From c33e213a6ae1717e787e856d8a9e5a40e48f4860 Mon Sep 17 00:00:00 2001
From: Alexandru Croitor <alexandru.croitor@qt.io>
Date: Tue, 6 Aug 2024 18:50:08 +0200
Subject: [PATCH] CMake: Read UpstreamPURL from attribution files when
 generating SBOMs

Task-number: QTBUG-122899
Change-Id: Id65770cdee17c6bf4701b10565ab428f3e28887f
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit 95b7fe49900904d19fca21876c84f97c2a6ae03d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 cmake/QtPublicSbomHelpers.cmake | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmake/QtPublicSbomHelpers.cmake b/cmake/QtPublicSbomHelpers.cmake
index e3c7106d764..a0a84085c0d 100644
--- a/cmake/QtPublicSbomHelpers.cmake
+++ b/cmake/QtPublicSbomHelpers.cmake
@@ -705,6 +705,9 @@ function(_qt_internal_sbom_add_target target)
     if(is_qt_entity_type)
         list(APPEND purl_args IS_QT_ENTITY_TYPE)
     endif()
+    if(qa_upstream_purl)
+        list(APPEND purl_args PURL_3RDPARTY_UPSTREAM_VALUE "${qa_upstream_purl}")
+    endif()
     list(APPEND purl_args OUT_VAR purl_package_options)
 
     _qt_internal_sbom_handle_purl_values(${target} ${purl_args})
@@ -2242,6 +2245,7 @@ function(_qt_internal_sbom_read_qt_attribution out_prefix)
         _qt_internal_sbom_get_attribution_key(DownloadLocation download_location "${out_prefix}")
         _qt_internal_sbom_get_attribution_key(Copyright copyrights "${out_prefix}")
         _qt_internal_sbom_get_attribution_key(CopyrightFile copyright_file "${out_prefix}")
+        _qt_internal_sbom_get_attribution_key(UpstreamPURL upstream_purl "${out_prefix}")
 
         # In some attribution files (like harfbuzz) Copyright contains an array of copyrights rather
         # than a single string. Extract all of them.