Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 318841

Summary: sys-kernel/linux-firmware incomplete LICENSE
Product: Gentoo Linux Reporter: Ulrich Müller <ulm>
Component: New packagesAssignee: Licenses team <licenses>
Status: RESOLVED FIXED    
Severity: normal CC: de.techno, gregkh, kernel, matija, mgorny, pacho, trustees, zerochaos
Priority: High Keywords: UPSTREAM
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Attempt to classify licenses in WHENCE
Classify licenses in WHENCE, as of 20190514
Classify licenses in WHENCE, as of 20190514

Description Ulrich Müller gentoo-dev 2010-05-07 10:07:44 UTC
LICENSE says "GPL-2", but the WHENCE file included with the tarball lists several others, including some problematic ones like "unknown" or "all rights reserved".

Should we try to make a complete list, or would a catch-all like "GPL-2 freedist" suffice?
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-05-07 18:19:17 UTC
I've added freedist for the moment, along with GPL, BSD, GPL-3, since that's a minimal covering set based on WHENCE.

We could add more licenses if we wanted, but the LICENSES string for that package is going to get extremely long, and we'd be adding at least 20 different licenses to the tree.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-05-07 18:20:01 UTC
As an idea, maybe we just install WHENCE and LICEN[CS]E.* files ourselves?
Comment 3 Matija "hook" Šuklje 2010-08-14 21:38:46 UTC
What about if there was a @WHENCE group which the user could add?

Or could the @WHENCE as a group be used in the ebuild's LICENSES string?

Apart from being a lot of work, would there be anything else bad about getting all the licenses from WHENCE into the ebuild?
Comment 4 dE 2010-11-17 11:50:14 UTC
*** Bug 345869 has been marked as a duplicate of this bug. ***
Comment 5 dE 2010-11-17 11:51:15 UTC
I confirm this fact, that's why debian marks the package a non-free.
Comment 6 Ulrich Müller gentoo-dev 2010-11-17 14:32:21 UTC
(In reply to comment #2)
> As an idea, maybe we just install WHENCE and LICEN[CS]E.* files ourselves?

Coming back to this. I believe that this is the only practicable solution. We'd have to add a version to the WHENCE file though, since it changes all the time. For example, it could be installed as licenses/linux-firmware-<version>.

We have most of the LICEN[CS]E.* files already:

   LICENCE.agere                = BSD
   LICENCE.atheros_firmware     = ipw3945 / ralink-firmware
   LICENCE.broadcom_bcm43xx     = Broadcom (some differences)
   LICENSE.dib0700              = as-is
   LICENCE.i2400m               = ipw3945 / ralink-firmware (some differences)
   LICENCE.iwlwifi_firmware     = ipw3945 / ralink-firmware
   LICENCE.libertas             = ipw3945 / ralink-firmware
   LICENCE.mwl8k                = ipw3945 / ralink-firmware
   LICENCE.phanfw
   LICENCE.qla2xxx              = qlogic-fibre-channel-firmware
   LICENSE.radeon_rlc           = radeon-ucode
   LICENCE.ralink-firmware.txt  = ipw3945 / ralink-firmware
   LICENCE.rtlwifi_firmware.txt = ipw3945 / ralink-firmware
   LICENCE.ti-connectivity
   LICENCE.ueagle-atm4-firmware = BSD
   LICENCE.xc5000               = as-is
Comment 7 Ulrich Müller gentoo-dev 2013-02-09 09:58:59 UTC
I see no progress here, so I'm inclined to go for a pragmatic solution. What would you think about adding a file licenses/linux-firmware with the following wording?

   Gentoo license note:

   Linux firmware images are distributed under a variety of licenses,
   some of them being non-free. According to upstream, all of them should
   be redistributable. You will need to check the WHENCE and LICEN[CS]E.*
   files in the package for specific licensing terms.
Comment 8 Ulrich Müller gentoo-dev 2013-02-17 09:56:45 UTC
(In reply to comment #7)
>    According to upstream, all of them should be redistributable.

Strike this out, it doesn't apply to all firmware images.
Comment 9 Ulrich Müller gentoo-dev 2013-05-28 14:27:38 UTC
Created attachment 349446 [details]
Attempt to classify licenses in WHENCE

Here's my e-mail message on the subject from February, for reference.
Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-27 20:45:01 UTC
(In reply to Ulrich Müller from comment #8)
> (In reply to comment #7)
> >    According to upstream, all of them should be redistributable.
> 
> Strike this out, it doesn't apply to all firmware images.

In which case, why is there no mirror RESTRICT?
Comment 11 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-27 20:51:26 UTC
(In reply to Kristian Fiskerstrand from comment #10)
> (In reply to Ulrich Müller from comment #8)
> > (In reply to comment #7)
> > >    According to upstream, all of them should be redistributable.
> > 
> > Strike this out, it doesn't apply to all firmware images.
> 
> In which case, why is there no mirror RESTRICT?

Seems it is possible to mitigate this to some extent by using a pseudo-license in a non-free group. e.g a "linux-firmware-licenses": "this package contains a number of binary blobs under licenses, please consider the ramifications yourself based on the license files in the tarball and information from upstream"
Comment 12 Rick Farina (Zero_Chaos) gentoo-dev 2016-10-27 22:37:51 UTC
(In reply to Kristian Fiskerstrand from comment #10)
> (In reply to Ulrich Müller from comment #8)
> > (In reply to comment #7)
> > >    According to upstream, all of them should be redistributable.
> > 
> > Strike this out, it doesn't apply to all firmware images.
> 
> In which case, why is there no mirror RESTRICT?

What is the point of a mirror restriction? Or a fetch restriction?

There are two types of ebuilds for linux-firmware, git, and snapshot.  The git tree had been broken for months last I checked (it is working now), so the 99999999 ebuild may be broken for months at a time.  The snapshot ebuilds are just one of us grabbing the git repo and making a tarball as some $DATE.  We make and host the tarball, so a mirror restriction or fetch restriction makes no sense since we are already hosting it and it's going to come from us anyway.

Personally, every major linux distribution redistributes this software, the git tree is/was hosted by the linux kernel team, and there is a *requirement* that any firmware in the linux-firmware repo must allow redistribution:
https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/README

I say it's fine, and I am not a lawyer.
Comment 13 Ulrich Müller gentoo-dev 2016-10-28 05:45:18 UTC
(In reply to Rick Farina (Zero_Chaos) from comment #12)
> We make and host the tarball, so a mirror restriction or fetch restriction
> makes no sense since we are already hosting it and it's going to come from
> us anyway.

*If* our conclusion was that this is not distributable, then we could neither mirror it nor host it.

> [...] there is a *requirement* that any firmware in the linux-firmware repo
> must allow redistribution:
> https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/
> tree/README

That may be valid for new entries, but unfortunately it is not true for the existing ones. See my audit in attachment #349446 [details]. Three years ago almost one third of the blobs was not redistributable. It is enough to look at the very first two entries in WHENCE (in the linux-firmware-20160628 tarball) to confirm that the problem still exists. They say "Licence: Allegedly GPLv2+, but no source visible" and "Licence: Unknown", respectively.
Comment 14 Ulrich Müller gentoo-dev 2016-10-28 06:54:32 UTC
(In reply to Ulrich Müller from comment #7)
> I see no progress here, so I'm inclined to go for a pragmatic solution. What
> would you think about adding a file licenses/linux-firmware with the
> following wording?

Updated wording:

   Gentoo license note:

   Linux firmware images are distributed under a variety of licenses,
   many of them being non-free. Most likely, some of the images are not
   redistributable. You will need to check the WHENCE and LICEN[CS]E.*
   files in the package for specific licensing terms.

CCing trustees. I shall commit the above on 2016-11-21, unless you tell me differently.
Comment 15 Ulrich Müller gentoo-dev 2017-04-21 07:09:35 UTC
(In reply to Ulrich Müller from comment #14)
> CCing trustees. I shall commit the above on 2016-11-21, unless you tell me
> differently.

I've missed that date, and since it's several months ago, here's another heads up. I am going to commit the above on sunday. (And obviously, ebuilds will be mirror and bindist restricted.)
Comment 16 Ulrich Müller gentoo-dev 2017-04-24 08:48:04 UTC
As discussed by the Trustees in their meeting yesterday, I have added a linux-firmware license note with text as follows:

   Gentoo license note:
   
   Linux firmware images are distributed under a variety of licenses,
   many of them being non-free. Most likely, upstream redistribution of
   some firmware images may conflict with the licenses or lack thereof on
   the images. You will need to check the WHENCE and LICEN[CS]E.* files
   in the package for specific licensing terms.

All ebuilds of sys-kernel/linux-firmware updated (the "()" grouping is for better readability only; it is redundant for ACCEPT_LICENSE):

   LICENSE="linux-firmware ( BSD ISC MIT no-source-code ) GPL-2 GPL-2+ freedist"

I am leaving this bug open because it still is an issue that should be taken care of upstream.
Comment 17 Ulrich Müller gentoo-dev 2019-02-21 16:01:53 UTC
(In reply to Ulrich Müller from comment #16)
> LICENSE="linux-firmware ( BSD ISC MIT no-source-code ) GPL-2 GPL-2+ freedist"

I wonder if we shouldn't simplify that. We had originally added "freedist" as a catch-all. However, that doesn't provide any additional information, since we have the more specific "linux-firmware" in place now.
Comment 18 Kristian Fiskerstrand (RETIRED) gentoo-dev 2019-02-21 21:21:39 UTC
(In reply to Ulrich Müller from comment #17)
> (In reply to Ulrich Müller from comment #16)
> > LICENSE="linux-firmware ( BSD ISC MIT no-source-code ) GPL-2 GPL-2+ freedist"
> 
> I wonder if we shouldn't simplify that. We had originally added "freedist"
> as a catch-all. However, that doesn't provide any additional information,
> since we have the more specific "linux-firmware" in place now.

Seems reasonable to me to only keep linux-firmware in this case.
Comment 19 Larry the Git Cow gentoo-dev 2019-02-23 11:26:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c35fd08ac1d901f3eade42b0c609c69c1a63cc72

commit c35fd08ac1d901f3eade42b0c609c69c1a63cc72
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2019-02-23 11:22:38 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2019-02-23 11:24:41 +0000

    sys-kernel/linux-firmware: Drop freedist from LICENSE.
    
    "freedist" was originally added as a catch-all. With the more specific
    "linux-firmware" in place, it doesn't provide any additional information.
    
    Bug: https://bugs.gentoo.org/318841
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 sys-kernel/linux-firmware/linux-firmware-20181026.ebuild | 4 ++--
 sys-kernel/linux-firmware/linux-firmware-20181216.ebuild | 4 ++--
 sys-kernel/linux-firmware/linux-firmware-20181218.ebuild | 2 +-
 sys-kernel/linux-firmware/linux-firmware-20190114.ebuild | 2 +-
 sys-kernel/linux-firmware/linux-firmware-20190118.ebuild | 2 +-
 sys-kernel/linux-firmware/linux-firmware-20190213.ebuild | 2 +-
 sys-kernel/linux-firmware/linux-firmware-20190221.ebuild | 2 +-
 sys-kernel/linux-firmware/linux-firmware-99999999.ebuild | 4 ++--
 8 files changed, 11 insertions(+), 11 deletions(-)
Comment 20 Ulrich Müller gentoo-dev 2019-05-15 13:53:10 UTC
Created attachment 576772 [details]
Classify licenses in WHENCE, as of 20190514

In a long discussion in #gentoo-council yesterday (including dilfridge, robbat2, ulm, Whissi, Zero_Chaos) we came up with the following solution, which I am trying to summarise:

1. Two USE flags "redistributable" and "unknown-license" will be added to sys-kernel/linux-firmware, controlling installation of non-free files.

2. The ebuild will have a default of IUSE="+redistributable unknown-license", in order to provide a useful default for the vast majority of users. For example, most wireless cards will require non-free/non-libre firmware.

3.a. USE="-redistributable" will only install files with a license in the @FREE set. (The USE="-redistributable unknown-license" setting wasn't seen as useful, so the unknown-license flag can be ignored if redistributable is not set.)
3.b. USE="redistributable -unknown-license" (the default) will additionally install files with a license in @BINARY-REDISTRIBUTABLE.
3.c. USE="redistributable unknown-license" will install all files. 

4. A restriction "unknown-license? ( bindist )" will be added to the ebuild.

5. The "unknown-license" flag will be package.use.masked (or use.masked) in profiles, to prevent accidental installation of these components.

6. Mirror restriction of the distfile was not seen as necessary, for the time being.

Attached is an updated classification of licenses in the WHENCE file, using the following three categories:

   (F) free software (in @FREE)
   (R) redistributable (in @BINARY-REDISTRIBUTABLE but not in @FREE)
   (X) unknown license (not in @BINARY-REDISTRIBUTABLE)

Disclaimer: IANAL, TINLA.
Comment 21 Ulrich Müller gentoo-dev 2019-05-15 14:24:26 UTC
Also, LICENSE to the ebuild should be updated:

LICENSE="GPL-2 GPL-2+ GPL-3 BSD MIT || ( MPL-1.1 GPL-2 )
    redistributable? (
        linux-firmware ( BSD-2 BSD BSD-4 ISC MIT no-source-code )
    )
    unknown-license? ( all-rights-reserved )"

I suggest to reuse the "linux-firmware" license label for the redistributable images, and update its wording to something similar to what I had in comment #7:

   Gentoo license note:

   Linux firmware images are distributed under a variety of licenses,
   many of them being non-free. However, all images whose license is
   subsumed under this "linux-firmware" license label should at least be
   redistributable. You will need to check the WHENCE and LICEN[CS]E.* 
   files in the package for specific licensing terms.

Then the linux-firmware license would cover only redistributable images, so we could finally add it to the BINARY-REDISTRIBUTABLE group.
Comment 22 Larry the Git Cow gentoo-dev 2019-05-16 02:23:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cb09513b11ad9721b4173bcaf9d0a8f9fee4d8d

commit 7cb09513b11ad9721b4173bcaf9d0a8f9fee4d8d
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2019-05-16 02:18:49 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2019-05-16 02:18:49 +0000

    licenses: Add linux-fw-redistributable.
    
    New license label that will cover redistributable firmware images
    in the sys-kernel/linux-firmware package.
    
    Bug: https://bugs.gentoo.org/318841
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 licenses/linux-fw-redistributable | 7 +++++++
 profiles/license_groups           | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)
Comment 23 Ulrich Müller gentoo-dev 2019-05-16 02:27:12 UTC
(In reply to Ulrich Müller from comment #21)
> LICENSE="GPL-2 GPL-2+ GPL-3 BSD MIT || ( MPL-1.1 GPL-2 )
>     redistributable? (
>         linux-firmware ( BSD-2 BSD BSD-4 ISC MIT no-source-code )
>     )
>     unknown-license? ( all-rights-reserved )"

I've committed it as "linux-fw-redistributable" rather than re-using the old "linux-firmware" license label, because its meaning has changed.
Comment 24 Ulrich Müller gentoo-dev 2019-05-18 08:22:32 UTC
Created attachment 577144 [details]
Classify licenses in WHENCE, as of 20190514

I've found one mistake in my classification. Updated list attached.
Comment 25 Larry the Git Cow gentoo-dev 2019-05-18 19:12:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11aacf6aaea54788f624f6d1a610b58587fb0dcd

commit 11aacf6aaea54788f624f6d1a610b58587fb0dcd
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2019-05-18 17:22:29 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2019-05-18 19:12:08 +0000

    profiles: package.use.mask unknown-license for linux-firmware.
    
    Bug: https://bugs.gentoo.org/318841#c20
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 profiles/base/package.use.mask | 8 ++++++++
 1 file changed, 8 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=636d119a26c187ffd64d0611e3245be29e85dcb9

commit 636d119a26c187ffd64d0611e3245be29e85dcb9
Author:     Ulrich Müller <ulm@gentoo.org>
AuthorDate: 2019-05-18 17:20:41 +0000
Commit:     Ulrich Müller <ulm@gentoo.org>
CommitDate: 2019-05-18 19:12:08 +0000

    sys-kernel/linux-firmware: New snapshot, add USE flags.
    
    Introduce two USE flags:
    "redistributable": Install all firmware files whose license will at
    least allow redistribution. (So, USE="-redistributable" will install
    only files that are free software.) This is enabled by an IUSE default.
    "unknown-license": In addition, install firmware files with an unknown
    license according to upstream's WHENCE file.
    
    In savedconfig code, call rm only once, instead of executing it for
    each file.
    
    EAPI bumped to 7.
    
    Added without KEYWORDS for testing.
    
    Bug: https://bugs.gentoo.org/318841#c20
    Package-Manager: Portage-2.3.66, Repoman-2.3.12
    Signed-off-by: Ulrich Müller <ulm@gentoo.org>

 sys-kernel/linux-firmware/Manifest                 |   1 +
 .../linux-firmware/linux-firmware-20190514.ebuild  | 291 +++++++++++++++++++++
 sys-kernel/linux-firmware/metadata.xml             |   4 +
 3 files changed, 296 insertions(+)
Comment 26 Ulrich Müller gentoo-dev 2019-05-18 19:22:39 UTC
*** Bug 616076 has been marked as a duplicate of this bug. ***
Comment 27 Ulrich Müller gentoo-dev 2019-05-19 18:51:10 UTC
With linux-firware-20190514 being stable, I believe we can finally close this.