On 2017-12-04, Tom Rini wrote:
On Sat, Nov 25, 2017 at 12:50:47PM -0800, Vagrant Cascadian wrote:
There are a few targets (clearfog, turris_omnia) and features (signing in mkimage) in the Debian build of u-boot that have been avoided due to lack of clarity on Licensing issues regarding GPL and OpenSSL compatibility issues.
...
So, the most likely thing that could be accomplished (as I don't see how we could add exemptions without some legal consult) would be to re-write the small areas in question to use libgnutls rather than openssl for checking the certificates, etc.
Thanks for the response!
Yes, adding an exception would require, at the very least, tracking down all copyright holders to the portions of the code that include openssl headers and/or code...
Switching to gnutls would definitely be an ideal solution from my perspective packaging u-boot in Debian, though I'm not sure I can personally commit to making it happen.
A rough starting point for which code may need to be modified:
$ git grep -i include.*openssl include/image.h:# include <openssl/evp.h> lib/rsa/rsa-sign.c:#include <openssl/bn.h> lib/rsa/rsa-sign.c:#include <openssl/rsa.h> lib/rsa/rsa-sign.c:#include <openssl/pem.h> lib/rsa/rsa-sign.c:#include <openssl/err.h> lib/rsa/rsa-sign.c:#include <openssl/ssl.h> lib/rsa/rsa-sign.c:#include <openssl/evp.h> lib/rsa/rsa-sign.c:#include <openssl/engine.h> tools/kwbimage.c:#include <openssl/bn.h> tools/kwbimage.c:#include <openssl/rsa.h> tools/kwbimage.c:#include <openssl/pem.h> tools/kwbimage.c:#include <openssl/err.h> tools/kwbimage.c:#include <openssl/evp.h> tools/mxsimage.c:#include <openssl/evp.h>
live well, vagrant