openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c83d149391d41b4a1724d9002f452a0da079554b
tqma6-yocto-mirror/docs/03-license-analysis/license-compliance.md
OpenClaw (Siggi) c83d149391 Initial documentation for TQMa6UL Yocto mirror project 
Add comprehensive documentation for 2038-compliant BSP migration:

- README.md: Project overview, 2038 compliance verification
- 2038-problem-analysis.md: Detailed technical analysis confirming
  Scarthgap (5.0) provides 64-bit time_t on 32-bit ARM
- step-by-step-mirror-creation.md: Complete procedure for creating
  offline mirror on Ubuntu 22.04 outside corporate network
- license-compliance.md: License categories, approval criteria,
  and table templates for military use approval
- corporate-network-deployment.md: Installation and build setup
  for air-gapped corporate environment

Target: TQMa6UL-AB (i.MX6 UltraLite) on MBa6x
BSP: TQ scarthgap.TQ.ARM.BSP.0006
2038 Status: Verified compliant (kernel 6.6 + glibc 2.38+)

Repo: https://code.gegen.autos/openclaw/tqma6-yocto-mirror
2026-03-01 18:39:21 +00:00

4.9 KiB
Raw Blame History

License Compliance Documentation

Document ID: LIC-COMP-001
Date: 2026-03-01
Scope: Complete license analysis for TQMa6UL Yocto Scarthgap BSP

Overview

This document provides templates and procedures for generating the license compliance table required for software approval.

License Categories

Approved for Military Use (Generally)

License SPDX ID Military Use Notes
MIT MIT Yes Permissive, no restrictions
BSD-2-Clause BSD-2-Clause Yes Permissive
BSD-3-Clause BSD-3-Clause Yes Permissive
Apache-2.0 Apache-2.0 Yes Patent grant included
ISC ISC Yes Permissive

Copyleft (Requires Source Distribution)

License SPDX ID Military Use Notes
GPL-2.0-only GPL-2.0-only Yes* *Must provide source code
GPL-2.0-or-later GPL-2.0-or-later Yes* *Must provide source code
GPL-3.0-only GPL-3.0-only ⚠️ Review Check anti-tivoization clause
GPL-3.0-or-later GPL-3.0-or-later ⚠️ Review Check anti-tivoization clause
LGPL-2.1-only LGPL-2.1-only Yes* *Must provide library source
LGPL-2.1-or-later LGPL-2.1-or-later Yes* *Must provide library source

Special Cases

License Military Use Reason
Proprietary No Closed source, not auditable
CC-BY-SA Yes Documentation license
OpenSSL Yes Special license, acceptable

License Table Template

Download as CSV: license-table-template.csv

Package Name Version License (SPDX) License File Source Location Military Use Notes
linux-yocto 6.6.y GPL-2.0-only COPYING sources/poky-scarthgap/meta/recipes-kernel/linux/ Yes Kernel with 2038 support
glibc 2.38+ LGPL-2.1-or-later LICENSES sources/poky-scarthgap/meta/recipes-core/glibc/ Yes 64-bit time_t
busybox 1.36.x GPL-2.0-only LICENSE sources/poky-scarthgap/meta/recipes-core/busybox/ Yes Core utilities
u-boot-tq 2023.10 GPL-2.0-or-later Licenses/ sources/meta-tq/recipes-bsp/u-boot/ Yes Bootloader
[Additional packages]

Generating the Complete Table

Method 1: Yocto Built-in

# After successful build
cd ${MIRROR_BASE}/build

# Generate license manifest
bitbake core-image-minimal -c do_populate_lic

# Find license files
find tmp/deploy/licenses -name "license.manifest" -o -name "image_license.manifest"

# Copy for analysis
cp -r tmp/deploy/licenses ${MIRROR_BASE}/licenses/

Method 2: Script-Based Extraction

#!/bin/bash
# generate-license-table.sh

OUTPUT="license-table.csv"
echo "Package,Version,License,Source,MilitaryUse" > $OUTPUT

cd ${MIRROR_BASE}/build/tmp/deploy/licenses
grep -r "LICENSE:" . | while read line; do
    pkg=$(echo $line | cut -d: -f2)
    lic=$(echo $line | cut -d: -f3)
    # Add logic to determine military use
    echo "$pkg,,$lic,,TBD" >> $OUTPUT
done

Manual Review Required

Packages to Flag for Review

  1. Firmware blobs (WiFi, GPU, VPU)

    • Location: linux-firmware, firmware-imx
    • Often proprietary licenses
    • May require separate approval

  2. Cryptographic software

    • OpenSSL, gnutls
    • Check export control classifications

  3. Graphics drivers

    • Vivante GPU drivers (imx-gpu-viv)
    • Proprietary binary blobs

  4. Documentation

    • CC-BY-SA licensed manuals
    • Generally acceptable

Military Use Approval Criteria

Automatic Approval

  • MIT, BSD, Apache-2.0: No restrictions
  • GPL/LGPL: With source code provision

Requires Legal Review

  • GPL-3.0 with anti-tivoization
  • Any proprietary license
  • Custom/TQ-specific licenses

Automatic Rejection

  • No license information
  • Proprietary binary-only
  • Export-controlled encryption (without clearance)

Example Package Analysis

Linux Kernel (linux-yocto)

  • License: GPL-2.0-only
  • Military Use: Yes
  • Requirement: Must provide complete kernel source
  • Status: Source included in mirror

glibc

  • License: LGPL-2.1-or-later
  • Military Use: Yes
  • Requirement: Must provide library source
  • Status: Source included in mirror

imx-gpu-viv (Graphics Driver)

  • License: Proprietary (NXP SLA)
  • Military Use: ⚠️ Review Required
  • Action: Check NXP license terms for military use
  • Alternative: Use open-source etnaviv driver (if available)

Deliverables for Approval

  1. Complete License Table (CSV format)
  2. Source Code Archive (full mirror)
  3. License Texts (all unique licenses)
  4. Compliance Statement (document)

Author: Siggi ⚙️
Date: 2026-03-01
Classification: Internal Use

Reference in New Issue View Git Blame Copy Permalink