Make module ready for source SBOM checking

This includes:
- turning VERIFY_SOURCE_SBOM ON
- adding rules to the licenseRule.json files
- correcting the licensing given via REUSE.toml files

A lot of files are skipped during the license test,
but all are present in the source SBOM.
This is why corrections are needed before turning the
source SBOM check on.

Task-number: QTBUG-131434
Pick-to: 6.9 6.8
Change-Id: I2f4caf0e11040274d443547856a2a31da0b120cc
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>

REUSE.toml

@@ -22,7 +22,8 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
 
 [[annotations]]
-path = ["**.pro", "**.qrc", ".cmake.conf", "**.yaml", "**.json", "**.pri"]
+path = ["**.pro", "**.qrc", ".cmake.conf", "**.yaml", "**.pri",
+        "**ci_config_linux.json"]
 precedence = "closest"
 comment = "build system"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
@@ -36,26 +37,19 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "BSD-3-Clause"
 
 [[annotations]]
-path = ["**/doc/images/**", "examples/**"]
+path = ["examples/**"]
 comment = "this must be after the build system table because example and snippets take precedence over build system"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
 
 [[annotations]]
-path = ["**/README*"]
+path = ["**/doc/images/**", "**/README*", "**.qdocconf", "**.qdocinc", "**.toml", "licenseRule.json"]
 comment = "documentation"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"
 
-[[annotations]]
-path = ["**.toml", "licenseRule.json"]
-comment = "documentation"
-precedence = "override"
-SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
-SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"
-
 [[annotations]]
 path = ["**/qt_attribution.json"]
 comment = "documentation"

coin/module_config.yaml

@@ -6,6 +6,10 @@ accept_configuration:
 
 instructions:
   Build:
+    # to be turned on when the module source SBOM pass the license check
+    - type: EnvironmentVariable
+      variableName: VERIFY_SOURCE_SBOM
+      variableValue: "ON"
     - type: Group
       instructions:
         - !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml"

licenseRule.json

@@ -10,7 +10,9 @@
                      "Files with other endings can also be build system files"
                      ],
         "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".pri", ".prf",
-                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in"],
+                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in",
+                     ".cmake.conf", ".gitattributes", ".gitignore", ".tag", "ci_config_linux.json",
+                     ".yaml", ".qrc"],
         "location" : {
             "" : {
                 "comment" : "Default",
@@ -44,7 +46,8 @@
     },
     {
         "comment" : "Files with the following endings are Documentation licensed.",
-        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", "README", "qt_attribution.json"],
+        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", "README", "qt_attribution.json",
+                                 "REUSE.toml", "licenseRule.json", ".qdocconf", ".qdocinc"],
         "location" :{
             "" : {
                 "comment" : "",
@@ -64,6 +67,11 @@
                 "file type" : "module and plugin",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
             },
+            "dist/" : {
+                "comment" : "Default",
+                "file type" : "documentation",
+                "spdx"      : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
             "src/" : {
                 "comment" : "Default",
                 "file type" : "module and plugin",
@@ -79,6 +87,11 @@
                 "file type" : "examples and snippets",
                 "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
             },
+            "(.*|examples).*doc/images/" : {
+                "comment" : "Default",
+                "file type" : "documentation",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
             "tests/auto/cpptest/common/cpptestutil\\.h" : {
                 "comment" : "",
                 "file type" : "util",