CMake: Split SBOM verification and NTIA compliance into separate ops

This will allow us to run only the first, but not the second, if the second won't have it's dependencies met. Task-number: QTBUG-122899 Change-Id: I141b4bd3b76a71495c760a118bdf1397ee7e16b5 Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io> (cherry picked from commit f15b3c864ee47177d4f13cf7a047f245c11c4d00) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2024-10-16 19:30:44 +02:00 · 2024-10-16 19:30:44 +02:00 · 446d8414ef
commit 446d8414ef
parent c69ff63ab3
2 changed files with 32 additions and 8 deletions
--- a/cmake/QtPublicSbomGenerationHelpers.cmake
+++ b/cmake/QtPublicSbomGenerationHelpers.cmake
@ -231,6 +231,7 @@ function(_qt_internal_sbom_end_project_generate)
        GENERATE_JSON
        GENERATE_SOURCE_SBOM
        VERIFY
+        VERIFY_NTIA_COMPLIANT
        LINT_SOURCE_SBOM
        LINT_SOURCE_SBOM_NO_ERROR
        SHOW_TABLE
@ -263,8 +264,12 @@ function(_qt_internal_sbom_end_project_generate)

    if(arg_VERIFY AND NOT QT_INTERNAL_NO_SBOM_PYTHON_OPS)
        _qt_internal_sbom_find_and_handle_sbom_op_dependencies(REQUIRED OP_KEY "VERIFY_SBOM")
+        _qt_internal_sbom_verify_valid()
+    endif()
+
+    if(arg_VERIFY_NTIA_COMPLIANT AND NOT QT_INTERNAL_NO_SBOM_PYTHON_OPS)
        _qt_internal_sbom_find_and_handle_sbom_op_dependencies(REQUIRED OP_KEY "RUN_NTIA")
-        _qt_internal_sbom_verify_valid_and_ntia_compliant()
+        _qt_internal_sbom_verify_ntia_compliant()
    endif()

    if(arg_SHOW_TABLE AND NOT QT_INTERNAL_NO_SBOM_PYTHON_OPS)
@ -1355,8 +1360,8 @@ function(_qt_internal_sbom_generate_json)
    set_property(GLOBAL APPEND PROPERTY _qt_sbom_cmake_verify_include_files "${verify_sbom}")
 endfunction()

-# Helper to verify the generated sbom is valid and NTIA compliant.
-function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
+# Helper to verify the generated sbom is valid.
+function(_qt_internal_sbom_verify_valid)
    if(NOT QT_INTERNAL_SBOM_PYTHON_EXECUTABLE)
        message(FATAL_ERROR "Python interpreter not found for verifying SBOM file.")
    endif()
@ -1365,10 +1370,6 @@ function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
        message(FATAL_ERROR "Python dependencies not found for verifying SBOM file")
    endif()

-    if(NOT QT_INTERNAL_SBOM_DEPS_FOUND_FOR_RUN_NTIA)
-        message(FATAL_ERROR "Python dependencies not found for running the SBOM NTIA checker.")
-    endif()
-
    set(content "
        message(STATUS \"Verifying: \${QT_SBOM_OUTPUT_PATH}\")
        execute_process(
@ -1379,7 +1380,27 @@ function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
        if(NOT res EQUAL 0)
            message(FATAL_ERROR \"SBOM verification failed: \${res}\")
        endif()
+")

+    _qt_internal_get_current_project_sbom_dir(sbom_dir)
+    set(verify_sbom "${sbom_dir}/verify_valid.cmake")
+    file(GENERATE OUTPUT "${verify_sbom}" CONTENT "${content}")
+
+    set_property(GLOBAL APPEND PROPERTY _qt_sbom_cmake_verify_include_files "${verify_sbom}")
+endfunction()
+
+# Helper to verify the generated sbom is NTIA compliant.
+function(_qt_internal_sbom_verify_ntia_compliant)
+    if(NOT QT_INTERNAL_SBOM_PYTHON_EXECUTABLE)
+        message(FATAL_ERROR "Python interpreter not found for verifying SBOM file.")
+    endif()
+
+    if(NOT QT_INTERNAL_SBOM_DEPS_FOUND_FOR_RUN_NTIA)
+        message(FATAL_ERROR "Python dependencies not found for running the SBOM NTIA checker.")
+    endif()
+
+    set(content "
+        message(STATUS \"Checking for NTIA compliance: \${QT_SBOM_OUTPUT_PATH}\")
        execute_process(
            COMMAND ${QT_INTERNAL_SBOM_PYTHON_EXECUTABLE} -m ntia_conformance_checker.main
            --file \"\${QT_SBOM_OUTPUT_PATH}\"
@ -1391,7 +1412,7 @@ function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
 ")

    _qt_internal_get_current_project_sbom_dir(sbom_dir)
-    set(verify_sbom "${sbom_dir}/verify_valid_and_ntia.cmake")
+    set(verify_sbom "${sbom_dir}/verify_ntia.cmake")
    file(GENERATE OUTPUT "${verify_sbom}" CONTENT "${content}")

    set_property(GLOBAL APPEND PROPERTY _qt_sbom_cmake_verify_include_files "${verify_sbom}")
--- a/cmake/QtPublicSbomHelpers.cmake
+++ b/cmake/QtPublicSbomHelpers.cmake
@ -248,6 +248,9 @@ function(_qt_internal_sbom_end_project)
    if(QT_INTERNAL_SBOM_VERIFY OR QT_INTERNAL_SBOM_DEFAULT_CHECKS)
        list(APPEND end_project_options VERIFY)
    endif()
+    if(QT_INTERNAL_SBOM_VERIFY_NTIA_COMPLIANT OR QT_INTERNAL_SBOM_DEFAULT_CHECKS)
+        list(APPEND end_project_options VERIFY_NTIA_COMPLIANT)
+    endif()
    if(QT_INTERNAL_SBOM_SHOW_TABLE OR QT_INTERNAL_SBOM_DEFAULT_CHECKS)
        list(APPEND end_project_options SHOW_TABLE)
    endif()