From e2a6c1d6fdff7c47dd1989947b5c5f0db65c0292 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucie=20G=C3=A9rard?= <lucie.gerard@qt.io>
Date: Tue, 21 Jan 2025 14:36:58 +0100
Subject: [PATCH] Make module ready for source SBOM checking

This includes:
- turning VERIFY_SOURCE_SBOM ON
- adding rules to the licenseRule.json files
- correcting the licensing given via REUSE.toml files

A lot of files are skipped during the license test,
but all are present in the source SBOM.
This is why corrections are needed before turning the
source SBOM check on.

Task-number: QTBUG-131434
Pick-to: 6.8
Change-Id: I3a411c77c671d045b296cdacee1e90ec64307b6e
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 914723699ee615c71a52ad3ee0b6acf961bcae26)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 REUSE.toml              | 11 +++++++++--
 coin/module_config.yaml |  3 +++
 licenseRule.json        | 17 +++++++++++++++--
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/REUSE.toml b/REUSE.toml
index 53e57bd4..05921e53 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -12,6 +12,13 @@ precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
 
+[[annotations]]
+path = "tests/auto/grpc/client/shared/test_server/assets/generate.sh"
+precedence = "closest"
+comment = "tools and utils"
+SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
+SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"
+
 [[annotations]]
 path = ["**CMakeLists.txt", ".cmake.conf", "**.yaml", "**.json",
         "**.cfg", "**BLACKLIST", "**.cmake.in"]
@@ -28,14 +35,14 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "BSD-3-Clause"
 
 [[annotations]]
-path = ["**/doc/images/**", "examples/**", "**/src/snippets/**"]
+path = ["examples/**", "**/src/snippets/**"]
 comment = "this must be after the build system table because example and snippets take precedence over build system"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
 
 [[annotations]]
-path = ["**.qdocconf"]
+path = ["**/doc/images/**", "**.qdocconf"]
 comment = "documentation"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
diff --git a/coin/module_config.yaml b/coin/module_config.yaml
index f0993d1c..68b586bd 100644
--- a/coin/module_config.yaml
+++ b/coin/module_config.yaml
@@ -6,6 +6,9 @@ accept_configuration:
 
 instructions:
   Build:
+    - type: EnvironmentVariable
+      variableName: VERIFY_SOURCE_SBOM
+      variableValue: "ON"
     - type: AppendToEnvironmentVariable
       variableName: COMMON_TEST_CMAKE_ARGS
       variableValue: " -DQT_ALLOW_DOWNLOAD=ON"
diff --git a/licenseRule.json b/licenseRule.json
index 27849ba6..d0364b08 100644
--- a/licenseRule.json
+++ b/licenseRule.json
@@ -10,7 +10,9 @@
                      "Files with other endings can also be build system files"
                      ],
         "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".pri", ".prf",
-                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in",".clang-format"],
+                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in",".clang-format",
+                     ".cmake.conf", ".gitattributes", ".gitignore", ".tag", "ci_config_linux.json",
+                     ".yaml", "BLACKLIST", ".gitreview"],
         "location" : {
             "" : {
                 "comment" : "Default",
@@ -44,7 +46,8 @@
     },
     {
         "comment" : "Files with the following endings are Documentation licensed.",
-        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", "README", "qt_attribution.json"],
+        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", "README", "qt_attribution.json",
+                                 "REUSE.toml", "licenseRule.json"],
         "location" :{
             "" : {
                 "comment" : "",
@@ -98,6 +101,16 @@
                 "comment" : "Default",
                 "file type" : "examples and snippets",
                 "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
+            },
+            "(.*|examples).*/doc/images" : {
+                "comment" : "Default",
+                "file type" : "documentation",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
+            "tests/auto/protobuf/conformance/data/.*.proto" : {
+                "comment" : "Default",
+                "file type" : "3rd party",
+                "spdx" : ["LicenseRef-protobuf"]
             }
         }
     }