Question regarding licenses for third party included source code, specifically for meta-qt5/meta-browser

Christian Bräuner Sørensen


Apologies for the upcoming wall of text.
I got 2 questions, 1 legal and 1 technical, but some intro is needed before asking them.

@Martin.Jansa@...: Put you on recipients since you are listed as maintainer for meta-qt5.
@eric@... @denis@... @otavio@... : Put you on recipients since you are listed as maintaners for meta-browser.

I have been looking a bit into the licenses used in Qt, and to be it seems that (almost) all licenses listed in Yocto are wrong for qt components that has included third party software in meta-qt5, and chromium recipes in meta-browser. Probably also somewhere else. The problem is not limited to meta-qt5/meta-browser.

Link for licenses used in Qt:
Qt contains some code that is not provided under the GNU Lesser General Public License (LGPL) or the Qt Commercial License, but rather under specific licenses from the original authors.. The Qt Company gratefully acknowledges these and other contributions to Qt. We recommend that programs that use Qt also acknowledge these contributions, and quote these license statements in an appendix to the ...
"Fun" fact: Qt includes third party software within their source code. E.g. libpng, libjpeg, zlib, boost and many others, most likely due to ease cross platform development.
However, (almost) none of these third party included softwares are shown in Yocto, and (almost) none of the license text files got a checksum with them in the recipes.
E.g. looking at QtWayland:
  • 13 third party softwares is included:
  • wayland-fullscreen-protocol
  • wayland-protocol
  • wayland-ivi-extension-protocol
  • wayland-primary-selection-protocol
  • wayland-scaler-protocol
  • wayland-tablet-protocol
  • wayland-viewporter-protocol
  • wayland-xdg-decoration-protocol
  • wayland-xdg-output-protocol
  • wayland-xdg-shell-protocol
  • wayland-text-input-unstable
  • wayland-linux-dmabuf-unstable-v1wayland-eglstream-controller

Most of these are under MIT and 1 is under HPND.
2 license texts for included third party software are included in qtwayland:
  • src/3rdparty/protocol/HPND_LICENSE.txt
  • src/3rdparty/protocol/MIT_LICENSE.txt

No where in the recipe for QtWayland is any signs of MIT, HPND, or the 2 license texts mentioned here.

In QtLocation it is a bit different. Some effort has indeed been done in: commit 59c9742cba7fd2933a0c3d8586a0b0128a28504d.
In the commit "Apache-2.0 & MIT & openssl & BSL-1.0 &" where added to the LICENSE variable.
But; the current qtlocation software actually uses included third party that has the following licenses:
  • BSD-2-Clause
  • BSD-2-Clause AND Zlib
  • BSD-3-Clause
  • BSL-1.0
  • geosimplify-js
  • ISC
  • MIT
So it is incomplete, and hence; Wrong.

Most recipes in Qt has no licenses and license text files added in recipes, meaning the license manifest generated is currently wrong, afaik, for software that has included third party software.

Qtwebengine has included chromium software, but and has only 1 license file included, and just BSD license added to LICENSE.
But; Chromium itself has 100+ (having counted them) included third party software. Listed just BSD does not cover all ..

Qt has done some work by having qt_attribution.json files within their source code. Those files are of json'ish syntax (improper multiline strings), but they do contain information of the included third party software, and:
  • License for the included third party software
  • Path to included license text file for that included third party software.
So that can be utilized to obtain all the third party software licenses and license text files.

Made a script that can be used in a qt component source code, that extracts all licenses used and the license text files and hence can be used as input for the recipes.
But: This will need to be done manually on each upgrade of the Qt software on all qt modules, to check for whether third party has been added/removed/changed.

Looking into meta-browser, the chromium recipes has indeed spend some effort in listing all licenses for third party components in LIC_FILES_CHKSUM, but also here, the LICENSE variable does not cover all.
Chromium has a script that can list all the licenses third party included software:
# -*- coding: utf-8 -*-# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be
But again; In Yocto, all these licenses are not shown.
Also here, we can run the script outside yocto and generate output for the recipes and then insert it.
But as with meta-qt5; This needs to be done on each upgrade...

And now for the questions:
Question 1 - legal question:
Can we in any way avoid listing licenses and license text files in Yocto and still comply to the licenses used ?
I assume the answer is no, but that might be due to the fact that I am a developer and better to be safe ....

Question 2 -  technical implementation question:
license.bbclass looks has a task do_populate_lic() that is run after do_patch, i.e. after source code has been extracted.
It should be possible to extend that with a handle that would check for whether to search source code for licenses and license text files.
E.g. in do_populate_lic() just after get_recipe_info():
  <local function that can be set in recipes/classes>

That would make it possible to create a function in
  • a bbclass in meta-qt5 that could insert all the licenses and the license text files, but searching for qt_attribute.json files and locating licenses and license text files.
  • in meta-browser that could do some of the same as
Otherwise, it requires a manual step on each upgrade of the qt to enter each git repository and run a script and then manually insert output in recipes.
Has the obvious pitfall of not listing licenses if simply looking into the generated environment using "bitbake -e".
What do you think of such an addition to license.bbclass, and changes to meta-qt5/meta-browser ?

Note: This is of cause not just relevant for meta-qt5/meta-browser. It is relevant for all software that has included third party software.