Make module ready for source SBOM checking

This includes: - turning VERIFY_SOURCE_SBOM ON - adding rules to the licenseRule.json files - correcting the licensing given via REUSE.toml files A lot of files are skipped during the license test, but all are present in the source SBOM. This is why corrections are needed before turning the source SBOM check on. Task-number: QTBUG-131434 Pick-to: 6.9 6.8 Change-Id: Id6bea5be8c8b23385834799cbc85b4f0608a181c Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
author: Lucie Gérard <lucie.gerard@qt.io> 2025-01-15 15:13:16 +0100
committer: Lucie Gerard <lucie.gerard@qt.io> 2025-02-25 14:07:53 +0000
commit: 0df2be6d8d0ff6179592bc5dce25c3bc7c5d392b (patch)
tree: 184120b961c98846f0e9e238ce443beed9990a4b
parent: 42587889021a6f4fee0ad0094b80566c4802fe69 (diff)
3 files changed, 34 insertions, 6 deletions
diff --git a/REUSE.toml b/REUSE.toml
index 5c793a0..da14e49 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -9,8 +9,19 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
 
 [[annotations]]
-path = ["**.pro", "**.qrc", "**CMakeLists.txt", ".cmake.conf", "**.yaml", "**.json",
-        "**BLACKLIST", "**.plist"]
+path = ["src/plugins/android/android.json",
+        "src/plugins/darwin/darwin.json",
+        "src/plugins/wasm/wasm.json",
+        "src/plugins/webengine/webengine.json",
+        "src/plugins/winrt/winrt.json"]
+comment = "module and plugin"
+precedence = "closest"
+SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
+SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
+
+[[annotations]]
+path = ["**.pro", "**.qrc", "**CMakeLists.txt", ".cmake.conf", "**.yaml",
+        "**BLACKLIST", "**.plist", "coin/axivion/ci_config_linux.json"]
 precedence = "closest"
 comment = "build system"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
@@ -24,14 +35,14 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "BSD-3-Clause"
 
 [[annotations]]
-path = ["**/doc/images/**", "examples/webview/minibrowser/images/*"]
+path = ["examples/webview/minibrowser/images/*", "examples/**"]
 comment = "this must be after the build system table because example and snippets take precedence over build system"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
 
 [[annotations]]
-path = ["**.qdocconf"]
+path = ["**/doc/images/**", "**.qdocconf"]
 comment = "documentation"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
diff --git a/coin/module_config.yaml b/coin/module_config.yaml
index 816663d..e8e6e60 100644
--- a/coin/module_config.yaml
+++ b/coin/module_config.yaml
@@ -6,6 +6,9 @@ accept_configuration:
 
 instructions:
   Build:
+    - type: EnvironmentVariable
+      variableName: VERIFY_SOURCE_SBOM
+      variableValue: "ON"
     - !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml"
 
   Test:
diff --git a/licenseRule.json b/licenseRule.json
index 36f8125..c38e3f0 100644
--- a/licenseRule.json
+++ b/licenseRule.json
@@ -10,7 +10,10 @@
                      "Files with other endings can also be build system files"
                      ],
         "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".pri", ".prf",
-                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in"],
+                     "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in",
+                     ".cmake.conf", ".gitignore", ".tag", ".cmake.conf", ".yaml",
+                     ".gitattributes", "coin/axivion/ci_config_linux.json", ".plist",
+                     ".pro", "BLACKLIST", ".qrc"],
         "location" : {
             "" : {
                 "comment" : "Default",
@@ -44,7 +47,8 @@
     },
     {
         "comment" : "Files with the following endings are Documentation licensed.",
-        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", "README", "qt_attribution.json"],
+        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", "README", "qt_attribution.json",
+                                 "licenseRule.json", "REUSE.toml"],
         "location" :{
             "" : {
                 "comment" : "",
@@ -64,6 +68,11 @@
                 "file type" : "module and plugin",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
             },
+            "dist/" : {
+                "comment" : "Default",
+                "file type" : "documentation",
+                "spdx"      : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
             "src/" : {
                 "comment" : "Default",
                 "file type" : "module and plugin",
@@ -78,6 +87,11 @@
                 "comment" : "Default",
                 "file type" : "examples and snippets",
                 "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
+            },
+            "(.*|examples)(.*)/doc/images" : {
+                "comment" : "Default",
+                "file type" : "documentation",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
             }
         }
     }
author	Lucie Gérard <lucie.gerard@qt.io>	2025-01-15 15:13:16 +0100
committer	Lucie Gerard <lucie.gerard@qt.io>	2025-02-25 14:07:53 +0000
commit	0df2be6d8d0ff6179592bc5dce25c3bc7c5d392b (patch)
tree	184120b961c98846f0e9e238ce443beed9990a4b
parent	42587889021a6f4fee0ad0094b80566c4802fe69 (diff)