On Fri, Feb 4, 2022 at 3:53 AM Mans Zigher <[email protected]> wrote:
>
> Hi,
>
> A client of mine wants to have docker on it's product and they are
> having secure boot enabled which prevents us from having any GPLv3
> licensed code on the target. We have successfully managed to add
> docker to the target but we noticed that several packages have also
> been added that is GPLv3
>
> bash, gmp, gzip, libidn, libunistring, nettle, rsync, tar, wget
Those shouldn't be coming directly from the docker dependencies, but of
course packages that it depends on, may pull other dependencies, etc.
What branch are you using ?
If you look at docker.inc in the layer, it has our known dependencies:
DEPENDS = " \
go-cli \
go-pty \
go-context \
go-mux \
go-patricia \
go-logrus \
go-fsnotify \
go-dbus \
go-capability \
go-systemd \
btrfs-tools \
sqlite3 \
go-distribution \
compose-file \
go-connections \
notary \
grpc-go \
libtool-native \
libtool \
"
DEPENDS:append:class-target = " lvm2"
RDEPENDS:${PN} = "util-linux util-linux-unshare iptables \
${@bb.utils.contains('DISTRO_FEATURES', 'aufs',
'aufs-util', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
'', 'cgroup-lite', d)} \
bridge-utils \
ca-certificates \
"
RDEPENDS:${PN} += "virtual-containerd virtual-runc"
>
> 1. Does docker have a strict dependency to GPLv3 code?
There may be ways to avoid some GPLv3 dependencies, but it isn't
something that we've actively explored or tested. So it would be
an effort that needs experimentation.
> 2. For some reason that I don't understand, docker seems to pull in
> LXC which in turn will pull in many of the packages. Is Docker using
> LXC? I thought docker was replacing LXC doing the same thing as LXC.
> 3. Do you have any suggestions on how to have container support and
> not pull in GPLv3 code? Is Docker moby an alternative?
It depends on how you are installing docker to your image. In the latest
branches, it doesn't have a dependency on lxc. There are some package
groups and kernel configurations that are shared, but you don't have to
install using those packagegroups if they are pulling in elements that
you don't want or need.
Bruce
>
> BR
> Måns Zigher
>
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#7042):
https://lists.yoctoproject.org/g/meta-virtualization/message/7042
Mute This Topic: https://lists.yoctoproject.org/mt/88903092/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
