THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx

Difference between revisions of "Technical Team/Use Cases/2.0/Build System Yocto"

From SPDX Wiki
Jump to: navigation, search
Line 1: Line 1:
<p class="MsoNormal"><strong>THis is still a draft and not quite finiliazed but its close.</strong></p><p class="MsoNormal"><strong>Title:</strong>&nbsp; Yocto</p><p class="MsoNormal"><strong>Background:</strong>&nbsp;</p><p class="MsoNormal">When Yocto builds a package the package source can come from various sources such as: source code control system like GIT or&nbsp;a tarball. Entities providng a Yocto build for their hardware may also be providing pacthes for the package.</p><p class="MsoNormal">Yocto uses recipes to build packages. These recipes do contain a License field. The current short names do not match SPDX short names and likely will not. It was rather difficult to get alignment on the current ones used. There is talk on the Yocto project about converting the Yocto short names into SPDX ones.&nbsp;</p><p class="MsoNormal">Also see <a href="http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html">http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html</a>&nbsp;</p><p class="MsoNormal"><strong>Primary Actor:</strong></p><p class="MsoNormal">Yocto User: Executs a build</p><p class="MsoNormal">Package Maintainer: These are upstream projects thatr have projects that Yocto consumes. This upstream project could be a company that provides a package as well.</p><p class="MsoNormal">Yocto Project: Provides the Yocto build system</p><p class="MsoNormal">Yocto Build System Provider: They provide a particular build system, for example for their product. They may also provide patches to Packages that the recipes pull.</p><p class="MsoNormal"><strong>Goal in Context:</strong>&nbsp; To generate a kernel/file system&nbsp;image for a hardware device or simulator using Yocto and to have SPDX documents that describe the licensing for all copyrigthable artifacts,</p><p class="MsoNormal"><strong>Stakeholders and Interests:</strong>&nbsp;</p><p class="MsoNormal">Yocto User: Genetrates a buuod getting an image for their hardware. They want SPDX documents for each package/coyrightable element.</p><p class="MsoNormal"><br />Package Maintainer: To&nbsp;provide license information using SPDX</p><p class="MsoNormal"><br />Yocto Project: To provide SPDX documents that describe the licensing of the artifacts&nbsp;provided by the build system.</p><p class="MsoNormal"><br />Build System Provider: They provide a particular build system for thier hardware, for example for their product. They may also provide patches to Packages that the recipes pull.</p><p class="MsoNormal"><strong>Providers of artifacts:&nbsp;</strong></p><p class="MsoNormal"><strong>Consumers of artifacts:</strong></p><ol type="1"><li class="MsoNormal">To receive accurate and clear information of licensing of artifacts</li><li class="MsoNormal">To be able to comply easily with licenses for artifacts</li><li class="MsoNormal">To be able to subset, extend, or aggregate artifacts and pass on clear authoritative verifiable license for the resulting new copyrightable artifacts.</li></ol><p class="MsoNormal"><strong>Preconditions:</strong>&nbsp;</p><p class="MsoNormal"><strong>Main Success Scenario:</strong> Someone executing a Yocto based build gets SPDX documents that decsribe the licensing for all copyrightable elements that were used to create the build and are the result of a build.</p><p class="MsoNormal"><strong>Failed End Condition:</strong> SPDX documents for copyrigthable elements are missing.ow easy will be tis to detect as these builds can be rather large?</p><p class="MsoNormal"><strong>Trigger:</strong></p><p class="MsoNormal">A Yocto user&nbsp;executes a build.</p>
+
<p><strong>Title:</strong>&nbsp; Yocto</p><p><strong>Background:</strong>&nbsp;</p><p>Yocto is a build system which typically provides a file system/kernel image which can be downloaded onto a device and executed. When Yocto builds a package the package source can come from various sources such as: source code control system like GIT or&nbsp;a tarball. Entities providng a Yocto build for their hardware may also be providing pacthes for the package.</p><p>Yocto uses recipes to build packages. These recipes do contain a License field. The current short names do not match SPDX short names and likely will not. It was rather difficult to get alignment on the current ones used. There is talk on the Yocto project about converting the Yocto short names into SPDX ones.&nbsp;</p><p>Also see <a href="http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html">http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html</a>&nbsp;</p><p><strong>Primary Actor:</strong></p><p>Yocto User: Executes a build</p><p>Package Maintainer: These are upstream projects that have projects that Yocto consumes. This upstream project could be a company that provides a package as well. A Package Maintainer could be viewed as a secondary actor in this use case as their package may be consumed by a Yocto build even though they as packages maintainers have no vested interest in Yocto.</p><p>Yocto Project: Provides the Yocto build system</p><p>Build System Provider: They provide a particular build system, for example for their product. They may also provide patches to Packages that the recipes pull.</p><p><strong>Goal in Context:</strong>&nbsp; To generate a kernel/file system&nbsp;image for a hardware device or simulator using Yocto and to have SPDX documents that describe the licensing for all copyrightable artifacts,</p><p><strong>Stakeholders and Interests:</strong>&nbsp;</p><p>Yocto User:</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A. To receive accurate and clear information of licensing for all copyrightable</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; elements used in the build and for the build system.</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; B. To be able to comply easily with licenses for all copyrightable elements used in</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;the build and the build system.</p><p><br /> 2. Package Maintainer:</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A. To communicate the license information for their package.</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; B. To have their licenses respected.</p><p>&nbsp;</p><p>3. Yocto Project:</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A. To communicate the license information for their build system and the licensing of each package. </p><p>&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;B. To have their licenses respected</p><p>&nbsp;</p><p>4. Build System Provider:</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; A. To communicate the licensing information for the build they are providing.</p><p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; B. To comply with all the licenses used in the build the system they are providing.</p><p>&nbsp;</p><p><strong>Preconditions:</strong>&nbsp;</p><p>&nbsp;&nbsp;&nbsp;&nbsp; 1. A yocoto build is created.</p><p>&nbsp;&nbsp;&nbsp;&nbsp; 2. Packages used in the Yocoto build have SPDX documents describing the copyrigthable elements of the package.</p><p>&nbsp;</p><p><strong>Main Success Scenario:</strong> Someone executing a Yocto based build gets SPDX documents that describe the licensing for all copyrightable elements that were used to create the build and are the result of a build.</p><p><strong>Failed End Condition:</strong> Inaccurate or incomplete licensing information is provided for all packages used in the build and/or for the Yocto build system.</p><p><strong>Trigger:</strong></p><p>A Yocto user&nbsp;executes a build.</p>

Revision as of 13:38, 5 June 2012

Title:  Yocto

Background: 

Yocto is a build system which typically provides a file system/kernel image which can be downloaded onto a device and executed. When Yocto builds a package the package source can come from various sources such as: source code control system like GIT or a tarball. Entities providng a Yocto build for their hardware may also be providing pacthes for the package.

Yocto uses recipes to build packages. These recipes do contain a License field. The current short names do not match SPDX short names and likely will not. It was rather difficult to get alignment on the current ones used. There is talk on the Yocto project about converting the Yocto short names into SPDX ones. 

Also see <a href="http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html">http://www.yoctoproject.org/docs/1.0/yocto-quick-start/yocto-project-qs.html</a> 

Primary Actor:

Yocto User: Executes a build

Package Maintainer: These are upstream projects that have projects that Yocto consumes. This upstream project could be a company that provides a package as well. A Package Maintainer could be viewed as a secondary actor in this use case as their package may be consumed by a Yocto build even though they as packages maintainers have no vested interest in Yocto.

Yocto Project: Provides the Yocto build system

Build System Provider: They provide a particular build system, for example for their product. They may also provide patches to Packages that the recipes pull.

Goal in Context:  To generate a kernel/file system image for a hardware device or simulator using Yocto and to have SPDX documents that describe the licensing for all copyrightable artifacts,

Stakeholders and Interests: 

Yocto User:

       A. To receive accurate and clear information of licensing for all copyrightable

            elements used in the build and for the build system.

       B. To be able to comply easily with licenses for all copyrightable elements used in

            the build and the build system.


2. Package Maintainer:

       A. To communicate the license information for their package.

       B. To have their licenses respected.

 

3. Yocto Project:

       A. To communicate the license information for their build system and the licensing of each package.

       B. To have their licenses respected

 

4. Build System Provider:

      A. To communicate the licensing information for the build they are providing.

      B. To comply with all the licenses used in the build the system they are providing.

 

Preconditions: 

     1. A yocoto build is created.

     2. Packages used in the Yocoto build have SPDX documents describing the copyrigthable elements of the package.

 

Main Success Scenario: Someone executing a Yocto based build gets SPDX documents that describe the licensing for all copyrightable elements that were used to create the build and are the result of a build.

Failed End Condition: Inaccurate or incomplete licensing information is provided for all packages used in the build and/or for the Yocto build system.

Trigger:

A Yocto user executes a build.