qiurui
/
qtdeclarative
mirror of https://github.com/qt/qtdeclarative.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make module ready for source SBOM checking 

This includes:
- turning VERIFY_SOURCE_SBOM ON
- adding rules to the licenseRule.json files
- correcting the licensing given via REUSE.toml files
- renaming license files not located in LICENSES folder.
Their name needs to be prefixed with `LICENSE.` to be ignored
by reuse and excluded from the source SBOM. The names are
updated in the corresponding qt_attribution.json

A lot of files are skipped during the license test,
but all are present in the source SBOM.
This is why corrections are needed before turning the
source SBOM check on.

[ChangeLog][Third-Party Code] Renaming the license files with prefix
LICENSE. to have them ignored by reuse tool.

Task-number: QTBUG-131434
Pick-to: 6.9 6.8
Change-Id: I2b3e4750405f13a97b350ee65def30f1330526a3
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
This commit is contained in:
Lucie Gérard 2025-01-15 10:52:17 +01:00
parent 99b3d7cf33
commit 361f1f38e0
8 changed files with 189 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
REUSE.toml
View File

@ -1,7 +1,8 @@
version = 1
[[annotations]]
path = ["tools/**"]
path = ["tools/**", "src/plugins/qmlls/**", "src/plugins/qmllint/**",
"src/qmltyperegistrar/**"]
precedence = "closest"
comment = "tools"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
@ -14,15 +15,27 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
[[annotations]]
path = ["src/plugins/qmltooling/**.json"]
path = ["src/plugins/qmltooling/**.json",
"src/plugins/scenegraph/openvg/openvg.json"]
comment = "controls and dialogs."
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "BSD-3-Clause"
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
[[annotations]]
path = ["**.prf", "**Info.plist", "**cmake.in", "src/**.in", "**.json", "**CMakeLists.txt", "**.cmake",
".cmake.conf", "**.yaml", "**.gradle", "src/quick/items/syncexcludes", "src/quickcontrols/qmldir",
"**.cfg"]
path = ["tests/manual/nodetypes_ng/compile.bat", "tests/auto/quick/scenegraph/data/compile.bat",
"tests/benchmarks/qml/binding/data/repeat.sh",
"tests/auto/quick/qquickshadereffect/data/compile.bat",
"tests/auto/quick/qquickitemlayer/data/buildshaders.bat"]
precedence = "closest"
comment = "tools"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"
[[annotations]]
path = ["**.prf", "**Info.plist", "**cmake.in", "src/**.in", "**/ci_config_linux.json", "**CMakeLists.txt", "**.cmake",
".cmake.conf", "**.yaml", "**.gradle", "src/quick/items/syncexcludes",
"**.cfg", "**.pro", "**.conf", ".gitmodules"]
comment = "build system"
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
@ -36,7 +49,7 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "BSD-3-Clause"
[[annotations]]
path = ["**/snippets/**", "**/doc/images/**", "examples/**", "src/quick/doc/src/internal/*.puml",
path = ["**/snippets/**", "examples/**", "src/quick/doc/src/internal/*.puml",
"src/quick/doc/src/internal/*.svg", "src/quick/doc/src/internal/*.dot"]
comment = "this must be after the build system table because example and snippets take precedence over build system"
precedence = "closest"
@ -44,8 +57,8 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
[[annotations]]
path = ["qtdeclarative.doxy", "**.md", "README.md", ".gitmodules",
"**/doc/**.qdocconf" ,
path = ["**/doc/images/**", "qtdeclarative.doxy", "**.md", "**/README", "**/README.md",
"**/README.txt", "**/doc/**.qdocconf" ,
"**/doc/**.qdocinc", "**/doc/**.dox"]
comment = "documentation"
precedence = "closest"
@ -80,12 +93,19 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
[[annotations]]
path = "src/quick/doc/QtQuickDoc"
path = ["src/quick/doc/QtQuickDoc", "src/quickcontrols/qmldir"]
comment = "module"
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
[[annotations]]
path = "tests/auto/quick/qquicktextdocument/data/hello.md"
comment = "test"
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
[[annotations]]
path = ["src/quickcontrols/universal/README.md"]
precedence = "closest"
@ -122,6 +142,16 @@ SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
[[annotations]]
path = "examples/quick/vectorimage/generate.bat"
precedence = "override"
comment = "tools. reuse cannot read it. override to avoid skipping the file"
comment = "reuse cannot read it. override to avoid skipping the file"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
[[annotations]]
path = "src/quick/doc/snippets/qquickrhiitem/qquickrhiitem_intro.vert"
precedence = "override"
comment = "example and snippets. Override needed here, unclear why."
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"

3
coin/module_config.yaml
View File

@ -13,6 +13,9 @@ machine_type:
instructions:
Build:
- type: EnvironmentVariable
variableName: VERIFY_SOURCE_SBOM
variableValue: "ON"
- !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml"
Test:

6
examples/quick/quickshapes/weatherforecast/REUSE.toml
View File

@ -26,3 +26,9 @@ path = "assets/WorkSans-Regular.ttf"
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2020 Wei Huang"
SPDX-License-Identifier = "OFL-1.1"
[[annotations]]
path = ["assets/gear-alt-stroke.svg", "Gear_generated.qml"]
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2023 Framework7"
SPDX-License-Identifier = "MIT"

132
licenseRule.json
View File

@ -9,7 +9,11 @@
"unless they are examples",
"Files with other endings can also be build system files"
],
"file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", "configure"],
"file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", "configure",
".gitignore", ".gitattributes", "Makefile",
".conf", ".yml", ".cfg", ".yaml",
".tag", ".dynlist", "cmake.in", "Info.plist", ".prf",
".gradle", ".in", ".gitmodules"],
"location" : {
"" : {
"comment" : "File with other endings also belong to the build system file type",
@ -43,14 +47,31 @@
},
{
"comment" : "Files with the following endings are Documentation licensed.",
"file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", ".qdoc.sample", "README.md",
"README", "qt_attribution.json"],
"file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".qdoc.sample", "README.md",
"README", "README.txt", "qt_attribution.json", "REUSE.toml", "licenseRule.json",
".md", ".dox", "qtdeclarative.doxy"],
"location" :{
"" : {
"comment" : "",
"file type" : "documentation",
"spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
},
"tests/benchmarks/qml/binding/data/" : {
"comment" : "",
"file type" : "test",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
},
"tests/auto/quick/qquicktextdocument/data/hello.md" : {
"comment" : "",
"file type" : "test",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
},
"src/quickcontrols/universal/README.md" : {
"comment" : "",
"file type" : "3rd party",
"spdx" : ["Unlicense"]
}
}
},
{
@ -64,6 +85,41 @@
"file type" : "module and plugin",
"spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
},
"dist/" : {
"comment" : "Default",
"file type" : "documentation",
"spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
},
"coin/" : {
"comment" : "Default",
"file type" : "build system",
"spdx" : ["BSD-3-Clause"]
},
"src/quickcontrols/qmldir" : {
"comment" : "Default",
"file type" : "module and plugin",
"spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
},
"src/quick/items/syncexcludes" : {
"comment" : "Default",
"file type" : "build system",
"spdx" : ["BSD-3-Clause"]
},
"tests/manual/painterpathquickshape/FONTLOG.txt" : {
"comment" : "",
"file type" : "documentation 3rd party",
"spdx" : ["OFL-1.1"]
},
"tests/manual/painterpathquickshape/OFL-FAQ.txt" : {
"comment" : "",
"file type" : "documentation 3rd party",
"spdx" : ["OFL-1.1"]
},
"tests/manual/painterpathquickshape/(1535737773.svg|hand-print.svg|peace_victory.svg)" : {
"comment" : "Public domain",
"file type" : "3rd party",
"spdx" : ["CC0-1.0"]
},
"src/" : {
"comment" : "",
"file type" : "module and plugin",
@ -94,17 +150,27 @@
"file type" : "tools and utils",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
},
"(examples/|.*)(.*)/doc/images/" : {
"comment" : "Default",
"file type" : "documentation",
"spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
},
".*/doc/src/" : {
"comment" : "This is example and snippets",
"file type" : "examples and snippets",
"spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
},
"tests/" : {
"comment" : "",
"file type" : "test",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
},
"tests/manual/windowembedding/examples/" : {
"comment" : "Exception test files",
"file type" : "test",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
"tests/manual/painterpathquickshape/Graziano.ttf" : {
"comment" : "",
"file type" : "3rd party",
"spdx" : ["OFL-1.1"]
},
"tests/auto/quickcontrols/snippets/" : {
"tests/manual/windowembedding/examples/" : {
"comment" : "Exception test files",
"file type" : "test",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
@ -125,6 +191,16 @@
"file type" : "examples and snippets",
"spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
},
"tests/auto/quickcontrols/snippets/tst_snippets.cpp" : {
"comment" : "Default",
"file type" : "test",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
},
"tests/auto/quickcontrols/snippets/" : {
"comment" : "Default",
"file type" : "examples and snippets",
"spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
},
"tools/" : {
"comment" : "",
"file type" : "tools",
@ -139,6 +215,46 @@
"comment" : "Library only for Qt tests",
"file type" : "test",
"spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
},
"examples/quick/quickshapes/weatherforecast/assets/gear-alt-stroke.svg" : {
"comment" : "Framework7",
"file type" : "3rd party",
"spdx" : ["MIT"]
},
"examples/quick/quickshapes/weatherforecast/Gear_generated.qml" : {
"comment" : "Framework7",
"file type" : "3rd party",
"spdx" : ["MIT"]
},
"examples/quick/quickshapes/weatherforecast/assets/WorkSans-Regular.ttf" : {
"file type" : "3rd party",
"spdx" : ["OFL-1.1"]
},
"examples/quick/quickshapes/weatherforecast/assets/Europe.svg" : {
"file type" : "3rd party",
"spdx" : ["CC-BY-3.0"]
},
"examples/quick/quickshapes/weatherforecast/Europe_generated.qml" : {
"file type" : "3rd party",
"spdx" : ["CC-BY-3.0"]
},
"examples/quick/quickshapes/weatherforecast/assets/sun-" : {
"file type" : "3rd party",
"spdx" : ["Apache-2.0"]
},
"examples/quick/quickshapes/weatherforecast/assets/cloud-" : {
"file type" : "3rd party",
"spdx" : ["Apache-2.0"]
},
"src/quickcontrols/imagine/design/9-patch-export.sketchplugin/Contents/Sketch/" : {
"file type" : "3rd party",
"spdx" : ["MIT"]
},
"src/quickcontrols/material/impl/ElevationEffect.qml" : {
"comment" : "in file license check can't see the mix",
"file type" : "3rd party mix",
"spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only AND MIT",
"LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
}
}
}

0
src/quickcontrols/material/LICENSE_ANGULARJS.txt → src/quickcontrols/material/LICENSE.ANGULARJS.txt
View File

2
src/quickcontrols/material/qt_attribution.json
View File

@ -8,6 +8,6 @@
"Homepage": "https://angularjs.org/",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "LICENSE_ANGULARJS.txt",
"LicenseFile": "LICENSE.ANGULARJS.txt",
"Copyright": "Copyright (c) 2014-2016 Google, Inc"
}

0
tests/manual/painterpathquickshape/OFL.txt → tests/manual/painterpathquickshape/LICENSE.OFL.txt
View File

13
tests/manual/painterpathquickshape/REUSE.toml Normal file
View File

@ -0,0 +1,13 @@
version = 1
[[annotations]]
path = ["FONTLOG.txt", "Graziano.ttf", "OFL-FAQ.txt"]
precedence = "closest"
SPDX-FileCopyrightText = "Copyright (C) 2011 Graziano Capelli"
SPDX-License-Identifier = "OFL-1.1"
[[annotations]]
path = ["1535737773.svg", "hand-print.svg", "peace_victory.svg"]
precedence = "closest"
SPDX-FileCopyrightText = "None"
SPDX-License-Identifier = "CC0-1.0"