diff options
| author | Lucie Gérard <[email protected]> | 2025-01-15 10:52:17 +0100 |
|---|---|---|
| committer | Lucie Gérard <[email protected]> | 2025-02-21 20:24:43 +0100 |
| commit | 361f1f38e0396e38168819907eba4ad72bbd2b5f (patch) | |
| tree | 8da4e66346175609f94e4edae774d7ea9c13f984 | |
| parent | 99b3d7cf338f3d32680313bc75369aa163e34f67 (diff) | |
Make module ready for source SBOM checking
This includes:
- turning VERIFY_SOURCE_SBOM ON
- adding rules to the licenseRule.json files
- correcting the licensing given via REUSE.toml files
- renaming license files not located in LICENSES folder.
Their name needs to be prefixed with `LICENSE.` to be ignored
by reuse and excluded from the source SBOM. The names are
updated in the corresponding qt_attribution.json
A lot of files are skipped during the license test,
but all are present in the source SBOM.
This is why corrections are needed before turning the
source SBOM check on.
[ChangeLog][Third-Party Code] Renaming the license files with prefix
LICENSE. to have them ignored by reuse tool.
Task-number: QTBUG-131434
Pick-to: 6.9 6.8
Change-Id: I2b3e4750405f13a97b350ee65def30f1330526a3
Reviewed-by: Joerg Bornemann <[email protected]>
Reviewed-by: Ulf Hermann <[email protected]>
| -rw-r--r-- | REUSE.toml | 54 | ||||
| -rw-r--r-- | coin/module_config.yaml | 3 | ||||
| -rw-r--r-- | examples/quick/quickshapes/weatherforecast/REUSE.toml | 6 | ||||
| -rw-r--r-- | licenseRule.json | 132 | ||||
| -rw-r--r-- | src/quickcontrols/material/LICENSE.ANGULARJS.txt (renamed from src/quickcontrols/material/LICENSE_ANGULARJS.txt) | 0 | ||||
| -rw-r--r-- | src/quickcontrols/material/qt_attribution.json | 2 | ||||
| -rw-r--r-- | tests/manual/painterpathquickshape/LICENSE.OFL.txt (renamed from tests/manual/painterpathquickshape/OFL.txt) | 0 | ||||
| -rw-r--r-- | tests/manual/painterpathquickshape/REUSE.toml | 13 |
8 files changed, 189 insertions, 21 deletions
diff --git a/REUSE.toml b/REUSE.toml index 70100b81c6..d3cba4df2a 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -1,7 +1,8 @@ version = 1 [[annotations]] -path = ["tools/**"] +path = ["tools/**", "src/plugins/qmlls/**", "src/plugins/qmllint/**", + "src/qmltyperegistrar/**"] precedence = "closest" comment = "tools" SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." @@ -14,15 +15,27 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only" [[annotations]] -path = ["src/plugins/qmltooling/**.json"] +path = ["src/plugins/qmltooling/**.json", + "src/plugins/scenegraph/openvg/openvg.json"] +comment = "controls and dialogs." precedence = "closest" SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." -SPDX-License-Identifier = "BSD-3-Clause" +SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only" + +[[annotations]] +path = ["tests/manual/nodetypes_ng/compile.bat", "tests/auto/quick/scenegraph/data/compile.bat", + "tests/benchmarks/qml/binding/data/repeat.sh", + "tests/auto/quick/qquickshadereffect/data/compile.bat", + "tests/auto/quick/qquickitemlayer/data/buildshaders.bat"] +precedence = "closest" +comment = "tools" +SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." +SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0" [[annotations]] -path = ["**.prf", "**Info.plist", "**cmake.in", "src/**.in", "**.json", "**CMakeLists.txt", "**.cmake", - ".cmake.conf", "**.yaml", "**.gradle", "src/quick/items/syncexcludes", "src/quickcontrols/qmldir", - "**.cfg"] +path = ["**.prf", "**Info.plist", "**cmake.in", "src/**.in", "**/ci_config_linux.json", "**CMakeLists.txt", "**.cmake", + ".cmake.conf", "**.yaml", "**.gradle", "src/quick/items/syncexcludes", + "**.cfg", "**.pro", "**.conf", ".gitmodules"] comment = "build system" precedence = "closest" SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." @@ -36,7 +49,7 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-License-Identifier = "BSD-3-Clause" [[annotations]] -path = ["**/snippets/**", "**/doc/images/**", "examples/**", "src/quick/doc/src/internal/*.puml", +path = ["**/snippets/**", "examples/**", "src/quick/doc/src/internal/*.puml", "src/quick/doc/src/internal/*.svg", "src/quick/doc/src/internal/*.dot"] comment = "this must be after the build system table because example and snippets take precedence over build system" precedence = "closest" @@ -44,8 +57,8 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause" [[annotations]] -path = ["qtdeclarative.doxy", "**.md", "README.md", ".gitmodules", - "**/doc/**.qdocconf" , +path = ["**/doc/images/**", "qtdeclarative.doxy", "**.md", "**/README", "**/README.md", + "**/README.txt", "**/doc/**.qdocconf" , "**/doc/**.qdocinc", "**/doc/**.dox"] comment = "documentation" precedence = "closest" @@ -80,13 +93,20 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only" [[annotations]] -path = "src/quick/doc/QtQuickDoc" +path = ["src/quick/doc/QtQuickDoc", "src/quickcontrols/qmldir"] comment = "module" precedence = "closest" SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only" [[annotations]] +path = "tests/auto/quick/qquicktextdocument/data/hello.md" +comment = "test" +precedence = "closest" +SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." +SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only" + +[[annotations]] path = ["src/quickcontrols/universal/README.md"] precedence = "closest" comment = "to be confirmed" @@ -122,6 +142,16 @@ SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause" [[annotations]] path = "examples/quick/vectorimage/generate.bat" precedence = "override" -comment = "tools. reuse cannot read it. override to avoid skipping the file" +comment = "reuse cannot read it. override to avoid skipping the file" SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." -SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0" +SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause" + +[[annotations]] +path = "src/quick/doc/snippets/qquickrhiitem/qquickrhiitem_intro.vert" +precedence = "override" +comment = "example and snippets. Override needed here, unclear why." +SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd." +SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause" + + + diff --git a/coin/module_config.yaml b/coin/module_config.yaml index 936c6d5abc..3077dccb7a 100644 --- a/coin/module_config.yaml +++ b/coin/module_config.yaml @@ -13,6 +13,9 @@ machine_type: instructions: Build: + - type: EnvironmentVariable + variableName: VERIFY_SOURCE_SBOM + variableValue: "ON" - !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml" Test: diff --git a/examples/quick/quickshapes/weatherforecast/REUSE.toml b/examples/quick/quickshapes/weatherforecast/REUSE.toml index 590c224e57..606ea6b33b 100644 --- a/examples/quick/quickshapes/weatherforecast/REUSE.toml +++ b/examples/quick/quickshapes/weatherforecast/REUSE.toml @@ -26,3 +26,9 @@ path = "assets/WorkSans-Regular.ttf" precedence = "closest" SPDX-FileCopyrightText = "Copyright (C) 2020 Wei Huang" SPDX-License-Identifier = "OFL-1.1" + +[[annotations]] +path = ["assets/gear-alt-stroke.svg", "Gear_generated.qml"] +precedence = "closest" +SPDX-FileCopyrightText = "Copyright (C) 2023 Framework7" +SPDX-License-Identifier = "MIT" diff --git a/licenseRule.json b/licenseRule.json index 868a056a6c..d5ed55830b 100644 --- a/licenseRule.json +++ b/licenseRule.json @@ -9,7 +9,11 @@ "unless they are examples", "Files with other endings can also be build system files" ], - "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", "configure"], + "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", "configure", + ".gitignore", ".gitattributes", "Makefile", + ".conf", ".yml", ".cfg", ".yaml", + ".tag", ".dynlist", "cmake.in", "Info.plist", ".prf", + ".gradle", ".in", ".gitmodules"], "location" : { "" : { "comment" : "File with other endings also belong to the build system file type", @@ -43,14 +47,31 @@ }, { "comment" : "Files with the following endings are Documentation licensed.", - "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", ".qdoc.sample", "README.md", - "README", "qt_attribution.json"], + "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".qdoc.sample", "README.md", + "README", "README.txt", "qt_attribution.json", "REUSE.toml", "licenseRule.json", + ".md", ".dox", "qtdeclarative.doxy"], "location" :{ "" : { "comment" : "", "file type" : "documentation", "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"] + }, + "tests/benchmarks/qml/binding/data/" : { + "comment" : "", + "file type" : "test", + "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + }, + "tests/auto/quick/qquicktextdocument/data/hello.md" : { + "comment" : "", + "file type" : "test", + "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + }, + "src/quickcontrols/universal/README.md" : { + "comment" : "", + "file type" : "3rd party", + "spdx" : ["Unlicense"] } + } }, { @@ -64,6 +85,41 @@ "file type" : "module and plugin", "spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"] }, + "dist/" : { + "comment" : "Default", + "file type" : "documentation", + "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"] + }, + "coin/" : { + "comment" : "Default", + "file type" : "build system", + "spdx" : ["BSD-3-Clause"] + }, + "src/quickcontrols/qmldir" : { + "comment" : "Default", + "file type" : "module and plugin", + "spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"] + }, + "src/quick/items/syncexcludes" : { + "comment" : "Default", + "file type" : "build system", + "spdx" : ["BSD-3-Clause"] + }, + "tests/manual/painterpathquickshape/FONTLOG.txt" : { + "comment" : "", + "file type" : "documentation 3rd party", + "spdx" : ["OFL-1.1"] + }, + "tests/manual/painterpathquickshape/OFL-FAQ.txt" : { + "comment" : "", + "file type" : "documentation 3rd party", + "spdx" : ["OFL-1.1"] + }, + "tests/manual/painterpathquickshape/(1535737773.svg|hand-print.svg|peace_victory.svg)" : { + "comment" : "Public domain", + "file type" : "3rd party", + "spdx" : ["CC0-1.0"] + }, "src/" : { "comment" : "", "file type" : "module and plugin", @@ -94,17 +150,27 @@ "file type" : "tools and utils", "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"] }, + "(examples/|.*)(.*)/doc/images/" : { + "comment" : "Default", + "file type" : "documentation", + "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"] + }, + ".*/doc/src/" : { + "comment" : "This is example and snippets", + "file type" : "examples and snippets", + "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] + }, "tests/" : { "comment" : "", "file type" : "test", "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] }, - "tests/manual/windowembedding/examples/" : { - "comment" : "Exception test files", - "file type" : "test", - "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + "tests/manual/painterpathquickshape/Graziano.ttf" : { + "comment" : "", + "file type" : "3rd party", + "spdx" : ["OFL-1.1"] }, - "tests/auto/quickcontrols/snippets/" : { + "tests/manual/windowembedding/examples/" : { "comment" : "Exception test files", "file type" : "test", "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] @@ -125,6 +191,16 @@ "file type" : "examples and snippets", "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] }, + "tests/auto/quickcontrols/snippets/tst_snippets.cpp" : { + "comment" : "Default", + "file type" : "test", + "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + }, + "tests/auto/quickcontrols/snippets/" : { + "comment" : "Default", + "file type" : "examples and snippets", + "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] + }, "tools/" : { "comment" : "", "file type" : "tools", @@ -139,6 +215,46 @@ "comment" : "Library only for Qt tests", "file type" : "test", "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + }, + "examples/quick/quickshapes/weatherforecast/assets/gear-alt-stroke.svg" : { + "comment" : "Framework7", + "file type" : "3rd party", + "spdx" : ["MIT"] + }, + "examples/quick/quickshapes/weatherforecast/Gear_generated.qml" : { + "comment" : "Framework7", + "file type" : "3rd party", + "spdx" : ["MIT"] + }, + "examples/quick/quickshapes/weatherforecast/assets/WorkSans-Regular.ttf" : { + "file type" : "3rd party", + "spdx" : ["OFL-1.1"] + }, + "examples/quick/quickshapes/weatherforecast/assets/Europe.svg" : { + "file type" : "3rd party", + "spdx" : ["CC-BY-3.0"] + }, + "examples/quick/quickshapes/weatherforecast/Europe_generated.qml" : { + "file type" : "3rd party", + "spdx" : ["CC-BY-3.0"] + }, + "examples/quick/quickshapes/weatherforecast/assets/sun-" : { + "file type" : "3rd party", + "spdx" : ["Apache-2.0"] + }, + "examples/quick/quickshapes/weatherforecast/assets/cloud-" : { + "file type" : "3rd party", + "spdx" : ["Apache-2.0"] + }, + "src/quickcontrols/imagine/design/9-patch-export.sketchplugin/Contents/Sketch/" : { + "file type" : "3rd party", + "spdx" : ["MIT"] + }, + "src/quickcontrols/material/impl/ElevationEffect.qml" : { + "comment" : "in file license check can't see the mix", + "file type" : "3rd party mix", + "spdx" : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only AND MIT", + "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"] } } } diff --git a/src/quickcontrols/material/LICENSE_ANGULARJS.txt b/src/quickcontrols/material/LICENSE.ANGULARJS.txt index c1f2a826bb..c1f2a826bb 100644 --- a/src/quickcontrols/material/LICENSE_ANGULARJS.txt +++ b/src/quickcontrols/material/LICENSE.ANGULARJS.txt diff --git a/src/quickcontrols/material/qt_attribution.json b/src/quickcontrols/material/qt_attribution.json index 9d53b8b014..a68a6081c9 100644 --- a/src/quickcontrols/material/qt_attribution.json +++ b/src/quickcontrols/material/qt_attribution.json @@ -8,6 +8,6 @@ "Homepage": "https://angularjs.org/", "License": "MIT License", "LicenseId": "MIT", - "LicenseFile": "LICENSE_ANGULARJS.txt", + "LicenseFile": "LICENSE.ANGULARJS.txt", "Copyright": "Copyright (c) 2014-2016 Google, Inc" } diff --git a/tests/manual/painterpathquickshape/OFL.txt b/tests/manual/painterpathquickshape/LICENSE.OFL.txt index 8dce0ad901..8dce0ad901 100644 --- a/tests/manual/painterpathquickshape/OFL.txt +++ b/tests/manual/painterpathquickshape/LICENSE.OFL.txt diff --git a/tests/manual/painterpathquickshape/REUSE.toml b/tests/manual/painterpathquickshape/REUSE.toml new file mode 100644 index 0000000000..4befc7156e --- /dev/null +++ b/tests/manual/painterpathquickshape/REUSE.toml @@ -0,0 +1,13 @@ +version = 1 + +[[annotations]] +path = ["FONTLOG.txt", "Graziano.ttf", "OFL-FAQ.txt"] +precedence = "closest" +SPDX-FileCopyrightText = "Copyright (C) 2011 Graziano Capelli" +SPDX-License-Identifier = "OFL-1.1" + +[[annotations]] +path = ["1535737773.svg", "hand-print.svg", "peace_victory.svg"] +precedence = "closest" +SPDX-FileCopyrightText = "None" +SPDX-License-Identifier = "CC0-1.0" |