The external doc references need to be appended as strings, not list
elements, otherwise there will be semicolons in the output SPDX file.
This issue was inherited as-is from the upstream SBOM generation
project.
We are fortunate the json converted files are missing the semicolons
due to implementation specifics.
Task-number: QTBUG-122899
Change-Id: I2b91775d59d64709b72ff7130dd4f6b506ef8244
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 94e19f42e80fdd8bc03c2f83b351e9662cdac8a8)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit ee8cd912795cc9422aa607e8a072403b660773ad)
Move the setting up of options like QT_GENERATE_SBOM into a separate
function, that can be called by projects other than Qt.
Task-number: QTBUG-122899
Change-Id: I337c4e9b0b3154ff97f494887bf88ee01e8ed00c
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit dc5c7f9ead7e47b92c5717ca24d585a718a8b5f0)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit dcb72b531576fc7705ff6dfcc6e2a1546b08fb4f)
Some attribution entries don't have a SPDX license id specified, in
that case it's good to at least include the free-form license name and
file path.
Task-number: QTBUG-122899
Change-Id: I75bb5c30645684ea74fe94da92ea30eb29965ad4
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit cf9f09cd60e3db37643ac6cf6cfd51aa00749892)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 2769ef7174839578c26b2c7c260d76bce59fe8ca)
It's possible for a project to install a custom file with the same name
into different destination directories, and want to include them in
the SBOM.
Previously this failed at CMake generation time with an error like:
CMake Error: Files to be generated by multiple different commands:
qt_sbom/SPDXRef-PackagedFile-foo-bar.cmake
This happened due to using a non-unique filename for the generated
SBOM building file, as well as the spdx id the file name is based on.
Include a short hash based on the installed relative path of the file
to avoid spdx id clashes, and thus generated file name clashes.
Task-number: QTBUG-122899
Change-Id: I4c2ecd4652708504ef299af9b6f53d680d542382
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 9245d0a0f0761364e7b5b3d1c5c96cba16522820)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 37c60080ddedb339089e7bccaf25e360c7b3ebb8)
Previously one could only pass an explicit list of FILES to
_qt_internal_sbom_add_files. Add a new DIRECTORIES option, which will
glob the given directory paths, and include the found files in the
SBOM.
Task-number: QTBUG-122899
Change-Id: Ia27afa93460d9f2e4462a49e30e4d6338300e8f7
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 9db03c9dca1b7e403458fd9f43adb17a0ac8e55c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 5fd8af81adca8f6d5ee074c14f0912c190a1ac60)
Extract the handling of the license concluded expression for Qt
entities into the Qt specific handling file.
Task-number: QTBUG-122899
Change-Id: Ib6f9a64f66dae0c971c43e8fffbc54362487b271
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit ba93956be1179e4b4afaaecdf53b918b724cf500)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 8a1dcd2bb9bcb9e3667199b71910b01c47b8516e)
Nested SBOM attribution targets were always created with the
QT_THIRD_PARTY_SOURCES type even in user projects.
Set an appropriate type depending on whether we are handling a qt
entity type or not.
Task-number: QTBUG-122899
Change-Id: Id8144d1b8093de78f2987a611a6de8e6d4777084
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 0d9106bf7670b08c4bae11c3986b9cf3e0818b52)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 1f8a8da7c2a2618c62679c971101c363a38da476)
It mirrors the Qt-specific QT_THIRD_PARTY_SOURCES one, to be used when
creating an SBOM attribution target that references a 3rd party
library's sources, as opposed to a complete 3rd party library.
Task-number: QTBUG-122899
Change-Id: I8f7f9f7386ffdc18dd8ae6ee32e39019639f5303
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 8b06d37fb08d22e9f81ae2653aeafc105fc5bb61)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 68856adf1d609635b835f58ee22a027df9d34aa5)
Put the attribution file path and entry first, followed by the id,
and the rest of the fields.
Task-number: QTBUG-122899
Change-Id: I478a48980e6207646189d6b80ec57dbc9efb4902
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit a5c7eb97ceb19ac90f8117240ad04cc717803555)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 8d8cf0bbfe931159965e6f6175c8728ee61e23a7)
Allow creating nested SBOM attribution targets also for non-Qt targets
in user projects. This will allow using qt_attribution.json files in
user projects.
Rename PARENT_TARGET to ATTRIBUTION_PARENT_TARGET to make it clear
what the parent target is for.
Task-number: QTBUG-122899
Change-Id: Ia08ee934a9dc03827fcc26d0fc90e072499e8a21
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit a2ddd4fbd88353b21617e539266196b592683a3a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit c276fa45dc38e07a2d42cf2ff2656f820a204078)
Previously one could attach all attributions from a
qt_attribution.json file to a target, or a specific entry based on a
given numeric index.
This is not always practical, as the index of an entry can change, and
including all entries might be too much.
Allow specifying a list of attribution ids to include in the SBOM.
This will parse all the attribution entries and only include those
that match the given ids.
If a list of ids is provided, and any of them is not found, an error
will be shown.
Task-number: QTBUG-122899
Change-Id: I2ca442fe0cd6d18773861f90f32ab7380aaeacdd
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 52045e51e7e95f31a37127215c53e430fa77c8d3)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 21c5970da48bd1a0616084679aa097f4e12f4d60)
To avoid issues with characters like "/" which might come from
attribution ids.
Task-number: QTBUG-122899
Change-Id: I65bec3b301f7fe1008cfd06aba3e1fbbb93f38c3
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 4a0b5661fdd1f1120018efb5f08bfbc1ed16cc13)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 1dc3a9cac28b073c760b8ac7a4420b784e45b1f5)
So it can be used in other non-Qt projects.
Task-number: QTBUG-122899
Change-Id: I11d81d2c6819906fffbffe81f4db1b7af28cb99b
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 6cd7f0c09b71ea49bdd3dd925b9a85dfe6cc943e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 59745fc79850a2fe8c1e75d71fecc315bd617970)
So it can be read / used in other non-Qt projects. We don't have such
a restriction on other keys read from the qt attribution files.
Task-number: QTBUG-122899
Change-Id: I225d83b26c68323761a8b13b3e6442057b5f7c7f
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 422f5d859f3056433e6ee33ea389f2ecff1543d5)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit bccb4c8328713849993e935cb517d8821301e5d6)
To more easily spot white space differences.
Change-Id: I1e07960f78c95ca536243ce5c4fc6c302c47a7db
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 2dd0c4520fdee50a3511ca2f83decdf807ba2cb3)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 143b016277928447034045c0cf3b951f83ae4357)
If the source file sets `QT_INSTALL_PATH` property, it will install the
CMake files in the relative path starting from the config-dir in both
the build and install paths.
Change-Id: I86197d62bfac96f9c142d8abfe85c9b6f6f1a527
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
(cherry picked from commit aef789ad97ee9b8f3254a0e315a0d8a4785bcbf7)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 0bd6b909ab5af5b323a0ecb1a5715cea6f138191)
When reconfiguring an MSVC -release build with 'cmake .' after a full
build, instead of being a no-op, it rebuilt everything.
This happened because of CMAKE_CXX_FLAGS_RELEASE being accidentally
modified on each reconfiguration, resulting in extra whitespace being
added to the compiler command line rules.
Specifically, this was because we always added '-O2 -Ob3 ' as a string
to the compiler flags, but due to stripping, always tried to remove
only '-O2 -Ob3' (no trailing white space) when removing the
optimizations flags, resulting in an extra white space for each run.
Remove the trailing white space after '-Ob3 '.
Amends 2fb134f3fe
Change-Id: I46eb4c3b769ae6b063fe62df05c0cb92f13bda30
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit fdb9a5141446ed8aa767d88a921c24221b0704ea)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 38835684b3b83b9d9795dd37435fbb5a29050e57)
Let's do not litter user's logs with our internals.
Change-Id: I79e9210960f1298a6e8e2b6f10e1bfefdbfede7f
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
(cherry picked from commit f9a05c7cae10c05b701003f8ed848d0bfef8290a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 16639502a778930a50beb5208c8596b96805a97b)
Support the old CMake.
Amends 085ed83bb3ae4842b7dba8ff1fbd086477d461bf
Change-Id: Ibcc8f51d0381a4843adcaec9ce58d13a9e69ef8c
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Previously, only 3 purl entries could be added to a target, which
tightly coupled to Qt's needs: a QT one pointing to code.qt.io,
a MIRROR one pointing to github, and an upstream one pointing to some
upstream third party location.
Rework the implementation to allow for an unlimited number of PURL
entries and to allow more flexibility when adding PURLs in a user
project.
The new syntax for adding PURLs to a target, which is also the basis
for a future public API is as follows:
qt_internal_add_sbom(<target>
PURLS
[[PURL_ENTRY
PURL_ID <id>
PURL_TYPE <type>
PURL_NAMESPACE <namespace>
PURL_NAME <name>
PURL_VERSION <version>]...]
PURL_VALUES
[purl-string...]
)
The PURLS keyword is used to specify multiple PURL entries, each
starting with the PURL_ENTRY keyword. The PURL_VALUES keyword is used
to specify a list of pre-built purl strings.
PURL_ID is an optional argument used to identify a specific purl
entry, which is mostly needed for Qt's needs, to post-process them
further.
The rest of the options are pre-existing from the previous
implementation.
Implementation-wise, there's a new custom parser to be able to parse
and validate PURL_ENTRY arguments.
The VERSION option was renamed to PACKAGE_VERSION, to avoid some
issues in cmake_parse_arguments parsing with nested VERSION options.
The NO_PURL option was removed because it makes no sense in the new
implementation, because if you specify some PURL arguments, there is
already an intention to generate a PURL entry.
Qt entities no longer have a restriction on which specific purl ids
they can have.
The new Qt specific purl IDs have been renamed:
- QT -> GENERIC
- MIRROR -> GITHUB
Amends f7e1123620b623be0c321b54eaba7a1d618a7ce1
Task-number: QTBUG-122899
Change-Id: I050decece1c6d9e6e0e06547043f864d6f497ea7
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit a28a9e194cbcaf501c93df988c7dc6f5e09ee5d1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit dbfd84ae4c3139f0e9e3ba01192b8f5570615603)
Move generic PURL function from qt-specific file to main one. It was
mistakenly added to the wrong file during the initial split.
Amends f1ac316191c010b1389f6f3549c9f0b4424b9936
Task-number: QTBUG-122899
Change-Id: I1884f53ee7d30a25b873d85ee04b8c8d1e0532f5
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit fd622bc3ae90ba27069744bf61524139f1642872)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 2d51fc3c692675209316658214ef26d2fbfc6e97)
The argument must be added in qt_cmdline.cmake to work.
Change-Id: Ic256c0fda0caf3794b37ad8c5e8b6515fb45b0e6
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
(cherry picked from commit 5971e94bafacfebdcd28ef84a7cfea61ffd48689)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 3c178b40e74ac3344a50dcb5038e7adf77fe05c4)
We normally override the entrypoint to _qt_main_wrapper via the -e flag
to the linker, but if a Swift file is added to the Xcode project, Xcode
does some magic, building the app as a shared library, and wrapping it
with the Swift code into a custom executable. The -e flag will then be
a noop when linking our shared library.
To work around this we set the custom LD_ENTRY_POINT Xcode build setting,
which triggers Xcode to pass -e when linking the wrapper-executable.
This works in practice, but produces a warning on the console that the
entrypoint is not found, which has been reported as FB16519113.
Fixes: QTBUG-133577
Change-Id: I9d8310b39ac5a4900693df55c2e5bfa346c0300a
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
(cherry picked from commit 430ba7c0f826ee6f91fbfdc861525cb62b8e725c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 9fbb8e0090a1d8220479e776feae7c9c5bb8493e)
We should only pass the VERSION option if we have a value to pass.
Fixes warnings like the one below when using CMake 3.31:
CMake Warning (dev) at cmake/QtPublicSbomAttributionHelpers.cmake:511
(cmake_parse_arguments):
The VERSION keyword was followed by an empty string or no value at
all.
Policy CMP0174 is not set, so cmake_parse_arguments() will unset the
arg_VERSION variable rather than setting it to an empty string.
Call Stack (most recent call first):
cmake/QtPublicSbomHelpers.cmake:954
(_qt_internal_sbom_replace_qa_placeholders)
Amends bc3bbb51b7b48d3c4a44a432441938863582242c
Task-number: QTBUG-122899
Change-Id: I671a9153d72b21b6aed2112bea45f577a5cee4eb
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 4174f388e6804fb138f625aab3eb75b90c2c7bd4)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 9491249fc65f278f6124967eb88bfcf80309882e)
Make sure to specify the creator organization when calling reuse to
generate the source SBOM.
This replaces
'Creator: Organization: Anonymous'
with
'Creator: Organization: TheQtCompany (https://qt.io)'
Fixes: QTBUG-133796
Change-Id: I3532d9f35ca3eacd9c20bee7db88f35c76db9672
Reviewed-by: Lucie Gerard <lucie.gerard@qt.io>
(cherry picked from commit 52a64aca2099a1efc5a8819c9e60a57aefde4370)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 057ef3e1d37fdc4640ac2a25fa27665ac7937358)
Upstream CMake has a nasty bug where AUTOGEN dependencies are
discarded if a library is added as a dependency more than once (or
rather the number of times it is added is not equal to the number of
configured build configs).
This can result in racy build failures, where a <module>_autogen
target is supposed to depend on some <other_module>_sync_headers
target, but doesn't, and thus moc generates empty metatypes files
because it can't find a synced header.
To avoid the AUTOGEN dependencies from being discarded, manually
add all dependencies passed to qt_internal_extend_target to the
AUTOGEN_TARGET_DEPENDS property.
The issue is fixed in CMake 4.0, so the workaround is gated on the
cmake version used. Add a flag called
QT_NO_AUTOGEN_DISCARDED_DEPENDENCIES_WORKAROUND to disable the
workaround, in case the fix gets reverted upstream.
Pick-to: 6.5
Fixes: QTBUG-133725
Change-Id: I857d7e774fc9f9f5203a58311daea5e7177e0d67
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit fcb20586316aff2ccc39e2ae840b79f8b0e904a7)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 71130a16f8bd9636ac5dcf601d70420011960f5c)
Will be used by WebEngine configure checks to check if the
dependencies are met and show an according error message if not.
Task-number: QTBUG-122899
Change-Id: I56d46fe5cf12051903d1aec893336be5ae8983a2
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 414b73075c537481280179ea78748dd2a6b45f9e)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit f32dbf337d10691711f430588707620fd861a0e8)
When converting a json SPDX document to a tag/value SPDX document, we
need to make sure that the python dependencies are looked up.
After they are looked up, either error out or silently return
depending on whether the operation is required or not.
By default when _qt_internal_sbom_generate_tag_value_spdx_document is
called it is required to succeed and thus requires the python
dependencies to be present. A caller can opt out using the OPTIONAL
argument.
Task-number: QTBUG-122899
Change-Id: Iccb68f900f4892a816360843dd87f9e469104bf7
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 8b6b17ae87abcdb2120255b490ce6fe03b0e2e08)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 25840bcc32813197df541b69881ba0770ed6697f)
Improve wording when python or some dependency is missing, deduplicate
the strings and make sure to mention what is actually missing.
Task-number: QTBUG-122899
Change-Id: I26af38f0330a5462c6001cae03c46284e742fbda
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit ad82afb05417e2b07a55a4520105b1f01a802487)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 4ae0667e2b868fb3e006cbabc5ceb7faf0da4c33)
To ensure that when we find the interpreter, but not some python
dependency, we actually show the error about the dependency.
Task-number: QTBUG-122899
Change-Id: Ib4f42e04f071f800d0f5bbe3700a1208e1017a19
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 46ee11a426292bc1538b5138501136b2dadc7173)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit ac0e10db65f62aace8f7d69e4b648afc968196c2)
It can happen that qt repo version bumps are direct pushed, and not
merged in DAG-dependency order. This can cause a mismatch between the
qttools package version and any of its dependencies, which would block
integrations. To avoid this, we disable the warning about incompatible
package versions when building the doc tools. The version check in
that case doesn't make sense, so it's safe to do.
Amends f7f02c791bcbee44597f1fe24570ebdf352ec648
Task-number: QTBUG-128730
Change-Id: I6180ecb09c6a3dee415ae73c11549ee0f709f240
Reviewed-by: Paul Wicking <paul.wicking@qt.io>
Reviewed-by: Toni Saario <toni.saario@qt.io>
(cherry picked from commit a8f55f4729918700b9597843c98f9f2505ff0d23)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 81b3e808403253bcfa34e071d70c046ee6c4b574)
This commit adds a new parameter (--pre-test-adb-command) to
AndroidTestRunner. The new parameter allows to pass an extra adb command
which will be called by AndroidTestRunner after installation and before
running the test.
To set the mentioned argument the new parameter for qt_internal_add_test
was proposed: ANDROID_TESTRUNNER_PRE_TEST_ADB_COMMANDS.
The new parameter is needed especially for multimedia screen capture
tests. ScreenCapture feature needs an acceptation of Security Popup. It
can be automatically accepted with additional adb command.
Fixes: QTBUG-132249
Change-Id: Ib70cd05d60d4594961ca68b554c7aae11cf42240
Reviewed-by: Assam Boudjelthia <assam.boudjelthia@qt.io>
(cherry picked from commit b4c82eba03388aa4f9e5b56f633e0e679a3b0123)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit bc533b0fb2d50a8e124e5e54628ad847733a8de8)
Reviewed-by: Bartlomiej Moskal <bartlomiej.moskal@qt.io>
Previously we had complicated logic trying to differentiate between Qt
targets, system libraries, vendored libraries, custom sbom targets,
whether they are in external documents or not, when generating SBOM
dependencies for a target.
We also lacked the ability to handle regular non-Qt non-system
libraries. This was discovered while creating the SBOM for Qt Creator,
where the code treated all Creator helper libraries as system
libraries rather than just regular dependencies.
Simplify the code by unifying most of the code branches, removing
nested ifs, and removing special handling of some targets when
checking whether they are in external documents.
Now system libraries are marked at qt_find_package time by setting the
_qt_internal_sbom_is_system_library property on the target, rather
than trying to infer it base on the target name and other markers.
Now the logic goes as follows:
- check if system library based on the presence of the
_qt_internal_sbom_is_system_library property
- check if it's a vendored lib based on walking its libs and checking
if the _qt_module_is_3rdparty_library property is set
- mark system libraries as consumed
- if not a system library, handle it as a regular dependency, taking
into account if it's external or not
Also add some debug messages to help keep track of system libraries.
And remove some of the unnecessary code in
in _qt_internal_sbom_is_external_target_dependency and
_qt_internal_sbom_add_external_target_dependency.
Task-number: QTBUG-122899
Change-Id: Ic43fe53446b74badee2cde6d18146e952587c292
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 66261ac0f1f2807916c80b2050536d52b8fe6d3a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit b91da6c94348b3225bd0a43141f34ec4e5e1f216)
The SBOM functions so far had a lot of Qt-specific logic inside them.
Decouple this logic into separate Qt-specific functions or explicitly
guard the code with Qt-specific handling options, to prepare for a
cleaner SBOM public API.
The generic functions then call the Qt-specific ones if various
internal options are set.
This approach is used, rather than directly passing values to the
generic functions because:
- we have cases where we need to recursively pass the values all the
way down to all recursively created attribution targets
- some of the logic needs to know about values before and after qt
processing, and this could be achieved with something like lambdas
but it's not worth the complexity
Task-number: QTBUG-122899
Change-Id: I4399c41f4d976f20b16a0bb0c674d4f07ee1ccd4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit f1ac316191c010b1389f6f3549c9f0b4424b9936)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 59a571c75dbbe3cd425629ad309bdf143f0616de)
For build time sboms to be found in a no-prefix qt build of a repo,
specifically when finding external sbom documents, the build time
sboms have to be in the same location.
Previously they were in each repo's build dir.
Align the location to be in the qtbase build dir, just like for super
builds.
Also check for QT_BUILDING_QT because we don't want to apply the logic
for QT_WILL_INSTALL not being set in user projects.
Task-number: QTBUG-122899
Change-Id: I04a066fc0efc91a4f2ee938c190b8632c8c946aa
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 3a5c62d4af9cb07fba065de8a2d1b97531b6fd30)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 90b128e4cc7be623c67bd02128bf82a26efe2b57)
The format of the Xcode preferences has changed, so we need to account
for the new format when looking up the default development team.
Pick-to: 6.5
Change-Id: Ib34c2e5245c13db4d81218a5a2460417e4fc6347
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 469e4237cf32d27609661132727555490086750b)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 8f837f6e6f4a9d5c118514dcc80894406e9b5dcb)
As well as the _qt_internal_apple_development_team_id_computed
property.
It's used for macOS as well, so use `apple` infix instead of `ios`.
Pick-to: 6.5
Change-Id: I7932166d094a14ac32cce95e6c9fcbfa44bb97b4
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit d688c73e083cecc9b9478f09b202b66b92c87e4d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 6a23dfba362e683f94a34d0b7f5e2bfa6002370f)
A project might want to find_package all available (installed) Qt CMake
packages that contain qt modules.
A use case might be a qml app that needs to link to all of Qt, and
support showing qml files that can load any Qt qml module.
Add a new Qt6 COMPONENT called ALL_QT_MODULES.
It can be used like this:
find_package(Qt6 COMPONENTS ALL_QT_MODULES).
The implementation will find all installed Qt modules by globbing over
all json files installed in $qt/modules dir, and treat the file names
as package names.
It will then tell Qt6 to find_package each of those packages.
Change-Id: I89242307438576a0cbb3cdca80a9cb72818b6035
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit c7027880aa746a01362ac12491910479d7fc67e3)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 54cb92d58b33a7a8cc387bc84643e5d55e84b88c)
The license check is only called if VERIFY_SOURCE_SBOM is set to ON
in the module_config.yaml. This way, a module can turn on the check
only when ready.
The license check is done via a perl script. Since no perl is
available for Windows on ARM64, VERIFY_SOURCE_SBOM is set to OFF
in this case.
Task-number: QTBUG-131434
Change-Id: I183b7726928bbc925940330d39779a4ac2307254
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 153002f7d2904988efdd8abc68adff0f9927943b)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 01e5801cec6d444193c97a57faf3008b93f1d1d7)
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
The feature names are normalized using `qt_feature_normalize_name`, but
a user might read `qt_feature` usage and not realize that they should
normalize the name in the `FEATURE_*` variable.
This change emits an error if it detects such invalid names.
Fixes: QTBUG-132464
Change-Id: I33c7ab9f589c92e11e16d376660e8b6152339d12
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
(cherry picked from commit b71647d06970b2cc3b63b93c020eca8caf0a519f)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 9601b5fa5b1ed390274d02c02bc6530f4ad9b42f)
The code is moved into a macro without any modifications aside from
removing the escaping of variable evaluation and escaping of quotes.
It's kept as a macro similar to __qt_internal_include_plugin_packages,
because there might be calls to find_package() that set variables in
the current scope.
The reason for moving is easier maintenance (no more escaping).
Change-Id: Ie6ddc26fe4ff8db0134f3542c2886f8b5d68dc51
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 47006aca44c16c78f00940574170640f19e9fb43)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 4661694382fb47b8f6ee4407a3a15ee9352aae12)
Introduce two new directory-scoped variables containing versioned
(prefixed with Qt6::) target names of qt modules and qt plugins found
as a result of finding Qt packages:
- QT_ALL_MODULES_VERSIONED_FOUND_VIA_FIND_PACKAGE
- QT_ALL_PLUGINS_VERSIONED_FOUND_VIA_FIND_PACKAGE
To be consistent in the naming of the variables going forward,
deprecate the old QT_ALL_PLUGINS_FOUND_BY_FIND_PACKAGE variable
in favor of a new QT_ALL_PLUGINS_FOUND_VIA_FIND_PACKAGE.
The difference is 'BY' vs 'VIA'.
The non-versioned variables are modified not to contain duplicates:
- QT_ALL_MODULES_FOUND_VIA_FIND_PACKAGE
- QT_ALL_PLUGINS_FOUND_VIA_FIND_PACKAGE
Also remove duplicates from the variable that collects all found qt
plugin types:
- QT_ALL_PLUGIN_TYPES_FOUND_VIA_FIND_PACKAGE
A follow-up change will collect qml plugin targets.
This information can be useful to find out what Qt targets are
available in a project, for example to know what plugin targets or
types can be linked into another target, or which libraries can be
deployed.
Change-Id: I4f158872f4a8f6ef6008f081270604f75b77ad9d
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit f7b8ff71778bde94741402216269c2de2dda32c1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 93f52f7980c806e9b34bf6515ed4199f1b2b7814)
Add a few internal functions to allow
- getting the sbom project supplier
- project supplier url
- project namespace
- computing a project namespace
- computing a project file name
- getting a sanitized spdx id given a hint
Task-number: QTBUG-122899
Change-Id: I0dc3df274eaf6882a6af021aabee75501b5083f8
Reviewed-by: Moss Heim <moss.heim@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit dbf44b61c11d63a4e3242a62c3be34ebf1f3f012)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 7584fe901e75f72ea49f2e90101cb7316b07edb2)
We never ended up calling _qt_internal_finalize_sbom for generic Qt
repo executables, and we never passed an SBOM type, so this code never
worked.
Remove it to avoid confusion.
It might be re-added in the future.
This doesn't affect the SBOM generation for Qt tools and apps.
Task-number: QTBUG-122899
Change-Id: Iffde964efe2a6b70e6e0b64ec0803af5e84172fb
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit f2472c2e6a5b93dfbda166582620c30ea8855edb)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 3d4501bea7b3a3af36604d0d0eb8ce59dfad7475)
Alexandru Croitor
Cristian Le
Alexey Edelev
Joerg Bornemann
Tor Arne Vestbø
Bartlomiej Moskal
Lucie Gérard