From 446d8414efca1ebcf6317d20a1bfa43e8a80a0ab Mon Sep 17 00:00:00 2001
From: Alexandru Croitor <alexandru.croitor@qt.io>
Date: Wed, 16 Oct 2024 19:30:44 +0200
Subject: [PATCH] CMake: Split SBOM verification and NTIA compliance into
 separate ops

This will allow us to run only the first, but not the second, if the
second won't have it's dependencies met.

Task-number: QTBUG-122899
Change-Id: I141b4bd3b76a71495c760a118bdf1397ee7e16b5
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit f15b3c864ee47177d4f13cf7a047f245c11c4d00)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 cmake/QtPublicSbomGenerationHelpers.cmake | 37 ++++++++++++++++++-----
 cmake/QtPublicSbomHelpers.cmake           |  3 ++
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/cmake/QtPublicSbomGenerationHelpers.cmake b/cmake/QtPublicSbomGenerationHelpers.cmake
index cd4875b6b22..2efa574fdf0 100644
--- a/cmake/QtPublicSbomGenerationHelpers.cmake
+++ b/cmake/QtPublicSbomGenerationHelpers.cmake
@@ -231,6 +231,7 @@ function(_qt_internal_sbom_end_project_generate)
         GENERATE_JSON
         GENERATE_SOURCE_SBOM
         VERIFY
+        VERIFY_NTIA_COMPLIANT
         LINT_SOURCE_SBOM
         LINT_SOURCE_SBOM_NO_ERROR
         SHOW_TABLE
@@ -263,8 +264,12 @@ function(_qt_internal_sbom_end_project_generate)
 
     if(arg_VERIFY AND NOT QT_INTERNAL_NO_SBOM_PYTHON_OPS)
         _qt_internal_sbom_find_and_handle_sbom_op_dependencies(REQUIRED OP_KEY "VERIFY_SBOM")
+        _qt_internal_sbom_verify_valid()
+    endif()
+
+    if(arg_VERIFY_NTIA_COMPLIANT AND NOT QT_INTERNAL_NO_SBOM_PYTHON_OPS)
         _qt_internal_sbom_find_and_handle_sbom_op_dependencies(REQUIRED OP_KEY "RUN_NTIA")
-        _qt_internal_sbom_verify_valid_and_ntia_compliant()
+        _qt_internal_sbom_verify_ntia_compliant()
     endif()
 
     if(arg_SHOW_TABLE AND NOT QT_INTERNAL_NO_SBOM_PYTHON_OPS)
@@ -1355,8 +1360,8 @@ function(_qt_internal_sbom_generate_json)
     set_property(GLOBAL APPEND PROPERTY _qt_sbom_cmake_verify_include_files "${verify_sbom}")
 endfunction()
 
-# Helper to verify the generated sbom is valid and NTIA compliant.
-function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
+# Helper to verify the generated sbom is valid.
+function(_qt_internal_sbom_verify_valid)
     if(NOT QT_INTERNAL_SBOM_PYTHON_EXECUTABLE)
         message(FATAL_ERROR "Python interpreter not found for verifying SBOM file.")
     endif()
@@ -1365,10 +1370,6 @@ function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
         message(FATAL_ERROR "Python dependencies not found for verifying SBOM file")
     endif()
 
-    if(NOT QT_INTERNAL_SBOM_DEPS_FOUND_FOR_RUN_NTIA)
-        message(FATAL_ERROR "Python dependencies not found for running the SBOM NTIA checker.")
-    endif()
-
     set(content "
         message(STATUS \"Verifying: \${QT_SBOM_OUTPUT_PATH}\")
         execute_process(
@@ -1379,7 +1380,27 @@ function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
         if(NOT res EQUAL 0)
             message(FATAL_ERROR \"SBOM verification failed: \${res}\")
         endif()
+")
 
+    _qt_internal_get_current_project_sbom_dir(sbom_dir)
+    set(verify_sbom "${sbom_dir}/verify_valid.cmake")
+    file(GENERATE OUTPUT "${verify_sbom}" CONTENT "${content}")
+
+    set_property(GLOBAL APPEND PROPERTY _qt_sbom_cmake_verify_include_files "${verify_sbom}")
+endfunction()
+
+# Helper to verify the generated sbom is NTIA compliant.
+function(_qt_internal_sbom_verify_ntia_compliant)
+    if(NOT QT_INTERNAL_SBOM_PYTHON_EXECUTABLE)
+        message(FATAL_ERROR "Python interpreter not found for verifying SBOM file.")
+    endif()
+
+    if(NOT QT_INTERNAL_SBOM_DEPS_FOUND_FOR_RUN_NTIA)
+        message(FATAL_ERROR "Python dependencies not found for running the SBOM NTIA checker.")
+    endif()
+
+    set(content "
+        message(STATUS \"Checking for NTIA compliance: \${QT_SBOM_OUTPUT_PATH}\")
         execute_process(
             COMMAND ${QT_INTERNAL_SBOM_PYTHON_EXECUTABLE} -m ntia_conformance_checker.main
             --file \"\${QT_SBOM_OUTPUT_PATH}\"
@@ -1391,7 +1412,7 @@ function(_qt_internal_sbom_verify_valid_and_ntia_compliant)
 ")
 
     _qt_internal_get_current_project_sbom_dir(sbom_dir)
-    set(verify_sbom "${sbom_dir}/verify_valid_and_ntia.cmake")
+    set(verify_sbom "${sbom_dir}/verify_ntia.cmake")
     file(GENERATE OUTPUT "${verify_sbom}" CONTENT "${content}")
 
     set_property(GLOBAL APPEND PROPERTY _qt_sbom_cmake_verify_include_files "${verify_sbom}")
diff --git a/cmake/QtPublicSbomHelpers.cmake b/cmake/QtPublicSbomHelpers.cmake
index d8a441a9c20..8ee853f65f8 100644
--- a/cmake/QtPublicSbomHelpers.cmake
+++ b/cmake/QtPublicSbomHelpers.cmake
@@ -248,6 +248,9 @@ function(_qt_internal_sbom_end_project)
     if(QT_INTERNAL_SBOM_VERIFY OR QT_INTERNAL_SBOM_DEFAULT_CHECKS)
         list(APPEND end_project_options VERIFY)
     endif()
+    if(QT_INTERNAL_SBOM_VERIFY_NTIA_COMPLIANT OR QT_INTERNAL_SBOM_DEFAULT_CHECKS)
+        list(APPEND end_project_options VERIFY_NTIA_COMPLIANT)
+    endif()
     if(QT_INTERNAL_SBOM_SHOW_TABLE OR QT_INTERNAL_SBOM_DEFAULT_CHECKS)
         list(APPEND end_project_options SHOW_TABLE)
     endif()