Make module ready for source SBOM checking

This includes:
- turning VERIFY_SOURCE_SBOM ON
- adding exception to the licenseRule.json files
- correcting the licensing given via REUSE.toml files
- renaming license files not located in LICENSES folder.
They need to be named LICENSE. to be ignored by reuse and
excluded from the source SBOM. The name are updated in the
corresponding qt_attribution.json

A lot of files are skipped during the license test,
but all are present in the source SBOM.
This is why correction are needed before turning the
source SBOM check on.

[ChangeLog][Third-Party Code] Renaming the license files with prefix
LICENSE. to have them ignored by reuse tool.

Task-number: QTBUG-131434
Pick-to: 6.9
Change-Id: I668dad0c545b6559c2263a4d60928e6878db838f
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>

Author: lugerard

REUSE.toml

@@ -23,6 +23,21 @@ comment = "module and plugin, according to licenseRule.json"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
 
+[[annotations]]
+path = ["src/designer/**"]
+precedence = "closest"
+comment = "tools, according to licenseRule.json"
+SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
+SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"
+
+[[annotations]]
+path = ["src/designer/src/lib/uilib/**",
+        "src/designer/src/plugins/**"]
+precedence = "closest"
+comment = "module and plugin, according to licenseRule.json"
+SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
+SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"
+
 [[annotations]]
 path = ["tests/**.ts*",
         "tests/**.ui",
@@ -37,10 +52,11 @@ path = ["tests/**.ts*",
         "tests/**cmd",
         "tests/**.po*",
         "tests/**.js",
+        "tests/**.json",
         "tests/**.lst",
+        "tests/**.py",
         "tests/**expected.error",
         "tests/**main.mjs",
-        "tests/**main.py",
         "tests/auto/cmake/linguist/test_i18n_auto_ts_file_names/lib.cpp",
         "tests/auto/linguist/lconvert/data/test-trans_seg.xlf",
         "tests/auto/linguist/lconvert/data/untranslated.qm",
@@ -64,35 +80,47 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
 
 [[annotations]]
-path = ["**.pro", "**.qrc", "**CMakeLists.txt", ".cmake.conf", "**.yaml", "**.json",
+path = ["**.pro", "**.qrc", "**CMakeLists.txt", ".cmake.conf", "**.yaml",
+        "coin/axivion/ci_config_linux.json",
         "**.cfg", "**.plist", "**.pri", "**.prf"]
 precedence = "closest"
 comment = "build system"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "BSD-3-Clause"
 
 [[annotations]]
-path = [".tag", "**/.gitattributes", "**.gitignore"]
+path = [".tag", "**/.gitattributes", "**.gitignore",
+        ".gitmodules"]
 precedence = "closest"
 comment = "version control system. Licensed as build system"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "BSD-3-Clause"
 
 [[annotations]]
-path = ["**/doc/images/**", "**/doc/snippets/**", "examples/**", "src/qdoc/qdoc/doc/examples"]
+path = ["**/doc/snippets/**", "examples/**", "src/qdoc/qdoc/doc/examples/**",
+        "src/qdoc/qdoc/tests/**/testdata/**/examples/**"]
 comment = "this must be after the build system table because example and snippets take precedence over build system"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
 
 [[annotations]]
-path = ["**/README*", "**.qdocconf", "**.qdoc.sample", "**.qdoc", "**.qdocinc",
-        ".gitmodules"]
+path = ["**/doc/images/**", "**/README*", "**.qdocconf", "**.qdoc.sample", "**.qdoc", "**.qdocinc"]
 comment = "documentation"
 precedence = "closest"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"
 
+[[annotations]]
+path = ["src/qdoc/qdoc/**/testdata/**.qdocconf",
+        "src/qdoc/qdoc/**/testdata/**.qdoc",
+        "src/qdoc/qdoc/**/testdata/**.qdocinc"]
+precedence = "closest"
+comment = "test"
+SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
+SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
+
+
 [[annotations]]
 path = ["**.toml", "licenseRule.json"]
 comment = "documentation"
@@ -107,13 +135,6 @@ precedence = "override"
 SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"
 
-[[annotations]]
-path = ["**LICENSE*"]
-precedence = "override"
-comment = "License file."
-SPDX-FileCopyrightText = "None"
-SPDX-License-Identifier = "CC0-1.0"
-
 [[annotations]]
 path = "examples/linguist/trollprint/trollprint_pt.ts"
 precedence = "override"
@@ -122,36 +143,22 @@ SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
 SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
 
 [[annotations]]
-path = ["src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/webxml/test-componentset-switch-qml.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/webxml/test-componentset-tabwidget-qml.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/webxml/test-componentset-progressbar-qml.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/html/test-componentset-tabwidget-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/html/test-componentset-progressbar-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/html/test-componentset-switch-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/webxml/test-componentset-tabwidget-qml.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/webxml/test-componentset-progressbar-qml.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/html/test-componentset-progressbar-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/html/test-componentset-switch-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/html/test-componentset-tabwidget-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/webxml/test-componentset-switch-qml.webxml"]
+path = ["src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.webxml",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.html",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.cpp",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.h",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.qml",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.qdoc",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.qdoc.sample",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.qdocconf",
+        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/**.xml"]
 precedence = "override"
-comment = "reuse ignore those file, trouble reading. documentation example."
+comment = ["reuse ignore or have trouble reading some of those webxml or html files",
+           "files in this directory are for file generation within testing",
+           "the licensing does not necessary correspond to the file",
+           "Licensing for those files is test licensing"]
 SPDX-FileCopyrightText = "Copyright (C) 2016 The Qt Company Ltd."
-SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR BSD-3-Clause"
-
-[[annotations]]
-path = ["src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/webxml/test-demos-demo-demo-cpp.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/webxml/test-componentset-componentset-qml.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/html/test-demos-demo-demo-cpp.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject/expected/html/test-componentset-componentset-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/html/test-demos-demo-demo-cpp.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/webxml/test-componentset-componentset-qml.webxml",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/html/test-componentset-componentset-qml.html",
-        "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/comprehensiveproject_headerdocs/expected/webxml/test-demos-demo-demo-cpp.webxml"]
-precedence = "override"
-comment = "reuse ignore those file, trouble reading."
-SPDX-FileCopyrightText = "Copyright (C) 2023 The Qt Company Ltd."
-SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"
+SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
 
 
 

coin/module_config.yaml

@@ -13,6 +13,9 @@ machine_type:
 
 instructions:
   Build:
+    - type: EnvironmentVariable
+      variableName: VERIFY_SOURCE_SBOM
+      variableValue: "ON"
     - !include "{{qt/qtbase}}/coin_module_build_template_v2.yaml"
 
   Test:

licenseRule.json

@@ -9,7 +9,10 @@
                      "unless they are examples",
                      "Files with other endings can also be build system files"
                     ],
-        "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".prf", "configure"],
+        "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".prf", "configure",
+                                 ".gitignore", ".pri", ".cfg", ".qrc", ".plist",
+                                 ".cmake.conf", ".gitattributes", ".tag",
+                                 "coin/axivion/ci_config_linux.json", ".yaml", ".gitmodules"],
         "location" : {
             "" : {
                    "comment" : "File with other endings also belong to the build system file type",
@@ -24,14 +27,26 @@
        }
     },
     {
-        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".qdoc.sample", "README.md"],
+        "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".qdoc.sample", "README.md",
+                                 "README", "qt_attribution.json", "REUSE.toml", "README_test.chromium",
+                                 "licenseRule.json"],
         "location" :{
             "" : {
                 "comment" : "",
                 "file type" : "documentation",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
             },
-            "src/qdoc/qdoc/tests/generatedoutput/testdata/" : {
+            "src/qdoc/qdoc/tests/generatedoutput/testdata/(?!REUSE.toml)" : {
+                "comment" : "",
+                "file type" : "test",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
+            },
+            "src/qdoc/qdoc/tests/validateqdocoutputfiles/testdata/(?!REUSE.toml)" : {
+                "comment" : "",
+                "file type" : "test",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
+            },
+            "src/qdoc/qdoc/tests/config/testdata/(?!REUSE.toml)" : {
                 "comment" : "",
                 "file type" : "test",
                 "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
@@ -50,6 +65,11 @@
                 "file type" : "tools",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
             },
+            "tests/auto/linguist/lupdate/testdata/good/parsepython/main.py" : {
+                "comment" : "",
+                "file type" : "test",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
+            },
             "(.*)(examples/|snippets/)" : {
                 "comment" : "Example takes precedence",
                 "file type" : "examples and snippets",
@@ -68,6 +88,11 @@
                 "file type" : "tools",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
             },
+            "dist/" : {
+                "comment" : "Default",
+                "file type" : "documentation",
+                "spdx"      : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
             "src/designer/src/plugins/" : {
                 "comment" : "plugins for Qt Widgets Designer, but also Qt UI Tools",
                 "file type" : "module and plugin",
@@ -103,7 +128,7 @@
                 "file type" : "tools",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
             },
-            "src/designer/src/lib/uilib" : {
+            "src/designer/src/lib/uilib/" : {
                 "comment" : "code used in src/uitools",
                 "file type" : "module and plugin",
                 "spdx"      : ["LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only"]
@@ -134,7 +159,7 @@
                 "spdx"      : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"]
             },
             "src/qdoc/catch/include/catch/catch.hpp" : {
-                "comment" : "src/qdoc/catch/CATCH_LICENSE.txt",
+                "comment" : "src/qdoc/catch/LICENSE.CATCH.txt",
                 "file type" : "module and plugin",
                 "spdx"      : ["BSL-1.0"]
             },
@@ -148,7 +173,7 @@
                 "file type" : "test",
                 "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
             },
-            "src/qdoc/qdoc/tests/generatedoutput/testdata/examples/" : {
+            "src/qdoc/qdoc/tests/(validateqdocoutputfiles|generatedoutput)/.*/(examples|snippets)" : {
                 "comment" : "",
                 "file type" : "test",
                 "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
@@ -157,6 +182,51 @@
                 "comment" : "",
                 "file type" : "examples and snippets",
                 "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
+            },
+            "(examples|.*).*/doc/images/" : {
+                "comment" : "Documentation asset",
+                "file type" : "documentation",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
+            "src/assistant/assistant/doc/images/" : {
+                "comment" : "Documentation asset",
+                "file type" : "documentation",
+                "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"]
+            },
+            "tests/auto/linguist/lconvert/data/test-kde-.*.po" : {
+                "comment" : "",
+                "file type" : "public domain",
+                "spdx" : ["CC0-1.0"]
+            },
+            "tests/auto/linguist/lconvert/data/wrapping.po" : {
+                "comment" : "",
+                "file type" : "public domain",
+                "spdx" : ["CC0-1.0"]
+            },
+            "tests/auto/linguist/lconvert/data/test1-.*.po" : {
+                "comment" : "",
+                "file type" : "public domain",
+                "spdx" : ["CC0-1.0"]
+            },
+            "tests/auto/linguist/lconvert/data/test-translator-comment.po" : {
+                "comment" : "",
+                "file type" : "public domain",
+                "spdx" : ["CC0-1.0"]
+            },
+            "tests/auto/linguist/lconvert/data/test-empty-comment.po" : {
+                "comment" : "",
+                "file type" : "public domain",
+                "spdx" : ["CC0-1.0"]
+            },
+            "tests/auto/linguist/lconvert/data/test-developer-comment.po" : {
+                "comment" : "",
+                "file type" : "public domain",
+                "spdx" : ["CC0-1.0"]
+            },
+            "src/qdoc/qdoc/src/qdoc/clang/AST/QualTypeNames.h" : {
+                "comment" : "",
+                "file type" : "3rd party",
+                "spdx" : ["Apache-2.0 WITH LLVM-exception"]
             }
         }
     }

src/qdoc/catch/CATCH_LICENSE.txt renamed to src/qdoc/catch/LICENSE.CATCH.txt

@@ -14,7 +14,7 @@
         "Version": "2.13.10",
         "License": "Boost Software License 1.0",
         "LicenseId": "BSL-1.0",
-        "LicenseFile": "CATCH_LICENSE.txt",
+        "LicenseFile": "LICENSE.CATCH.txt",
         "Copyright": "Copyright (c) 2022 Two Blue Cubes Ltd. All rights reserved."
     }
 ]

src/qdoc/catch/qt_attribution.json

@@ -14,7 +14,7 @@
         "Version": "16.0",
         "License": "Apache License 2.0",
         "LicenseId": "Apache-2.0 WITH LLVM-exception",
-        "LicenseFile": "LLVM_LICENSE.txt",
+        "LicenseFile": "LICENSE.LLVM.txt",
         "Copyright": "Copyright assigned to LLVM project contributors."
     }
 ]

src/qdoc/qdoc/src/qdoc/clang/AST/LLVM_LICENSE.txt renamed to src/qdoc/qdoc/src/qdoc/clang/AST/LICENSE.LLVM.txt

@@ -137,8 +137,8 @@
         "Id": "variants",
         "License": "License",
         "LicenseFiles": [
-            "%{PWD}/variants/LICENSE1.txt",
-            "%{PWD}/variants/LICENSE2.txt"
+            "%{PWD}/variants/LICENSE.1.txt",
+            "%{PWD}/variants/LICENSE.2.txt"
         ],
         "LicenseId": "",
         "Name": "Variants Test",

src/qdoc/qdoc/src/qdoc/clang/AST/qt_attribution.json

@@ -10,8 +10,8 @@
         "Id": "variants",
         "License": "License",
         "LicenseFiles": [
-            "%{PWD}/LICENSE1.txt",
-            "%{PWD}/LICENSE2.txt"
+            "%{PWD}/LICENSE.1.txt",
+            "%{PWD}/LICENSE.2.txt"
         ],
         "LicenseId": "",
         "Name": "Variants Test",

tests/auto/qtattributionsscanner/testdata/good/expected.json

@@ -7,5 +7,5 @@
   "License": "License",
 
   "CopyrightFile": "COPYRIGHT.txt",
-  "LicenseFiles": [ "LICENSE1.txt", "LICENSE2.txt" ]
+  "LicenseFiles": [ "LICENSE.1.txt", "LICENSE.2.txt" ]
 }