Skip to content

# GPL-2.0 licensed binaries bundled in sandbox rootfs — can be replaced with permissively-licensed alternatives #2308

Description

@adiaspace

Problem Statement

GPL-2.0 licensed binaries bundled in sandbox rootfs — can be removed or replaced with permissively-licensed alternatives

Summary

The OpenShell sandbox rootfs (sandbox-bootstrap-rootfs-ext4-v3-openshell-*) bundles e2fsprogs binaries and libraries, some of which are licensed under GPL-2.0. We need clarification on:

  1. Why these GPL binaries are included in the rootfs
  2. What compliance obligations apply when distributing the rootfs
  3. Whether these binaries can be removed or replaced with permissively-licensed alternatives

Bundled Files

Analysis of the rootfs shows 13 filesystem entries from e2fsprogs:

File Type License
bin/mke2fs binary GPL-2.0
bin/debugfs binary GPL-2.0
bin/mkfs.ext4 symlink → mke2fs
sbin/mke2fs binary (bit-identical to bin/mke2fs) GPL-2.0
sbin/debugfs binary (bit-identical to bin/debugfs) GPL-2.0
sbin/mkfs.ext4 symlink → mke2fs
lib/libext2fs.2.1.dylib dylib LGPL-2.0
lib/libe2p.2.1.dylib dylib LGPL-2.0
lib/libblkid.2.0.dylib dylib LGPL-2.1
lib/libcom_err.1.1.dylib dylib MIT-derived
lib/libss.1.0.dylib dylib MIT-derived
lib/libuuid.1.1.dylib dylib BSD-3-Clause
lib/libintl.8.dylib dylib (gettext) LGPL-2.1

Environment

  • OpenShell version: 0.0.74, 0.0.83
  • Rootfs: sandbox-bootstrap-rootfs-ext4-v3-openshell-0.0.74
  • Platform: macOS (Apple Silicon)

Impact

This is blocking enterprise distribution of products built on OpenShell until compliance approach is clarified.

References

Proposed Design

Questions

  1. Purpose: What functionality in OpenShell requires mke2fs and debugfs? Are they used at runtime or only during rootfs build?

  2. Removal: Can these binaries be excluded from the distributed rootfs if they're only needed at build time?

  3. Compliance approach: If these must be distributed, what is NVIDIA's recommended compliance approach?

    • Include license text in rootfs?
    • Provide source code URL in documentation?
    • Other?
  4. Alternatives: Are there plans to replace GPL-2.0 tools with permissively-licensed alternatives (e.g., for ext4 operations)?

Alternatives Considered

GPL-2.0 Compliance Requirements

When distributing GPL-2.0 binaries, the following obligations apply:

  1. Include GPL-2.0 license text with the distribution
  2. Provide access to source code — either bundled or via written offer valid for 3 years
  3. No additional restrictions beyond the GPL

Agent Investigation

No response

Checklist

  • I've reviewed existing issues and the architecture docs
  • This is a design proposal, not a "please build this" request

Metadata

Metadata

Assignees

No one assigned

    Labels

    state:triage-neededOpened without agent diagnostics and needs triage

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions