Changeset - 01b0b090a399
[Not reviewed]
0 1 0
Denver Gingerich - 9 years ago 2015-06-01 03:53:01
denver@ossguy.com
List previously analyzed versions in lawsuit FAQ.
1 file changed with 2 insertions and 1 deletions:
0 comments (0 inline, 0 general)
www/conservancy/static/linux-compliance/vmware-lawsuit-faq.html
Show inline comments
...
 
@@ -388,97 +388,98 @@ static struct pci_driver tg3_driver = {
 
  ultimately called (in the case where a tg3 card is driven by the kernel)
 
  is <code>tg3_remove_one()</code>, which is found in <code>tg3.c</code> and
 
  comes directly from Linux.</p>
 

	
 
<p>(Note: <code>__devexit_p</code> is a straightforward macro found
 
  in <code>vmkdrivers/src_92/include/linux/init.h</code> (which also comes
 
  from Linux) that will simply expand to its first argument in this
 
  case.)</p>
 

	
 
<h4>VMware distribution of binary version of <code>tg3.c</code></h4>
 

	
 
<p>VMware furthermore distributes a modified version of <code>tg3.c</code> in
 
  binary form.  This can be found in <code>usr/lib/vmware/vmkmod/tg3</code>,
 
  which is extracted by un-vmtar'ing the file <code>net_tg3.v00</code> (found
 
  on the ESXi 6.0 installer ISO image).  Conservancy has confirmed that
 
  file is a compiled version of <code>tg3.c</code>.</p>
 

	
 
<h4>Conclusions</h4>
 

	
 
<p>Given this evidence and related contextual clues, the only logical
 
  conclusions are:</p>
 
    <ul><li><code>vmklinux_9</code>, a binary object, dynamically links with
 
        the binary objects: <code>k.b00</code> and <code>tg3</code> (the
 
        driver built from <code>tg3.c</code>'s source).  These three binary
 
        objects together form a single running binary (likely along with many
 
        other binary objects as well).</li>
 
      <li>That single running binary contains code licensed under the GPLv2
 
       &mdash; namely the code derived from <code>tg3.c</code>
 
       and <code>pci.h</code>.  Thus, the single running binary may be
 
       distributed in binary form only under permissions provided under GPLv2
 
       &mdash; in
 
       particular <a href="https://gnu.org/licenses/gpl-2.0.html#section2">GPLv2&sect;2</a>
 
       and <a href="https://gnu.org/licenses/gpl-2.0.html#section3">GPLv2&sect;3</a>.</li>
 
      <li>GPLv2&sect;3(a&ndash;b) requires that <q>complete corresponding
 
          machine-readable source code</q> must accompany binary
 
          distributions such as these.  GPLv2&sect;3 further states
 
          that <q>for an executable work, complete source code means all the
 
          source code for all modules it contains</q>.</li>
 
      <li>The binary work in question contains modules from <code>k.b00</code>,
 
        <code>vmlinux_9</code> and <code>tg3</code>.</li>
 
      <li>VMware did not provide source code for any modules found in
 
        <code>k.b00</code>.</li>
 
      <li>Therefore, VMware failed to comply with the GPLv2, as such
 
      compliance requires source code (or an offer therefor) for the material
 
        in <code>k.b00</code>.</li>
 
    </ul>
 
<p>The above is but one piece of evidence among many, but hopefully it helps
 
  to explain some of the &ldquo;combined work&rdquo; violations found in
 
  VMware's ESXi product.</p>
 
  VMware's ESXi product.  Conservancy did a similar analysis for ESXi 5.0
 
  as well as ESXi 5.5 Update 2 and found nearly identical results.</p>
 

	
 
<dt id="verify">How can I verify Conservancy's technical findings above?</dt>
 

	
 
<dd><p>The binary and source packages mentioned above are available
 
on VMware's website.  These packages contain the
 
previously-mentioned <code>linux_pci.c</code>,
 
<code>vmkapi_pci_incompat.h</code>, and <code>k.b00</code> files, as well as
 
    <code>vmklinux_9</code> and the source code that builds the latter.</p>
 

	
 
  <p>To obtain the source components, follow these steps (no login is required):</p>
 

	
 
<ol>
 
<li>Visit <a href="https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491">https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491</a>.</li>
 

	
 
<li>Click the &ldquo;Download&rdquo; button beside the text that reads
 
&ldquo;Open source software accompanying ESXi&rdquo;.</li>
 

	
 
<li>Confirm that the SHA-1 hash matches the published one
 
  (35811b981470abe8b606d8a7a97c9795ce570597), found under &ldquo;Read
 
  More&rdquo; on that web page.</li>
 

	
 
<li>Mount (or otherwise open) the
 
  downloaded <code>VMware-ESXI-600-ODP.iso</code>.</li>
 

	
 
<li>Extract <code>vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c</code>
 
  and <code>BLD/build/HEADERS/vmkapi-current-all-public/generic/release/hardware/vmkapi_pci_incompat.h</code>
 
  from <code>vmkdrivers-gpl/vmkdrivers-gpl.tgz</code> with tar and gzip.</li>
 

	
 
<li>Generate <code>vmklinux_9</code> by following the steps
 
  in <code>vmkdrivers-gpl/BUILD.txt</code> in the ISO.
 
  (Note: <code>vmklinux_9</code> is also available pre-built on a running
 
  ESXi system; <a href="#vmklinux">see below for instructions on how to access it</a>).</li>
 

	
 
<li>You may need the &ldquo;Open source software disclosure package for
 
  toolchain&rdquo; file from the above download page to
 
  complete the build &mdash; upon downloading you will find it is named
 
  <code>VMware-TOOLCHAIN-600-ODP.iso</code> and has a SHA-1 hash of
 
  9a68df4cbeb645c25002a02f11b1923f98d3d5b5.</li>
 

	
 
</ol>
 

	
 
  <p>To obtain the binary components, follow these steps (a login is required):<p>
 

	
 
<ol>
 
<li>Register for an account at <a href="https://my.vmware.com/web/vmware/registration">https://my.vmware.com/web/vmware/registration</a>.</li>
 

	
 
<li>Click the &ldquo;Activate Now&rdquo; link in the follow-up email.  Enter
 
  the password used at registration time.  Click &ldquo;Continue&rdquo;.</li>
0 comments (0 inline, 0 general)