THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Technical Team/Use Cases/2.0/Build System Yocto

From SPDX Wiki
Jump to: navigation, search

THis is still a draft and not quite finiliazed but its close.

Title:  Yocto

Background: 

(quick blurb in how Yocto works)

Also see <a href="http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html">http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html</a> 

Primary Actor:

Yocto User: Executs a build To get SPDX documents for each package

Package Maintainer: These are likely upstream projects thatr have projects that Yocto consumes. This upstream project could be a company that provides a package as well.

Yocto Project: To provide SPDX documents that describe the licensing of the artifacts provided by the build system.

Yocto Build System Provider: They provide a particular build system, for example for their product. They may also provide patches to Packages that the recipes pull.

Goal in Context:  To generate a kernel/file system image for a hardware device or simulator using Yocto and to have SPDX documents that describe the licensing for all copyrigthable artifacts,

Stakeholders and Interests: 

Person executing the build: To get SPDX documents for each package
Package Maintainer: To provide license information using SPDX
Yocto Project: To provide SPDX documents that describe the licensing of the artifacts provided by the build system.
Build System Provider: They provide a particular build system, for example for their product. They may also provide patches to Packages that the recipes pull.

Providers of artifacts: 

Consumers of artifacts:

  1. To receive accurate and clear information of licensing of artifacts
  2. To be able to comply easily with licenses for artifacts
  3. To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.

Preconditions: 

Main Success Scenario: Someone executing a Yocto based build gets SPDX documents that decsribe the licensing for all copyrightable elements that were used to create the build and are e result of a build.

Failed End Condition: SPDX documents for copyrigthable elements are missing.ow easy will be tis to detect as these builds can be rather large?

Trigger:

A Yocto user executes a build.

Notes: