Fix QA Issue for license warnings for meta-ros2-foxy

[aurelien-enchanted-tools]

Hello World,
Could you Fix QA Issue for license warnings for meta-ros2-foxy and other as for meta-ros-common, humble, rolling, etc. ? Thank you.

[robwoolley]

Hi @aurelien-enchanted-tools,

Thanks for reporting the issue. Can you provide details on which Yocto release you are using and which recipes are reporting the warnings?

Regards,
Rob

[aurelien-enchanted-tools]

mickledore

[license-file-missing] QA Issue: The license listed BSD was not in the licenses collected for

• recipe class-loader
• recipe console-bridge-vendor
• recipe pluginlib
• recipe ros2topic
• recipe unique-identifier-msgs
• recipe urdfdom
• recipe urdfdom-headers
• recipe xacro

and certainly other meta-ros recipes

[bartoszptak]

Hi @robwoolley,
the same issue here.

We use ros2-humble with yocto nanbield. The issue occurs in cv-bridge, tf2-msgs and image-transport packages.

[robwoolley]

Quick Summary

Since the warnings are valid I don't consider them a "bug" in meta-ros. If you wish to hide them you must add the following in your local.conf

WARN_QA:remove = "license-exists"

Details

The QA warnings are tricky because we are using the license information that comes directly from the ROS developers to generate the bitbake recipes. As a temporary measure, I had been creating bbappend files to set LICENSE to a valid SPDX identifier. However, there are nearly 500 packages in ROS that have a non-SPDX identifier of "BSD" as their license. Maintaining 500 bbappend files across "X" Yocto Releases and "Y" ROS distros doesn't scale.

The Yocto Project and OpenEmbedded have adopted SPDX identifiers but ROS had not, so it was necessary to find a compromise. Recently the ROS TSC has started encouraging developers to update the license metadata and added spdx as value for the new "type" attribute. Using this in ROS package.xml files is encouraged but not enforced: https://discourse.ros.org/t/changes-in-the-package-xml-about-licensing/32118

I believe that the proper solution is to politely submit a license change to the package.xml files to the ROS package maintainers. (eg. For https://github.com/ros/xacro/blob/noetic-devel/package.xml)

--- package.xml.orig    2023-12-19 07:16:09.453467048 -0800
+++ package.xml 2023-12-19 07:16:22.945442102 -0800
@@ -9,7 +9,7 @@
   <maintainer email="rhaschke@techfak.uni-bielefeld.de">Robert Haschke</maintainer>
   <maintainer email="morgan@osrfoundation.org">Morgan Quigley</maintainer>

-  <license>BSD</license>
+  <license type="spdx">BSD-3-Clause</license>

   <url type="website">http://ros.org/wiki/xacro</url>
   <url type="repository">https://github.com/ros/xacro</url>

However, we should coordinate our efforts with the maintainers of https://github.com/boschresearch/ros_license_toolkit so that we can validate that what we are submitting is correct and passes the tool.

Check out the ROS OpenEmbedded Working Group minutes for details.