Problem Statement
GPL-2.0 licensed binaries bundled in sandbox rootfs — can be removed or replaced with permissively-licensed alternatives
Summary
The OpenShell sandbox rootfs (sandbox-bootstrap-rootfs-ext4-v3-openshell-*) bundles e2fsprogs binaries and libraries, some of which are licensed under GPL-2.0. We need clarification on:
- Why these GPL binaries are included in the rootfs
- What compliance obligations apply when distributing the rootfs
- Whether these binaries can be removed or replaced with permissively-licensed alternatives
Bundled Files
Analysis of the rootfs shows 13 filesystem entries from e2fsprogs:
| File |
Type |
License |
bin/mke2fs |
binary |
GPL-2.0 |
bin/debugfs |
binary |
GPL-2.0 |
bin/mkfs.ext4 |
symlink → mke2fs |
— |
sbin/mke2fs |
binary (bit-identical to bin/mke2fs) |
GPL-2.0 |
sbin/debugfs |
binary (bit-identical to bin/debugfs) |
GPL-2.0 |
sbin/mkfs.ext4 |
symlink → mke2fs |
— |
lib/libext2fs.2.1.dylib |
dylib |
LGPL-2.0 |
lib/libe2p.2.1.dylib |
dylib |
LGPL-2.0 |
lib/libblkid.2.0.dylib |
dylib |
LGPL-2.1 |
lib/libcom_err.1.1.dylib |
dylib |
MIT-derived |
lib/libss.1.0.dylib |
dylib |
MIT-derived |
lib/libuuid.1.1.dylib |
dylib |
BSD-3-Clause |
lib/libintl.8.dylib |
dylib (gettext) |
LGPL-2.1 |
Environment
- OpenShell version: 0.0.74, 0.0.83
- Rootfs:
sandbox-bootstrap-rootfs-ext4-v3-openshell-0.0.74
- Platform: macOS (Apple Silicon)
Impact
This is blocking enterprise distribution of products built on OpenShell until compliance approach is clarified.
References
Proposed Design
Questions
-
Purpose: What functionality in OpenShell requires mke2fs and debugfs? Are they used at runtime or only during rootfs build?
-
Removal: Can these binaries be excluded from the distributed rootfs if they're only needed at build time?
-
Compliance approach: If these must be distributed, what is NVIDIA's recommended compliance approach?
- Include license text in rootfs?
- Provide source code URL in documentation?
- Other?
-
Alternatives: Are there plans to replace GPL-2.0 tools with permissively-licensed alternatives (e.g., for ext4 operations)?
Alternatives Considered
GPL-2.0 Compliance Requirements
When distributing GPL-2.0 binaries, the following obligations apply:
- Include GPL-2.0 license text with the distribution
- Provide access to source code — either bundled or via written offer valid for 3 years
- No additional restrictions beyond the GPL
Agent Investigation
No response
Checklist
Problem Statement
GPL-2.0 licensed binaries bundled in sandbox rootfs — can be removed or replaced with permissively-licensed alternatives
Summary
The OpenShell sandbox rootfs (
sandbox-bootstrap-rootfs-ext4-v3-openshell-*) bundles e2fsprogs binaries and libraries, some of which are licensed under GPL-2.0. We need clarification on:Bundled Files
Analysis of the rootfs shows 13 filesystem entries from e2fsprogs:
bin/mke2fsbin/debugfsbin/mkfs.ext4sbin/mke2fssbin/debugfssbin/mkfs.ext4lib/libext2fs.2.1.dyliblib/libe2p.2.1.dyliblib/libblkid.2.0.dyliblib/libcom_err.1.1.dyliblib/libss.1.0.dyliblib/libuuid.1.1.dyliblib/libintl.8.dylibEnvironment
sandbox-bootstrap-rootfs-ext4-v3-openshell-0.0.74Impact
This is blocking enterprise distribution of products built on OpenShell until compliance approach is clarified.
References
Proposed Design
Questions
Purpose: What functionality in OpenShell requires
mke2fsanddebugfs? Are they used at runtime or only during rootfs build?Removal: Can these binaries be excluded from the distributed rootfs if they're only needed at build time?
Compliance approach: If these must be distributed, what is NVIDIA's recommended compliance approach?
Alternatives: Are there plans to replace GPL-2.0 tools with permissively-licensed alternatives (e.g., for ext4 operations)?
Alternatives Considered
GPL-2.0 Compliance Requirements
When distributing GPL-2.0 binaries, the following obligations apply:
Agent Investigation
No response
Checklist