Complying with open source licenses

All of the end products of Buildroot (toolchain, root filesystem, kernel, bootloaders) contain open source software, released under various licenses.

Using open source software gives you the freedom to build rich embedded systems, choosing from a wide range of packages, but also imposes some obligations that you must know and honour. Some licenses require you to publish the license text in the documentation of your product. Others require you to redistribute the source code of the software to those that receive your product.

The exact requirements of each license are documented in each package, and it is your responsibility (or that of your legal office) to comply with those requirements. To make this easier for you, Buildroot can collect for you some material you will probably need. To produce this material, after you have configured Buildroot with make menuconfig, make xconfig or make gconfig, run:

make legal-info

Buildroot will collect legally-relevant material in your output directory, under the legal-info/ subdirectory. There you will find:

  • A README file, that summarizes the produced material and contains warnings about material that Buildroot could not produce.

  • buildroot.config: this is the Buildroot configuration file that is usually produced with make menuconfig, and which is necessary to reproduce the build.

  • The source code for all packages; this is saved in the sources/ and host-sources/ subdirectories for target and host packages respectively. The source code for packages that set <PKG>_REDISTRIBUTE = NO will not be saved. Patches that were applied are also saved, along with a file named series that lists the patches in the order they were applied. Patches are under the same license as the files that they modify. Note: Buildroot applies additional patches to Libtool scripts of autotools-based packages. These patches can be found under support/libtool in the Buildroot source and, due to technical limitations, are not saved with the package sources. You may need to collect them manually.

  • A manifest file (one for host and one for target packages) listing the configured packages, their version, license and related information. Some of this information might not be defined in Buildroot; such items are marked as "unknown".

  • The license texts of all packages, in the licenses/ and host-licenses/ subdirectories for target and host packages respectively. If the license file(s) are not defined in Buildroot, the file is not produced and a warning in the README indicates this.

Please note that the aim of the legal-info feature of Buildroot is to produce all the material that is somehow relevant for legal compliance with the package licenses. Buildroot does not try to produce the exact material that you must somehow make public. Certainly, more material is produced than is needed for a strict legal compliance. For example, it produces the source code for packages released under BSD-like licenses, that you are not required to redistribute in source form.

Moreover, due to technical limitations, Buildroot does not produce some material that you will or may need, such as the toolchain source code for some of the external toolchains and the Buildroot source code itself. When you run make legal-info, Buildroot produces warnings in the README file to inform you of relevant material that could not be saved.

Finally, keep in mind that the output of make legal-info is based on declarative statements in each of the packages recipes. The Buildroot developers try to do their best to keep those declarative statements as accurate as possible, to the best of their knowledge. However, it is very well possible that those declarative statements are not all fully accurate nor exhaustive. You (or your legal department) have to check the output of make legal-info before using it as your own compliance delivery. See the NO WARRANTY clauses (clauses 11 and 12) in the COPYING file at the root of the Buildroot distribution.

Buildroot itself is an open source software, released under the GNU General Public License, version 2 or (at your option) any later version, with the exception of the package patches detailed below. However, being a build system, it is not normally part of the end product: if you develop the root filesystem, kernel, bootloader or toolchain for a device, the code of Buildroot is only present on the development machine, not in the device storage.

Nevertheless, the general view of the Buildroot developers is that you should release the Buildroot source code along with the source code of other packages when releasing a product that contains GPL-licensed software. This is because the GNU GPL defines the "'complete source code'" for an executable work as "'all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable'". Buildroot is part of the 'scripts used to control compilation and installation of the executable', and as such it is considered part of the material that must be redistributed.

Keep in mind that this is only the Buildroot developers' opinion, and you should consult your legal department or lawyer in case of any doubt.

Patches to packages

Buildroot also bundles patch files, which are applied to the sources of the various packages. Those patches are not covered by the license of Buildroot. Instead, they are covered by the license of the software to which the patches are applied. When said software is available under multiple licenses, the Buildroot patches are only provided under the publicly accessible licenses.

See [patch-policy] for the technical details.