-
Task
-
Resolution: Done
-
P1: Critical
-
6.8.0 Beta3
-
None
-
2cf756950 (dev), 0070a6065 (master), cc79b9ec5 (6.8)
Starting with
https://codereview.qt-project.org/c/qt/qtbase/+/546923
and
https://codereview.qt-project.org/c/qt/qt5/+/575535
we will generate and install .spdx files for each repo.
Example path:
https://testresults.qt.io/coin/log/qt/qtsvg/0ed53a343368554c0c3e99a11402c6188511be79/MacOSMacOS_13x86_64AndroidAndroid_ANYarm64Clangqtci-macos-13-x86_64-103-fe2e53DisableTests_GenerateSBOM_Sccache_UseConfigure_VerifySBOM_WarningsAreErrors/5b05cd65a0961127242dfd1ac36acf048c69532b/build_1721284969
agent:2024/07/18 06:48:35 build.go:404: -- Finalizing SBOM generation in install dir: /Users/qt/work/install/target/sbom/qtsvg-6.9.0.spdx agent:2024/07/18 06:48:35 build.go:404: -- Generating JSON: /Users/qt/work/install/target/sbom/qtsvg-6.9.0.spdx.json
We should make sure they are included in the release packages.
I'm not sure if that works automatically, or if some package configuration needs to be adjusted.
The files are there for dev, and will soon be available in 6.8 branch as well.
It would be great if beta3 included them.
- resulted from
-
QTBUG-122899
Generate SBOM from Qt build system
-
- Closed
-
- resulted in
-
QTBUG-128415 [Boot to Qt 6.8.0 beta4] Sbom missing from installed content
-
- Closed
-
-
-
- Closed
-
| For Gerrit Dashboard: QTBUG-127335 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 585327,3 | Add test for verifying sbom spdx files 6.8.0-> | master | qtqa/tqtc-qt-rta | Status: MERGED | +2 | 0 |
| 585341,3 | CMake: Generate SBOM for more platforms tagged with Packaging | dev | qt/qt5 | Status: MERGED | +2 | 0 |
| 585519,4 | CMake: Generate SBOM for more platforms tagged with Packaging | 6.8 | qt/qt5 | Status: MERGED | +2 | 0 |