| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default qtbase always generates tag/value SBOM documents, and only
generates JSON SBOM documents if the required spdx-tools python
dependency is found. If it is not found, it silently skips the json
file generation.
On the other hand, QtWebEngine generates the Chromium specific SBOM
into the json format. We then need to convert that into a tag/value
format using the spdx-tools package, to be able to link the
QtWebEngine SBOM to the Chromium one.
This means that if the spdx-tools package is missing, qtbase only has
tag/value SBOMs, Chromium only has a json SBOM, and we can't link
them. The Chromium one is therefore useless, and there was no reason
to generate it.
Change the build system code in qtwebengine to do the following:
- if the python dependency is missing, skip the Chromium SBOM
generation and show a configure check warning that the Chromium SBOM
is skipped
- if the python dependency is missing and
QT_SBOM_REQUIRE_GENERATE_JSON is ON (or -sbom-json-required is
passed), skip building both QtWebEngine and QtPdf, because we can't
satisfy the requirements. The variable is only ON if the user
explicitly opted into the option. This follows the logic in qtbase.
Usually we would have errored out in such a case, but we can't due
to the usual can't error during configure in qtwebengine reasons.
Remove the previous workaround of skipping the Chromium SBOM
generation without showing any diagnostic messages.
This reverts commit 3250fc3cca8b88d6c8ab2f9edc7dd46bfb2d3681
Pick-to: 6.9
Change-Id: I68b7e281a80e8edc11197350b4400408ff0ec8c8
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Some recent additions so we don't need to call into internal/private
functions, and this also lets us simplify some variables.
Pick-to: 6.9
Change-Id: I30a23b589db7984eca503d606b2716d59be3b7d6
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the sbom python interpreter or some of the python spdx 3rd party
packages are not found, skip generating the QtWebEngine SBOM instead
of failing with an error like:
CMake Error at qtbase/cmake/QtPublicSbomOpsHelpers.cmake:276 (message):
Python interpreter not found for generating tag/value file from JSON.
Call Stack (most recent call first):
qtbase/cmake/QtSbomHelpers.cmake:56
(_qt_internal_sbom_generate_tag_value_spdx_document)
cmake/QtWebEngineSbomHelpers.cmake:101
(qt_internal_sbom_generate_tag_value_spdx_document)
src/CMakeLists.txt:45 (qt_webengine_sbom_project_end)
Amends c6b93f4f638ada62c5e9257964387d303efd7be6
Pick-to: 6.9
Change-Id: I9280ae54d26cdec20dacc57736e3d55e6e85e988
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
|
| |
|
|
|
|
|
|
|
| |
WebEngine should build against 6.8 but certain SBOM functions are not
available there, so define them as stubs.
Pick-to: 6.9
Change-Id: I58830cf95cc32866a3c328b480fef051d9a4bc69
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
This commit adds CMake tooling for generating SBOM documents covering
Chromium dependencies. It hooks into our existing add_ninja_command()
calls, so any top-level target built in Chromium build trees
(convert_dict, QtPdf, etc.) is covered.
There is also a wrapper script for the newly written sbom.py in
Chromium, like we have a wrapper for licenses.py. It is designed to
be called once per Pdf / WebEngineCore, passing in all the gn-specific
build targets for each module.
This is in an experimental state, and bugs should be expected
especially with multi-config and Windows builds.
Task-number: QTBUG-131377
Pick-to: 6.9
Change-Id: I792a460b86e1b79d0b32838b7e1303bc8bc4e25b
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
