From ffef5168845e66b5c12afc6e2899c83778eb71c8 Mon Sep 17 00:00:00 2001 From: Alexandru Croitor Date: Wed, 4 Dec 2024 17:49:59 +0100 Subject: [PATCH] CMake: Support cmake --install . --prefix for SBOM generation Before this change, the SBOM generation only considered the CMAKE_INSTALL_PREFIX set at configure time for the purposes of file checksum computation, external document lookup, and SBOM file installation. When cmake --install . --prefix is used, the install time CMAKE_INSTALL_PREFIX variable is overridden with the provided path, and can be different from the configure time value. This path was applied to the installation of regular files, libraries, etc, but not to the SBOM generation. This caused issues like not being able to find a library to compute its checksum. Instead of hard-coding the value to QT_STAGING_PREFIX, just don't pass a value at all, and rely on the new default of using an install-time-evaluated \${CMAKE_INSTALL_PREFIX}. Keep the ability of specifying a custom prefix just in case. Modify all the code that used a hard-coded CMAKE_INSTALL_PREFIX to use a install-time-evaluated one instead. As a drive-by, also set a proper default value for the INSTALL_SBOM_DIR option. Pick-to: 6.8 Fixes: QTBUG-131883 Change-Id: Ifde6ab282ac40f10c5bf51976121065c7dc631eb Reviewed-by: Joerg Bornemann --- cmake/QtBuildRepoHelpers.cmake | 1 - cmake/QtPublicSbomGenerationHelpers.cmake | 16 +++++++++++-- cmake/QtPublicSbomHelpers.cmake | 29 ++++++++++++++++++++--- 3 files changed, 40 insertions(+), 6 deletions(-) diff --git a/cmake/QtBuildRepoHelpers.cmake b/cmake/QtBuildRepoHelpers.cmake index c1816d712c2..e21b7c24d13 100644 --- a/cmake/QtBuildRepoHelpers.cmake +++ b/cmake/QtBuildRepoHelpers.cmake @@ -353,7 +353,6 @@ macro(qt_build_repo_begin) endif() _qt_internal_sbom_begin_project( - INSTALL_PREFIX "${QT_STAGING_PREFIX}" INSTALL_SBOM_DIR "${INSTALL_SBOMDIR}" QT_CPE ) diff --git a/cmake/QtPublicSbomGenerationHelpers.cmake b/cmake/QtPublicSbomGenerationHelpers.cmake index 57ca7118428..de632cdc0fe 100644 --- a/cmake/QtPublicSbomGenerationHelpers.cmake +++ b/cmake/QtPublicSbomGenerationHelpers.cmake @@ -65,7 +65,7 @@ function(_qt_internal_sbom_begin_project_generate) set(default_sbom_file_name "${arg_PROJECT}/${arg_PROJECT}-sbom-${QT_SBOM_GIT_VERSION_PATH}.spdx") set(default_install_sbom_path - "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/${default_sbom_file_name}") + "\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/${default_sbom_file_name}") qt_internal_sbom_set_default_option_value(OUTPUT "${default_install_sbom_path}") qt_internal_sbom_set_default_option_value(OUTPUT_RELATIVE_PATH @@ -636,7 +636,9 @@ FileCopyrightText: NOASSERTION" if(arg_INSTALL_PREFIX) set(install_prefix "${arg_INSTALL_PREFIX}") else() - set(install_prefix "${CMAKE_INSTALL_PREFIX}") + # The variable is escaped, so it is evaluated during cmake install time, so that the value + # can be overridden with cmake --install . --prefix . + set(install_prefix "\${CMAKE_INSTALL_PREFIX}") endif() set(content " @@ -728,18 +730,28 @@ function(_qt_internal_sbom_generate_add_external_reference) _qt_internal_get_staging_area_spdx_file_path(staging_area_spdx_file) set(install_prefixes "") + + # Always append the install time install prefix. + # The variable is escaped, so it is evaluated during cmake install time, so that the value + # can be overridden with cmake --install . --prefix . + list(APPEND install_prefixes "\${CMAKE_INSTALL_PREFIX}") + if(arg_INSTALL_PREFIXES) list(APPEND install_prefixes ${arg_INSTALL_PREFIXES}) endif() + if(QT6_INSTALL_PREFIX) list(APPEND install_prefixes ${QT6_INSTALL_PREFIX}) endif() + if(QT_ADDITIONAL_PACKAGES_PREFIX_PATH) list(APPEND install_prefixes ${QT_ADDITIONAL_PACKAGES_PREFIX_PATH}) endif() + if(QT_ADDITIONAL_SBOM_DOCUMENT_PATHS) list(APPEND install_prefixes ${QT_ADDITIONAL_SBOM_DOCUMENT_PATHS}) endif() + list(REMOVE_DUPLICATES install_prefixes) set(relationship_content "") diff --git a/cmake/QtPublicSbomHelpers.cmake b/cmake/QtPublicSbomHelpers.cmake index ce674273dde..f1fce0fffa0 100644 --- a/cmake/QtPublicSbomHelpers.cmake +++ b/cmake/QtPublicSbomHelpers.cmake @@ -4,9 +4,16 @@ # Starts repo sbom generation. # Should be called before any targets are added to the sbom. # -# INSTALL_PREFIX should be passed a value like CMAKE_INSTALL_PREFIX or QT_STAGING_PREFIX +# INSTALL_PREFIX should be passed a value like CMAKE_INSTALL_PREFIX or QT_STAGING_PREFIX. +# The default value is \${CMAKE_INSTALL_PREFIX}, which is evaluated at install time, not configure +# time. +# This default value is the /preferred/ value, to ensure using cmake --install . --prefix +# works correctly for lookup of installed files during SBOM generation. +# # INSTALL_SBOM_DIR should be passed a value like CMAKE_INSTALL_DATAROOTDIR or -# Qt's INSTALL_SBOMDIR +# Qt's INSTALL_SBOMDIR. +# The default value is "sbom". +# # SUPPLIER, SUPPLIER_URL, DOCUMENT_NAMESPACE, COPYRIGHTS are self-explanatory. function(_qt_internal_sbom_begin_project) # Allow opt out via an internal variable. Will be used in CI for repos like qtqa. @@ -123,12 +130,28 @@ function(_qt_internal_sbom_begin_project) set(version_suffix "") endif() + if(arg_INSTALL_SBOM_DIR) + set(install_sbom_dir "${arg_INSTALL_SBOM_DIR}") + elseif(INSTALL_SBOMDIR) + set(install_sbom_dir "${INSTALL_SBOMDIR}") + else() + set(install_sbom_dir "sbom") + endif() + + if(arg_INSTALL_PREFIX) + set(install_prefix "${arg_INSTALL_PREFIX}") + else() + # The variable is escaped, so it is evaluated during cmake install time, so that the value + # can be overridden with cmake --install . --prefix . + set(install_prefix "\${CMAKE_INSTALL_PREFIX}") + endif() + set(repo_spdx_relative_install_path "${arg_INSTALL_SBOM_DIR}/${repo_project_name_lowercase}${version_suffix}.spdx") # Prepend DESTDIR, to allow relocating installed sbom. Needed for CI. set(repo_spdx_install_path - "\$ENV{DESTDIR}${arg_INSTALL_PREFIX}/${repo_spdx_relative_install_path}") + "\$ENV{DESTDIR}${install_prefix}/${repo_spdx_relative_install_path}") if(arg_LICENSE_EXPRESSION) set(repo_license "${arg_LICENSE_EXPRESSION}")