Add SPDX license to opkg output

Hi, many packages already contain a SPDX tag, however I don't see a way to retrieve this information via okpg. Ideally the manifest delivered with created images would contain this information, if available.

The issue came up here, but is surely relevant at other places as well.

Thumbs up on this!

This would make public access to "personal" images and package repositories a lot easier. While the individual would still have to be able to supply the source code and build instructions, having the license and associated files as part of each of the packages and downloadable with the image is a lot easier than "tar up your build tree" and then struggle with somehow meeting all the other license requirements about what needs to be distributed with the image and most of the packages.

Compliance would still be a personal responsibility, but tooling like this makes it much less burdensome.

A couple thoughts as to what it might entail, past updating OpenWRT source and package makefiles

  • opkg to be able to not install certain files in the payload (licenses, NOTICE files, ...)
  • PKG_LICENSE_FILE to be able to be a list (sometimes additional files may be required, such as the Apache license)
  • build system to include all legally required files in the package payloads
  • build system to "wrap up" all legally required files for an "image" into a single file for availability along with the flashable image
1 Like

I created a patch for this some while ago