance
Buildroot is a simple but very efficient build system used by many of the big companies E.g.: Google — Tesla — GoPro .
The Buildroot Project has the ability to generates a license manifests stating all the licenses used in your build using the following command which can assist with any audits.
make legal-info
To view them open :
buildroot/output/legal-info/manifest.csv
YOCTO and Open Source License Compliance
The Yocto Project generates a license manifest during image creation that is located in
${DEPLOY_DIR}/licenses/image_name-datestampto assist with any audits.
For example from the file: license.manifest
PACKAGE NAME: busyboxPACKAGE VERSION: 1.31.1 RECIPE NAME: busybox LICENSE: GPLv2 & bzip2
Tracking License Changes
The license of an upstream project might change in the future. In order to prevent these changes going unnoticed, the LIC_FILES_CHKSUM variable tracks changes to the license text. The checksums are validated at the end of the configure step, and if the checksums do not match, the build will fail.
Review the following section of YOCTO mega manual for more details regarding the license helper tools available
INCOMPATIBLE_LICENSE
Specifies a space-separated list of license names (as they would appear in LICENSE) that should be excluded from the build. Recipes that provide no alternatives to listed incompatible licenses are not built. Packages that are individually licensed with the specified incompatible licenses will be deleted.
For more info :
https://www.yoctoproject.org/docs/current/mega-manual/mega-manual.html#var-INCOMPATIBLE_LICENSE
Enabling Commercially Licensed Recipes
By default, the OpenEmbedded build system disables components that have commercial or other special licensing requirements.
In order for a component restricted by a LICENSE_FLAGS definition to be enabled and included in an image, it needs to have a matching entry in the global LICENSE_FLAGS_WHITELIST variable, which is a variable typically defined in your local.conf file.
For more info :
Other useful tools
Fossology:
Fossology is a free and open source software tool for license compliance management. It allows users to scan their software codebase for any open source components, and provides information about the licenses associated with those components. This helps users ensure that they are using open source software in compliance with the relevant licenses, and avoid any potential legal issues. Fossology is a valuable tool for organizations that use a lot of open source software, as it can help them manage their compliance obligations and avoid any potential pitfalls.
As a toolkit you can run license, copyright and export control scans from the command line.
SPDX:
SPDX is a standard format for communicating information about software licenses and other legal information. It was developed by the Linux Foundation in order to provide a consistent and machine-readable way of representing this information. SPDX is often used in conjunction with tools like Fossology to manage license compliance, as it provides a standardized way of representing the licenses associated with different software components. This makes it easier for organizations to manage their compliance obligations and ensure that they are using open source software in accordance with the relevant licenses.
References :
- Comments
- Write a Comment Select to add a comment
To post reply to a comment, click on the 'reply' button attached to each comment. To post a new comment (not a reply to a comment) check out the 'Write a Comment' tab at the top of the comments.
Please login (on the right) if you already have an account on this platform.
Otherwise, please use this form to register (free) an join one of the largest online community for Electrical/Embedded/DSP/FPGA/ML engineers: