website Changeset - 01b0b090a399 · Conservancy Kallithea

Changeset - 01b0b090a399

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Denver Gingerich - 9 years ago 2015-06-01 03:53:01
denver@ossguy.com

List previously analyzed versions in lawsuit FAQ.

1 file changed with 2 insertions and 1 deletions:

www/conservancy/static/linux-compliance/vmware-lawsuit-faq.html

0 comments (0 inline, 0 general)

www/conservancy/static/linux-compliance/vmware-lawsuit-faq.html

➞

Show inline comments

@@ ... / @@ -388,97 +388,98 @@ static struct pci_driver tg3_driver = { @@
   ultimately called (in the case where a tg3 card is driven by the kernel)
   is <code>tg3_remove_one()</code>, which is found in <code>tg3.c</code> and
   comes directly from Linux.</p>
 <p>(Note: <code>__devexit_p</code> is a straightforward macro found
   in <code>vmkdrivers/src_92/include/linux/init.h</code> (which also comes
   from Linux) that will simply expand to its first argument in this
   case.)</p>
 <h4>VMware distribution of binary version of <code>tg3.c</code></h4>
 <p>VMware furthermore distributes a modified version of <code>tg3.c</code> in
   binary form.  This can be found in <code>usr/lib/vmware/vmkmod/tg3</code>,
   which is extracted by un-vmtar'ing the file <code>net_tg3.v00</code> (found
   on the ESXi 6.0 installer ISO image).  Conservancy has confirmed that
   file is a compiled version of <code>tg3.c</code>.</p>
 <h4>Conclusions</h4>
 <p>Given this evidence and related contextual clues, the only logical
   conclusions are:</p>
     <ul><li><code>vmklinux_9</code>, a binary object, dynamically links with
         the binary objects: <code>k.b00</code> and <code>tg3</code> (the
         driver built from <code>tg3.c</code>'s source).  These three binary
         objects together form a single running binary (likely along with many
         other binary objects as well).</li>
       <li>That single running binary contains code licensed under the GPLv2
        &mdash; namely the code derived from <code>tg3.c</code>
        and <code>pci.h</code>.  Thus, the single running binary may be
        distributed in binary form only under permissions provided under GPLv2
        &mdash; in
        particular <a href="https://gnu.org/licenses/gpl-2.0.html#section2">GPLv2&sect;2</a>
        and <a href="https://gnu.org/licenses/gpl-2.0.html#section3">GPLv2&sect;3</a>.</li>
       <li>GPLv2&sect;3(a&ndash;b) requires that <q>complete corresponding
           machine-readable source code</q> must accompany binary
           distributions such as these.  GPLv2&sect;3 further states
           that <q>for an executable work, complete source code means all the
           source code for all modules it contains</q>.</li>
       <li>The binary work in question contains modules from <code>k.b00</code>,
         <code>vmlinux_9</code> and <code>tg3</code>.</li>
       <li>VMware did not provide source code for any modules found in
         <code>k.b00</code>.</li>
       <li>Therefore, VMware failed to comply with the GPLv2, as such
       compliance requires source code (or an offer therefor) for the material
         in <code>k.b00</code>.</li>
     </ul>
 <p>The above is but one piece of evidence among many, but hopefully it helps
   to explain some of the &ldquo;combined work&rdquo; violations found in
   VMware's ESXi product.</p>
   VMware's ESXi product.  Conservancy did a similar analysis for ESXi 5.0
   as well as ESXi 5.5 Update 2 and found nearly identical results.</p>
 <dt id="verify">How can I verify Conservancy's technical findings above?</dt>
 <dd><p>The binary and source packages mentioned above are available
 on VMware's website.  These packages contain the
 previously-mentioned <code>linux_pci.c</code>,
 <code>vmkapi_pci_incompat.h</code>, and <code>k.b00</code> files, as well as
     <code>vmklinux_9</code> and the source code that builds the latter.</p>
   <p>To obtain the source components, follow these steps (no login is required):</p>
 <ol>
 <li>Visit <a href="https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491">https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491</a>.</li>
 <li>Click the &ldquo;Download&rdquo; button beside the text that reads
 &ldquo;Open source software accompanying ESXi&rdquo;.</li>
 <li>Confirm that the SHA-1 hash matches the published one
   (35811b981470abe8b606d8a7a97c9795ce570597), found under &ldquo;Read
   More&rdquo; on that web page.</li>
 <li>Mount (or otherwise open) the
   downloaded <code>VMware-ESXI-600-ODP.iso</code>.</li>
 <li>Extract <code>vmkdrivers/src_92/vmklinux_92/vmware/linux_pci.c</code>
   and <code>BLD/build/HEADERS/vmkapi-current-all-public/generic/release/hardware/vmkapi_pci_incompat.h</code>
   from <code>vmkdrivers-gpl/vmkdrivers-gpl.tgz</code> with tar and gzip.</li>
 <li>Generate <code>vmklinux_9</code> by following the steps
   in <code>vmkdrivers-gpl/BUILD.txt</code> in the ISO.
   (Note: <code>vmklinux_9</code> is also available pre-built on a running
   ESXi system; <a href="#vmklinux">see below for instructions on how to access it</a>).</li>
 <li>You may need the &ldquo;Open source software disclosure package for
   toolchain&rdquo; file from the above download page to
   complete the build &mdash; upon downloading you will find it is named
   <code>VMware-TOOLCHAIN-600-ODP.iso</code> and has a SHA-1 hash of
 a68df4cbeb645c25002a02f11b1923f98d3d5b5.</li>
 </ol>
   <p>To obtain the binary components, follow these steps (a login is required):<p>
 <ol>
 <li>Register for an account at <a href="https://my.vmware.com/web/vmware/registration">https://my.vmware.com/web/vmware/registration</a>.</li>
 <li>Click the &ldquo;Activate Now&rdquo; link in the follow-up email.  Enter
   the password used at registration time.  Click &ldquo;Continue&rdquo;.</li>

0 comments (0 inline, 0 general)