How do high profile examples like this get away with not providing a way to pull all the sources?
Not a lawyer and didn't even read your link
That being said, it's my understanding that some blobs are acceptable, such us:
- binary applications running on top of a GPL kernel or even using GPL libraries with special exemptions (such as libc)
- kernel drivers for hardware and filesystems, Linux copyright holders make it clear it is their intent to allow them
- firmware for peripheral devices
Does anyone have some good examples of linux repos that include the build flow so they are buildable to a booting image from source?
OpenWRT might be one, a third party firmware for various routers. You download a repo, choose your model, run make and get an image you can upload through the admin panel.
I think ChromiumOS comes close too, save for binary driver blobs, but I never actually tried building it.
Many hardware vendors don't bother, though. Reasons include:
- it's an effort to publish and maintain such build system
- their internal build system may employ proprietary tools they don't want or aren't allowed to publish
- the code contains their patches which they want to (legally or not) withhold from competitors
Take for example the simple case of distributing some software that runs on linux, easy to do and comply with GPL. But if you want to package that already installed on linux (for instance in an embedded product) you need to have complete source for everything that is being distributed:
https://www.gnu.org/licenses/gpl-faq.html#UnchangedJustBinary
You seem to believe this implies that any software contained in an embedded Linux system must be open source.
However, the paragraph you link only talks about redistributing a binary of GPL software you obtained from someone else.
I think more relevant is this one:
What is the difference between “mere aggregation” and “combining two modules into one program”?
Mere aggregation of two programs means putting them side by side on the same CD-ROM or hard disk. We use this term in the case where they are separate programs, not parts of a single program. In this case, if one of the programs is covered by the GPL, it has no effect on the other program.
Combining two modules means connecting them together so that they form a single larger program. If either part is covered by the GPL, the whole combination must also be released under the GPL—if you can't, or won't, do that, you may not combine them.
What constitutes combining two parts into one program? This is a legal question, which ultimately judges will decide. We believe that a proper criterion depends both on the mechanism of communication (exec, pipes, rpc, function calls within a shared address space, etc.) and the semantics of the communication (what kinds of information are interchanged).
If the modules are included in the same executable file, they are definitely combined in one program. If modules are designed to run linked together in a shared address space, that almost surely means combining them into one program.
By contrast, pipes, sockets and command-line arguments are communication mechanisms normally used between two separate programs. So when they are used for communication, the modules normally are separate programs. But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program.
So you can argue that an embedded system is a self-contained program and none of it would be of any value to the end user without some particular critical GPL component, but the vendor will argue back that their embedded system is merely an aggregation of multiple "programs" communicating over usual inter process communication channels and go fight them now.