From 6cfd0fc058a473dc8c3192ba86f7a15e4a3d8457 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucie=20G=C3=A9rard?= <lucie.gerard@qt.io>
Date: Tue, 21 Jan 2025 14:00:56 +0100
Subject: [PATCH] Make module ready for source SBOM checking

This includes:
- turning VERIFY_SOURCE_SBOM ON
- adding rules to the licenseRule.json files
- correcting the licensing given via REUSE.toml files

A lot of files are skipped during the license test,
but all are present in the source SBOM.
This is why corrections are needed before turning the
source SBOM check on.

Task-number: QTBUG-131434
Pick-to: 6.9 6.8
Change-Id: Ia22edc9c0c1cb3316e0d3c8de58bf52df805df06
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
---
 REUSE.toml              | 10 ++++++++--
 coin/module_config.yaml |  3 +++
 licenseRule.json        | 12 ++++++++++--
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/REUSE.toml b/REUSE.toml
index 06dea9c..530b27c 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -7,8 +7,14 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
 
 [[annotations]]
-path = ["**.pro", ".cmake.conf", "**.yaml", "**.json",
-        "**.pri",  "qt_cmdline.cmake"]
+path = ["src/plugins/**.json"]
+precedence = "closest"
+SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
+SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
+
+[[annotations]]
+path = ["**.pro", ".cmake.conf", "**.yaml",
+        "**.pri",  "qt_cmdline.cmake", "**ci_config_linux.json"]
 precedence = "closest"
 comment = "build system"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
diff --git a/coin/module_config.yaml b/coin/module_config.yaml
index aaf3323..b7fc636 100644
--- a/coin/module_config.yaml
+++ b/coin/module_config.yaml
@@ -6,6 +6,9 @@ accept_configuration:
 
 instructions:
   Build:
+    - type: EnvironmentVariable
+      variableName: VERIFY_SOURCE_SBOM
+      variableValue: "ON"
     - !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml"
 
   Test:
diff --git a/licenseRule.json b/licenseRule.json
index 36f8125..b1c97b6 100644
--- a/licenseRule.json
+++ b/licenseRule.json
@@ -10,7 +10,9 @@
                      "Files with other endings can also be build system files"
                      ],
         "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".pri", ".prf",
-                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in"],
+                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in",
+                     ".cmake.conf", ".gitattributes", ".gitignore", ".tag", "ci_config_linux.json",
+                     ".yaml"],
         "location" : {
             "" : {
                 "comment" : "Default",
@@ -44,7 +46,8 @@
     },
     {
         "comment" : "Files with the following endings are Documentation licensed.",
-        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", "README", "qt_attribution.json"],
+        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", "README", "qt_attribution.json",
+                                 "REUSE.toml", "licenseRule.json", "config_help.txt"],
         "location" :{
             "" : {
                 "comment" : "",
@@ -64,6 +67,11 @@
                 "file type" : "module and plugin",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
             },
+            "dist/" : {
+                "comment" : "Default",
+                "file type" : "documentation",
+                "spdx"      : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
             "src/" : {
                 "comment" : "Default",
                 "file type" : "module and plugin",