Hi,
On 02/10/15 15:52, Matthias Waehlisch wrote:
(1) Compiling with RIOT_VERSION: Including the RIOT_VERSION works as a
trust anchor to identify the source code base. Assuming a single (valid)
and trustworthy version, you wouldn't need this ingredient. Right?
Correct.
(2) MD5 hash: This is for convenient reasons. You could also do a
bitwise comparison. Right?
Correct. I assume that MD5-hashing is practically equivalent to bitwise
comparison.
(3) Fine-grained object archives: Having separate object archives that
reflect RIOT modules is the key idea of the approach. Two questions
remain: (a) Which types of applications can someone create without
affecting the "core" (i.e., other .a-files) of the OS. (b) What is the
"core" of the OS?
Actually, the *archives* don't really matter. The linker extracts all
archives and only considers contained .o files for linking.
That the application objects are conveniently archived into one .a file
that can be easily used for this license verification is just a by-product.
(a) Usually the "core" .a files are searched before the application .a.
That way, even if a developer accidently overwrites symbols (e.g.,
functions or variables) that should have been supplied by RIOT, the
linker would probably just ignore it. Have to try that.
So in theory, developers shouldn't be able to affect the system .a's
files. And I can't think of anything that might do so by accident, when
a developer *wants* to be LGPL compliant, just writes an application,
maybe adds a proprietary driver but otherwise "behaves" regarding build
system manipulation.
There are probably a million ways to sneak in modified RIOT code and
still have a valid verification using our method here.
So even if the verification passes, that alone is not proof that LGPL
hasn't been violated.
(b) In this context, by "core" I mean all the RIOT code, build system,
linker scripts etc., everything that is not "the application".
Maybe the git checkout or the unzipped distribution archive?
(4) Can you explain why your approach would not be possible in other
OSes, e.g., Contiki?
That would be great. ;)
But this is possible with these OSs as well. RIOT's build system just
made this really easy as all "aplicatin" code is already compiled in one
.a, and RIOT happily builds if that .a is supplied pre-compiled without
the code.
Kaspar
_______________________________________________
devel mailing list
devel@riot-os.org
http://lists.riot-os.org/mailman/listinfo/devel
