5.20.1. Providing the Source Code

Compliance activities should begin before you generate the final image. The first thing you should look at is the requirement that tops the list for most compliance groups - providing the source. The Yocto Project has a few ways of meeting this requirement.

One of the easiest ways to meet this requirement is to provide the entire DL_DIR used by the build. This method, however, has a few issues. The most obvious is the size of the directory since it includes all sources used in the build and not just the source used in the released image. It will include toolchain source, and other artifacts, which you would not generally release. However, the more serious issue for most companies is accidental release of proprietary software. The Yocto Project provides an archiver class to help avoid some of these concerns. See the "Archiving Sources - archive*.bbclass" section in the Yocto Project Reference Manual for information on this class.

Before you employ DL_DIR or the archiver class, you need to decide how you choose to provide source. The source archiver class can generate tarballs and SRPMs and can create them with various levels of compliance in mind. One way of doing this (but certainly not the only way) is to release just the original source as a tarball. You can do this by adding the following to the local.conf file found in the Build Directory:

     ARCHIVER_MODE ?= "original"
     ARCHIVER_CLASS = "${@'archive-${ARCHIVER_MODE}-source' if
     ARCHIVER_MODE != 'none' else ''}"
     INHERIT += "${ARCHIVER_CLASS}"
     SOURCE_ARCHIVE_PACKAGE_TYPE = "tar"
                

During the creation of your image, the source from all recipes that deploy packages to the image is placed within subdirectories of DEPLOY_DIR/sources based on the LICENSE for each recipe. Releasing the entire directory enables you to comply with requirements concerning providing the unmodified source. It is important to note that the size of the directory can get large.

A way to help mitigate the size issue is to only release tarballs for licenses that require the release of source. Let's assume you are only concerned with GPL code as identified with the following:

     $ cd poky/build/tmp/deploy/sources
     $ mkdir ~/gpl_source_release
     $ for dir in */*GPL*; do cp -r $dir ~/gpl_source_release; done
                

At this point, you could create a tarball from the gpl_source_release directory and provide that to the end user. This method would be a step toward achieving compliance with section 3a of GPLv2 and with section 6 of GPLv3.