help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

License compliance when redistributing images built with 'guix system'.


From: Denis 'GNUtoo' Carikli
Subject: License compliance when redistributing images built with 'guix system'.
Date: Thu, 23 May 2024 02:09:25 +0200

Hi,

The GPLv2 has this part:
> If distribution of executable or object code is made by offering
> access to copy from a designated place, then offering equivalent 
> access to copy the source code from the same place counts as
> distribution of the source code, even though third parties are not
> compelled to copy the source along with the object code.

So as I understand when redistributing packages (made with guix pack
for instance), 'guix build --sources=transitive
<packages [...]>' can be used to get all the corresponding source code
and publish it in 'the same place'. I could also distribute the Guix
source code being used and the build scripts along the way, and even
generate a package <-> license list with guix package --show just to be
sure (though the licenses are also in the source code).

But for redistributing complete images built with guix system image,
like a VM image for instance, I'm unsure how to do it and I was
wondering if there is a standard way to do that.

The following command seems to be able to tell me which packages were
used in the image:
> guix gc -R "$(guix system build system.scm)"
but then:
(1) I'm unsure if there are all the packages
(2) I need to parse the output and I'm unsure how to separate the
    package name from the version in a reliable way.

Another option could be to export my-os and use something like that in
a scm file that I'd then use 'guix build -L . --sources=transitive' on
after importing (gnu system) and (guix packages):
> (filter package? (operating-system-packages my-os))
but then here too I'm even more afraid of missing packages. The
downside is also that it filters out packages like `(,git "gui") so
using that in the image would not be possible and would need to be
heavily documented.

Denis.

Attachment: pgpnY79y5LIkP.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]