Affects Version/s: None
Fix Version/s: None
Days in progress:0
There are a couple of features in the Yocto Project which can simplify management of OSS license compliance.
You can read a bit more here.
But I wanted to focus on the Providing License Text feature, which can be enabled as such:
This generates a new directory which contains the aggregated package names and their license text.
One "good" example is the json-c-native directory:
- generic_MIT - This is a generic MIT license text (template). Copied based on the LICENSE variable in the recipe
- COPYING - Copied from the source of the package, MIT license text with Copyright notice. This is copied based on the LIC_FILES_CHKSUM variable in the recipe
So strictly speaking, if the license has a requirement that you ship the license text together with the binary, you would need to ship COPYING and not the generic text.
So if we take a look at the Mender client:
Only the generic texts are provided because we bundle everything in LIC_FILES_CHKSUM.sha256.
The more appropriate thing to do is probably to utilize the LIC_FILES_CHKSUM variable in the recipe to point to vendor licenses directly, this way bitbake would pick them up and copy them.
The more extreme solution, would be to package each go module in a separate recipe, hence each module/recipe would have their own LICENSE license management. This might solve other problems as well? This aligns better to the Yocto model but of course complicates things a bit since Yocto and GO are in conflict.