Author Topic: Is Microchip violating the GPL?  (Read 25760 times)

0 Members and 1 Guest are viewing this topic.

Offline Eturtle

  • Newbie
  • Posts: 6
  • Country: de
Re: Is Microchip violating the GPL?
« Reply #25 on: August 21, 2016, 06:32:45 pm »
Correct me if I'm wrong but to me this means that the sourcecode they provide is not the same
as used to produce the executable.

Hardcoded sha is only for obfuscation. The build_XC16_451 script contains

Code: [Select]
if [ "$BUILD_SHA" = "1" ]; then
   echo "*** Creating XCLM SHA"
   gcc -o ${TMP:-/tmp}/build_sha \
      $SRC_DIR/gcc/gcc/config/mchp-cci/mchp_sha.c \
      $SRC_DIR/gcc/gcc/config/mchp-cci/sha256.c  -D_BUILD_SHA_CHECKSUM_
   BUILT_SHA=`${TMP:-/tmp}/build_sha $INSTALL_DIR/xclm/install/client/bin/xclm${EXE_SUFFIX} 2>&1`
   if ( echo $BUILT_SHA | grep -q -i "Error:" ); then
      echo "$BUILT_SHA"
      exit
   fi
   BUILD_SHA="-DMCHP_XCLM_SHA256_DIGEST_VAL=$BUILT_SHA"
fi

meaning the sha is taken during building of the compiler.

Maybe the building was easy if someone has a "--build=i386-apple-darwin10" environment.
 

Offline filssavi

  • Frequent Contributor
  • **
  • Posts: 433
Re: Is Microchip violating the GPL?
« Reply #26 on: August 21, 2016, 06:36:46 pm »
If the binary they distribuite and the source code archive built with default configuration (or whatever they specify in  the documentazione) don't match bit by bit than they are violaing GPL for more on the topic you can read this

http://cormander.com/2011/08/what-some-many-people-dont-understand-about-the-gpl/

Bottomline open source doesn't only mean giving out .c/.h files you must also give out makefiles/Shell script and anything that goes with the build system.

As for enforcing it might be not as hard as you think, since gcc is a GNU's project members and RMS is quite a full on open source zealot (for better or for worse) and Microchip is a very High profilo target so you might only have to reportage the thing to the gcc/gnu guys on the mailing list ant they will go after them (they have a dedicated legal team  for open source violation enforcement)
 

Offline voltsandjolts

  • Supporter
  • ****
  • Posts: 2281
  • Country: gb
Re: Is Microchip violating the GPL?
« Reply #27 on: August 21, 2016, 07:30:16 pm »
So, in theory, I could compile this program:

int main (void) { return 2; }

and name it XCLM.EXE
Then during build, its sha256 hash is calulated by the build script and added to XC16 binary.
So, no need to go changing source code in all locations where XCLM is called?

Just the simple matter of setting up the build environment then.....eek, if only I was a bit smarter.
 

Offline KarelTopic starter

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: Is Microchip violating the GPL?
« Reply #28 on: August 21, 2016, 07:47:47 pm »
So, in theory, I could compile this program:

int main (void) { return 2; }

and name it XCLM.EXE
Then during build, its sha256 hash is calulated by the build script and added to XC16 binary.
So, no need to go changing source code in all locations where XCLM is called?

Just the simple matter of setting up the build environment then.....eek, if only I was a bit smarter.

Maybe, apart from that your program must return 6, not 2.

But changing the hash with a hexeditor is much quicker than trying to setup the build environment,
as explained here: https://www.eevblog.com/forum/microcontrollers/pic32-evolution/msg1007099/#msg1007099
 
The following users thanked this post: voltsandjolts

Offline helius

  • Super Contributor
  • ***
  • Posts: 3632
  • Country: us
Re: Is Microchip violating the GPL?
« Reply #29 on: August 21, 2016, 08:34:40 pm »
"complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
Stallman was well aware that you need more than just the "C" files.
You can still drive a truck through it. Nothing in nature requires that the commands used to compile a program be entered into a script.
It also assumes that the compiler is a platonic unchanging ideal, so he must have been unaware of Thompson's Turing Award lecture. It's obvious to anyone who has read it that if a password check can be changed by invisible code lurking inside the compiler, then any change whatsoever can be made in the same way; it doesn't even matter whether the compiler's source code is also published.
His blindness on this point may be due to an assumption that he controls the compiler, but even GNU developers think that GCC is doomed.
« Last Edit: August 21, 2016, 08:55:58 pm by helius »
 

Offline grumpydoc

  • Super Contributor
  • ***
  • Posts: 2905
  • Country: gb
Re: Is Microchip violating the GPL?
« Reply #30 on: August 21, 2016, 09:35:06 pm »
"complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
Stallman was well aware that you need more than just the "C" files.
You can still drive a truck through it. Nothing in nature requires that the commands used to compile a program be entered into a script.
I'd argue that the definition in the GPL would cover command lines, even if not contained in scipts per se.

And human nature being what it is no-one would want to type

gcc -o prog <list of 15 object files> <list of 6 libraries>

more than once or twice without putting it into a file.

Quote
It also assumes that the compiler is a platonic unchanging ideal, so he must have been unaware of Thompson's Turing Award lecture. It's obvious to anyone who has read it that if a password check can be changed by invisible code lurking inside the compiler, then any change whatsoever can be made in the same way; it doesn't even matter whether the compiler's source code is also published.
His blindness on this point may be due to an assumption that he controls the compiler, but even GNU developers think that GCC is doomed.
I doubt he was unaware but probably did not think it relevant because the GPL dates from a time where you would generally assume other people on the 'net - which was nascent, naive and mostly restricted to academia - would "do the right thing". I don't think it was because he thought he controlled the compiler. In fact the GNU project barely had a compiler at the time.

But I think you do raise a valid point which is that few of the open source projects specify the build environment well enough, or even at all. Quite often interesting looking projects which compiled fine with gcc 2.x have not really been developed since and fail in later versions, or against later versions of libraries. Sometimes spectacularly in the case of libraries and don't get me started on trying to find the right version of auto<crap> for an old project  |O
 

Offline andersm

  • Super Contributor
  • ***
  • Posts: 1198
  • Country: fi
Re: Is Microchip violating the GPL?
« Reply #31 on: August 21, 2016, 09:44:20 pm »
If the binary they distribuite and the source code archive built with default configuration (or whatever they specify in  the documentazione) don't match bit by bit than they are violaing GPL
Does the GPL require me to provide source code that can be built to match the exact hash of the binary I am distributing?
 
The following users thanked this post: filssavi

Offline filssavi

  • Frequent Contributor
  • **
  • Posts: 433
Re: Is Microchip violating the GPL?
« Reply #32 on: August 21, 2016, 11:38:04 pm »
If the binary they distribuite and the source code archive built with default configuration (or whatever they specify in  the documentazione) don't match bit by bit than they are violaing GPL
Does the GPL require me to provide source code that can be built to match the exact hash of the binary I am distributing?

You never stop learning... (I'm sincere not sarcastic or joking)
I only wrote few trivial makefiles so i'm not up to Speed with all the depths of build systems (i'd like to learn but too difficult  and too Little practical utility for me)
And from the height of my inenuity i really thought that builds were reproducibile (given the right cli arguments of course) and i fail to find a use case where having a system specific build system is useful (as far as te finalmente binary goes, od course the linker must know where libraries, dll's ecc are)
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf