Copyleft/guide
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of gitorious.org:copyleft-org/tutorial

Browse source
This commit is contained in:
Bradley M. Kuhn 2014-11-07 20:05:06 -05:00
commit 7f213e67f8
1 changed files with 22 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
enforcement-case-studies.tex
View file

@ -274,7 +274,7 @@ Fortunately, thanks in large part to the FSF's
software freedom}. Products must meet software freedom}. Products must meet
\href{http://www.fsf.org/resources/hw/endorsement/criteria}{strict \href{http://www.fsf.org/resources/hw/endorsement/criteria}{strict
standards for RYF certification}, and among them is a pristine example of standards for RYF certification}, and among them is a pristine example of
CCS\@}, electronics products have begun to appear on the market that are CCS\@.}, electronics products have begun to appear on the market that are
held to a higher standard of copyleft compliance. As such, for the first held to a higher standard of copyleft compliance. As such, for the first
time in the history of copyleft, CCS experts have pristine examples to study time in the history of copyleft, CCS experts have pristine examples to study
and present as exemplars worthy of emulation. and present as exemplars worthy of emulation.
@ -466,7 +466,7 @@ Therefore, the investigator proceeded to simply run:
\end{lstlisting} \end{lstlisting}
and waited approximately 40 minutes for the build to complete\footnote{Build and waited approximately 40 minutes for the build to complete\footnote{Build
times will likely vary widely on various host systems}. The investigator times will likely vary widely on various host systems.}. The investigator
kept a kept a
\href{https://gitorious.org/copyleft-org/tutorial/source/master:enforcement-case-studies_log-output/thinkpenguin_librecmc-complete.log}{full \href{https://gitorious.org/copyleft-org/tutorial/source/master:enforcement-case-studies_log-output/thinkpenguin_librecmc-complete.log}{full
log of the build}, which is not included herein due its size (approximately log of the build}, which is not included herein due its size (approximately
@ -494,7 +494,9 @@ Ideally, the original ``README'' would indicate which image is appropriate
for the included hardware. However, this was ultimately an annoyance rather for the included hardware. However, this was ultimately an annoyance rather
than a compliance issue due to other information available. Specifically, than a compliance issue due to other information available. Specifically,
the web UI (see next section) on the TPE-NWIFIROUTER performs firmware image the web UI (see next section) on the TPE-NWIFIROUTER performs firmware image
installation. While ideal would be to find installation. Additionally, the router's version number was specified on the
bottom of the device, which indicated which of the differently-versioned images
we should install. It would be ideal to find
\href{http://librecmc.org/librecmc/wiki?name=Tp+MR3020}{instructions similar \href{http://librecmc.org/librecmc/wiki?name=Tp+MR3020}{instructions similar
to these} in the README itself. However, application of the reasonableness to these} in the README itself. However, application of the reasonableness
standard indicates compliance, since a knowledgeable user was able to standard indicates compliance, since a knowledgeable user was able to
@ -509,13 +511,13 @@ The investigator then turned his attention to the file,
``u-boot\verb0_0reflash'' instructions. These instructions explained how to ``u-boot\verb0_0reflash'' instructions. These instructions explained how to
build and install the bootloader for the device. build and install the bootloader for the device.
The investigator followed the instructions for compiling u-Boot, and found The investigator followed the instructions for compiling U-Boot, and found
them quite straight-forward. The investigator discovered two minor them quite straight-forward. The investigator discovered two minor
annoyances, however, while building U-Boot: annoyances, however, while building U-Boot:
\begin{itemize} \begin{itemize}
\item the variable \verb0$U-BOOT_SRC0 was used as a placeholder for the name \item The variable \verb0$U-BOOT_SRC0 was used as a placeholder for the name
of the extracted source directory. This was easy to surmise and was not a of the extracted source directory. This was easy to surmise and was not a
compliance issue (per the reasonableness standard), but explicitly stating compliance issue (per the reasonableness standard), but explicitly stating
that at the top of the instructions would be helpful. that at the top of the instructions would be helpful.
@ -538,7 +540,7 @@ mips-librecmc-linux-uclibc-gcc.bin: /lib/libc.so.6:
This issue is an annoyance, not a compliance problem. It was clear from This issue is an annoyance, not a compliance problem. It was clear from
context that these binaries were simply for a different architecture, and context that these binaries were simply for a different architecture, and
the investigator simply removed ``toolchain/bin'' and used a symlink the the investigator simply removed ``toolchain/bin'' and used a symlink to
utilize the toolchain already built earlier (during the compilation utilize the toolchain already built earlier (during the compilation
discussed in \S~\ref{thinkpenguin-main-build}): discussed in \S~\ref{thinkpenguin-main-build}):
@ -647,20 +649,20 @@ compilation).
\section{Firmware Comparison} \section{Firmware Comparison}
To ensure that CCS did corresponds properly to the firmware original To ensure the CCS did indeed correspond to the firmware original
installed on the TPE-NWIFIROUTER, the investigator compared the built installed on the TPE-NWIFIROUTER, the investigator compared the built
firmware image with the filesystem originally found on the device itself. firmware image with the filesystem originally found on the device itself.
The comparison steps we as follows: The comparison steps were as follows:
\begin{enumerate} \begin{enumerate}
\item Extract the filesystem from the image we built by running \item Extract the filesystem from the image we built by running
\href{https://gitorious.org/copyleft-org/gpl-compliance-scripts/source/master:find-firmware.pl}{find-firmware.pl} \href{https://gitorious.org/copyleft-org/gpl-compliance-scripts/source/master:find-firmware.pl}{find-firmware.pl}
on ``bin/ar71xx/librecmc-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin'' on ``bin/ar71xx/librecmc-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin''
bottom), and running and then running
\href{http://www.binaryanalysis.org/en/content/show/download}{bat-extratools}' \href{http://www.binaryanalysis.org/en/content/show/download}{bat-extratools}'
``squashfs4.2/squashfs-tools/bat-unsquashfs42'' (at ) on the resulting ``squashfs4.2/squashfs-tools/bat-unsquashfs42'' on the resulting
morx0.squash and use the filesystem in the new squashfs-root directory for morx0.squash, using the filesystem in the new squashfs-root directory for
comparison. comparison.
\item Login to the router's web interface (at \url{http://192.168.10.1/ }) from a computer that is \item Login to the router's web interface (at \url{http://192.168.10.1/ }) from a computer that is
@ -681,7 +683,7 @@ The comparison steps we as follows:
\item List the /bin folder (``ls -l /bin'') and confirm the list of files is the same \item List the /bin folder (``ls -l /bin'') and confirm the list of files is the same
and that the file sizes are similar. and that the file sizes are similar.
\item Check the ``strings'' output of ``/bin/busybox'' to confirm it was similar in both \item Check the ``strings'' output of ``/bin/busybox'' to confirm it is similar in both
places (similar number of lines and content of lines). (One cannot directly places (similar number of lines and content of lines). (One cannot directly
compare the binaries because the slight compilation variations will cause compare the binaries because the slight compilation variations will cause
some bits to be different.) some bits to be different.)
@ -694,8 +696,8 @@ The comparison steps we as follows:
similar, but had a different build date and user@host indicator. (The similar, but had a different build date and user@host indicator. (The
kernel binary itself is not easily accessible from an SSH login, but was kernel binary itself is not easily accessible from an SSH login, but was
retrievable using the U-Boot console (the start address of the kernel in retrievable using the U-Boot console (the start address of the kernel in
flash appears to be 0x9F000000, based on the ``u-boot\verb0_0reflash'' flash appears to be 0x9F020000, based on the boot messages seen in the
instructions). serial console).
\end{enumerate} \end{enumerate}
\end{enumerate} \end{enumerate}
@ -718,7 +720,7 @@ annoyances were discovered:
device; the user must assume the web UI must be used. device; the user must assume the web UI must be used.
\item Including pre-built toolchain binaries that don't work on all systems, \item Including pre-built toolchain binaries that don't work on all systems,
and failure to built toolchain binaries to the right location. and failure to put built toolchain binaries in the right location.
\end{itemize} \end{itemize}
\section{Lessons Learned} \section{Lessons Learned}
@ -736,7 +738,7 @@ can be learned here:
substantially easier, but more importantly it also substantially easier, but more importantly it also
\hyperref[offer-for-source]{completes the distributor's CCS compliance \hyperref[offer-for-source]{completes the distributor's CCS compliance
obligations at the time of distribution} (provided, of course, that the obligations at the time of distribution} (provided, of course, that the
distributor is otherwise in compliance with copyleft. distributor is otherwise in compliance with copyleft).
\item {\bf Include top-level build instructions in a natural language (such \item {\bf Include top-level build instructions in a natural language (such
as English) in a \hyperref[thinkpenguin-toplevel-readme]{clear and as English) in a \hyperref[thinkpenguin-toplevel-readme]{clear and
@ -755,8 +757,9 @@ can be learned here:
\item {\bf Seek to adhere to the spirit of copyleft, not just the letter of \item {\bf Seek to adhere to the spirit of copyleft, not just the letter of
the license}. ThinkPenguin uses encouragement of users to improve and the license}. ThinkPenguin uses encouragement of users to improve and
make their devices better as commercial differentiator. Copyleft advocates make their devices better as a commercial differentiator. Copyleft advocates
remain baffled why other companies have not realized how large the market for remain baffled as to why other companies have not realized how the large the
market for
users who seek hackable devices continues to grow. By going beyond the users who seek hackable devices continues to grow. By going beyond the
mere minimal requirements of GPL, companies can immediately reap the mere minimal requirements of GPL, companies can immediately reap the
benefits in that target market. benefits in that target market.