From 1791b5461d6ac3479996a46e383317f837625384 Mon Sep 17 00:00:00 2001
From: Alexandru Croitor <alexandru.croitor@qt.io>
Date: Fri, 25 Oct 2024 16:44:09 +0200
Subject: [PATCH] CMake: Remove the CMAKE_CXX_COMPILER path from the SBOM

It causes the SBOM to be non-reproducible, as the path is different on
each machine.
Embedding just the compiler id and version should be sufficient.

Task-number: QTBUG-122899
Task-number: QTBUG-130557
Change-Id: Iad66ac3f90c4969d27307c77bef46d2eba15c175
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit d7fb9bfb800a3bae41a5f6a73c598f859848b98c)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 cmake/QtPublicSbomGenerationHelpers.cmake | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmake/QtPublicSbomGenerationHelpers.cmake b/cmake/QtPublicSbomGenerationHelpers.cmake
index 6008810dfe1..83d3212b78e 100644
--- a/cmake/QtPublicSbomGenerationHelpers.cmake
+++ b/cmake/QtPublicSbomGenerationHelpers.cmake
@@ -144,7 +144,7 @@ FilesAnalyzed: false
 PackageSummary: <text>The compiler as identified by CMake, running on ${CMAKE_HOST_SYSTEM_NAME} (${CMAKE_HOST_SYSTEM_PROCESSOR})</text>
 PrimaryPackagePurpose: APPLICATION
 Relationship: SPDXRef-compiler BUILD_DEPENDENCY_OF ${project_spdx_id}
-RelationshipComment: <text>${project_spdx_id} is built by compiler ${CMAKE_CXX_COMPILER_ID} (${CMAKE_CXX_COMPILER}) version ${CMAKE_CXX_COMPILER_VERSION}</text>
+RelationshipComment: <text>${project_spdx_id} is built by compiler ${CMAKE_CXX_COMPILER_ID} version ${CMAKE_CXX_COMPILER_VERSION}</text>
 
 PackageName: ${arg_PROJECT}
 SPDXID: ${project_spdx_id}