Using Qt under LGPLv3

Copyright 2019, Burkhard Stubert
Using Qt under LGPLv3
Burkhard Stubert – Solopreneur & Chief Architect, Embedded Use
I help teams succeed with embedded systems

When Downloading Open-Source Qt from qt.io
Screenshot: 6 March 2018
2
Nonsense!

Outline – Using Qt under LGPLv3
• The obligations of Qt LGPLv3: made understandable
• When to use Qt LGPLv3 and when Qt Commercial
• How Yocto and Fossology help with FOSS compliance
3

LGPLv3 Obligations: “4. Combined Works”
• You may convey Combined Work under your terms, if you ...
• give prominent notice that Application uses Qt libraries under LGPLv3 (4a), and
• provide copies of LGPLv3 and GPLv3 licenses (4b), and
• display copyright notices of Qt libraries and license texts of LGPLv3 and GPLv3 in
Application’s GUI (4c), and
• use a shared library mechanism for linking Application with modified but interface-compatible
versions of Qt libraries (4d1), and
• provide installation information (according to section 6 of GPLv3) how to build a modified Qt
version, how to install Qt on device, and how to run Application with Qt on device (4e).
For B2C: yes. For B2B: no.
4

The Combined Work: Application + Qt Libraries
5
Application(s)
closed source, proprietary
Qt Libraries
LGPLv3, GPLv3, Commercial
Auxiliary Libraries
GPL, LGPL, BSD, MIT, Apache, many others
System Libraries
GPL but exempted
Linux Kernel
GPLv2
For both Qt Commercial and Qt LGPLv3:
Compliance check needed for all modules
(500-1000 modules)
For both Qt Commercial and Qt LGPLv3:
Compliance check needed (< 20 modules)
Effort for checks: Qt LGPLv3 ≈ Qt Commercial

Convey Combined Work under Your Terms
6
Application
proprietary
Qt Library
LGPLv3
Combined Work
proprietary
Application
proprietary
Qt Library
Commercial
Combined Work
proprietary
Application
proprietary
Qt Library
GPLv3
Combined Work
GPLv3 violation
+ LGPLv3 obligations + Qt Commercial obligations
(e.g., royalties, per-developer fees)
LGPLv3 = GPLv3 + extra permissions

Convey Combined Work:
Product + Physical Medium
7
Source code of Qt libs
Text of LGPLv3 and GPLv3
Copyright notices
Modifications
Installation information
+
Qt libraries:
Object code
Application:
Object code
GPLv3 (6a)
LGPLv3 (4)
Display in GUI

Convey Combined Work:
Product + Written Offer
8
Source code of Qt libs
Text of LGPLv3 and GPLv3
Copyright notices
Modifications
Installation information
Qt libraries:
Object code
Application:
Object code
GPLv3 (6b)
LGPLv3 (4)
Display in GUI
+ Written offer:
Valid for max(3y, support)

Displaying License and Copyright in GUI (1)
9

10

11

When to Provide Installation Information
• User Product =
• [tangible] “consumer product” [...]
normally used for personal, family, or
household purposes, or
• anything designed or sold for
incorporation into a dwelling
• In doubt: it’s a User Product!
• Examples: phones, TVs, STBs, home
appliances, cars, medical devices used
at home, security cameras
• Commercial Product:
• Examples: tractors, harvesters, trucks,
professional appliances, medical
devices in hospitals
12
User
Product?
NoYes
Installation
Information
Installation
Information
B2C B2B
• Installation Information =
• Anything required to build a modified
Qt version, install and execute it on the
User Product

Example Installation Information (1)
13
(1) User installs SDK (built by bitbake meta-toolchain-qt5)
/path/to/<distro>-glibc-x86_64-meta-toolchain-qt5-armv7at2hf-neon-toolchain-2.4.2.sh
(2) User unpacks all Qt source archives into /path/to/qt5
(3) User performs shadow build in /path/to/build-qt5
../qt5/configure -prefix /usr/local/qt -extprefix /path/to/install-qt5
-device linux-imx6-g++
-device-option CROSS_COMPILE=/path/to/sdk/sysroots/x86_64-fslcsdk-linux/usr/bin/
arm-fslc-linux-gnueabi/arm-fslc-linux-gnueabi-
-sysroot /path/to/sdk/sysroots/armv7at2hf-neon-fslc-linux-gnueabi
-opensource –confirm-license <more options>
make –j32
make install

Example Installation Information (2)
• (4) User installs Qt shared libraries on product
• Copy Qt shared libs from USB drive to product
• Download Qt shared libs from server to product
• Copy Qt shared libs from connected laptop to product (via CAN or Ethernet)
• ...
• Notes on (4):
• Shared libs may be signed
• Warning OK that user loses warranty, support and even vehicle operation license
• Qt libs can undergo AppStore-like approval process
• Functionality must not be restricted – unless modified Qt behaves maliciously
14

15

Costs of Qt Commercial vs. Qt LGPLv3
Year Qt Commercial Costs €
1 3 developers: 5700 € each
1000 units: 7.50 € each
24,600
1000 units: 7.50 € each
13,200
1000 units: 7.50 € each
13,200
1000 units: 7.50 € each
13,200
1000 units: 7.50 € each
13,200
License check of non-Qt packages 20,000
Sum 97,400
16
Year Qt LGPLv3 Costs €
1 Initial effort 12,000
2 Update effort 3,000
Sum 24,000
~80% effort needed for non-Qt packages: 20,000
Needed in Qt Commercial as well!
LGPLv3 cost independent of number of developers
and units!

What’s the Additional Value of Qt Commercial?
• Commercial-only features
• No user update of Qt libraries required
• Qt for Device Creation (Boot2Qt)
• Qt Lite (esp. for Cortex-M)
• Qt Virtual Keyboard (also: GPLv3)
• Qt 3D Designer: GPLv3 runtime
• Qt Support Helpdesk
• Qt for Automotive (extra fee)
• Qt for Automation: MQTT, OPC UA
(extra fee)
• Qt Safe Renderer (extra fee)
• Qt Application Manager (extra fee)
17
• Also available for LGPLv3
• Static linking (LGPLv3/4d0)
• Qt Quick compiler (since Qt 5.12)
• Qt Virtual Keyboard (if run in separate
process)

18

Some Wishful Thinking ...
19
Magic ScriptYocto recipes
/path/to/qtmultimedia
qtmultimedia-5.11.3+<rev>-patched.tar.gz
LICENSE.LGPL3
LICENSE.GPL3
USED-LICENSE -> LICENSE.LGPL3
COPYRIGHT
MODIFICATIONS
/path/to/qtserialbus
...
For every package:

The Harsh Reality ...
20
bitbake
Yocto recipes
tmp/deploy/sources/arm-poky-linux-gnueabi/
qtmultimedia-5.11.3+<rev>/
tmp/deploy/licenses/qtmultimedia
generic_*
LICENSE.FDL LICENSE.GPL2 LICENSE.GPL3
LICENCE.GPL3-EXCEPT LICENSE.LGPL3
recipeinfo
Fossology
upload export
Identify licenses and
copyright notices
qtmultimedia.spdx
convey.py
/path/to/qtmultimedia
LICENSE.LGPL3 LICENSE.GPL3
USED-LICENSE -> LICENSE.LGPL3
COPYRIGHT MODIFICATIONS
???

Creating Source Archives with Yocto
21
Create archives for patched sources
of all FOSS packages:
# In local.conf or distro configuration
INHERIT += "archiver"
COPYLEFT_TARGET_TYPES = "target"
COPYLEFT_LICENSE_EXCLUDE = "CLOSED Proprietary"
COPYLEFT_LICENSE_INCLUDE = ""
Don’t create source archive
for Application:
# In application recipe
LICENSE = "CLOSED"
Note: By default only GPL*, LGPL* and AGPL* included
Rebuild your Linux image with bitbake

Output of Yocto Build
22
tmp/deploy/licenses/qtmultimedia
generic_BSD generic_GFDL-1.3 generic_GPL-2.0
generic_GPL-3.0 generic_LGPL-3.0
generic_The-Qt-Company-Commercial
generic_The-Qt-Company-GPL-Exception-1.0
LICENSE.FDL LICENSE.GPL2 LICENSE.GPL3
LICENCE.GPL3-EXCEPT LICENSE.LGPL3
recipeinfo
tmp/deploy/sources/arm-poky-linux-gnueabi/
qtmultimedia-5.11.3+<rev>/
LICENSE: GFDL-1.3 & BSD & ( GPL-3.0 &
The-Qt-Company-GPL-Exception-1.0 |
The-Qt-Company-Commercial ) & ( GPL-2.0+ |
LGPL-3.0 | The-Qt-Company-Commercial )
PR: r0
PV: 5.11.3+<rev>
???
Use Fossology to clarify license situation!

License Analysis with Fossology:
Upload > From File
23
Nomos Keywords:
Find potential license texts
Nomos Regular Expressions:
Finds and identifies most relevant license texts
and their variants
Monk Full Text Matches:
Finds and identifies known license texts

Browse > qtmultimedia-<rev>-patched.tar.gz
24
Goal:
Green clearing status for all files
Clear irrelevant folders:
Mark all folders except src as irrelevant,
because they are not used in product

Bulk Recognition of Source Files (1)
25
(1) Select typical
source file
(2) Use bulk recognition
for identifying all
similar files

26
(1) Add LGPL-3.0 as identified license
(2) Remove all other licenses
(3) From selected file, copy search text for identification
(4) Perform actions (1) and (2) to all files matching (3)

27

Individual Check for Remaining Red Files
• src/multimedia/doc
• Mark folder as irrelevant
• src/mulimediawidgets/doc
• Mark folder as irrelevant
• src/plugins/winrt
• qwinrtcameraflashcontrol.cpp/h: license
text slightly different to one used in bulk
scan
• Identify license for each file individually
• In root directory:
• Mark LICENSE.(FDL | GPL2 | GPL3 |
GPL3-EXCEPT) as irrelevant
• Set LICENSE.LGPL3 as main license
28
All files and folders green!
License check done!

Copyright Analysis with Fossology:
Ignore Irrelevant Folders (1)
29
Irrelevant folders

30
(1) Select irrelevant occurrences
(2) Delete selected occurrences
Folder: config.tests

31

Result
32
Down from 102 entries!

Export Results of License and Copyright Analysis
33
From combobox, select
Generate SPDX report in tag:value format
Save report qtmultimedia.spdx in
tmp/deploy/licenses/qtmultimedia/

License and Copyright Report:
qtmultimedia.spdx – Package Information
34
PackageName: qtmultimedia-5.11.3+gitAUTOINC+6966a09c9a-r0-patched.tar.gz
PackageFileName: qtmultimedia-5.11.3+gitAUTOINC+6966a09c9a-r0-patched.tar.gz
SPDXID: SPDXRef-upload10
PackageDownloadLocation: NOASSERTION
PackageVerificationCode: 1ca0b32cc48660f2e14d0711484bd4299ed08cde
PackageChecksum: SHA1: 68b79d7255dd1e50296c154bb935deb16fadd561
PackageChecksum: MD5: 251f4ce5a3f7383a79cacdefe4c56e96
PackageLicenseConcluded: LGPL-3.0
PackageLicenseDeclared: LGPL-3.0
PackageLicenseComments: <text> licenseInfoInFile determined by Scanners:
- nomos ("3.4.0-78-g625bdf3".625bdf)
- monk ("3.4.0-78-g625bdf3".625bdf) </text>
PackageLicenseInfoFromFiles: NOASSERTION
PackageCopyrightText: NOASSERTION
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-upload10

License and Copyright Report:
qtmultimedia.spdx – File Information
35
##File
FileName:
git/src/multimedia/radio/qradiotuner.cpp
SPDXID: SPDXRef-item19743
FileChecksum: SHA1: ca858ab8655...
FileChecksum: MD5: 51862849aa23...
LicenseConcluded: LGPL-3.0
LicenseInfoInFile: LGPL-3.0
LicenseInfoInFile: LicenseRef-Dual-license
LicenseInfoInFile: GPL-2.0+
LicenseInfoInFile: LicenseRef-Qt.Commercial
FileCopyrightText: <text> Copyright (C) 2016 The
Qt Company Ltd. Contact:
https://www.qt.io/licensing/ </text>
##File
FileName: git/examples/multimedia/declarative-
camera/ZoomControl.qml
SPDXID: SPDXRef-item18287
FileChecksum: SHA1: 66758b5dddd...
FileChecksum: MD5: 6145e7cb5e10...
LicenseConcluded: NOASSERTION
LicenseInfoInFile: BSD-3-Clause
LicenseInfoInFile: LicenseRef-Dual-license
LicenseInfoInFile: LicenseRef-Qt.Commercial
FileCopyrightText: NOASSERTION

Resources
• License texts
• LGPLv3:
https://www.gnu.org/licenses/lgpl-3.0-
standalone.html
• GPLv3:
https://www.gnu.org/licenses/gpl-3.0-
standalone.html
• Lawyers
• Dr. Miriam Ballhausen, Senior
Associate, Bird & Bird LLP
• Dr. Catharina Maracke, Associate
Professor of IT and Data Law, Kühne
Logistics University
• Dr. Till Jaeger, Attorney at Law, JBB
• Books
• Heather Meeker: ”Open Source For
Business – A Practical Guide to Open
Source Software Licensing”, 2nd edition
2017
• Till Jaeger, Axel Metzger: ”Open Source
Software – Rechtliche
Rahmenbedingungen der freien
Software”, 4. Auflage 2016, C. H. Beck
36

This presentation is licensed under a Creative Commons
Attribution-ShareAlike 4.0 International License.
Thank you J
Mail: burkhard.stubert@embeddeduse.com
Web: http://www.embeddeduse.com

Using Qt under LGPLv3

More Related Content

What's hot

Similar to Using Qt under LGPLv3

More from Burkhard Stubert

Recently uploaded

Using Qt under LGPLv3