I Am Not A Lawyer
Please ignore anything I say in this article!
When building a system that makes use of Open Source Software, it is vital to know what your licence obligations are. Other than just the common decency of respecting the wishes of the author of that software, it is also a legal requirement as they are the Terms and Conditions by which you are agreeing to be bound.
If you are using the Yocto Project as your build system, then you will probably know that all recipes contain a ‘LICENCE’ variable. Whenever you build an image, ‘bitbake‘ will populate the ‘build/tmp/deploy/licenses/*’ directory with the licence information for every package you have created.
What it will also do is create a licence manifest for the entire system in the directory ‘build/tmp/deploy/licenses/<IMAGE_NAME>-<MACHINE_NAME>/license.manifest‘.
The <IMAGE_NAME>-<MACHINE_NAME> directory is a symbolic link to the latest build, as each buld will have a ‘-YYYYMMDDHHMMSS’ directory, which is great for historical records.
The license.manifest file contains stanza for each package with the following fields:
PACKAGE NAME:
PACKAGE VERSION:
RECIPE NAME:
LICENSE:
An example with a couple of real entries….
PACKAGE NAME: binutils
PACKAGE VERSION: 2.35.1
RECIPE NAME: binutils
LICENSE: GPLv3
PACKAGE NAME: bluez5
PACKAGE VERSION: 5.55
RECIPE NAME: bluez5
LICENSE: GPLv2+ & LGPLv2.1+
Some of the key things to note are each stanza is separated by a blank line and that a particular package and package version may have more than one licence.
While this is a useful data set, what most of my customers actually want is spreadsheet or table of packages and licences that they can put into their documentation.
As such, I wrote a little Python script that will parse the manifest file and output a list of either:
- A List of Packages and their licences
- A List of licences and which packages use them
The source for this can be found at the Yocto Licence Parser GitHub Repository: https://github.com/ming4real/yocto-licence-parser.