diff --git a/cmake/QtBuildRepoHelpers.cmake b/cmake/QtBuildRepoHelpers.cmake index c1816d712c2..e21b7c24d13 100644 --- a/cmake/QtBuildRepoHelpers.cmake +++ b/cmake/QtBuildRepoHelpers.cmake @@ -353,7 +353,6 @@ macro(qt_build_repo_begin) endif() _qt_internal_sbom_begin_project( - INSTALL_PREFIX "${QT_STAGING_PREFIX}" INSTALL_SBOM_DIR "${INSTALL_SBOMDIR}" QT_CPE ) diff --git a/cmake/QtPublicSbomGenerationHelpers.cmake b/cmake/QtPublicSbomGenerationHelpers.cmake index 57ca7118428..de632cdc0fe 100644 --- a/cmake/QtPublicSbomGenerationHelpers.cmake +++ b/cmake/QtPublicSbomGenerationHelpers.cmake @@ -65,7 +65,7 @@ function(_qt_internal_sbom_begin_project_generate) set(default_sbom_file_name "${arg_PROJECT}/${arg_PROJECT}-sbom-${QT_SBOM_GIT_VERSION_PATH}.spdx") set(default_install_sbom_path - "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/${default_sbom_file_name}") + "\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/${default_sbom_file_name}") qt_internal_sbom_set_default_option_value(OUTPUT "${default_install_sbom_path}") qt_internal_sbom_set_default_option_value(OUTPUT_RELATIVE_PATH @@ -636,7 +636,9 @@ FileCopyrightText: NOASSERTION" if(arg_INSTALL_PREFIX) set(install_prefix "${arg_INSTALL_PREFIX}") else() - set(install_prefix "${CMAKE_INSTALL_PREFIX}") + # The variable is escaped, so it is evaluated during cmake install time, so that the value + # can be overridden with cmake --install . --prefix . + set(install_prefix "\${CMAKE_INSTALL_PREFIX}") endif() set(content " @@ -728,18 +730,28 @@ function(_qt_internal_sbom_generate_add_external_reference) _qt_internal_get_staging_area_spdx_file_path(staging_area_spdx_file) set(install_prefixes "") + + # Always append the install time install prefix. + # The variable is escaped, so it is evaluated during cmake install time, so that the value + # can be overridden with cmake --install . --prefix . + list(APPEND install_prefixes "\${CMAKE_INSTALL_PREFIX}") + if(arg_INSTALL_PREFIXES) list(APPEND install_prefixes ${arg_INSTALL_PREFIXES}) endif() + if(QT6_INSTALL_PREFIX) list(APPEND install_prefixes ${QT6_INSTALL_PREFIX}) endif() + if(QT_ADDITIONAL_PACKAGES_PREFIX_PATH) list(APPEND install_prefixes ${QT_ADDITIONAL_PACKAGES_PREFIX_PATH}) endif() + if(QT_ADDITIONAL_SBOM_DOCUMENT_PATHS) list(APPEND install_prefixes ${QT_ADDITIONAL_SBOM_DOCUMENT_PATHS}) endif() + list(REMOVE_DUPLICATES install_prefixes) set(relationship_content "") diff --git a/cmake/QtPublicSbomHelpers.cmake b/cmake/QtPublicSbomHelpers.cmake index ce674273dde..f1fce0fffa0 100644 --- a/cmake/QtPublicSbomHelpers.cmake +++ b/cmake/QtPublicSbomHelpers.cmake @@ -4,9 +4,16 @@ # Starts repo sbom generation. # Should be called before any targets are added to the sbom. # -# INSTALL_PREFIX should be passed a value like CMAKE_INSTALL_PREFIX or QT_STAGING_PREFIX +# INSTALL_PREFIX should be passed a value like CMAKE_INSTALL_PREFIX or QT_STAGING_PREFIX. +# The default value is \${CMAKE_INSTALL_PREFIX}, which is evaluated at install time, not configure +# time. +# This default value is the /preferred/ value, to ensure using cmake --install . --prefix +# works correctly for lookup of installed files during SBOM generation. +# # INSTALL_SBOM_DIR should be passed a value like CMAKE_INSTALL_DATAROOTDIR or -# Qt's INSTALL_SBOMDIR +# Qt's INSTALL_SBOMDIR. +# The default value is "sbom". +# # SUPPLIER, SUPPLIER_URL, DOCUMENT_NAMESPACE, COPYRIGHTS are self-explanatory. function(_qt_internal_sbom_begin_project) # Allow opt out via an internal variable. Will be used in CI for repos like qtqa. @@ -123,12 +130,28 @@ function(_qt_internal_sbom_begin_project) set(version_suffix "") endif() + if(arg_INSTALL_SBOM_DIR) + set(install_sbom_dir "${arg_INSTALL_SBOM_DIR}") + elseif(INSTALL_SBOMDIR) + set(install_sbom_dir "${INSTALL_SBOMDIR}") + else() + set(install_sbom_dir "sbom") + endif() + + if(arg_INSTALL_PREFIX) + set(install_prefix "${arg_INSTALL_PREFIX}") + else() + # The variable is escaped, so it is evaluated during cmake install time, so that the value + # can be overridden with cmake --install . --prefix . + set(install_prefix "\${CMAKE_INSTALL_PREFIX}") + endif() + set(repo_spdx_relative_install_path "${arg_INSTALL_SBOM_DIR}/${repo_project_name_lowercase}${version_suffix}.spdx") # Prepend DESTDIR, to allow relocating installed sbom. Needed for CI. set(repo_spdx_install_path - "\$ENV{DESTDIR}${arg_INSTALL_PREFIX}/${repo_spdx_relative_install_path}") + "\$ENV{DESTDIR}${install_prefix}/${repo_spdx_relative_install_path}") if(arg_LICENSE_EXPRESSION) set(repo_license "${arg_LICENSE_EXPRESSION}")