diff options
| author | Alexandru Croitor <[email protected]> | 2025-01-03 18:40:23 +0100 |
|---|---|---|
| committer | Alexandru Croitor <[email protected]> | 2025-01-09 19:33:15 +0100 |
| commit | bc3bbb51b7b48d3c4a44a432441938863582242c (patch) | |
| tree | 4bbaedb3c512610ac8752e6e78aedc2c2284049c | |
| parent | 97ac4053137c7d0ff5ec71de22cf8c0c7af7006a (diff) | |
CMake: Replace placeholders in CPE and PURL strings in SBOMs
Replace instances of $<VERSION> in CPE and PURL strings read from
qt_attribution.json files with the version of the package being
processed.
This avoids duplicating the version in qt_attribution.json files in 3
different fields Version, CPE, and PURL.
Pick-to: 6.8 6.9
Task-number: QTBUG-132181
Change-Id: I91af17c82dbb936739f4811bf86043e00ee49a78
Reviewed-by: Alexey Edelev <[email protected]>
| -rw-r--r-- | cmake/QtPublicSbomHelpers.cmake | 60 |
1 files changed, 58 insertions, 2 deletions
diff --git a/cmake/QtPublicSbomHelpers.cmake b/cmake/QtPublicSbomHelpers.cmake index 2afb9e995a3..1d8ef3051aa 100644 --- a/cmake/QtPublicSbomHelpers.cmake +++ b/cmake/QtPublicSbomHelpers.cmake @@ -855,7 +855,12 @@ function(_qt_internal_sbom_add_target target) endif() if(qa_cpes) - list(APPEND cpe_args CPE "${qa_cpes}") + _qt_internal_sbom_replace_qa_placeholders( + VALUES ${qa_cpes} + VERSION "${package_version}" + OUT_VAR qa_cpes_replaced + ) + list(APPEND cpe_args CPE "${qa_cpes_replaced}") endif() # Add the qt-specific CPE if the target is a Qt entity type, or if it's a 3rd party entity type @@ -898,7 +903,13 @@ function(_qt_internal_sbom_add_target target) endif() if(qa_purls) - list(APPEND purl_args PURL_3RDPARTY_UPSTREAM_VALUES "${qa_purls}") + _qt_internal_sbom_replace_qa_placeholders( + VALUES ${qa_purls} + VERSION "${package_version}" + OUT_VAR qa_purls_replaced + ) + + list(APPEND purl_args PURL_3RDPARTY_UPSTREAM_VALUES "${qa_purls_replaced}") endif() list(APPEND purl_args OUT_VAR purl_package_options) @@ -4325,6 +4336,51 @@ function(_qt_internal_sbom_join_two_license_ids_with_op left_id op right_id out_ set(${out_var} "${value}" PARENT_SCOPE) endfunction() +# Replaces placeholders in CPE and PURL strings read from qt_attribution.json files. +# +# VALUES - list of CPE or PURL strings +# OUT_VAR - variable to store the replaced values +# VERSION - version to replace in the placeholders + +# Known placeholders: +# $<VERSION> - Replaces occurrences of the placeholder with the value passed to the VERSION option. +# $<VERSION_DASHED> - Replaces occurrences of the placeholder with the value passed to the VERSION +# option, but with dots replaced by dashes. +function(_qt_internal_sbom_replace_qa_placeholders) + set(opt_args "") + set(single_args + OUT_VAR + VERSION + ) + set(multi_args + VALUES + ) + + cmake_parse_arguments(PARSE_ARGV 0 arg "${opt_args}" "${single_args}" "${multi_args}") + _qt_internal_validate_all_args_are_parsed(arg) + + if(NOT arg_OUT_VAR) + message(FATAL_ERROR "OUT_VAR must be set") + endif() + + set(result "") + + if(arg_VERSION) + string(REPLACE "." "-" dashed_version "${arg_VERSION}") + endif() + + foreach(value IN LISTS arg_VALUES) + if(arg_VERSION) + string(REPLACE "$<VERSION>" "${arg_VERSION}" value "${value}") + string(REPLACE "$<VERSION_DASHED>" "${dashed_version}" value "${value}") + endif() + + list(APPEND result "${value}") + endforeach() + + set(${arg_OUT_VAR} "${result}" PARENT_SCOPE) +endfunction() + # Returns the configure line used to configure the current repo or top-level build, by reading # the config.opt file that the configure script writes out. # Returns an empty string if configure was not called, but CMake was called directly. |