When processing multiple attribution files to collect all attribution
ids, the values of the previous iteration extracted keys were not
reset.
This caused the values to leak to the next processed attribution id
target if the specific id key was empty.
Make sure to clean up the values before parsing the next attribution
key.
Pick-to: 6.8 6.9
Change-Id: I386fc9c09276c49207382b06605efeb0d939b6da
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Some attribution entries don't have a SPDX license id specified, in
that case it's good to at least include the free-form license name and
file path.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I75bb5c30645684ea74fe94da92ea30eb29965ad4
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Nested SBOM attribution targets were always created with the
QT_THIRD_PARTY_SOURCES type even in user projects.
Set an appropriate type depending on whether we are handling a qt
entity type or not.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: Id8144d1b8093de78f2987a611a6de8e6d4777084
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Allow creating nested SBOM attribution targets also for non-Qt targets
in user projects. This will allow using qt_attribution.json files in
user projects.
Rename PARENT_TARGET to ATTRIBUTION_PARENT_TARGET to make it clear
what the parent target is for.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: Ia08ee934a9dc03827fcc26d0fc90e072499e8a21
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Previously one could attach all attributions from a
qt_attribution.json file to a target, or a specific entry based on a
given numeric index.
This is not always practical, as the index of an entry can change, and
including all entries might be too much.
Allow specifying a list of attribution ids to include in the SBOM.
This will parse all the attribution entries and only include those
that match the given ids.
If a list of ids is provided, and any of them is not found, an error
will be shown.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I2ca442fe0cd6d18773861f90f32ab7380aaeacdd
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
To avoid issues with characters like "/" which might come from
attribution ids.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I65bec3b301f7fe1008cfd06aba3e1fbbb93f38c3
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
The SBOM functions so far had a lot of Qt-specific logic inside them.
Decouple this logic into separate Qt-specific functions or explicitly
guard the code with Qt-specific handling options, to prepare for a
cleaner SBOM public API.
The generic functions then call the Qt-specific ones if various
internal options are set.
This approach is used, rather than directly passing values to the
generic functions because:
- we have cases where we need to recursively pass the values all the
way down to all recursively created attribution targets
- some of the logic needs to know about values before and after qt
processing, and this could be achieved with something like lambdas
but it's not worth the complexity
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I4399c41f4d976f20b16a0bb0c674d4f07ee1ccd4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
The SBOM implementation got somewhat large. Split the code into
several new QtPublicSbomFooHelpers.cmake files, to make it more
manageable.
No code or behavior was changed.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: Ia0ca1792eec21d12c4bb4cabe63279e1f5c07e3d
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
