diff options
| author | Alexandru Croitor <[email protected]> | 2025-02-27 16:53:23 +0100 |
|---|---|---|
| committer | Alexandru Croitor <[email protected]> | 2025-02-28 14:51:19 +0100 |
| commit | dc5c7f9ead7e47b92c5717ca24d585a718a8b5f0 (patch) | |
| tree | 7e9f920418d980c2d7de79eb92bb2836c812ee2d | |
| parent | cf9f09cd60e3db37643ac6cf6cfd51aa00749892 (diff) | |
CMake: Add function to set up SBOM generation defaults
Move the setting up of options like QT_GENERATE_SBOM into a separate
function, that can be called by projects other than Qt.
Pick-to: 6.8 6.9
Task-number: QTBUG-122899
Change-Id: I337c4e9b0b3154ff97f494887bf88ee01e8ed00c
Reviewed-by: Alexey Edelev <[email protected]>
| -rw-r--r-- | cmake/QtBuildOptionsHelpers.cmake | 14 | ||||
| -rw-r--r-- | cmake/QtPublicSbomHelpers.cmake | 40 |
2 files changed, 43 insertions, 11 deletions
diff --git a/cmake/QtBuildOptionsHelpers.cmake b/cmake/QtBuildOptionsHelpers.cmake index 1f7b72cf1cd..027924103d9 100644 --- a/cmake/QtBuildOptionsHelpers.cmake +++ b/cmake/QtBuildOptionsHelpers.cmake @@ -344,17 +344,9 @@ endfunction() macro(qt_internal_setup_sbom) qt_internal_compute_sbom_default(_qt_generate_sbom_default) - option(QT_GENERATE_SBOM "Generate SBOM documents in SPDX v2.3 tag:value format." - "${_qt_generate_sbom_default}") - - option(QT_SBOM_GENERATE_JSON - "Generate SBOM documents in SPDX v2.3 JSON format if dependencies are available" ON) - option(QT_SBOM_REQUIRE_GENERATE_JSON - "Error out if JSON SBOM generation dependencies are not found." OFF) - - option(QT_SBOM_VERIFY "Verify generated SBOM documents." ON) - option(QT_SBOM_REQUIRE_VERIFY - "Error out if SBOM verification dependencies are not found." OFF) + _qt_internal_setup_sbom( + GENERATE_SBOM_DEFAULT "${_qt_generate_sbom_default}" + ) endmacro() macro(qt_internal_setup_build_examples) diff --git a/cmake/QtPublicSbomHelpers.cmake b/cmake/QtPublicSbomHelpers.cmake index f9f83dd1185..3767fb4ff26 100644 --- a/cmake/QtPublicSbomHelpers.cmake +++ b/cmake/QtPublicSbomHelpers.cmake @@ -346,6 +346,46 @@ function(_qt_internal_sbom_setup_project_ops) _qt_internal_sbom_setup_project_ops_generation(${options}) endfunction() +# Sets up SBOM generation and verification options. +# By default SBOM generation is disabled. +# By default JSON generation and SBOM verification are enabled by default, if the dependencies +# are present, otherwise they will be silently skipped. Unless the user explicitly requests to +# fail the build if the dependencies are not found. +# +# The QT_GENERATE_SBOM_DEFAULT option can be set by a project to change the default value. +function(_qt_internal_setup_sbom) + set(opt_args "") + set(single_args + GENERATE_SBOM_DEFAULT + ) + set(multi_args "") + + cmake_parse_arguments(PARSE_ARGV 0 arg "${opt_args}" "${single_args}" "${multi_args}") + _qt_internal_validate_all_args_are_parsed(arg) + + set(default_value "OFF") + if(NOT "${arg_GENERATE_SBOM_DEFAULT}" STREQUAL "") + set(default_value "${arg_GENERATE_SBOM_DEFAULT}") + endif() + + option(QT_GENERATE_SBOM "Generate SBOM documents in SPDX v2.3 tag:value format." + "${default_value}") + + string(CONCAT help_string + "Generate SBOM documents in SPDX v2.3 JSON format if required python dependency " + "spdx-tools is available" + ) + + option(QT_SBOM_GENERATE_JSON + "${help_string}" ON) + option(QT_SBOM_REQUIRE_GENERATE_JSON + "Error out if JSON SBOM generation depdendency is not found." OFF) + + option(QT_SBOM_VERIFY "Verify generated SBOM documents using python spdx-tools package." ON) + option(QT_SBOM_REQUIRE_VERIFY + "Error out if SBOM verification dependencies are not found." OFF) +endfunction() + # Ends repo sbom project generation. # Should be called after all relevant targets are added to the sbom. # Handles registering sbom info for recorded system libraries and then creates the sbom build |