From 516ffe8275b14bda74d8656f76d0b988e37f349c Mon Sep 17 00:00:00 2001 From: Alexandru Croitor Date: Wed, 13 Aug 2025 17:47:30 +0200 Subject: [PATCH] CMake: Pass parent package SPDX ID to custom file SBOM generation Otherwise we generate an invalid package by setting FilesAnalyzed to false, even though the package has custom files. Add a check that the parent package SPDX ID is always set when generating a file entry. Amends 5180b172d9e2256925b2723d30f5e18c8726399d Pick-to: 6.8 6.9 6.10 Change-Id: Ia96802c98e2d946b1360b5e32525a3ecf4cd2750 Reviewed-by: Alexey Edelev --- cmake/QtPublicSbomFileHelpers.cmake | 1 + cmake/QtPublicSbomGenerationHelpers.cmake | 2 ++ 2 files changed, 3 insertions(+) diff --git a/cmake/QtPublicSbomFileHelpers.cmake b/cmake/QtPublicSbomFileHelpers.cmake index edc01412983..7863a473159 100644 --- a/cmake/QtPublicSbomFileHelpers.cmake +++ b/cmake/QtPublicSbomFileHelpers.cmake @@ -730,6 +730,7 @@ function(_qt_internal_sbom_add_custom_file target installed_file_relative_path) FILENAME "${installed_file_relative_path}" FILETYPE "${file_type}" ${optional} SPDXID "${spdx_id}" + PARENT_PACKAGE_SPDXID "${arg_PACKAGE_SPDX_ID}" ${file_common_options} ${config_to_install_option} ${relationship_option} diff --git a/cmake/QtPublicSbomGenerationHelpers.cmake b/cmake/QtPublicSbomGenerationHelpers.cmake index 351b69ad451..03b720a048e 100644 --- a/cmake/QtPublicSbomGenerationHelpers.cmake +++ b/cmake/QtPublicSbomGenerationHelpers.cmake @@ -589,6 +589,8 @@ function(_qt_internal_sbom_generate_add_file) HINTS "SPDXRef-${arg_FILENAME}" ) + _qt_internal_sbom_set_default_option_value_and_error_if_empty(PARENT_PACKAGE_SPDXID "") + _qt_internal_sbom_set_default_option_value(LICENSE "NOASSERTION") _qt_internal_sbom_set_default_option_value(COPYRIGHT "NOASSERTION")