[Bug 217259] New: Review Request: alsa-firmware - Firmware for several ALSA-supported sound card

bugzilla at redhat.com bugzilla at redhat.com
Sun Nov 26 01:45:55 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217259

           Summary: Review Request: alsa-firmware - Firmware for several
                    ALSA-supported sound card
           Product: Fedora Extras
           Version: devel
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: Package Review
        AssignedTo: nobody at fedoraproject.org
        ReportedBy: rpm at timj.co.uk
         QAContact: fedora-package-review at redhat.com


Spec URL: http://www.timj.co.uk/linux/specs/alsa-firmware.spec
SRPM URL: http://www.timj.co.uk/linux/srpms/alsa-firmware-1.0.12-1.src.rpm
Description:
This package contains the firmware binaries for a number of sound cards.
Some (but not all of these) require firmware loaders which are included in
the alsa-tools-firmware package

alsa-firmware has not been in Fedora since Fedora.us days, even though it is absolutely vital to make some soundcards usable.  There are several possible issues:

1. licensing/distribution
2. compliance with Guidelines

Let's take (1) first. Thorsten did a bit of background research on this and summarised in a private mail on 2 June 2006:

======================================================================
I took a closer look at the latest upstream package at
ftp://ftp.alsa-project.org/pub/firmware/alsa-firmware-1.0.11.tar.bz2


It contains a file COPYING in the root with the GPL. And a README with
---
LICENSE AND COPYRIGHT
=====================

The files contained in this package is regarded as the example data
for each alsa-tools program.  Hence, their copyright and license
follow basically to the definition of alsa-tools programs.  The
detailed license and copyright is found in README of each
subdirectory.
---

alsa-tools contains a lot of license files with the GPL (and once LGPL).

Most subdirs contains README files with terms like
---
COPYRIGHT
=========

Copyright (c) 2003 Digigram SA <alsa at digigram.com>
Distributable under GPL.
---
or 
---
COPYRIGHT
=========

Copyright (c) RME
Distributable under GPL.
---
or
---
COPYRIGHT
=========

tascam_loader.ihx, tascam_loader.asm and an2131.asm:
Available under GPL without restrictions.

other firmware files:
Copyright (c) 2003 Tascam / TEAC Corporation.
Distributable under GPL.

======================================================================

This still stands with 1.0.12. So it appears to meet the requirements for Binary Firmware in the Guidelines. (It is also distributed with a number of other distros including Mandriva and OpenSUSE)


2. spot and Thorsten did some work with "file" to see if it met the requirement for "no executables". The most interesting one was:

./lib/firmware/mixart/miXart8.elf: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped

Now this does appear to really be an ELF binary, but it is not +x and it doesn't appear to run on Linux:

$ chmod +x miXart8.elf 
$ ./miXart8.elf 
bash: ./miXart8.elf: cannot execute binary file

so I think we can say that is truly is firmware, and it just happens that this device uses a piece of firmware in ELF format.

a "file $(find . -type f) | grep -v -e ASCII -e Bourne -e shell" also throws up some other bits that aren't "data" like:

./lib/firmware/digiface_firmware.bin: DOS executable (device driver)
./lib/firmware/digiface_firmware_rev11.bin: DOS executable (device driver)
./lib/firmware/ea/3g_asic.fw: PGP encrypted data

but these appear to just be "file" noise. They appear to be genuine firmware, that's not executed on the host, so they should be fine. (and 3g_asic is not PGP data; that's just what happens when you chuck lots of random stuff at "file").

Last CVS from fedora.us days, which is largely unchanged here:

http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/alsa-firmware/FC-5/alsa-firmware.spec?root=extras&rev=1.5

Package is listed on:
http://www.fedoraproject.org/wiki/Extras/PackagesNoLongerInDevel?highlight=%28alsa-firmware%28

as "pending legal review" but there appears to be nothing happening and nobody tasked to do anything AFAICT. Given the above details, in the absence of a compelling reason, I don't see why this shouldn't be included in Fedora. I'm looking to spot here to make a call or, if some kind of legal review really is needed, make this block FE-LEGAL and get someone's attention about it.

Note that I only have one piece of hardware that this firmware supports (Echo Audio Indigo DJ) so any feedback from anyone else welcome.

I have marked the package as "noarch"; since it's containing firmware it should be. However, given that the firmware is "compiled" from big strings and there's some fiddly stuff going on, I would appreciate some md5sums of the generated firmware from someone with ppc/x86_64 architectures just to make sure that the end result is the same.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list