qiurui
/
qt3d
mirror of https://github.com/qt/qt3d.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make module ready for source SBOM checking 

This includes:
- turning VERIFY_SOURCE_SBOM ON
- adding rules to the licenseRule.json files
- correcting the licensing given via REUSE.toml files
- renaming license files not located in LICENSES folder.
Their name needs to be prefixed with `LICENSE.` to be ignored
by reuse and excluded from the source SBOM. The names are
updated in the corresponding qt_attribution.json

A lot of files are skipped during the license test,
but all are present in the source SBOM.
This is why corrections are needed before turning the
source SBOM check on.

[ChangeLog][Third-Party Code] Renaming the license files with prefix
LICENSE. to have them ignored by reuse tool.

Task-number: QTBUG-131434
Pick-to: 6.9 6.8
Change-Id: I98c2f13d06f32d10829351cbadd76db51c3c27b2
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
This commit is contained in:
Lucie Gérard 2025-01-22 15:35:00 +01:00
parent 9dc96e44fb
commit 1d2b0f3a48
14 changed files with 147 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
REUSE.toml
View File

@ -63,7 +63,8 @@ path = ["tests/manual/planets-qml/android/AndroidManifest.xml",
"tests/manual/advancedcustommaterial/models/waterPlane.obj", "tests/manual/advancedcustommaterial/models/waterPlane.obj",
"tests/manual/exampleresources/assets/textures/no-ao.png", "tests/manual/exampleresources/assets/textures/no-ao.png",
"tests/manual/exampleresources/assets/test_scene.dae", "tests/manual/exampleresources/assets/test_scene.dae",
"tests/auto/render/gltexture/image.jpg"] "tests/auto/render/gltexture/image.jpg",
"tests/**.json"]
precedence = "closest" precedence = "closest"
comment = "test" comment = "test"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
@ -81,38 +82,39 @@ path = ["src/extras/shaders/**",
"src/quick3d/imports/**", "src/quick3d/imports/**",
"src/quick3d/quick3dscene3d/shaders/*", "src/quick3d/quick3dscene3d/shaders/*",
"src/core/doc/Qt3DDoc", "src/core/doc/Qt3DDoc",
"tools/utils/qtcreator/templates/wizards/classes/qt3d/*"] "tools/utils/qtcreator/templates/wizards/classes/qt3d/*",
"src/**.json"]
precedence = "closest" precedence = "closest"
comment = "module and plugin" comment = "module and plugin"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only" SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
[[annotations]] [[annotations]]
path = ["**.pro", "**.qrc", "**CMakeLists.txt", ".cmake.conf", "**.yaml", "**.json", path = ["**.pro", "**.qrc", "**CMakeLists.txt", ".cmake.conf", "**.yaml", ".tag",
"**.cfg", "**/qt_cmdline.cmake", "**/BLACKLIST", "**/Info.plist", "**.pri", "**.cfg", "**/qt_cmdline.cmake", "**/BLACKLIST", "**/Info.plist", "**.pri",
".clang-format"] "**ci_config_linux.json", "**configure.json"]
precedence = "closest" precedence = "closest"
comment = "build system" comment = "build system"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "BSD-3-Clause" SPDX-License-Identifier = "BSD-3-Clause"
[[annotations]] [[annotations]]
path = [".tag", "**/.gitattributes", "**.gitignore", "**/.gitreview"] path = [".clang-format", "**/.gitattributes", "**.gitignore", "**/.gitreview", ".gitmodules"]
precedence = "closest" precedence = "closest"
comment = "version control system. Licensed as build system" comment = "version control system. Infrastructure"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "BSD-3-Clause" SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
[[annotations]] [[annotations]]
path = ["**/doc/images/*", "doc/src/images/**", "examples/**", "**/doc/snippets/**"] path = ["examples/**", "**/doc/snippets/**"]
comment = "this must be after the build system table because example and snippets take precedence over build system" comment = "this must be after the build system table because example and snippets take precedence over build system"
precedence = "closest" precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause" SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
[[annotations]] [[annotations]]
path = ["**/README*", "**.qdocconf", "**.patch", "**/readme.txt", path = ["**/doc/images/*", "doc/src/images/**", "**/README*", "**.qdocconf", "**.patch", "**/readme.txt",
".gitmodules", ".qt-license-check.exclude", "config_help.txt"] ".qt-license-check.exclude", "config_help.txt", "**.qdocinc"]
comment = "documentation" comment = "documentation"
precedence = "closest" precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
@ -120,10 +122,10 @@ SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-on
[[annotations]] [[annotations]]
path = ["**.toml", "licenseRule.json"] path = ["**.toml", "licenseRule.json"]
comment = "documentation" comment = "infrastructure"
precedence = "override" precedence = "override"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only" SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
[[annotations]] [[annotations]]
path = ["**/qt_attribution.json"] path = ["**/qt_attribution.json"]
@ -132,10 +134,3 @@ precedence = "override"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only" SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"
[[annotations]]
path = ["**LICENSE*", "**/license.txt"]
precedence = "override"
comment = "License file."
SPDX-FileCopyrightText = "None"
SPDX-License-Identifier = "CC0-1.0"

3
coin/module_config.yaml
View File

@ -6,6 +6,9 @@ accept_configuration:
instructions: instructions:
Build: Build:
- type: EnvironmentVariable
variableName: VERIFY_SOURCE_SBOM
variableValue: "ON"
- type: Group - type: Group
instructions: instructions:
- !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml" - !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml"

2
examples/qt3d/exampleresources/assets/cubemaps/miramar/REUSE.toml
View File

@ -1,7 +1,7 @@
version = 1 version = 1
[[annotations]] [[annotations]]
path = ["*.webp"] path = ["*"]
precedence = "closest" precedence = "closest"
SPDX-FileCopyrightText = "Copyright (c) Jockum Skoglund aka hipshot" SPDX-FileCopyrightText = "Copyright (c) Jockum Skoglund aka hipshot"
SPDX-License-Identifier = "LicenseRef-MIRAMAR" SPDX-License-Identifier = "LicenseRef-MIRAMAR"

171
licenseRule.json
View File

@ -1,6 +1,6 @@
[ [
{ {
"comment" : ["file_pattern_ending: strings matched against the end of a file name.", "comment": ["file_pattern_ending: strings matched against the end of a file name.",
"location keys: regular expression matched against the beginning of", "location keys: regular expression matched against the beginning of",
"the file path (relative to the git submodule root).", "the file path (relative to the git submodule root).",
"spdx: list of SPDX-License-Expression's allowed in the matching files.", "spdx: list of SPDX-License-Expression's allowed in the matching files.",
@ -9,84 +9,145 @@
"unless they are examples", "unless they are examples",
"Files with other endings can also be build system files" "Files with other endings can also be build system files"
], ],
"file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro"], "file_pattern_ending": ["CMakeLists.txt", ".cmake", ".pro", ".qrc", "Info.plist",
"location" : { ".glsl", ".cmake.conf", ".tag", "ci_config_linux.json",
"" : { ".yaml", "configure.json", "BLACKLIST"],
"comment" : "File with other endings also belong to the build system file type", "location": {
"file type" : "build system", "": {
"spdx" : ["BSD-3-Clause"] "comment": "File with other endings also belong to the build system file type",
"file type": "build system",
"spdx": ["BSD-3-Clause"]
}, },
"(.*)(examples/|snippets/)" : { "(.*)(examples/|snippets/)": {
"comment" : "Example takes precedent", "comment": "Example takes precedent",
"file type" : "example", "file type": "example",
"spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] "spdx": ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
} }
} }
}, },
{ {
"comments" : ["Files with the following endings are Tool licensed,", "comments": ["Files with the following endings are infrastructure licensed"],
"file_pattern_ending": [".gitattributes", ".gitignore", ".gitmodules", ".gitreview",
".clang-format", "licenseRule.json", "REUSE.toml"],
"location":{
"": {
"comment": "Default",
"file type": "infrastructure",
"spdx": ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
}
}
},
{
"comments": ["Files with the following endings are Tool licensed,",
"unless they are examples.", "unless they are examples.",
"Files with other endings can also be tool files."], "Files with other endings can also be tool files."],
"file_pattern_ending" : [".sh", ".py", ".pl", ".bat", ".ps1"], "file_pattern_ending": [".sh", ".py", ".pl", ".bat", ".ps1"],
"location" :{ "location":{
"" : { "": {
"comment" : "Default", "comment": "Default",
"file type" : "tools", "file type": "tools",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"] "spdx": ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
}, },
"(.*)(examples/|snippets/)" : { "(.*)(examples/|snippets/)": {
"comment" : "Example takes precedent", "comment": "Example takes precedent",
"file type" : "example", "file type": "example",
"spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] "spdx": ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
} }
} }
}, },
{ {
"comment" : "Files with the following endings are Documentation licensed.", "comment": "Files with the following endings are Documentation licensed.",
"file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", "README", "qt_attribution.json"], "file_pattern_ending": [".qdoc", ".qdocinc" , ".qdocconf", "README", "qt_attribution.json",
"location" :{ "readme.txt", ".qt-license-check.exclude", "config_help.txt",
"" : { ".qdocinc"],
"comment" : "", "location":{
"file type" : "documentation", "": {
"spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"] "comment": "",
"file type": "documentation",
"spdx": ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
} }
} }
}, },
{ {
"comment" : ["All other files", "comment": ["All other files",
"The licensing is defined only by the file location in the Qt module repository.", "The licensing is defined only by the file location in the Qt module repository.",
"NO <file_pattern_ending> key for this case!", "NO <file_pattern_ending> key for this case!",
"This needs to be the last entry of the file."], "This needs to be the last entry of the file."],
"location" : { "location": {
"" : { "": {
"comment" : "Rule for the files with the above endings, anywhere in the tested directory", "comment": "Rule for the files with the above endings, anywhere in the tested directory",
"file type" : "module and plugin", "file type": "module and plugin",
"spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"] "spdx": ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
}, },
"src" : { "dist/": {
"comment" : "", "comment": "Default",
"file type" : "module and plugin", "file type": "documentation",
"spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"] "spdx": ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
}, },
"tests" : { "src": {
"comment" : "", "comment": "",
"file type" : "test", "file type": "module and plugin",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] "spdx": ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
}, },
"(.*)(examples/|snippets/)" : { "tests": {
"comment" : "", "comment": "",
"file type" : "documentation snippet", "file type": "test",
"spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] "spdx": ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
}, },
"usecases" : { "(.*)(examples/|snippets/)": {
"comment" : "", "comment": "",
"file type" : "tools", "file type": "documentation snippet",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"] "spdx": ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
}, },
"config\\.test" : { "(.*|examples)(.*)/doc/images": {
"comment" : "", "comment": "",
"file type" : "tools", "file type": "documentation",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"] "spdx": ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
},
"usecases": {
"comment": "",
"file type": "tools",
"spdx": ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
},
"config\\.test": {
"comment": "",
"file type": "tools",
"spdx": ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
},
"tests/manual/wave/shaders/ribbon.vert": {
"comment": "",
"file type": "3rd party",
"spdx": ["MIT"]
},
"tests/manual/planets-qml/planets-watchos/PlanetsClient/main.m": {
"comment": "",
"file type": "3rd party",
"spdx": ["MIT"]
},
"tests/manual/planets-qml/images/solarsystemscope/": {
"comment": "",
"file type": "3rd party",
"spdx": ["CC-BY-4.0"]
},
"examples/qt3d/exampleresources/assets/obj/": {
"comment": "",
"file type": "3rd party",
"spdx": ["CC-BY-4.0"]
},
".*/exampleresources/assets/cubemaps/miramar/": {
"comment": "",
"file type": "3rd party",
"spdx": ["LicenseRef-MIRAMAR"]
},
"tests/manual/planets-qml/images/nasa/uranusringcolortrans.png": {
"comment": "",
"file type": "3rd party",
"spdx": ["LicenseRef-Image-Use-Policy"]
},
"tests/manual/exampleresources/assets/gltf/wine/.*": {
"comment": "Motorola",
"file type": "3rd party",
"spdx": ["BSD-3-Clause"]
} }
} }
} }

0
src/3rdparty/imgui/LICENSE_imstb.txt → src/3rdparty/imgui/LICENSE.imstb.txt vendored
View File

0
src/3rdparty/imgui/LICENSE_proggyclean.txt → src/3rdparty/imgui/LICENSE.proggyclean.txt vendored
View File

4
src/3rdparty/imgui/qt_attribution.json vendored
View File

@ -24,7 +24,7 @@
"Homepage": "https://github.com/bluescan/proggyfonts", "Homepage": "https://github.com/bluescan/proggyfonts",
"License": "MIT License", "License": "MIT License",
"LicenseId": "MIT", "LicenseId": "MIT",
"LicenseFile": "LICENSE_proggyclean.txt", "LicenseFile": "LICENSE.proggyclean.txt",
"Copyright": "Copyright (c) 2004, 2005 Tristan Grimmer" "Copyright": "Copyright (c) 2004, 2005 Tristan Grimmer"
}, },
{ {
@ -38,7 +38,7 @@
"Homepage": "https://github.com/nothings/stb/", "Homepage": "https://github.com/nothings/stb/",
"License": "MIT License or Public Domain", "License": "MIT License or Public Domain",
"LicenseId": "MIT OR CC0-1.0", "LicenseId": "MIT OR CC0-1.0",
"LicenseFile": "LICENSE_imstb.txt", "LicenseFile": "LICENSE.imstb.txt",
"Copyright": "Copyright (c) 2017 Sean Barrett" "Copyright": "Copyright (c) 2017 Sean Barrett"
} }
] ]

7
tests/manual/exampleresources/assets/cubemaps/miramar/REUSE.toml Normal file
View File

@ -0,0 +1,7 @@
version = 1
[[annotations]]
path = ["*"]
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (c) Jockum Skoglund aka hipshot"
SPDX-License-Identifier = "LicenseRef-MIRAMAR"

2
tests/manual/planets-qml/CMakeLists.txt
View File

@ -110,7 +110,7 @@ set(planets-qml-images_resource_files
"images/solarsystemscope/earthspec2k.jpg" "images/solarsystemscope/earthspec2k.jpg"
"images/solarsystemscope/galaxy_starfield.jpg" "images/solarsystemscope/galaxy_starfield.jpg"
"images/solarsystemscope/jupitermap.jpg" "images/solarsystemscope/jupitermap.jpg"
"images/solarsystemscope/license.txt" "images/solarsystemscope/LICENSE.txt"
"images/solarsystemscope/marsmap2k.jpg" "images/solarsystemscope/marsmap2k.jpg"
"images/solarsystemscope/marsnormal2k.jpg" "images/solarsystemscope/marsnormal2k.jpg"
"images/solarsystemscope/mercurymap.jpg" "images/solarsystemscope/mercurymap.jpg"

0
tests/manual/planets-qml/images/nasa/license.txt → tests/manual/planets-qml/images/nasa/LICENSE.txt
View File

2
tests/manual/planets-qml/images/nasa/qt_attribution.json
View File

@ -10,6 +10,6 @@
"Homepage": "https://photojournal.jpl.nasa.gov/", "Homepage": "https://photojournal.jpl.nasa.gov/",
"License": "JPL Image Use Policy", "License": "JPL Image Use Policy",
"LicenseId": "LicenseRef-Image-Use-Policy", "LicenseId": "LicenseRef-Image-Use-Policy",
"LicenseFile": "license.txt", "LicenseFile": "LICENSE.txt",
"Copyright": "Copyright (c) 1996, Jet Propulsion Laboratory" "Copyright": "Copyright (c) 1996, Jet Propulsion Laboratory"
} }

0
tests/manual/planets-qml/images/solarsystemscope/license.txt → tests/manual/planets-qml/images/solarsystemscope/LICENSE.txt
View File

2
tests/manual/planets-qml/images/solarsystemscope/qt_attribution.json
View File

@ -9,6 +9,6 @@
"Homepage": "https://www.solarsystemscope.com/textures", "Homepage": "https://www.solarsystemscope.com/textures",
"License": "Creative Commons Attribution 4.0", "License": "Creative Commons Attribution 4.0",
"LicenseId": "CC-BY-4.0", "LicenseId": "CC-BY-4.0",
"LicenseFile": "license.txt", "LicenseFile": "LICENSE.txt",
"Copyright": "Copyright (c) 2010-2017, Solar System Scope" "Copyright": "Copyright (c) 2010-2017, Solar System Scope"
} }

2
tests/manual/planets-qml/planets-qml-images.qrc
View File

@ -8,7 +8,7 @@
<file>images/solarsystemscope/earthspec2k.jpg</file> <file>images/solarsystemscope/earthspec2k.jpg</file>
<file>images/solarsystemscope/galaxy_starfield.jpg</file> <file>images/solarsystemscope/galaxy_starfield.jpg</file>
<file>images/solarsystemscope/jupitermap.jpg</file> <file>images/solarsystemscope/jupitermap.jpg</file>
<file>images/solarsystemscope/license.txt</file> <file>images/solarsystemscope/LICENSE.txt</file>
<file>images/solarsystemscope/marsmap2k.jpg</file> <file>images/solarsystemscope/marsmap2k.jpg</file>
<file>images/solarsystemscope/marsnormal2k.jpg</file> <file>images/solarsystemscope/marsnormal2k.jpg</file>
<file>images/solarsystemscope/mercurymap.jpg</file> <file>images/solarsystemscope/mercurymap.jpg</file>