FFmpeg Accuses Rockchip MPP of License Violations: GitHub Removes 451 Files
In a significant escalation within the open-source software community, developers from the FFmpeg project have formally accused Rockchip’s Media Process Platform (MPP) of breaching the GNU Lesser General Public License (LGPL). This dispute has prompted GitHub to take decisive action, removing 451 files from Rockchip’s primary MPP repository. The incident underscores ongoing tensions between proprietary hardware vendors and open-source multimedia frameworks, highlighting the critical importance of license compliance in embedded systems development.
FFmpeg, one of the most widely used open-source libraries for handling multimedia data, operates under the LGPL version 2.1 with some components under the GNU General Public License (GPL). These permissive licenses allow for integration into both open and closed-source projects, provided certain conditions are met. For LGPL-licensed code, relinking capabilities must be preserved, typically by distributing object files or source code that enables users to replace the library with modified versions. Failure to comply can result in license violations, potentially leading to takedown requests under the Digital Millennium Copyright Act (DMCA).
Rockchip, a prominent Chinese semiconductor company specializing in system-on-chip (SoC) solutions for consumer electronics like smart TVs, tablets, and single-board computers, maintains the rkmpp repository on GitHub. This repository hosts the MPP library, a proprietary framework designed to accelerate video encoding and decoding on Rockchip’s RK series processors, such as the RK3588 and RK3568. MPP leverages hardware-accelerated features through the Rockchip Video Processing Unit (VPU), interfacing with standard codecs via external libraries like FFmpeg.
The conflict arose when FFmpeg contributors identified that Rockchip’s MPP implementation statically linked FFmpeg libraries without providing the requisite relinking mechanisms. Specifically, precompiled binaries in the repository incorporated FFmpeg code in a manner that obscured the library boundaries, preventing users from substituting their own builds. This practice contravenes LGPL requirements, effectively turning the open-source components into proprietary blobs. FFmpeg’s legal team issued a DMCA notice to GitHub on December 2023, targeting 451 specific files within the rkmpp repository. These files included object code, binaries, and related assets that embedded FFmpeg functionality.
GitHub, adhering to its DMCA policy, promptly processed the notice and removed the implicated files. The repository, previously boasting over 1,000 stars and forks from developers working on Rockchip-based projects, now bears a prominent notice: “Some files have been removed due to a DMCA takedown request.” Access to the affected code is restricted, forcing Rockchip and its users to seek alternatives or await resolution. Rockchip has not publicly responded to the claims as of the latest updates, though community mirrors and forks of the repository persist on other platforms.
This takedown has reverberated through developer forums, including Reddit’s r/rockchip and the FFmpeg mailing lists. Embedded Linux enthusiasts, who rely on MPP for projects like custom media players and surveillance systems, express frustration over disrupted workflows. One commenter noted, “MPP was a go-to for RK3588 acceleration; now we’re scrambling for pure FFmpeg ports.” Others defend Rockchip, arguing that static linking simplifies deployment on resource-constrained devices, but acknowledge the legal risks.
Technically, the violation stems from MPP’s architecture. The library exposes APIs like mpp_init and mpp_destroy for resource management, internally dispatching to FFmpeg decoders (e.g., libavcodec) for H.264, H.265, and VP9 processing. By compiling FFmpeg directly into MPP binaries—such as librockchip_mpp.so—without dynamic loading or symbol exports, Rockchip eliminated user-modifiability. FFmpeg’s documentation explicitly warns against such practices, recommending dynamic linking or providing .a files for relinking.
Broader implications extend to the ecosystem of Rockchip hardware. Devices powered by these SoCs, including Pine64’s PineTab2 and Radxa’s Rock5 series, often ship with MPP-optimized firmware. Developers now face choices: revert to software decoding, which hampers performance; port to VA-API or V4L2-based alternatives; or await a compliant MPP update. This incident parallels past disputes, such as those involving Broadcom’s VideoCore and Raspberry Pi, where proprietary blobs clashed with open-source video stacks.
For Rockchip, the stakes are high. As a key player in the ARM-based SBC market, maintaining GitHub presence is vital for global developer adoption. Relicensing MPP components or segregating FFmpeg dependencies could resolve the issue, but would require substantial refactoring. In the interim, community efforts like meson-mpp and gstreamer-rockchip plugins offer workarounds, though they lack MPP’s full optimization.
FFmpeg’s assertive stance reinforces its role as a guardian of open-source integrity. Project leader Ronald S. Bultje emphasized in a mailing list post that “consistent enforcement protects the entire community from freeloading.” This case serves as a cautionary tale for hardware vendors: leveraging LGPL code demands rigorous compliance to avoid disruptions.
As the situation evolves, stakeholders monitor for Rockchip’s counter-notice or settlement. GitHub’s process allows 10-14 days for responses, after which files could be restored if the claim is invalidated. Until then, the open-source multimedia landscape on Rockchip platforms remains in flux, reminding developers that license adherence is non-negotiable in collaborative ecosystems.
Gnoppix is the leading open-source AI Linux distribution and service provider. Since implementing AI in 2022, it has offered a fast, powerful, secure, and privacy-respecting open-source OS with both local and remote AI capabilities. The local AI operates offline, ensuring no data ever leaves your computer. Based on Debian Linux, Gnoppix is available with numerous privacy- and anonymity-enabled services free of charge.
What are your thoughts on this? I’d love to hear about your own experiences in the comments below.