36dca3c04f
The change adds CPE and PURL keys to all qt_attribution.json files in the repo. In case if no sensible CPE or PURL exists, a "Comment" field is added with the text "no relevant CPE or PURL found". If only one of them does not exist, it is written as such in the Comment field. This allows filtering for files that haven't had the information added yet vs those that were looked up but no relevant information was found. For sources that are not hosted on github, a generic PURL is used with a download_url fragment pointing either to the exact location where the sources can be downloaded, or to the homepage of the project. The generic package name was chosen based on the 'Id' key of the attribution entry where it was present, and is not authoritative. For PURL github packages, the 'git tag' name was specified into the 'version' part of the PURL, rather than the 'version number', because SBOM processing tooling handle that better than the version number. For example for the freetype package, we specify the string 'VER-2-13-3' rather than the tag name '2.13.3'. We might revisit this in the future. [ChangeLog][Third-Party Code] Added PURL and CPE information to the attribution files of 3rd party sources. Pick-to: 6.5 6.8 Task-number: QTBUG-122899 Task-number: QTBUG-129602 Change-Id: Iad126242cafc3ea0b678c5c36b26f857039b1dbd Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Regeneration of gradients: 0) Grab a new .css for the webgradients 1) Run the gradientgen.js script (requires node): gradientgen.js enum webgradients.css # will regen the enumeration names (on stdout) gradientgen.js json webgradients.css # will regen the actual gradients (on stdout) 2) Build gradientgen.pro 3) Run gradientgen, passing the json as stdin, the result will be on stdout