diff --git a/README.md b/README.md index 5adf27f4..17a92bd9 100644 --- a/README.md +++ b/README.md @@ -194,6 +194,15 @@ tar xzf yocto-mirror-tqma6ul.tar.gz -C /srv/yocto/ ``` + +## Softwarefreigabeantrag (PDF) + +The complete approval document is available as PDF: +**[`docs/softwarefreigabe.pdf`](docs/softwarefreigabe.pdf)** (13 pages, LaTeX source: [`docs/softwarefreigabe.tex`](docs/softwarefreigabe.tex)) + +Contents: title page, build configuration, complete 264-package license table, +proprietary component assessment, military use evaluation, compliance checklist. + ## Complete License & Source Table The file [`docs/03-license-analysis/UT-license-table.csv`](docs/03-license-analysis/UT-license-table.csv) diff --git a/docs/03-license-analysis/license-compliance.md b/docs/03-license-analysis/license-compliance.md deleted file mode 100644 index 4051849e..00000000 --- a/docs/03-license-analysis/license-compliance.md +++ /dev/null @@ -1,160 +0,0 @@ -# License Compliance Documentation - -**Document ID:** LIC-COMP-001 -**Date:** 2026-03-01 -**Scope:** Complete license analysis for TQMa6UL Yocto Scarthgap BSP - ---- - -## Overview - -This document provides templates and procedures for generating the license compliance table required for software approval. - -## License Categories - -### Approved for Military Use (Generally) - -| License | SPDX ID | Military Use | Notes | -|---------|---------|--------------|-------| -| MIT | MIT | ✅ Yes | Permissive, no restrictions | -| BSD-2-Clause | BSD-2-Clause | ✅ Yes | Permissive | -| BSD-3-Clause | BSD-3-Clause | ✅ Yes | Permissive | -| Apache-2.0 | Apache-2.0 | ✅ Yes | Patent grant included | -| ISC | ISC | ✅ Yes | Permissive | - -### Copyleft (Requires Source Distribution) - -| License | SPDX ID | Military Use | Notes | -|---------|---------|--------------|-------| -| GPL-2.0-only | GPL-2.0-only | ✅ Yes* | *Must provide source code | -| GPL-2.0-or-later | GPL-2.0-or-later | ✅ Yes* | *Must provide source code | -| GPL-3.0-only | GPL-3.0-only | ⚠️ Review | Check anti-tivoization clause | -| GPL-3.0-or-later | GPL-3.0-or-later | ⚠️ Review | Check anti-tivoization clause | -| LGPL-2.1-only | LGPL-2.1-only | ✅ Yes* | *Must provide library source | -| LGPL-2.1-or-later | LGPL-2.1-or-later | ✅ Yes* | *Must provide library source | - -### Special Cases - -| License | Military Use | Reason | -|---------|--------------|--------| -| Proprietary | ❌ No | Closed source, not auditable | -| CC-BY-SA | ✅ Yes | Documentation license | -| OpenSSL | ✅ Yes | Special license, acceptable | - -## License Table Template - -Download as CSV: [license-table-template.csv](license-table-template.csv) - -| Package Name | Version | License (SPDX) | License File | Source Location | Military Use | Notes | -|--------------|---------|----------------|--------------|-----------------|--------------|-------| -| linux-yocto | 6.6.y | GPL-2.0-only | COPYING | sources/poky-scarthgap/meta/recipes-kernel/linux/ | ✅ Yes | Kernel with 2038 support | -| glibc | 2.39 | LGPL-2.1-or-later | LICENSES | sources/poky-scarthgap/meta/recipes-core/glibc/ | ✅ Yes | 64-bit time_t | -| busybox | 1.36.x | GPL-2.0-only | LICENSE | sources/poky-scarthgap/meta/recipes-core/busybox/ | ✅ Yes | Core utilities | -| u-boot-tq | 2023.10 | GPL-2.0-or-later | Licenses/ | sources/meta-tq/recipes-bsp/u-boot/ | ✅ Yes | Bootloader | -| [Additional packages] | | | | | | | - -## Generating the Complete Table - -### Method 1: Yocto Built-in - -```bash -# After successful build -cd ${MIRROR_BASE}/build - -# Generate license manifest -bitbake core-image-minimal -c do_populate_lic - -# Find license files -find tmp/deploy/licenses -name "license.manifest" -o -name "image_license.manifest" - -# Copy for analysis -cp -r tmp/deploy/licenses ${MIRROR_BASE}/licenses/ -``` - -### Method 2: Script-Based Extraction - -```bash -#!/bin/bash -# generate-license-table.sh - -OUTPUT="license-table.csv" -echo "Package,Version,License,Source,MilitaryUse" > $OUTPUT - -cd ${MIRROR_BASE}/build/tmp/deploy/licenses -grep -r "LICENSE:" . | while read line; do - pkg=$(echo $line | cut -d: -f2) - lic=$(echo $line | cut -d: -f3) - # Add logic to determine military use - echo "$pkg,,$lic,,TBD" >> $OUTPUT -done -``` - -## Manual Review Required - -### Packages to Flag for Review - -1. **Firmware blobs** (WiFi, GPU, VPU) - - Location: `linux-firmware`, `firmware-imx` - - Often proprietary licenses - - May require separate approval - -2. **Cryptographic software** - - OpenSSL, gnutls - - Check export control classifications - -3. **Graphics drivers** - - Vivante GPU drivers (imx-gpu-viv) - - Proprietary binary blobs - -4. **Documentation** - - CC-BY-SA licensed manuals - - Generally acceptable - -## Military Use Approval Criteria - -### Automatic Approval -- MIT, BSD, Apache-2.0: ✅ No restrictions -- GPL/LGPL: ✅ With source code provision - -### Requires Legal Review -- GPL-3.0 with anti-tivoization -- Any proprietary license -- Custom/TQ-specific licenses - -### Automatic Rejection -- No license information -- Proprietary binary-only -- Export-controlled encryption (without clearance) - -## Example Package Analysis - -### Linux Kernel (linux-yocto) -- **License:** GPL-2.0-only -- **Military Use:** ✅ Yes -- **Requirement:** Must provide complete kernel source -- **Status:** Source included in mirror - -### glibc -- **License:** LGPL-2.1-or-later -- **Military Use:** ✅ Yes -- **Requirement:** Must provide library source -- **Status:** Source included in mirror - -### imx-gpu-viv (Graphics Driver) -- **License:** Proprietary (NXP SLA) -- **Military Use:** ⚠️ Review Required -- **Action:** Check NXP license terms for military use -- **Alternative:** Use open-source etnaviv driver (if available) - -## Deliverables for Approval - -1. **Complete License Table** (CSV format) -2. **Source Code Archive** (full mirror) -3. **License Texts** (all unique licenses) -4. **Compliance Statement** (document) - ---- - -**Author:** Siggi ⚙️ -**Date:** 2026-03-01 -**Classification:** Internal Use diff --git a/docs/05-build-artifacts/README.md b/docs/05-build-artifacts/README.md deleted file mode 100644 index 42a4f2ff..00000000 --- a/docs/05-build-artifacts/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# Build Artifacts - -## pn-buildlist - -Complete list of all 264 BitBake recipes in the `tq-image-small-debug` build graph. - -**Machine:** `tqma6ul-multi-mba6ulx` -**Distro:** `spaetzle` (musl) -**Yocto:** Scarthgap 5.0.11 -**BitBake:** 2.8.0 - -## Generating fresh artifacts - -```bash -cd ci-meta-tq -export ACCEPT_FSL_EULA=1 -export MACHINE=tqma6ul-multi-mba6ulx -. ./setup-environment build_ut mainline - -# Generate dependency graph and build list -bitbake tq-image-small-debug -g - -# Output files: -# - pn-buildlist (recipe list) -# - task-depends.dot (full dependency graph, ~1.6MB) -``` - -## Regenerating the license table - -```bash -# For each recipe in pn-buildlist, extract SRC_URI and LICENSE: -while IFS= read -r recipe; do - output=$(bitbake -e "$recipe" 2>/dev/null) - pv=$(echo "$output" | grep '^PV=' | head -1 | sed 's/^PV="//' | sed 's/"$//') - license=$(echo "$output" | grep '^LICENSE=' | head -1 | sed 's/^LICENSE="//' | sed 's/"$//') - src_uri=$(echo "$output" | grep '^SRC_URI=' | head -1 | sed 's/^SRC_URI="//' | sed 's/"$//') - first_url=$(echo "$src_uri" | grep -oP '(https?|ftp|git)://[^\s]+' | head -1 | sed 's/;.*//') - echo "\"$recipe\",\"$pv\",\"$license\",\"$first_url\"" -done < pn-buildlist > license-table.csv -``` - ---- - -**Generated:** 2026-03-01 diff --git a/docs/05-build-artifacts/pn-buildlist b/docs/05-build-artifacts/pn-buildlist deleted file mode 100644 index b51183d8..00000000 --- a/docs/05-build-artifacts/pn-buildlist +++ /dev/null @@ -1,264 +0,0 @@ -tq-image-small-debug -quilt-native -patch-native -pseudo-native -linux-tq -xz-native -cross-localedef-native -qemuwrapper-cross -makedevs-native -opkg-utils-native -update-rc.d-native -rpm-native -dnf-native -createrepo-c-native -bmaptool-native -pigz-native -u-boot-tq -parted-native -gptfdisk-native -dosfstools-native -mtools-native -mtd-utils-native -binutils-cross-arm -syslinux-native -btrfs-tools-native -erofs-utils-native -cdrtools-native -e2fsprogs-native -depmodwrapper-cross -squashfs-tools-native -packagegroup-core-boot -packagegroup-base -packagegroup-hwutils -packagegroup-fsutils -packagegroup-netutils -packagegroup-sysutils -packagegroup-can -run-postinsts -packagegroup-core-ssh-dropbear -python3-native -python3-setuptools-native -python3-six-native -coreutils-native -libtool-native -autoconf-native -automake-native -attr-native -pkgconfig-native -sqlite3-native -dwarfsrcfiles-native -kmod-native -kern-tools-native -gcc-cross-arm -bc-native -bison-native -ncurses-native -lzop-native -openssl-native -gettext-minimal-native -qemu-native -perl-native -lua-native -popt-native -libgcrypt-native -zstd-native -file-native -bzip2-native -cmake-native -elfutils-native -ninja-native -libcomps-native -libdnf-native -librepo-native -zlib-native -libxml2-native -expat-native -glib-2.0-native -curl-native -python3-installer-native -python3-build-native -python3-wheel-native -gcc-runtime -dtc-native -musl -swig-native -util-linux-native -texinfo-dummy-native -readline-native -lzo-native -acl-native -gnu-config-native -flex-native -nasm-native -util-linux-libuuid-native -lz4-native -autoconf-archive-native -update-rc.d -initscripts -ncurses -zlib -libedit-native -libffi-native -libnsl2-native -gdbm-native -libtirpc-native -python3-flit-core-native -gettext-native -debianutils-native -libgcc -bsd-headers -busybox -opkg-utils -base-files -base-passwd -init-ifupdown -eudev -netbase -modutils-initscripts -linux-firmware -zstd -tq-udev-rules -e2fsprogs -lrzsz -alsa-utils -u-boot-env-tq -os-release -setserial -usbutils -firmware-imx -kmod -udev-rules-imx -alsa-state -dosfstools -hdparm -usb-modeswitch-data -uhubctl -minicom -lmsensors -mmc-utils -i2c-tools -spitools -libgpiod -screen -usb-modeswitch -mtd-utils -parted -iperf2 -ethtool -iproute2 -iperf3 -libubootenv -cpupower -procps -cpufrequtils -linuxptp -rng-tools -can-utils -util-linux -openssh -dropbear -m4-native -python3-pyproject-hooks-native -python3-packaging-native -libssp-nonshared -linux-libc-headers -init-system-helpers -gmp-native -gtk-doc-native -git-native -gcc-source-13.4.0 -libmpc-native -mpfr-native -meson-native -gperf-native -make-native -perlcross-native -libgpg-error-native -libcap-native -lzlib-native -libmicrohttpd-native -libarchive-native -re2c-native -json-c-native -gobject-introspection-native -libcheck-native -libsolv-native -libmodulemd-native -gpgme-native -libpcre2-native -libgcc-initial -libcap-ng-native -groff-native -libtool-cross -unzip-native -figlet-native -attr -alsa-lib -libsamplerate0 -fftw -libusb1 -openssl -bash-completion -xz -tcl-native -lzo -readline -libmnl -elfutils -libcap -iptables -libyaml -pciutils -libjitterentropy -argp-standalone -libsocketcan -libcap-ng -util-linux-libuuid -shadow-native -shadow-sysroot -shadow -rsync-native -unifdef-native -busybox-inittab -bash -firmware-nxp-wifi -python3 -gawk -coreutils -lmsensors-config -perl -tcl -alsa-ucm-conf -alsa-topology-conf -shadow-securetty -ca-certificates-native -gnutls-native -libyaml-native -libassuan-native -bzip2 -libsndfile1 -fts -musl-obstack -musl-legacy-error -libbsd-native -libffi -libedit -libtirpc -sqlite3 -expat -libnsl2 -gdbm -gmp -ttyrun -ca-certificates -acl -findutils -libunistring-native -libtasn1-native -nettle-native -libidn2-native -libogg -flac -libvorbis -libmd-native