diff mbox series

[v5,2/2] module: Block a module by TUXEDO from accessing GPL symbols

Message ID 20241115185253.1299264-3-wse@tuxedocomputers.com (mailing list archive)
State Handled Elsewhere
Headers show
Series [v5,1/2] module: Put known GPL offenders in an array | expand

Checks

Context Check Description
mcgrof/vmtest-modules-next-PR success PR summary
mcgrof/vmtest-modules-next-VM_Test-1 success Logs for Run CI tests
mcgrof/vmtest-modules-next-VM_Test-0 success Logs for Run CI tests
mcgrof/vmtest-modules-next-VM_Test-4 success Logs for setup / Setup kdevops environment
mcgrof/vmtest-modules-next-VM_Test-5 success Logs for setup / Setup kdevops environment
mcgrof/vmtest-modules-next-VM_Test-2 success Logs for cleanup / Archive results and cleanup
mcgrof/vmtest-modules-next-VM_Test-3 success Logs for cleanup / Archive results and cleanup

Commit Message

Werner Sembach Nov. 15, 2024, 6:50 p.m. UTC
From: Uwe Kleine-König <ukleinek@kernel.org>

TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
contributers the committed code under GPLv3+ is awaited.

Teach the module loader that this module is not GPLv2 compatible despite
the declaration to be GPLv2 compatible until the relicensing is complete.

Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
[Remove relicensed modules and accusatory language]
Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
---
 kernel/module/main.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Daniel Gomez Nov. 16, 2024, 8:15 a.m. UTC | #1
On Fri Nov 15, 2024 at 7:50 PM CET, Werner Sembach wrote:
> From: Uwe Kleine-König <ukleinek@kernel.org>
>
> TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> contributers the committed code under GPLv3+ is awaited.

FYI, the SPDX identifier GPL-2.0+ is deprecated as of 2.0rc2 [1]. I think you'd
need to use GPL-2.0-or-later [2] instead. And when using the SPDX identifier,
you don't need to include the full text boilerplate in the source of every file
as long as you include a LICENSE file or COPYRIGHT file with a copy of the
license. One example upstream here [3] commit 1a59d1b8e05ea ("treewide: Replace
GPLv2 boilerplate/reference with SPDX - rule 156").

[1] https://spdx.org/licenses/GPL-2.0+.html
[2] https://spdx.org/licenses/GPL-2.0-or-later.html
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.12-rc7&id=1a59d1b8e05ea


Daniel
>
> Teach the module loader that this module is not GPLv2 compatible despite
> the declaration to be GPLv2 compatible until the relicensing is complete.
>
> Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
> [Remove relicensed modules and accusatory language]
> Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
> ---
>  kernel/module/main.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 905d7b60dd709..df2549352ca8a 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2029,6 +2029,14 @@ static const char *module_license_offenders[] = {
>  
>  	/* lve claims to be GPL but upstream won't provide source */
>  	"lve",
> +
> +	/*
> +	 * TUXEDO awaits 2 final answers to relicense the last module to GPLv2+
> +	 * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/merge_requests/21 ,
> +	 * https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/dd34594ab880ed477bb75725176c3fb9352a07eb ,
> +	 * and https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/c8893684c2f869b2a6b13f1ef1ddeb4922f2ffe3
> +	 */
> +	"clevo_acpi",
>  };
>  
>  /*
Uwe Kleine-König Nov. 16, 2024, 5:20 p.m. UTC | #2
On Sat, Nov 16, 2024 at 09:15:55AM +0100, Daniel Gomez wrote:
> On Fri Nov 15, 2024 at 7:50 PM CET, Werner Sembach wrote:
> > From: Uwe Kleine-König <ukleinek@kernel.org>
> >
> > TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> > contributers the committed code under GPLv3+ is awaited.
> 
> FYI, the SPDX identifier GPL-2.0+ is deprecated as of 2.0rc2 [1]. I think you'd
> need to use GPL-2.0-or-later [2] instead. And when using the SPDX identifier,
> you don't need to include the full text boilerplate in the source of every file
> as long as you include a LICENSE file or COPYRIGHT file with a copy of the
> license. One example upstream here [3] commit 1a59d1b8e05ea ("treewide: Replace
> GPLv2 boilerplate/reference with SPDX - rule 156").
> 
> [1] https://spdx.org/licenses/GPL-2.0+.html
> [2] https://spdx.org/licenses/GPL-2.0-or-later.html
> [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.12-rc7&id=1a59d1b8e05ea

If you're convinced that "GPL-2.0-or-later" is the right string to use
(and the following somewhat agrees with you:

	linux$ git rev-parse next/master
	744cf71b8bdfcdd77aaf58395e068b7457634b2c

	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0+' next/master | wc -l
	3640

	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0-or-later' next/master | wc -l
	9005
)

you can consider patching Documentation/process/license-rules.rst which
currently reads:

   License identifiers for licenses like [L]GPL with the 'or later' option
   are constructed by using a "+" for indicating the 'or later' option.::

      // SPDX-License-Identifier: GPL-2.0+
      // SPDX-License-Identifier: LGPL-2.1+

Best regards
Uwe
Daniel Gomez Nov. 18, 2024, 9:05 a.m. UTC | #3
On Sat Nov 16, 2024 at 6:20 PM CET, Uwe Kleine-König wrote:
> On Sat, Nov 16, 2024 at 09:15:55AM +0100, Daniel Gomez wrote:
>> On Fri Nov 15, 2024 at 7:50 PM CET, Werner Sembach wrote:
>> > From: Uwe Kleine-König <ukleinek@kernel.org>
>> >
>> > TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
>> > contributers the committed code under GPLv3+ is awaited.
>> 
>> FYI, the SPDX identifier GPL-2.0+ is deprecated as of 2.0rc2 [1]. I think you'd
>> need to use GPL-2.0-or-later [2] instead. And when using the SPDX identifier,
>> you don't need to include the full text boilerplate in the source of every file
>> as long as you include a LICENSE file or COPYRIGHT file with a copy of the
>> license. One example upstream here [3] commit 1a59d1b8e05ea ("treewide: Replace
>> GPLv2 boilerplate/reference with SPDX - rule 156").
>> 
>> [1] https://protect2.fireeye.com/v1/url?k=86f7819c-e78c2b15-86f60ad3-74fe48600034-4f48619e45d5b211&q=1&e=7cb2448b-7ab2-415e-b77d-ad14970bc0a0&u=https%3A%2F%2Fspdx.org%2Flicenses%2FGPL-2.0%2B.html
>> [2] https://protect2.fireeye.com/v1/url?k=939eb0bf-f2e51a36-939f3bf0-74fe48600034-b542784fecbfce13&q=1&e=7cb2448b-7ab2-415e-b77d-ad14970bc0a0&u=https%3A%2F%2Fspdx.org%2Flicenses%2FGPL-2.0-or-later.html
>> [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.12-rc7&id=1a59d1b8e05ea
>
> If you're convinced that "GPL-2.0-or-later" is the right string to use
> (and the following somewhat agrees with you:

Thomas and Greg may have decided not deprecating the old identifiers [1]
to avoid modifying thousands of files. I think it was expected the SPDX
to mark them as equivalent? But I'm not entirely sure if this is the
correct approach though as SPDX marks them as deprecated as I mentioned
earlier.

Thomas, Greg, are we using any specific SPDX version for kernel license
identifiers? Why the new identifiers where amended as valid and not
replacing [2] the old ones? Was it to avoid replacing all files with the
old id?

[1] https://lore.kernel.org/all/alpine.DEB.2.21.1804240953460.5261@nanos.tec.linutronix.de/
[2] 9376ff9ba298c983062a12cbbafde506a4eaea71 ("LICENSES/GPL2.0: Add
GPL-2.0-only/or-later as valid identifiers")

Daniel

>
> 	linux$ git rev-parse next/master
> 	744cf71b8bdfcdd77aaf58395e068b7457634b2c
>
> 	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0+' next/master | wc -l
> 	3640
>
> 	linux$ git grep -l -F 'SPDX-License-Identifier: GPL-2.0-or-later' next/master | wc -l
> 	9005
> )
>
> you can consider patching Documentation/process/license-rules.rst which
> currently reads:
>
>    License identifiers for licenses like [L]GPL with the 'or later' option
>    are constructed by using a "+" for indicating the 'or later' option.::
>
>       // SPDX-License-Identifier: GPL-2.0+
>       // SPDX-License-Identifier: LGPL-2.1+
>
> Best regards
> Uwe
Werner Sembach Nov. 18, 2024, 10:10 a.m. UTC | #4
Hi,

Am 15.11.24 um 19:50 schrieb Werner Sembach:
> From: Uwe Kleine-König <ukleinek@kernel.org>
>
> TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> contributers the committed code under GPLv3+ is awaited.
>
> Teach the module loader that this module is not GPLv2 compatible despite
> the declaration to be GPLv2 compatible until the relicensing is complete.

The relicensing is complete so this patch can be dropped entierly

Regards,

Werner Sembach

>
> Signed-off-by: Uwe Kleine-König <ukleinek@kernel.org>
> [Remove relicensed modules and accusatory language]
> Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
> ---
>   kernel/module/main.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
>
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 905d7b60dd709..df2549352ca8a 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2029,6 +2029,14 @@ static const char *module_license_offenders[] = {
>   
>   	/* lve claims to be GPL but upstream won't provide source */
>   	"lve",
> +
> +	/*
> +	 * TUXEDO awaits 2 final answers to relicense the last module to GPLv2+
> +	 * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/merge_requests/21 ,
> +	 * https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/dd34594ab880ed477bb75725176c3fb9352a07eb ,
> +	 * and https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/c8893684c2f869b2a6b13f1ef1ddeb4922f2ffe3
> +	 */
> +	"clevo_acpi",
>   };
>   
>   /*
Greg Kroah-Hartman Nov. 18, 2024, 2:03 p.m. UTC | #5
On Mon, Nov 18, 2024 at 10:05:27AM +0100, Daniel Gomez wrote:
> Thomas, Greg, are we using any specific SPDX version for kernel license
> identifiers? Why the new identifiers where amended as valid and not
> replacing [2] the old ones? Was it to avoid replacing all files with the
> old id?

Yes it was.  Let's worry about getting all files in the kernel properly
tagged before even considering moving to newer versions of the SPDX
specification.  When we started this, we used the most up to date tags,
but then they changed, and we didn't want to change all of the kernel
while half-way in the middle of the conversion.

Just leave it as-is please.

thanks,

greg k-h
Luis Chamberlain Nov. 18, 2024, 8:53 p.m. UTC | #6
On Mon, Nov 18, 2024 at 11:10:28AM +0100, Werner Sembach wrote:
> Hi,
> 
> Am 15.11.24 um 19:50 schrieb Werner Sembach:
> > From: Uwe Kleine-König <ukleinek@kernel.org>
> > 
> > TUXEDO has not yet relicensed a module for GPLv2+ as a reply from former
> > contributers the committed code under GPLv3+ is awaited.
> > 
> > Teach the module loader that this module is not GPLv2 compatible despite
> > the declaration to be GPLv2 compatible until the relicensing is complete.
> 
> The relicensing is complete so this patch can be dropped entierly

Good to hear this has been resolved, the first patch is still a nice
cleanup so I'll take that in after the merge window, there's no need
to rush that in.

 Lis
diff mbox series

Patch

diff --git a/kernel/module/main.c b/kernel/module/main.c
index 905d7b60dd709..df2549352ca8a 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2029,6 +2029,14 @@  static const char *module_license_offenders[] = {
 
 	/* lve claims to be GPL but upstream won't provide source */
 	"lve",
+
+	/*
+	 * TUXEDO awaits 2 final answers to relicense the last module to GPLv2+
+	 * See https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/merge_requests/21 ,
+	 * https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/dd34594ab880ed477bb75725176c3fb9352a07eb ,
+	 * and https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers/-/commit/c8893684c2f869b2a6b13f1ef1ddeb4922f2ffe3
+	 */
+	"clevo_acpi",
 };
 
 /*