git: correct license

by default git pulls in several code fragments not being licensed
under just GPL-2.0-only.
In fact obstack and poll are taken from glib, being licensed
under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead

Furthermore
reftable being BSD-3-Clause
sha1dc and inet_ntop being MIT
netmalloc being Bosst-1.0 aka BSL-1.0
regex being LGPL-2.1-or-later

Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
---
 meta/recipes-devtools/git/git_2.35.1.bb | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

Hi

Konrad Weihmann <kweihmann@outlook.com> escreveu no dia quarta, 13/04/2022
à(s) 17:34:

> by default git pulls in several code fragments not being licensed
> under just GPL-2.0-only.
> In fact obstack and poll are taken from glib, being licensed
> under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead
>
> Furthermore
> reftable being BSD-3-Clause
> sha1dc and inet_ntop being MIT
> netmalloc being Bosst-1.0 aka BSL-1.0
> regex being LGPL-2.1-or-later
>
> Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
> ---
>  meta/recipes-devtools/git/git_2.35.1.bb | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-devtools/git/git_2.35.1.bb
> b/meta/recipes-devtools/git/git_2.35.1.bb
> index 47c2211864..f8756b6dec 100644
> --- a/meta/recipes-devtools/git/git_2.35.1.bb
> +++ b/meta/recipes-devtools/git/git_2.35.1.bb
> @@ -2,7 +2,7 @@ SUMMARY = "Distributed version control system"
>  HOMEPAGE = "http://git-scm.com"
>  DESCRIPTION = "Git is a free and open source distributed version control
> system designed to handle everything from small to very large projects with
> speed and efficiency."
>  SECTION = "console/utils"
> -LICENSE = "GPL-2.0-only"
> +LICENSE = "GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 &
> LGPL-2.1-or-later"
>  DEPENDS = "openssl zlib"
>
>  PROVIDES:append:class-native = " git-replacement-native"
> @@ -14,7 +14,16 @@ SRC_URI =
> "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
>
>  S = "${WORKDIR}/git-${PV}"
>
> -LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1"
> +LIC_FILES_CHKSUM = "\
> +       file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1 \
> +       file://reftable/LICENSE;md5=1a6424cafc4c9c88c689848e165af33b \
> +       file://sha1dc/LICENSE.txt;md5=9bbe4c990a9e98ea4b98ef5d3bcb8a7a \
> +
>  file://compat/nedmalloc/License.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
> +
>  file://compat/inet_ntop.c;md5=76593c6f74e8ced5b24520175688d59b;endline=16 \
> +
>  file://compat/obstack.h;md5=08ad25fee5428cd879ceef451ce3a22e;endline=18 \
> +
>  file://compat/poll/poll.h;md5=9fc00170a53b8e3e52157c91ac688dd1;endline=19 \
> +
>  file://compat/regex/regex.h;md5=30cc8af0e6f0f8a25acec6d8783bb763;beginline=4;endline=22
> \
> +"
>

I don't know if it is possible but if we can add a compat PACKAGECONFIG
will be great
so we can disable this part which simplifies a little the license.

Jose


>
>  CVE_PRODUCT = "git-scm:git"
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#164341):
> https://lists.openembedded.org/g/openembedded-core/message/164341
> Mute This Topic: https://lists.openembedded.org/mt/90444706/5052612
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> quaresma.jose@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

On 13.04.22 18:56, Jose Quaresma wrote:
> Hi
> 
> Konrad Weihmann <kweihmann@outlook.com <mailto:kweihmann@outlook.com>> 
> escreveu no dia quarta, 13/04/2022 à(s) 17:34:
> 
>     by default git pulls in several code fragments not being licensed
>     under just GPL-2.0-only.
>     In fact obstack and poll are taken from glib, being licensed
>     under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead
> 
>     Furthermore
>     reftable being BSD-3-Clause
>     sha1dc and inet_ntop being MIT
>     netmalloc being Bosst-1.0 aka BSL-1.0
>     regex being LGPL-2.1-or-later
> 
>     Signed-off-by: Konrad Weihmann <kweihmann@outlook.com
>     <mailto:kweihmann@outlook.com>>
>     ---
>       meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> |
>     13 +++++++++++--
>       1 file changed, 11 insertions(+), 2 deletions(-)
> 
>     diff --git a/meta/recipes-devtools/git/git_2.35.1.bb
>     <http://git_2.35.1.bb> b/meta/recipes-devtools/git/git_2.35.1.bb
>     <http://git_2.35.1.bb>
>     index 47c2211864..f8756b6dec 100644
>     --- a/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb>
>     +++ b/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb>
>     @@ -2,7 +2,7 @@ SUMMARY = "Distributed version control system"
>       HOMEPAGE = "http://git-scm.com <http://git-scm.com>"
>       DESCRIPTION = "Git is a free and open source distributed version
>     control system designed to handle everything from small to very
>     large projects with speed and efficiency."
>       SECTION = "console/utils"
>     -LICENSE = "GPL-2.0-only"
>     +LICENSE = "GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 &
>     LGPL-2.1-or-later"
>       DEPENDS = "openssl zlib"
> 
>       PROVIDES:append:class-native = " git-replacement-native"
>     @@ -14,7 +14,16 @@ SRC_URI =
>     "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
> 
>       S = "${WORKDIR}/git-${PV}"
> 
>     -LIC_FILES_CHKSUM =
>     "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1"
>     +LIC_FILES_CHKSUM = "\
>     +       file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1 \
>     +       file://reftable/LICENSE;md5=1a6424cafc4c9c88c689848e165af33b \
>     +       file://sha1dc/LICENSE.txt;md5=9bbe4c990a9e98ea4b98ef5d3bcb8a7a \
>     +     
>       file://compat/nedmalloc/License.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
>     +     
>       file://compat/inet_ntop.c;md5=76593c6f74e8ced5b24520175688d59b;endline=16 \
>     +     
>       file://compat/obstack.h;md5=08ad25fee5428cd879ceef451ce3a22e;endline=18 \
>     +     
>       file://compat/poll/poll.h;md5=9fc00170a53b8e3e52157c91ac688dd1;endline=19 \
>     +     
>       file://compat/regex/regex.h;md5=30cc8af0e6f0f8a25acec6d8783bb763;beginline=4;endline=22 \
>     +"
> 
> 
> I don't know if it is possible but if we can add a compat PACKAGECONFIG 
> will be great
> so we can disable this part which simplifies a little the license.

That would be indeed nice to have - from my understanding of the 
makefile those are build unconditionally, so it would require a upstream 
work first I guess.

For now my patch is just reflecting what is actually used

> 
> Jose
> 
> 
>       CVE_PRODUCT = "git-scm:git"
> 
>     -- 
>     2.25.1
> 
> 
>     -=-=-=-=-=-=-=-=-=-=-=-
>     Links: You receive all messages sent to this group.
>     View/Reply Online (#164341):
>     https://lists.openembedded.org/g/openembedded-core/message/164341
>     <https://lists.openembedded.org/g/openembedded-core/message/164341>
>     Mute This Topic: https://lists.openembedded.org/mt/90444706/5052612
>     <https://lists.openembedded.org/mt/90444706/5052612>
>     Group Owner: openembedded-core+owner@lists.openembedded.org
>     <mailto:openembedded-core%2Bowner@lists.openembedded.org>
>     Unsubscribe:
>     https://lists.openembedded.org/g/openembedded-core/unsub
>     <https://lists.openembedded.org/g/openembedded-core/unsub>
>     [quaresma.jose@gmail.com <mailto:quaresma.jose@gmail.com>]
>     -=-=-=-=-=-=-=-=-=-=-=-
> 
> 
> 
> -- 
> Best regards,
> 
> José Quaresma

> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Konrad Weihmann
> Sent: den 13 april 2022 18:59
> To: Jose Quaresma <quaresma.jose@gmail.com>
> Cc: OE-core <openembedded-core@lists.openembedded.org>
> Subject: Re: [OE-core] [PATCH] git: correct license
> 
> On 13.04.22 18:56, Jose Quaresma wrote:
> > Hi
> >
> > Konrad Weihmann <kweihmann@outlook.com <mailto:kweihmann@outlook.com>>
> > escreveu no dia quarta, 13/04/2022 à(s) 17:34:
> >
> >     by default git pulls in several code fragments not being licensed
> >     under just GPL-2.0-only.
> >     In fact obstack and poll are taken from glib, being licensed
> >     under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead

No, it's the other way around. You can use GPL-2.0-or-later as 
GPL-2.0-only, but you *cannot* use GPL-2.0-only as GPL-2.0-or-later 
without relicensing the code, and, unless you are the owner of the 
code, you cannot do that. 

However, it is probably better to be explicit and actually state the 
LICENSE as "GPL-2.0-only & GPL-2.0-or-later & ..." since those are 
the licenses that are actually being used.

> >
> >     Furthermore
> >     reftable being BSD-3-Clause
> >     sha1dc and inet_ntop being MIT
> >     netmalloc being Bosst-1.0 aka BSL-1.0
> >     regex being LGPL-2.1-or-later
> >
> >     Signed-off-by: Konrad Weihmann <kweihmann@outlook.com
> >     <mailto:kweihmann@outlook.com>>
> >     ---
> >       meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> |
> >     13 +++++++++++--
> >       1 file changed, 11 insertions(+), 2 deletions(-)
> >
> >     diff --git a/meta/recipes-devtools/git/git_2.35.1.bb
> >     <http://git_2.35.1.bb> b/meta/recipes-devtools/git/git_2.35.1.bb
> >     <http://git_2.35.1.bb>
> >     index 47c2211864..f8756b6dec 100644
> >     --- a/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb>
> >     +++ b/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb>
> >     @@ -2,7 +2,7 @@ SUMMARY = "Distributed version control system"
> >       HOMEPAGE = "http://git-scm.com <http://git-scm.com>"
> >       DESCRIPTION = "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency."
> >       SECTION = "console/utils"
> >     -LICENSE = "GPL-2.0-only"
> >     +LICENSE = "GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & LGPL-2.1-or-later"
> >       DEPENDS = "openssl zlib"
> >
> >       PROVIDES:append:class-native = " git-replacement-native"
> >     @@ -14,7 +14,16 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
> >
> >       S = "${WORKDIR}/git-${PV}"
> >
> >     -LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1"
> >     +LIC_FILES_CHKSUM = "\
> >     +       file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1 \
> >     +       file://reftable/LICENSE;md5=1a6424cafc4c9c88c689848e165af33b \
> >     +       file://sha1dc/LICENSE.txt;md5=9bbe4c990a9e98ea4b98ef5d3bcb8a7a \
> >     +       file://compat/nedmalloc/License.txt;md5=e4224ccaecb14d942c71d31bef20d78c \
> >     +       file://compat/inet_ntop.c;md5=76593c6f74e8ced5b24520175688d59b;endline=16 \
> >     +       file://compat/obstack.h;md5=08ad25fee5428cd879ceef451ce3a22e;endline=18 \
> >     +       file://compat/poll/poll.h;md5=9fc00170a53b8e3e52157c91ac688dd1;endline=19 \
> >     +       file://compat/regex/regex.h;md5=30cc8af0e6f0f8a25acec6d8783bb763;beginline=4;endline=22 \
> >     +"
> >
> >
> > I don't know if it is possible but if we can add a compat PACKAGECONFIG
> > will be great
> > so we can disable this part which simplifies a little the license.
> 
> That would be indeed nice to have - from my understanding of the
> makefile those are build unconditionally, so it would require a upstream
> work first I guess.
> 
> For now my patch is just reflecting what is actually used
> 
> > Jose
> >
> >       CVE_PRODUCT = "git-scm:git"
> >
> >     --
> >     2.25.1
> > --
> > Best regards,
> >
> > José Quaresma

//Peter