Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-127335

Check that sbom spdx files are included in release packages

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • P1: Critical
    • 6.8.0 RC
    • 6.8.0 Beta3
    • Packaging & Installer
    • None
    • 2cf756950 (dev), 0070a6065 (master), cc79b9ec5 (6.8)

    Description

      Starting with

      https://codereview.qt-project.org/c/qt/qtbase/+/546923
      and
      https://codereview.qt-project.org/c/qt/qt5/+/575535

      we will generate and install .spdx files for each repo.
      Example path:
      https://testresults.qt.io/coin/log/qt/qtsvg/0ed53a343368554c0c3e99a11402c6188511be79/MacOSMacOS_13x86_64AndroidAndroid_ANYarm64Clangqtci-macos-13-x86_64-103-fe2e53DisableTests_GenerateSBOM_Sccache_UseConfigure_VerifySBOM_WarningsAreErrors/5b05cd65a0961127242dfd1ac36acf048c69532b/build_1721284969

      agent:2024/07/18 06:48:35 build.go:404: -- Finalizing SBOM generation in install dir: /Users/qt/work/install/target/sbom/qtsvg-6.9.0.spdx
agent:2024/07/18 06:48:35 build.go:404: -- Generating JSON: /Users/qt/work/install/target/sbom/qtsvg-6.9.0.spdx.json

      We should make sure they are included in the release packages.
      I'm not sure if that works automatically, or if some package configuration needs to be adjusted.

      The files are there for dev, and will soon be available in 6.8 branch as well.
      It would be great if beta3 included them.

      Attachments

        Issue Links

          resulted from

          User Story - Created by Jira Software - do not edit or delete. Issue type for a user story. QTBUG-122899 Generate SBOM from Qt build system

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • In Progress
          resulted in

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-128415 [Boot to Qt 6.8.0 beta4] Sbom missing from installed content

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed

          Task - A task that needs to be done. QTBUG-128320 Generate an SBOM for qttranslations

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • In Progress
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              joaijala Johanna Äijälä
              alexandru.croitor Alexandru Croitor
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes