If a developer configured Qt with
-DQT_GENERATE_SBOM=ON
-DQT_BUILD_TESTS=ON
-DQT_BUILD_TESTS_BY_DEFAULT=OFF
The would get the following error upon installation of qtmultimedia:
CMake Error at
qt_sbom/SPDXRef-PackagedFile-qt-plugin-MockMultimediaPlugin.cmake:5
(message):
Cannot find 'plugins/multimedia/libmockmultimediaplugin.a' to
compute its checksum.
This happens because QT_BUILD_TESTS_BY_DEFAULT == ON sets the
EXCLUDE_FROM_ALL directory property on the tests directory, which
means all plugins created under tests/ subdir are not installed by
default, and the SBOM code could not read the installed files to check
the checksums.
In such a case, set a QT_INTERNAL_TEST_TARGETS_EXCLUDE_FROM_ALL
directory-scoped variable in the tests/ subdir, and use that as a
marker for the sbom code to know it should skip the checksum check.
Pick-to: 6.8 6.9
Fixes: QTBUG-137168
Change-Id: I970c3bc5732cc648549e5099fa1d50b3b39cb26f
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
It's possible for a project to install a custom file with the same name
into different destination directories, and want to include them in
the SBOM.
Previously this failed at CMake generation time with an error like:
CMake Error: Files to be generated by multiple different commands:
qt_sbom/SPDXRef-PackagedFile-foo-bar.cmake
This happened due to using a non-unique filename for the generated
SBOM building file, as well as the spdx id the file name is based on.
Include a short hash based on the installed relative path of the file
to avoid spdx id clashes, and thus generated file name clashes.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I4c2ecd4652708504ef299af9b6f53d680d542382
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Previously one could only pass an explicit list of FILES to
_qt_internal_sbom_add_files. Add a new DIRECTORIES option, which will
glob the given directory paths, and include the found files in the
SBOM.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: Ia27afa93460d9f2e4462a49e30e4d6338300e8f7
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
It mirrors the Qt-specific QT_THIRD_PARTY_SOURCES one, to be used when
creating an SBOM attribution target that references a 3rd party
library's sources, as opposed to a complete 3rd party library.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I8f7f9f7386ffdc18dd8ae6ee32e39019639f5303
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Makes it easier to debug diffs of SBOMs, due to lower amount of
content in generated files.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I5a1e8a9868cda199de4a7344b86a12f68fec31bf
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
The SBOM implementation got somewhat large. Split the code into
several new QtPublicSbomFooHelpers.cmake files, to make it more
manageable.
No code or behavior was changed.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: Ia0ca1792eec21d12c4bb4cabe63279e1f5c07e3d
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
