openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df7e003842b103684b60ac8cb73512b528d80821
tqma6-yocto-mirror/docs/03-license-analysis/license-compliance.md
Siggi (OpenClaw) 7f9761b915 docs: add distro comparison, recommend dumpling-wayland for Qt/glibc 
Key updates:
- README: comprehensive distro comparison table (spaetzle vs dumpling-wayland)
- Recommend dumpling-wayland (glibc) for Qt/GUI applications
- spaetzle (musl) explicitly blocks Qt: SKIP_RECIPE[tq-image-qt6]
- Both distros are 2038-safe (glibc 2.39 and musl 1.2+ both use 64-bit time_t)
- Updated 2038 analysis to cover both C library options
- Updated license tables with both glibc and musl entries
- Fixed remaining config references (imx → mainline)
- Added image availability matrix per distro
- Corrected package versions to match Scarthgap 5.0.11
2026-03-01 19:55:10 +00:00

4.9 KiB
Raw Blame History

License Compliance Documentation

Document ID: LIC-COMP-001
Date: 2026-03-01
Scope: Complete license analysis for TQMa6UL Yocto Scarthgap BSP

Overview

This document provides templates and procedures for generating the license compliance table required for software approval.

License Categories

Approved for Military Use (Generally)

License SPDX ID Military Use Notes
MIT MIT Yes Permissive, no restrictions
BSD-2-Clause BSD-2-Clause Yes Permissive
BSD-3-Clause BSD-3-Clause Yes Permissive
Apache-2.0 Apache-2.0 Yes Patent grant included
ISC ISC Yes Permissive

Copyleft (Requires Source Distribution)

License SPDX ID Military Use Notes
GPL-2.0-only GPL-2.0-only Yes* *Must provide source code
GPL-2.0-or-later GPL-2.0-or-later Yes* *Must provide source code
GPL-3.0-only GPL-3.0-only ⚠️ Review Check anti-tivoization clause
GPL-3.0-or-later GPL-3.0-or-later ⚠️ Review Check anti-tivoization clause
LGPL-2.1-only LGPL-2.1-only Yes* *Must provide library source
LGPL-2.1-or-later LGPL-2.1-or-later Yes* *Must provide library source

Special Cases

License Military Use Reason
Proprietary No Closed source, not auditable
CC-BY-SA Yes Documentation license
OpenSSL Yes Special license, acceptable

License Table Template

Download as CSV: license-table-template.csv

Package Name Version License (SPDX) License File Source Location Military Use Notes
linux-yocto 6.6.y GPL-2.0-only COPYING sources/poky-scarthgap/meta/recipes-kernel/linux/ Yes Kernel with 2038 support
glibc 2.39 LGPL-2.1-or-later LICENSES sources/poky-scarthgap/meta/recipes-core/glibc/ Yes 64-bit time_t
busybox 1.36.x GPL-2.0-only LICENSE sources/poky-scarthgap/meta/recipes-core/busybox/ Yes Core utilities
u-boot-tq 2023.10 GPL-2.0-or-later Licenses/ sources/meta-tq/recipes-bsp/u-boot/ Yes Bootloader
[Additional packages]

Generating the Complete Table

Method 1: Yocto Built-in

# After successful build
cd ${MIRROR_BASE}/build

# Generate license manifest
bitbake core-image-minimal -c do_populate_lic

# Find license files
find tmp/deploy/licenses -name "license.manifest" -o -name "image_license.manifest"

# Copy for analysis
cp -r tmp/deploy/licenses ${MIRROR_BASE}/licenses/

Method 2: Script-Based Extraction

#!/bin/bash
# generate-license-table.sh

OUTPUT="license-table.csv"
echo "Package,Version,License,Source,MilitaryUse" > $OUTPUT

cd ${MIRROR_BASE}/build/tmp/deploy/licenses
grep -r "LICENSE:" . | while read line; do
    pkg=$(echo $line | cut -d: -f2)
    lic=$(echo $line | cut -d: -f3)
    # Add logic to determine military use
    echo "$pkg,,$lic,,TBD" >> $OUTPUT
done

Manual Review Required

Packages to Flag for Review

  1. Firmware blobs (WiFi, GPU, VPU)

    • Location: linux-firmware, firmware-imx
    • Often proprietary licenses
    • May require separate approval

  2. Cryptographic software

    • OpenSSL, gnutls
    • Check export control classifications

  3. Graphics drivers

    • Vivante GPU drivers (imx-gpu-viv)
    • Proprietary binary blobs

  4. Documentation

    • CC-BY-SA licensed manuals
    • Generally acceptable

Military Use Approval Criteria

Automatic Approval

  • MIT, BSD, Apache-2.0: No restrictions
  • GPL/LGPL: With source code provision

Requires Legal Review

  • GPL-3.0 with anti-tivoization
  • Any proprietary license
  • Custom/TQ-specific licenses

Automatic Rejection

  • No license information
  • Proprietary binary-only
  • Export-controlled encryption (without clearance)

Example Package Analysis

Linux Kernel (linux-yocto)

  • License: GPL-2.0-only
  • Military Use: Yes
  • Requirement: Must provide complete kernel source
  • Status: Source included in mirror

glibc

  • License: LGPL-2.1-or-later
  • Military Use: Yes
  • Requirement: Must provide library source
  • Status: Source included in mirror

imx-gpu-viv (Graphics Driver)

  • License: Proprietary (NXP SLA)
  • Military Use: ⚠️ Review Required
  • Action: Check NXP license terms for military use
  • Alternative: Use open-source etnaviv driver (if available)

Deliverables for Approval

  1. Complete License Table (CSV format)
  2. Source Code Archive (full mirror)
  3. License Texts (all unique licenses)
  4. Compliance Statement (document)

Author: Siggi ⚙️
Date: 2026-03-01
Classification: Internal Use

Reference in New Issue View Git Blame Copy Permalink