From 96594eb948732b0805f15495b8b11b15004e6d40 Mon Sep 17 00:00:00 2001 From: Michael Opdenacker Date: Wed, 6 Oct 2021 10:42:33 +0200 Subject: dev-manual: warn about license compliance issues when static libraries are used This partly addresses [YOCTO #14407] (From yocto-docs rev: 444ca8900e8057562d2a71a77e6e6798aca3ce85) Signed-off-by: Michael Opdenacker Signed-off-by: Richard Purdie --- documentation/dev-manual/common-tasks.rst | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'documentation/dev-manual') diff --git a/documentation/dev-manual/common-tasks.rst b/documentation/dev-manual/common-tasks.rst index 8ab45193b8..4683b1c045 100644 --- a/documentation/dev-manual/common-tasks.rst +++ b/documentation/dev-manual/common-tasks.rst @@ -11158,6 +11158,26 @@ this function, you have to follow the following steps: For more usage information refer to :yocto_git:`the meta-spdxscanner repository `. +Compliance Limitations with Executables Built from Static Libraries +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When package A is added to an image via the :term:`RDEPENDS` or :term:`RRECOMMENDS` +mechanisms as well as explicitly included in the image recipe with +:term:`IMAGE_INSTALL`, and depends on a static linked library recipe B +(``DEPENDS += "B"``), package B will neither appear in the generated license +manifest nor in the generated source tarballs. This occurs as the +:ref:`license ` and :ref:`archiver ` +classes assume that only packages included via :term:`RDEPENDS` or :term:`RRECOMMENDS` +end up in the image. + +As a result, potential obligations regarding license compliance for package B +may not be met. + +The Yocto Project doesn't enable static libraries by default, in part because +of this issue. Before a solution to this limitation is found, you need to +keep in mind that if your root filesystem is built from static libraries, +you will need to manually ensure that your deliveries are compliant +with the licenses of these libraries. Copying Non Standard Licenses ----------------------------- -- cgit v1.2.3-54-g00ecf