Gradient: A nix-based CI System

Hi everyone,
there is a new nix builder in development and I would love to give some introduction to it.

“Gradient” is the new name for the CI-System and there are many features planned, but to keep things simple at the start the following core-features are in development:

  • an API, that is (unlike Hydra) usable, this means the Frontend-Application will use the same endpoints as any third-party software and as the CLI-Application
  • Organizations: Hosting a Gradient instance can now have organizations, which have separated servers (also servers are now configured via gradient instead via nix), nix-stores and user-permissions.
  • PRs and branch support: check updates on branches and open prs should be easy now and one project covers an entire git repository. That means no more jobsets.
  • An more modern designed webpage with of course streamed updates (e.g. build logs)

This is already a lot of work and contributions are very welcome. Important Links are: Repository, Demo Instance (Comming Soon)

Feedback and Contributions are very appreciated.

12 Likes

Which features will be only covered by the Wavelens proprietary license?

2 Likes

(Note 1: I AM NOT A LAWYER. THIS IS BASED ON MY READING OF LEGAL DOCUMENTS, WHICH MAY BE FLAWED. I MAY BE WRONG, TAKE THIS WITH A GRAIN OF SALT)

(Note 2: All links to the gradient git repo are permalinks to specific git hashes. This is to ensure that the issues presented here are clear when the links presented are pressed.)

I’ve noticed some licensing complications resulting from a dual-license between AGPL 3.0(specifically AGPL-3.0-only, but that doesn’t specifically impact this issue) and the proprietary WaveLens 1.0(referred to as WL-1.0) license used(source here). Note that if the license is updated, this link will continue to work, as it points to the first commit this license was introduced.

Distribution of modified versions

WL-1.0 states the following:

2.2. Public distribution of the Software or any modified versions under this license is strictly
prohibited. This includes selling, leasing, sublicensing, or redistributing the Software
to third parties.

However, the AGPL states this:

You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions: […]

Therefore, there is a significant conflict between these licenses, as the AGPL allows distribution of modified version of the software, while WL-1.0 does not. Therefore, there is no clear answer to whether modified versions can be used, as each license opposes the other. Further, AGPL’s section 4 states that you may distribute verbatim copies of the source code, meaning that the first part of WL-1.0 section 2.2 is also in question.

Circumvention of copyright control measures(license keys, etc)

AGPL-3.0 states the following regarding whether technological protections such as License Keys subscriptions are able to be bypassed in appropriately-licensed software:

When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work’s
users, your or third parties’ legal rights to forbid circumvention of
technological measures.

However, WL-1.0 states the following: [1] [2]

2.3. Licensee is prohibited from bypassing, removing, or altering any licensing mechanisms,
such as License Key validation, implemented by the Licensor.

  1. LICENSE KEY AND COMPLIANCE
    3.1. Licensee must acquire and maintain a valid License Key from Licensor for the Software.
    3.2. Any attempt to bypass or alter License Key functionality constitutes a material breach
    of this Agreement.

Therefore, the licenses are again at odds with regards to this situation. Either it is not allowed to bypass these protections, or it is allowed to do so. The two cannot be true at the same time.

Additional Licenses

Further, there are several files under a license that is neither AGPL-3.0-only or WL-1.0. For instance, the gradient/backend/nix-daemon folder contains code exclusively licensed under EUPL, which says that if you must “produce a derivative of the used components” to use the software(like using a library in a rust binary, as is done here), then the distribution of the new derivative(the rust binary) “could be legally impossible (under any license) as soon a copyleft conflict exists”, i.e if EUPL conflicts with WL-1.0 licensed code. Note that while AGPL-3.0 is in the EUPL Downstream Compatibility List, WL-1.0 is not, as it is a proprietary license. However, even if this does not conflict with either other license in the repo, it is not mentioned in CONTRIBUTING.md nor is a copy of the EUPL-1.2 license text included in the LICENSES folder of the repo. I would consider this an issue, as a major component of the backend does not have its license listed publically in the repo.

Conclusion

As someone who is a casual user and contributor to NixOS, I like that the licensing on both Nix and Nixpkgs are clear. This situation makes me nervous to use the software, as not only is an incredibly restrictive license in use here(the WL-1.0), but it is seemingly at odds with the other main license in the repo.

Thank you for your consideration of these issues. Have a good day, wavelens team.

4 Likes

@bbigras There will be proprietary features for GPU and HPC usage, those will not be open sourced.

@pyrox Lot’s of thanks for this giant breakdown of the issues with Licenses. Those will be addressed asap and I’ll discuss it with the team.

2 Likes

@pyrox It seams like those (AGPL-3.0, WL-1.0) licenses are still valid, since the AGPL and the WL never apply at the same time. All Files are Licensed with AGPL OR WL. So you have to comply with only one of your choice License. There are several Repositories that have a similar Licensing approach.
The nix-daemon was moved into it’s own Repository since it is only a fork, and is kept fully under the EUPL License. We comply with the EUPL License, since all open source code is AGPL. We are not allowed to use parts of this libary on files that are only under the WL License.

I hope this clarifies your questions regarding the license-model.

t seams like those (AGPL-3.0, WL-1.0) licenses are still valid, since the AGPL and the WL never apply at the same time. All Files are Licensed with AGPL OR WL.

You can’t have some files licensed under the AGPL and then assume that all other files are separate works. Some or all of them may be Corresponding Works, in which case you’ve (already, no matter what you do in the future) given away some rights to their current versions (at least) under the AGPL. On the other hand, you may be drawing the right conclusion, but you can’t do it on the basis merely of things being in separately-licensed files.

1 Like

Currently all files are licensed under AGPL “OR” WL. Every file has a SPDX Header:

SPDX-License-Identifier: AGPL-3.0-only OR WL-1.0

With this header it is clearly seperated which files are under AGPL and which are not. For the open source version of course all files will be at least AGPL Licensed.

This is the bit that suggests to me that you might not understand the AGPL. It doesn’t apply to files separately. It applies to “Works”, including “Corresponding Works”. Maybe you understand what those things are, but if so you could avoid some confusion by not talking as if files can (always or necessarily) be licensed separately.

1 Like

yep that’s true, in detail proprietary features will be split by rust libraries, so the gradient library “work” is still as is applicable. If there is something that isn’t yet fully compliant it will of course be made asap, but in the meantime contributions will be very limited.

I would be very happy for further discourse and questions regarding Gradient itself, since nix really needs a new build server. I hope everyone is happy that there is a will to release Gradient as a Free Open Source Application.

3 Likes

Oh and ofc, OIDC is currently in the process of implementation. So no more hacky ldap integration.

Working hard for UI to be good; nice animation peak :yum:
Loading-ezgif.com-crop

Also Frontend will have the ability to display multiple languages (just because its easy to implement), translations welcome.

1 Like

The License has been fixed :partying_face:. Contributions are open.
Happy New Year BTW.

2 Likes