Binaries Considered Dangerous

Reposted from my blog on the Yocto Project site. Go there for more pearls of wisdom and other embedded Linux goodies.

When I initially started talking publicly about the fact that I was working on the Yocto Project, one of the first questions I got was, in essence, "Why would you need to build an OS from sources?" After all, there are plenty of distros out there who have done the hard work for you.


The invention of the binary OS distribution is not a new thing. I remember back in the days of BSD we could boot up a binary image on our VAX 750 and we didn't need to build the OS from sources first. For Linux, there are a plethora of free and commercial distributions, from Fedora, Ubuntu, SuSE and many others.


Now don't get me wrong - I love all of these binary distros when used on servers and clients. I have nothing against them and I really adore them.


There are just some very serious problems using them on embedded devices. Here's just one:


A whole lot of people will install a binary distribution on their target embedded device, add or remove packages, customize their application and then ship the system. There's just one teeny tiny problem with this.


It violates the license agreement.


Remember the terms of the GPL: any time you redistribute binary code licensed with any version of the GPL, you also need to redistribute all of the sources which are affected by the GPL as well as the build scripts.


Although it's possible to find all of the sources when you redistribute a binary distribution plus or minus various packages, it's usually a major pain to collect them all up. And finding the build scripts may be nearly impossible. (And I'm not even getting into the problem of GPL v3 code which adds further restrictions). [1]


So one of the major advantages of a system like the Yocto Project is that all of the sources used to build the system are readily available in one location. You can pull up the license manifest and all of the sources and build instructions and make them available with your product. [2]


So now when people ask me why I don't like people using conventional distributions of Linux for their embedded devices, I usually tell them I don't want to encourage them to break the law. I don't actually know if violating the terms of a contract (license) is perhaps not the same as breaking the law, but it's pretty much the same to me.


So instead of breaking the license - or pulling yourself into a pretzel to try to meet the terms of the GPL with a binary distro - why not just use the right tools for the job and use the Yocto Project!




[1]. I love it when device makers do things the right way, and some do. For example, you can go to Sony's web site and download all of the GPL-licensed code for their products. Way to go!


[2]. Of course, if you don't make these sources available online or in an offer, then you are still in violation of the license. We can only do so much in the Yocto Project - you do have to take some responsibility.

For more complete information about compiler optimizations, see our Optimization Notice.


David S. (Intel)'s picture

@Forest - unfortunately, for the most popular distros like I mentioned in my blog post, it's not very easy to get exactly the source which represent your system, particularly if you added or removed packages. Also, the GPL requires the build scripts to be provided, as I mentioned in the post. I don't know about your company, maybe you should check out the Yocto Project!

@Jim - you are correct that very simple embedded systems don't require an OS, but with the growth of ARM, MIPS, PowerPC and x86 in embedded, you will find most of the capability left on the table without an OS. And, it's true that low-powered CPUs are not powerful enough to run a compiler, which is why the Yocto Project is totally cross-built. You can compile on a nice Intel Core i7 for your tiny CPU! :-)

jimdempseyatthecove's picture

Many embedded systems do not require an operating system - no GPL licensed code whatsoever. Also, many embedded systems cannot itself run a compiler, such as the PIC 16F1783 8-bit CPU with 4KB ROM and 512 bytes of RAM.

anonymous's picture

To say that it is illegal to use a binary distribution as the basis for an embedded Linux system is—frankly—dishonest. Binary distributions provide source code for all of the software packages they distribute. GPL compliance simply requires that the embedded device developer to pass this source code along to customers upon request if the software is distributed outside the organization (i.e. the device is sold).

Of course, the source code must match the version of the software shipped on the device. But this is not a difficult problem to solve. It simply requires taking a snapshot of the source code when the image is built. Here at RapidRollout we maintain a complete archive of source code so our customers don't have to worry about this aspect of license compliance.

Building embedded systems from source may have some advantages. But so does using pre-built binaries, particularly as embedded hardware continues to approach desktop-class performance. But this is primarily a technical—not legal—decision. So let's keep the conversation focused on the technical trade-offs rather than creating fear, uncertainty, and doubt about competing approaches.

Add a Comment

Have a technical question? Visit our forums. Have site or software product issues? Contact support.