Previously, only 3 purl entries could be added to a target, which
tightly coupled to Qt's needs: a QT one pointing to code.qt.io,
a MIRROR one pointing to github, and an upstream one pointing to some
upstream third party location.
Rework the implementation to allow for an unlimited number of PURL
entries and to allow more flexibility when adding PURLs in a user
project.
The new syntax for adding PURLs to a target, which is also the basis
for a future public API is as follows:
qt_internal_add_sbom(<target>
PURLS
[[PURL_ENTRY
PURL_ID <id>
PURL_TYPE <type>
PURL_NAMESPACE <namespace>
PURL_NAME <name>
PURL_VERSION <version>]...]
PURL_VALUES
[purl-string...]
)
The PURLS keyword is used to specify multiple PURL entries, each
starting with the PURL_ENTRY keyword. The PURL_VALUES keyword is used
to specify a list of pre-built purl strings.
PURL_ID is an optional argument used to identify a specific purl
entry, which is mostly needed for Qt's needs, to post-process them
further.
The rest of the options are pre-existing from the previous
implementation.
Implementation-wise, there's a new custom parser to be able to parse
and validate PURL_ENTRY arguments.
The VERSION option was renamed to PACKAGE_VERSION, to avoid some
issues in cmake_parse_arguments parsing with nested VERSION options.
The NO_PURL option was removed because it makes no sense in the new
implementation, because if you specify some PURL arguments, there is
already an intention to generate a PURL entry.
Qt entities no longer have a restriction on which specific purl ids
they can have.
The new Qt specific purl IDs have been renamed:
- QT -> GENERIC
- MIRROR -> GITHUB
Amends f7e1123620b623be0c321b54eaba7a1d618a7ce1
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I050decece1c6d9e6e0e06547043f864d6f497ea7
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Move generic PURL function from qt-specific file to main one. It was
mistakenly added to the wrong file during the initial split.
Amends f1ac316191c010b1389f6f3549c9f0b4424b9936
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I1884f53ee7d30a25b873d85ee04b8c8d1e0532f5
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
The Qt specific functions belong in the
QtPublicSbomQtEntityHelpers.cmake file, not
QtPublicSbomPurlHelpers.cmake.
Amends f1ac316191c010b1389f6f3549c9f0b4424b9936
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: If5dd77672306c520404b294a6b5bde4f0e6ab8bc
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
The SBOM functions so far had a lot of Qt-specific logic inside them.
Decouple this logic into separate Qt-specific functions or explicitly
guard the code with Qt-specific handling options, to prepare for a
cleaner SBOM public API.
The generic functions then call the Qt-specific ones if various
internal options are set.
This approach is used, rather than directly passing values to the
generic functions because:
- we have cases where we need to recursively pass the values all the
way down to all recursively created attribution targets
- some of the logic needs to know about values before and after qt
processing, and this could be achieved with something like lambdas
but it's not worth the complexity
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I4399c41f4d976f20b16a0bb0c674d4f07ee1ccd4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Initially the git vars were assigned to the parent scope of the
_qt_internal_sbom_begin_project function, with the intent to set them
in the global scope. But the function was later wrapped in other
functions, so the variables stopped being accessible.
Instead of playing with recursive PARENT_SCOPEs, save the variables in
global properties like we do for other info, and use a new
_qt_internal_sbom_get_git_version_vars() function to query the vars in
the code that needs them.
This fixes generated purls to contain the git version and hashes.
Also add a new internal API wrapper macro called
qt_internal_sbom_get_git_version_vars to allow calling it
in other repos.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I061b34f418c1ecc1c66c8c01ef758d2f40611ede
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
The SBOM implementation got somewhat large. Split the code into
several new QtPublicSbomFooHelpers.cmake files, to make it more
manageable.
No code or behavior was changed.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: Ia0ca1792eec21d12c4bb4cabe63279e1f5c07e3d
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
