CMake: Add a fake deterministic SBOM generation option

Replaces content like timestamps, version strings and checksums with
constant values to make the SBOM generation deterministic.
This is useful for reproducible builds, to allow cleaner inter-diffs
while developing new SBOM features.

Can be enabled by configuring with
-DQT_SBOM_FAKE_DETERMINISTIC_BUILD=ON

Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: Id0003bdd23fe57abd70213a2a108885861693242
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>

cmake/QtPublicGitHelpers.cmake

@@ -49,6 +49,16 @@ function(_qt_internal_query_git_version)
         set(git_version "${version_git_head}+${version_git_branch}")
     endif()
 
+    if(QT_SBOM_FAKE_GIT_VERSION)
+        set(version_git_head "fakegithead")
+        set(version_git_hash "fakegithash")
+        set(version_git_branch "fakegitbranch")
+        set(version_git_tag "fakegittag")
+        set(git_version "${version_git_head}+${version_git_branch}")
+        _qt_internal_set_git_query_variables()
+        return()
+    endif()
+
     if(NOT Git_FOUND)
         message(STATUS "Git not found, skipping querying git version.")
         _qt_internal_set_git_query_variables()

cmake/QtPublicSbomGenerationHelpers.cmake

@@ -73,8 +73,13 @@ function(_qt_internal_sbom_begin_project_generate)
     cmake_parse_arguments(PARSE_ARGV 0 arg "${opt_args}" "${single_args}" "${multi_args}")
     _qt_internal_validate_all_args_are_parsed(arg)
 
+    if(QT_SBOM_FAKE_TIMESTAMP)
+        set(current_utc "2590-01-01T11:33:55Z")
+        set(current_year "2590")
+    else()
         string(TIMESTAMP current_utc UTC)
         string(TIMESTAMP current_year "%Y" UTC)
+    endif()
 
     _qt_internal_sbom_set_default_option_value(PROJECT "${PROJECT_NAME}")
 
@@ -438,7 +443,7 @@ function(_qt_internal_sbom_end_project_generate)
 
     # Allow skipping checksum computation for testing purposes, while installing just the sbom
     # documents, without requiring to build and install all the actual files.
-    if(QT_INTERNAL_SBOM_FAKE_CHECKSUM)
+    if(QT_SBOM_FAKE_CHECKSUM)
         string(APPEND extra_code_begin "
             set(QT_SBOM_FAKE_CHECKSUM TRUE)")
     endif()

cmake/QtPublicSbomHelpers.cmake

@@ -25,6 +25,8 @@ function(_qt_internal_sbom_begin_project)
         return()
     endif()
 
+    _qt_internal_sbom_setup_fake_deterministic_build()
+
     set(opt_args
         QT_CPE
     )
@@ -455,6 +457,25 @@ function(_qt_internal_sbom_end_qt_repo_project)
     _qt_internal_sbom_end_project()
 endfunction()
 
+
+# Enables a fake deterministic SBOM build, for easier inter-diffs between sbom files. Useful
+# for local development.
+function(_qt_internal_sbom_setup_fake_deterministic_build)
+    if(NOT DEFINED QT_SBOM_FAKE_DETERMINISTIC_BUILD)
+        return()
+    endif()
+
+    if(QT_SBOM_FAKE_DETERMINISTIC_BUILD)
+        set(value "ON")
+    elseif()
+        set(value "OFF")
+    endif()
+
+    set(QT_SBOM_FAKE_GIT_VERSION "${value}" CACHE BOOL "SBOM fake git version")
+    set(QT_SBOM_FAKE_TIMESTAMP "${value}" CACHE BOOL "SBOM fake timestamp")
+    set(QT_SBOM_FAKE_CHECKSUM "${value}" CACHE BOOL "SBOM fake checksums")
+endfunction()
+
 # Helper to get purl parsing options.
 macro(_qt_internal_get_sbom_purl_parsing_options opt_args single_args multi_args)
     set(${opt_args}