Licensing Home

LCT Overview

LCT Installation

LCT Example

CCSC Paper

PN Home

License Compliance Toolkit Overview

process overview diagram

Conceptual Framework And Definition Of Modules

The License Compliance Toolkit is designed to be used by people who want to validate that they are complying with the licenses applicable to their sources. As a side effect, the toolkit also provides a trustworthy bill of materials by mechanically tracing mappings of built binaries. The toolkit has three distinct, but interrelated phases.
  1. Stamping Existing Source (the preprocessor): The first phase takes all the source files the user believes have gone into creating the binary they wish to release and stamps them using LIDESCs ability to insert an unambiguous license identification string into a file.
  2. Tracing Map Files to Determine Software BOM (the map tracer): The second phase requires that the user slightly modify their build process to produce dependency and link map files. After generating a binary, the second phase uses these map files to identify all of the user-supplied source files used to build this binary. The user can then say with confidence that the list of source files identified by this phase is the list of sources, no more and no less, required to build the released executable. This list is commonly called the software Bill of Materials (BOM). This phase also produces the list of object modules and libraries required to link the binary.
  3. License Compliance Checking (the postprocessor): The third phase collects the set of software licenses used by the files shown in the BOM and analyzes this set of licenses for possible conflicts. This phase reports: a) missing source files, b) source files that have no license, and c) any licenses that might conflict and the source files licensed under these licenses.

Overall Program Requirements

  • The program will evaluate the following file types:
    • C Source files: .c / .cpp / .h
    • Object module and Library files: .o / .a
  • All .c or .cpp source files must be compiled using the appropriate flags (-MD-c) to produce a dependency file (.d).
  • All dependency files are required to have the same naming convention as the related source file.
  • All executables must be compiled using the appropriate flags (-WL,-m) to produce a link map file (.map).
  • All link map files should follow the naming convention of the executable with the addition of the .map extension.
  • The full paths of the object files (.o) are dependent on the path to the link map file.
  • All source files included in a dependency file (.d) are dependent on the full path to the dependency file.
  • All link map files should be located in the same directory as the executable or library.
  • An executable may or may not include libraries.

Preprocessor (licompr.pl) Requirements

  • Takes one significant command line argument -- the path to the source directory.
  • Identifies the license type for each source file.
  • Identifies if the license is inherited from a copying file within the directory, a copying file in a parent directory, or from a license string pertinent only to the source file.
  • Calls the LIDESC program to stamp each source file with the relevant license stamp.
  • Produces as output a source file report that includes:
    • The licenses checked for.
    • Full path to the source files.
    • If the license was identified in the source file or inherited from a copying file and the full path to the copying file where appropriate.
    • If no license was found or if the source was already stamped.

Map Tracer (mapTracer.pl) Requirements

  • Takes two significant command line arguments, the full path to the corresponding link map and the database of standard binaries.
  • Determines all the source files that comprise an executable or a library.
  • Determines the static libraries linked to the executable. This determination and the identification of the library source files are considered sub tasks, exclusive of the program source file trace.
  • Traces the load commands of each link map to identify the source files and/or libraries that comprise the program.
  • Produces two outputs:
    • A file intended for use with the Postprocessor in determining license compliance with the LIDESC module.
    • A file containing general process information and output intended for the user.

Post-Processor (licompo.pl) Requirements

  • Take one significant command line argument, the path to the source listing file produced by the Map Tracer.
  • Represents the licenses of common C libraries to LIDESC through the use of "dummy" source files.
  • Calls the LIDESC utility appropriately with each source file identified by the Map Tracer.

LIDESC:

It is expected that LIDESC will provide the following functionality, which will be integrated in the Compliance Toolkit.
  • Easily identify and print the licenses which cover all files in a library or executable.
  • Automate the awareness and identification of licenses and redistribution requirements of software.
  • Report license terms and conflicts.
  • Report when a locally unapproved license is used, or when certain incompatible licenses are used.
  • Allow the user to create new license types.
  • Allow the user to individually stamp source files.
See www.mibsoftware.com/librock/lidesc/ for a full description of LIDESC.