Previously, only 3 purl entries could be added to a target, which
tightly coupled to Qt's needs: a QT one pointing to code.qt.io,
a MIRROR one pointing to github, and an upstream one pointing to some
upstream third party location.
Rework the implementation to allow for an unlimited number of PURL
entries and to allow more flexibility when adding PURLs in a user
project.
The new syntax for adding PURLs to a target, which is also the basis
for a future public API is as follows:
qt_internal_add_sbom(<target>
PURLS
[[PURL_ENTRY
PURL_ID <id>
PURL_TYPE <type>
PURL_NAMESPACE <namespace>
PURL_NAME <name>
PURL_VERSION <version>]...]
PURL_VALUES
[purl-string...]
)
The PURLS keyword is used to specify multiple PURL entries, each
starting with the PURL_ENTRY keyword. The PURL_VALUES keyword is used
to specify a list of pre-built purl strings.
PURL_ID is an optional argument used to identify a specific purl
entry, which is mostly needed for Qt's needs, to post-process them
further.
The rest of the options are pre-existing from the previous
implementation.
Implementation-wise, there's a new custom parser to be able to parse
and validate PURL_ENTRY arguments.
The VERSION option was renamed to PACKAGE_VERSION, to avoid some
issues in cmake_parse_arguments parsing with nested VERSION options.
The NO_PURL option was removed because it makes no sense in the new
implementation, because if you specify some PURL arguments, there is
already an intention to generate a PURL entry.
Qt entities no longer have a restriction on which specific purl ids
they can have.
The new Qt specific purl IDs have been renamed:
- QT -> GENERIC
- MIRROR -> GITHUB
Amends f7e1123620b623be0c321b54eaba7a1d618a7ce1
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I050decece1c6d9e6e0e06547043f864d6f497ea7
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit a28a9e194cbcaf501c93df988c7dc6f5e09ee5d1)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Move generic PURL function from qt-specific file to main one. It was
mistakenly added to the wrong file during the initial split.
Amends f1ac316191c010b1389f6f3549c9f0b4424b9936
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I1884f53ee7d30a25b873d85ee04b8c8d1e0532f5
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit fd622bc3ae90ba27069744bf61524139f1642872)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
The SBOM functions so far had a lot of Qt-specific logic inside them.
Decouple this logic into separate Qt-specific functions or explicitly
guard the code with Qt-specific handling options, to prepare for a
cleaner SBOM public API.
The generic functions then call the Qt-specific ones if various
internal options are set.
This approach is used, rather than directly passing values to the
generic functions because:
- we have cases where we need to recursively pass the values all the
way down to all recursively created attribution targets
- some of the logic needs to know about values before and after qt
processing, and this could be achieved with something like lambdas
but it's not worth the complexity
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I4399c41f4d976f20b16a0bb0c674d4f07ee1ccd4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from commit f1ac316191c010b1389f6f3549c9f0b4424b9936)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
