How to extract licensing information from a bitbake recipe

Question

I will keep it short. I have been handed a yocto repository and asked to audit it for the licences used by the build. My end goal is to:

1. List all the licenses used by the distro (i.e. licenses used by all the tools and utilities built with distro)
2. Get a copy of the license file
3. Get the URL on the internet, where that licence text can be found. (if someone else wants to compare it with what I have provided them)

Being a lazy "software engineer" I am, I want to avoid doing this task and just parse all the .bb files to extract all that information. I have seen some recipes, which include headers, which in turn have the license information. It'd be nice to be able to follow the trail.

This project on GitHub looks promising. But might not get me exactly what I need.

I also have the entire source code and the license file text distributed with the source code. I should be able to write a simple script to achieve this, but the text in some licenses don't contain the type of license itself.

Any pointers will be greatly appreciated.

Answer 1

First of all, you probably want licenses used in your image, not distro, as you can build all kinds of recipes within any distro, so what matters is only what you ship, which is your image. The way to find out licenses used by software in an image is already described here, but your question differentiates a bit in that you also want full license texts. That's also easy, it's all there in per-package directories in build/tmp/deploy/licenses.

As for your third subquestion, it's not that easy because even something standard like GPLv2 has little variations from project to project, some have exceptions, some have "(c) $YEARS" written in different way, so what the Openembedded build system gives you is actually more reliable as it's extracted from the source. What is possible is to provide the source code itself (via archiver class) along with license information, anyone really curious could cross-check sources and licenses that way.

Answer 2

You should be able to address 1) and 2) via https://www.yoctoproject.org/docs/1.8/dev-manual/dev-manual.html#maintaining-open-source-license-compliance-during-your-products-lifecycle .