2022-07-05 13:26:52 +02:00
|
|
|
# Copyright (C) 2022 The Qt Company Ltd.
|
2022-08-19 15:21:34 +02:00
|
|
|
# SPDX-License-Identifier: BSD-3-Clause
|
2022-07-05 13:26:52 +02:00
|
|
|
|
2021-03-23 15:48:56 +11:00
|
|
|
# Note that these are only the keywords that are unique to qt_internal_add_plugin().
|
|
|
|
|
# That function also supports the keywords defined by _qt_internal_get_add_plugin_keywords().
|
|
|
|
|
macro(qt_internal_get_internal_add_plugin_keywords option_args single_args multi_args)
|
|
|
|
|
set(${option_args}
|
|
|
|
|
EXCEPTIONS
|
|
|
|
|
ALLOW_UNDEFINED_SYMBOLS
|
|
|
|
|
SKIP_INSTALL
|
2023-01-31 14:05:16 +01:00
|
|
|
NO_UNITY_BUILD
|
2024-08-06 16:32:48 +02:00
|
|
|
TEST_PLUGIN
|
2024-06-14 19:07:16 +02:00
|
|
|
${__qt_internal_sbom_optional_args}
|
2021-03-23 15:48:56 +11:00
|
|
|
)
|
|
|
|
|
set(${single_args}
|
|
|
|
|
OUTPUT_DIRECTORY
|
|
|
|
|
INSTALL_DIRECTORY
|
|
|
|
|
ARCHIVE_INSTALL_DIRECTORY
|
|
|
|
|
${__default_target_info_args}
|
CMake: Generate an SPDX v2.3 SBOM file for each built repository
This change adds a new -sbom configure option to allow generating and
installing an SPDX v2.3 SBOM file when building a qt repo.
The -sbom-dir option can be used to configure the location where
each repo sbom file will be installed.
By default it is installed into
$prefix/$archdatadir/sbom/$sbom_lower_project_name.sdpx
which is basically ~/Qt/sbom/qtbase-6.8.0.spdx
The file is installed as part of the default installation rules, but
it can also be installed manually using the "sbom" installation
component, or "sbom_$lower_project_name" in a top-level build. For
example: cmake install . --component sbom_qtbase
CMake 3.19+ is needed to read the qt_attribution.json files for
copyrights, license info, etc. When using an older cmake version,
configuration will error out. It is possible to opt into using an
older cmake version, but the generated sbom will lack all the
attribution file information.
Using an older cmake version is untested and not officially supported.
Implementation notes.
The bulk of the implementation is split into 4 new files:
- QtPublicSbomHelpers.cmake - for Qt-specific collecting, processing
and dispatching the generation of various pieces of the SBOM document
e.g. a SDPX package associated with a target like Core, a SDPX
file entry for each target binary file (per-config shared library,
archive, executable, etc)
- QtPublicSbomGenerationHelpers.cmake - for non-Qt specific
implementation of SPDX generation. This also has some code that was
taken from the cmake-sbom 3rd party project, so it is dual licensed
under the usual Qt build system BSD license, as well as the MIT
license of the 3rd party project
- QtPublicGitHelpers.cmake - for git related features, mainly to embed
queried hashes or tags into version strings, is dual-licensed for
the same reasons as QtPublicSbomGenerationHelpers.cmake
- QtSbomHelpers.cmake - Qt-specific functions that just forward
arguments to the public functions. These are meant to be used in our
Qt CMakeLists.txt instead of the public _qt_internal_add_sbom ones
for naming consistency. These function would mostly be used to
annotate 3rd party libraries with sbom info and to add sbom info
for unusual target setups (like the Bootstrap library), because most
of the handling is already done automatically via
qt_internal_add_module/plugin/etc.
The files are put into Public cmake files, with the future hope of
making this available to user projects in some capacity.
The distinction of Qt-specific and non-Qt specific code might blur a
bit, and thus the separation across files might not always be
consistent, but it was best effort.
The main purpose of the code is to collect various information about
targets and their relationships and generate equivalent SPDX info.
Collection is currently done for the following targets: Qt modules,
plugins, apps, tools, system libraries, bundled 3rd party libraries
and partial 3rd party sources compiled directly as part of Qt targets.
Each target has an equivalent SPDX package generated with information
like version, license, copyright, CPE (common vulnerability
identifier), files that belong to the package, and relationships on
other SPDX packages (associated cmake targets), mostly gathered from
direct linking dependencies.
Each package might also contain files, e.g. libQt6Core.so for the Core
target. Each file also has info like license id, copyrights, but also
the list of source files that were used to generate the file and a
sha1 checksum.
SPDX documents can also refer to packages in other SPDX documents, and
those are referred to via external document references. This is the
case when building qtdeclarative and we refer to Core.
For qt provided targets, we have complete information regarding
licenses, and copyrights.
For bundled 3rd party libraries, we should also have most information,
which is usually parsed from the
src/3rdparty/libfoo/qt_attribution.json files.
If there are multiple attribution files, or if the files have multiple
entries, we create a separate SBOM package for each of those entries,
because each might have a separate copyright or version, and an sbom
package can have only one version (although many copyrights).
For system libraries we usually lack the information because we don't
have attribution files for Find scripts. So the info needs to be
manually annotated via arguments to the sbom function calls, or the
FindFoo.cmake scripts expose that information in some form and we
can query it.
There are also corner cases like 3rdparty sources being directly
included in a Qt library, like the m4dc files for Gui, or PCRE2 for
Bootstrap.
Or QtWebEngine libraries (either Qt bundled or Chromium bundled or
system libraries) which get linked in by GN instead of CMake, so there
are no direct targets for them.
The information for these need to be annotated manually as well.
There is also a distinction to be made for static Qt builds (or any
static Qt library in a shared build), where the system libraries found
during the Qt build might not be the same that are linked into the
final user application or library.
The actual generation of the SBOM is done by file(GENERATE)-ing one
.cmake file for each target, file, external ref, etc, which will be
included in a top-level cmake script.
The top-level cmake script will run through each included file, to
append to a "staging" spdx file, which will then be used in a
configure_file() call to replace some final
variables, like embedding a file checksum.
There are install rules to generate a complete SBOM during
installation, and an optional 'sbom' custom target that allows
building an incomplete SBOM during the build step.
The build target is just for convenience and faster development
iteration time. It is incomplete because it is missing the installed
file SHA1 checksums and the document verification code (the sha1 of
all sha1s). We can't compute those during the build before the files
are actually installed.
A complete SBOM can only be achieved at installation time. The install
script will include all the generated helper files, but also set some
additional variables to ensure checksumming happens, and also handle
multi-config installation, among other small things.
For multi-config builds, CMake doesn't offer a way to run code after
all configs are installed, because they might not always be installed,
someone might choose to install just Release.
To handle that, we rely on ninja installing each config sequentially
(because ninja places the install rules into the 'console' pool which
runs one task at a time).
For each installed config we create a config-specific marker file.
Once all marker files are present, whichever config ends up being
installed as the last one, we run the sbom generation once, and then
delete all marker files.
There are a few internal variables that can be set during
configuration to enable various checks (and other features) on the
generated spdx files:
- QT_INTERNAL_SBOM_VERIFY
- QT_INTERNAL_SBOM_AUDIT
- QT_INTERNAL_SBOM_AUDIT_NO_ERROR
- QT_INTERNAL_SBOM_GENERATE_JSON
- QT_INTERNAL_SBOM_SHOW_TABLE
- QT_INTERNAL_SBOM_DEFAULT_CHECKS
These use 3rd party python tools, so they are not enabled by default.
If enabled, they run at installation time after the sbom is installed.
We will hopefully enable them in CI.
Overall, the code is still a bit messy in a few places, due to time
constraints, but can be improved later.
Some possible TODOs for the future:
- Do we need to handle 3rd party libs linked into a Qt static library
in a Qt shared build, where the Qt static lib is not installed, but
linked into a Qt shared library, somehow specially?
We can record a package for it, but we can't
create a spdx file record for it (and associated source
relationships) because we don't install the file, and spdx requires
the file to be installed and checksummed. Perhaps we can consider
adding some free-form text snippet to the package itself?
- Do we want to add parsing of .cpp source files for Copyrights, to
embed them into the packages? This will likely slow down
configuration quite a bit.
- Currently sbom info attached to WrapFoo packages in one repo is
not exported / available in other repos. E.g. If we annotate
WrapZLIB in qtbase with CPE_VENDOR zlib, this info will not be
available when looking up WrapZLIB in qtimageformats.
This is because they are IMPORTED libraries, and are not
exported. We might want to record this info in the future.
[ChangeLog][Build System] A new -sbom configure option can be used
to generate and install a SPDX SBOM (Software Bill of Materials) file
for each built Qt repository.
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I9c730a6bbc47e02ce1836fccf00a14ec8eb1a5f4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2024-03-07 18:02:56 +01:00
|
|
|
${__qt_internal_sbom_single_args}
|
2021-03-23 15:48:56 +11:00
|
|
|
)
|
|
|
|
|
set(${multi_args}
|
|
|
|
|
${__default_private_args}
|
|
|
|
|
${__default_public_args}
|
CMake: Generate an SPDX v2.3 SBOM file for each built repository
This change adds a new -sbom configure option to allow generating and
installing an SPDX v2.3 SBOM file when building a qt repo.
The -sbom-dir option can be used to configure the location where
each repo sbom file will be installed.
By default it is installed into
$prefix/$archdatadir/sbom/$sbom_lower_project_name.sdpx
which is basically ~/Qt/sbom/qtbase-6.8.0.spdx
The file is installed as part of the default installation rules, but
it can also be installed manually using the "sbom" installation
component, or "sbom_$lower_project_name" in a top-level build. For
example: cmake install . --component sbom_qtbase
CMake 3.19+ is needed to read the qt_attribution.json files for
copyrights, license info, etc. When using an older cmake version,
configuration will error out. It is possible to opt into using an
older cmake version, but the generated sbom will lack all the
attribution file information.
Using an older cmake version is untested and not officially supported.
Implementation notes.
The bulk of the implementation is split into 4 new files:
- QtPublicSbomHelpers.cmake - for Qt-specific collecting, processing
and dispatching the generation of various pieces of the SBOM document
e.g. a SDPX package associated with a target like Core, a SDPX
file entry for each target binary file (per-config shared library,
archive, executable, etc)
- QtPublicSbomGenerationHelpers.cmake - for non-Qt specific
implementation of SPDX generation. This also has some code that was
taken from the cmake-sbom 3rd party project, so it is dual licensed
under the usual Qt build system BSD license, as well as the MIT
license of the 3rd party project
- QtPublicGitHelpers.cmake - for git related features, mainly to embed
queried hashes or tags into version strings, is dual-licensed for
the same reasons as QtPublicSbomGenerationHelpers.cmake
- QtSbomHelpers.cmake - Qt-specific functions that just forward
arguments to the public functions. These are meant to be used in our
Qt CMakeLists.txt instead of the public _qt_internal_add_sbom ones
for naming consistency. These function would mostly be used to
annotate 3rd party libraries with sbom info and to add sbom info
for unusual target setups (like the Bootstrap library), because most
of the handling is already done automatically via
qt_internal_add_module/plugin/etc.
The files are put into Public cmake files, with the future hope of
making this available to user projects in some capacity.
The distinction of Qt-specific and non-Qt specific code might blur a
bit, and thus the separation across files might not always be
consistent, but it was best effort.
The main purpose of the code is to collect various information about
targets and their relationships and generate equivalent SPDX info.
Collection is currently done for the following targets: Qt modules,
plugins, apps, tools, system libraries, bundled 3rd party libraries
and partial 3rd party sources compiled directly as part of Qt targets.
Each target has an equivalent SPDX package generated with information
like version, license, copyright, CPE (common vulnerability
identifier), files that belong to the package, and relationships on
other SPDX packages (associated cmake targets), mostly gathered from
direct linking dependencies.
Each package might also contain files, e.g. libQt6Core.so for the Core
target. Each file also has info like license id, copyrights, but also
the list of source files that were used to generate the file and a
sha1 checksum.
SPDX documents can also refer to packages in other SPDX documents, and
those are referred to via external document references. This is the
case when building qtdeclarative and we refer to Core.
For qt provided targets, we have complete information regarding
licenses, and copyrights.
For bundled 3rd party libraries, we should also have most information,
which is usually parsed from the
src/3rdparty/libfoo/qt_attribution.json files.
If there are multiple attribution files, or if the files have multiple
entries, we create a separate SBOM package for each of those entries,
because each might have a separate copyright or version, and an sbom
package can have only one version (although many copyrights).
For system libraries we usually lack the information because we don't
have attribution files for Find scripts. So the info needs to be
manually annotated via arguments to the sbom function calls, or the
FindFoo.cmake scripts expose that information in some form and we
can query it.
There are also corner cases like 3rdparty sources being directly
included in a Qt library, like the m4dc files for Gui, or PCRE2 for
Bootstrap.
Or QtWebEngine libraries (either Qt bundled or Chromium bundled or
system libraries) which get linked in by GN instead of CMake, so there
are no direct targets for them.
The information for these need to be annotated manually as well.
There is also a distinction to be made for static Qt builds (or any
static Qt library in a shared build), where the system libraries found
during the Qt build might not be the same that are linked into the
final user application or library.
The actual generation of the SBOM is done by file(GENERATE)-ing one
.cmake file for each target, file, external ref, etc, which will be
included in a top-level cmake script.
The top-level cmake script will run through each included file, to
append to a "staging" spdx file, which will then be used in a
configure_file() call to replace some final
variables, like embedding a file checksum.
There are install rules to generate a complete SBOM during
installation, and an optional 'sbom' custom target that allows
building an incomplete SBOM during the build step.
The build target is just for convenience and faster development
iteration time. It is incomplete because it is missing the installed
file SHA1 checksums and the document verification code (the sha1 of
all sha1s). We can't compute those during the build before the files
are actually installed.
A complete SBOM can only be achieved at installation time. The install
script will include all the generated helper files, but also set some
additional variables to ensure checksumming happens, and also handle
multi-config installation, among other small things.
For multi-config builds, CMake doesn't offer a way to run code after
all configs are installed, because they might not always be installed,
someone might choose to install just Release.
To handle that, we rely on ninja installing each config sequentially
(because ninja places the install rules into the 'console' pool which
runs one task at a time).
For each installed config we create a config-specific marker file.
Once all marker files are present, whichever config ends up being
installed as the last one, we run the sbom generation once, and then
delete all marker files.
There are a few internal variables that can be set during
configuration to enable various checks (and other features) on the
generated spdx files:
- QT_INTERNAL_SBOM_VERIFY
- QT_INTERNAL_SBOM_AUDIT
- QT_INTERNAL_SBOM_AUDIT_NO_ERROR
- QT_INTERNAL_SBOM_GENERATE_JSON
- QT_INTERNAL_SBOM_SHOW_TABLE
- QT_INTERNAL_SBOM_DEFAULT_CHECKS
These use 3rd party python tools, so they are not enabled by default.
If enabled, they run at installation time after the sbom is installed.
We will hopefully enable them in CI.
Overall, the code is still a bit messy in a few places, due to time
constraints, but can be improved later.
Some possible TODOs for the future:
- Do we need to handle 3rd party libs linked into a Qt static library
in a Qt shared build, where the Qt static lib is not installed, but
linked into a Qt shared library, somehow specially?
We can record a package for it, but we can't
create a spdx file record for it (and associated source
relationships) because we don't install the file, and spdx requires
the file to be installed and checksummed. Perhaps we can consider
adding some free-form text snippet to the package itself?
- Do we want to add parsing of .cpp source files for Copyrights, to
embed them into the packages? This will likely slow down
configuration quite a bit.
- Currently sbom info attached to WrapFoo packages in one repo is
not exported / available in other repos. E.g. If we annotate
WrapZLIB in qtbase with CPE_VENDOR zlib, this info will not be
available when looking up WrapZLIB in qtimageformats.
This is because they are IMPORTED libraries, and are not
exported. We might want to record this info in the future.
[ChangeLog][Build System] A new -sbom configure option can be used
to generate and install a SPDX SBOM (Software Bill of Materials) file
for each built Qt repository.
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I9c730a6bbc47e02ce1836fccf00a14ec8eb1a5f4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2024-03-07 18:02:56 +01:00
|
|
|
${__qt_internal_sbom_multi_args}
|
2021-03-23 15:48:56 +11:00
|
|
|
DEFAULT_IF
|
|
|
|
|
)
|
|
|
|
|
endmacro()
|
|
|
|
|
|
2020-08-13 17:37:47 +02:00
|
|
|
# This is the main entry point for defining Qt plugins.
|
2021-06-04 08:32:33 +02:00
|
|
|
# A CMake target is created with the given target.
|
|
|
|
|
# The target name should end with "Plugin" so static plugins are linked automatically.
|
|
|
|
|
# The PLUGIN_TYPE parameter is needed to place the plugin into the correct plugins/ sub-directory.
|
2020-08-13 17:37:47 +02:00
|
|
|
function(qt_internal_add_plugin target)
|
|
|
|
|
qt_internal_set_qt_known_plugins("${QT_KNOWN_PLUGINS}" "${target}")
|
|
|
|
|
|
2021-03-23 15:48:56 +11:00
|
|
|
_qt_internal_get_add_plugin_keywords(
|
|
|
|
|
public_option_args
|
|
|
|
|
public_single_args
|
|
|
|
|
public_multi_args
|
|
|
|
|
)
|
|
|
|
|
qt_internal_get_internal_add_plugin_keywords(
|
|
|
|
|
internal_option_args
|
|
|
|
|
internal_single_args
|
|
|
|
|
internal_multi_args
|
|
|
|
|
)
|
|
|
|
|
set(option_args ${public_option_args} ${internal_option_args})
|
|
|
|
|
set(single_args ${public_single_args} ${internal_single_args})
|
|
|
|
|
set(multi_args ${public_multi_args} ${internal_multi_args})
|
|
|
|
|
|
2023-01-11 15:36:18 +01:00
|
|
|
cmake_parse_arguments(PARSE_ARGV 1 arg
|
2021-03-23 15:48:56 +11:00
|
|
|
"${option_args}"
|
|
|
|
|
"${single_args}"
|
|
|
|
|
"${multi_args}"
|
2020-08-13 17:37:47 +02:00
|
|
|
)
|
2023-01-11 15:36:18 +01:00
|
|
|
_qt_internal_validate_all_args_are_parsed(arg)
|
2020-08-13 17:37:47 +02:00
|
|
|
|
2021-02-10 12:11:39 +11:00
|
|
|
# Put this behind a cache option for now. It's too noisy for general use
|
|
|
|
|
# until most repos are updated.
|
2021-07-09 13:07:25 +02:00
|
|
|
option(QT_WARN_PLUGIN_PUBLIC_KEYWORDS "Warn if a plugin specifies a PUBLIC keyword" ON)
|
2021-02-10 12:11:39 +11:00
|
|
|
if(QT_WARN_PLUGIN_PUBLIC_KEYWORDS)
|
|
|
|
|
foreach(publicKeyword IN LISTS __default_public_args)
|
|
|
|
|
if(NOT "${arg_${publicKeyword}}" STREQUAL "")
|
|
|
|
|
string(REPLACE "PUBLIC_" "" privateKeyword "${publicKeyword}")
|
|
|
|
|
message(AUTHOR_WARNING
|
|
|
|
|
"Plugins are not intended to be linked to. "
|
|
|
|
|
"They should not have any public properties, but ${target} "
|
|
|
|
|
"sets ${publicKeyword} to the following value:\n"
|
|
|
|
|
" ${arg_${publicKeyword}}\n"
|
|
|
|
|
"Update your project to use ${privateKeyword} instead.\n")
|
|
|
|
|
endif()
|
|
|
|
|
endforeach()
|
|
|
|
|
endif()
|
|
|
|
|
|
2021-03-23 15:48:56 +11:00
|
|
|
qt_remove_args(plugin_args
|
|
|
|
|
ARGS_TO_REMOVE
|
|
|
|
|
${internal_option_args}
|
|
|
|
|
${internal_single_args}
|
|
|
|
|
${internal_multi_args}
|
|
|
|
|
ALL_ARGS
|
|
|
|
|
${option_args}
|
|
|
|
|
${single_args}
|
|
|
|
|
${multi_args}
|
|
|
|
|
ARGS
|
|
|
|
|
${ARGN}
|
|
|
|
|
)
|
CMake: Create plugin initializers for static user plugins
Previously we only created object library static plugin initializers
for Qt plugins only, not user-project plugins.
The reason was that if a user tried to install the plugin target via
an export set, CMake would error out saying that the _init library is
not part of the same export set.
Introduce an OUTPUT_TARGETS option that would allow projects to get
the name of the generated _init target, so they can install it if
needed.
This was already done for qt6_add_qml_module, so we just introduce the
same option for qt6_add_plugin.
Now user static plugins will have an _init target created, which will
be propagated to consumers whenever the consumers link against the
plugin itself.
We also need an internal option to disable this propagation, because
it's handled a bit differently for Qt plugins which can be linked
either via finalizers or via usage requirements.
Amends 91c65dd80cdd2de666448c14202c0c63718152b6
As a result of the implementation change, cleanup example projects
to ensure that they build successfully (the important part is
specifying the CLASS_NAME).
Only plugandpaint works properly with both shared and static Qt
builds.
echoplugin works with a shared Qt build, but not a static one due to
some assumptions in the C++ code about shared plugins.
styleplugin doesn't seem to work properly neither with shared Qt
builds nor static Qt builds, at least on macOS. But it builds fine.
For some reason even if the plugin is found, the style is not applied.
Amends 4caac1feea025b0ad496141e8f16ab88c04c2caa
Pick-to: 6.2
Task-number: QTBUG-80863
Task-number: QTBUG-92933
Change-Id: I6f631cda9566229b7a63992b23d7d7fa50303eeb
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
2021-08-19 11:42:12 +02:00
|
|
|
|
|
|
|
|
# When creating a static plugin, retrieve the plugin initializer target name, but don't
|
|
|
|
|
# automatically propagate the plugin initializer.
|
|
|
|
|
list(APPEND plugin_args
|
|
|
|
|
__QT_INTERNAL_NO_PROPAGATE_PLUGIN_INITIALIZER
|
|
|
|
|
OUTPUT_TARGETS plugin_init_target
|
|
|
|
|
)
|
|
|
|
|
|
2021-03-23 15:48:56 +11:00
|
|
|
qt6_add_plugin(${target} ${plugin_args})
|
2021-07-15 13:04:15 +02:00
|
|
|
qt_internal_mark_as_internal_library(${target})
|
2021-03-23 15:48:56 +11:00
|
|
|
|
2024-03-12 10:32:35 +01:00
|
|
|
get_target_property(target_type "${target}" TYPE)
|
2024-03-13 15:05:24 +01:00
|
|
|
if(plugin_init_target AND TARGET "${plugin_init_target}")
|
2024-03-12 10:32:35 +01:00
|
|
|
qt_internal_add_target_aliases("${plugin_init_target}")
|
|
|
|
|
endif()
|
|
|
|
|
|
2021-08-04 16:18:44 +02:00
|
|
|
set(plugin_type "")
|
|
|
|
|
# TODO: Transitional: Remove the TYPE option handling after all repos have been converted to use
|
|
|
|
|
# PLUGIN_TYPE.
|
|
|
|
|
if(arg_TYPE)
|
|
|
|
|
set(plugin_type "${arg_TYPE}")
|
|
|
|
|
elseif(arg_PLUGIN_TYPE)
|
|
|
|
|
set(plugin_type "${arg_PLUGIN_TYPE}")
|
|
|
|
|
endif()
|
|
|
|
|
|
2021-06-04 08:32:33 +02:00
|
|
|
if((NOT plugin_type STREQUAL "qml_plugin") AND (NOT target MATCHES "(.*)Plugin$"))
|
|
|
|
|
message(AUTHOR_WARNING "The internal plugin target name '${target}' should end with the 'Plugin' suffix.")
|
|
|
|
|
endif()
|
|
|
|
|
|
2021-08-04 16:18:44 +02:00
|
|
|
qt_get_sanitized_plugin_type("${plugin_type}" plugin_type_escaped)
|
2020-08-13 17:37:47 +02:00
|
|
|
|
2025-01-16 10:39:26 +01:00
|
|
|
if(NOT TARGET qt_${plugin_type_escaped}_plugins_all)
|
|
|
|
|
add_custom_target(qt_${plugin_type_escaped}_plugins_all)
|
|
|
|
|
endif()
|
|
|
|
|
add_dependencies(qt_${plugin_type_escaped}_plugins_all ${target})
|
|
|
|
|
|
|
|
|
|
|
2021-08-04 16:18:44 +02:00
|
|
|
set(output_directory_default "${QT_BUILD_DIR}/${INSTALL_PLUGINSDIR}/${plugin_type}")
|
|
|
|
|
set(install_directory_default "${INSTALL_PLUGINSDIR}/${plugin_type}")
|
2020-08-13 17:37:47 +02:00
|
|
|
|
2021-08-04 16:18:44 +02:00
|
|
|
qt_internal_check_directory_or_type(OUTPUT_DIRECTORY "${arg_OUTPUT_DIRECTORY}" "${plugin_type}"
|
2020-08-13 17:37:47 +02:00
|
|
|
"${output_directory_default}" output_directory)
|
|
|
|
|
if (NOT arg_SKIP_INSTALL)
|
2021-08-04 16:18:44 +02:00
|
|
|
qt_internal_check_directory_or_type(INSTALL_DIRECTORY "${arg_INSTALL_DIRECTORY}"
|
|
|
|
|
"${plugin_type}"
|
2020-08-13 17:37:47 +02:00
|
|
|
"${install_directory_default}" install_directory)
|
|
|
|
|
set(archive_install_directory ${arg_ARCHIVE_INSTALL_DIRECTORY})
|
|
|
|
|
if (NOT archive_install_directory AND install_directory)
|
|
|
|
|
set(archive_install_directory "${install_directory}")
|
|
|
|
|
endif()
|
|
|
|
|
endif()
|
|
|
|
|
|
2022-07-06 11:00:15 +02:00
|
|
|
qt_set_target_info_properties(${target} ${ARGN})
|
2020-08-13 17:37:47 +02:00
|
|
|
|
CMake: Record used package version for each target dependency
When recording which package version to look for in
QtFooModuleDependencies.cmake and other files like it,
instead of using PROJECT_VERSION, use the version of the
package that contains the dependency.
For example if we're hypothetically building the qtdeclarative repo
from the 6.4 branch, against an installed 6.2 qtbase, then
the Qt6QmlModuleDependencies.cmake file will have a
find_package(Qt6Core 6.2) call because qtdeclarative's
find_package(Qt6Core) call found a 6.2 Core when it was configured.
This allows switching the versioning scheme of specific Qt modules
that might not want to follow the general Qt versioning scheme.
The first candidate would be QtWebEngine which might want to
follow the Chromium versioning scheme, something like
Qt 6.94.0 where 94 is the Chromium major version.
Implementation notes.
We now record the package version of a target in a property
called _qt_package_version. We do it for qt modules, plugins,
3rd party libraries, tools and the Platform target.
When we try to look up which version to write into the
QtFooModuleDependencies.cmake file (or the equivalent Plugins and
Tools file), we try to find the version
from a few sources: the property mentioned above, then the
Qt6{target}_VERSION variable, and finally PROJECT_VERSION.
In the latter case, we issue a warning because technically that should
never have to happen, and it's a bug or an unforeseen case if it does.
A few more places also need adjustments:
- package versions to look for when configuring standalone
tests and generating standalone tests Config files
- handling of tools packages
- The main Qt6 package lookup in each Dependencies.cmake files
Note that there are some requirements and consequences in case a
module wants to use a different versioning scheme like 6.94.0.
Requirements.
- The root CMakeLists.txt file needs to call find_package with a
version different from the usual PROJECT_VERSION. Ideally it
should look for a few different Qt versions which are known to be
compatible, for example the last stable and LTS versions, or just
the lowest supported Qt version, e.g. 6.2.6 or whenever this change
would land in the 6.2 branch.
- If the repository has multiple modules, some of which need to
follow the Qt versioning scheme and some not,
project(VERSION x.y.z) calls need to be carefully placed in
subdirectory scopes with appropriate version numbers, so that
qt_internal_add_module / _tool / _plugin pick up the correct
version.
Consequences.
- The .so / .dylib names will contain the new version, e.g. .so.6.94
- Linux ELF symbols will contain the new versions
- syncqt private headers will now exist under a
include/QtFoo/6.94.0/QtFoo/private folder
- pri and prl files will also contain the new version numbers
- pkg-config .pc files contain the new version numbers
- It won't be possible to write
find_package(Qt6 6.94 COMPONENTS WebEngineWidgets) in user code.
One would have to write find_package(Qt6WebEngineWidgets 6.94)
otherwise CMake will try to look for Qt6Config 6.94 which won't
exist.
- Similarly, a
find_package(Qt6 6.4 COMPONENTS Widgets WebEngineWidgets) call
would always find any kind of WebEngine package that is higher than
6.4, which might be 6.94, 6.95, etc.
- In the future, if we fix Qt6Config to pass EXACT to its
subcomponent find_package calls,
a find_package(Qt6 6.5.0 EXACT COMPONENTS Widgets WebEngineWidgets)
would fail to find WebEngineWidgets, because its 6.94.0 version
will not be equal to 6.5.0. Currently we don't pass through EXACT,
so it's not an issue.
Augments 5ffc744b791a114a3180a425dd26e298f7399955
Task-number: QTBUG-103500
Change-Id: I8bdb56bfcbc7f7f6484d1e56651ffc993fd30bab
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
2022-05-17 08:44:43 +02:00
|
|
|
set_target_properties(${target} PROPERTIES
|
|
|
|
|
_qt_package_version "${PROJECT_VERSION}"
|
|
|
|
|
)
|
|
|
|
|
set_property(TARGET ${target}
|
|
|
|
|
APPEND PROPERTY
|
|
|
|
|
EXPORT_PROPERTIES "_qt_package_version")
|
|
|
|
|
|
2021-03-23 15:48:56 +11:00
|
|
|
# Override the OUTPUT_NAME that qt6_add_plugin() set, we need to account for
|
|
|
|
|
# QT_LIBINFIX, which is specific to building Qt.
|
2020-08-13 17:37:47 +02:00
|
|
|
# Make sure the Qt6 plugin library names are like they were in Qt5 qmake land.
|
|
|
|
|
# Whereas the Qt6 CMake target names are like the Qt5 CMake target names.
|
2021-03-23 15:48:56 +11:00
|
|
|
get_target_property(output_name ${target} OUTPUT_NAME)
|
2020-09-21 15:45:28 +02:00
|
|
|
set_property(TARGET "${target}" PROPERTY OUTPUT_NAME "${output_name}${QT_LIBINFIX}")
|
2020-08-13 17:37:47 +02:00
|
|
|
|
|
|
|
|
# Add a custom target with the Qt5 qmake name for a more user friendly ninja experience.
|
|
|
|
|
if(arg_OUTPUT_NAME AND NOT TARGET "${output_name}")
|
2021-03-11 11:19:48 +01:00
|
|
|
# But don't create such a target if it would just differ in case from "${target}"
|
|
|
|
|
# and we're not using Ninja. See https://gitlab.kitware.com/cmake/cmake/-/issues/21915
|
|
|
|
|
string(TOUPPER "${output_name}" uc_output_name)
|
|
|
|
|
string(TOUPPER "${target}" uc_target)
|
|
|
|
|
if(NOT uc_output_name STREQUAL uc_target OR CMAKE_GENERATOR MATCHES "^Ninja")
|
|
|
|
|
add_custom_target("${output_name}")
|
|
|
|
|
add_dependencies("${output_name}" "${target}")
|
|
|
|
|
endif()
|
2020-08-13 17:37:47 +02:00
|
|
|
endif()
|
|
|
|
|
|
2022-04-30 23:38:02 +08:00
|
|
|
qt_set_common_target_properties("${target}")
|
2020-08-13 17:37:47 +02:00
|
|
|
qt_internal_add_target_aliases("${target}")
|
2024-09-10 16:33:57 +02:00
|
|
|
|
|
|
|
|
qt_internal_default_warnings_are_errors("${target}")
|
2020-08-13 17:37:47 +02:00
|
|
|
|
|
|
|
|
set_target_properties("${target}" PROPERTIES
|
|
|
|
|
LIBRARY_OUTPUT_DIRECTORY "${output_directory}"
|
|
|
|
|
RUNTIME_OUTPUT_DIRECTORY "${output_directory}"
|
|
|
|
|
ARCHIVE_OUTPUT_DIRECTORY "${output_directory}"
|
|
|
|
|
QT_PLUGIN_TYPE "${plugin_type_escaped}"
|
|
|
|
|
# Save the non-sanitized plugin type values for qmake consumption via .pri files.
|
2021-08-04 16:18:44 +02:00
|
|
|
QT_QMAKE_PLUGIN_TYPE "${plugin_type}"
|
2021-03-23 15:48:56 +11:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
qt_handle_multi_config_output_dirs("${target}")
|
2020-08-13 17:37:47 +02:00
|
|
|
|
|
|
|
|
qt_autogen_tools_initial_setup(${target})
|
|
|
|
|
|
2021-03-23 15:48:56 +11:00
|
|
|
unset(plugin_install_package_suffix)
|
2020-08-13 17:37:47 +02:00
|
|
|
|
2021-04-07 12:00:09 +02:00
|
|
|
# The generic plugins should be enabled by default.
|
|
|
|
|
# But platform plugins should always be disabled by default, and only one is enabled
|
|
|
|
|
# based on the platform (condition specified in arg_DEFAULT_IF).
|
|
|
|
|
if(plugin_type_escaped STREQUAL "platforms")
|
|
|
|
|
set(_default_plugin 0)
|
|
|
|
|
else()
|
|
|
|
|
set(_default_plugin 1)
|
|
|
|
|
endif()
|
|
|
|
|
|
2021-04-08 13:32:26 +02:00
|
|
|
if(DEFINED arg_DEFAULT_IF)
|
|
|
|
|
if(${arg_DEFAULT_IF})
|
|
|
|
|
set(_default_plugin 1)
|
|
|
|
|
else()
|
|
|
|
|
set(_default_plugin 0)
|
|
|
|
|
endif()
|
2021-04-07 12:00:09 +02:00
|
|
|
endif()
|
|
|
|
|
|
2021-03-23 15:48:56 +11:00
|
|
|
# Save the Qt module in the plug-in's properties and vice versa
|
2020-08-13 17:37:47 +02:00
|
|
|
if(NOT plugin_type_escaped STREQUAL "qml_plugin")
|
2021-03-01 17:17:54 +11:00
|
|
|
qt_internal_get_module_for_plugin("${target}" "${plugin_type_escaped}" qt_module)
|
2021-03-30 09:27:04 +02:00
|
|
|
|
|
|
|
|
set(qt_module_target "${QT_CMAKE_EXPORT_NAMESPACE}::${qt_module}")
|
|
|
|
|
if(NOT TARGET "${qt_module_target}")
|
|
|
|
|
message(FATAL_ERROR "Failed to associate Qt plugin with Qt module. ${qt_module_target} is not a known CMake target")
|
2021-03-23 15:48:56 +11:00
|
|
|
endif()
|
2021-03-30 09:27:04 +02:00
|
|
|
|
2021-03-01 17:17:54 +11:00
|
|
|
set_target_properties("${target}" PROPERTIES QT_MODULE "${qt_module}")
|
2020-08-13 17:37:47 +02:00
|
|
|
set(plugin_install_package_suffix "${qt_module}")
|
|
|
|
|
|
2021-03-30 09:27:04 +02:00
|
|
|
|
2025-03-05 12:17:44 +01:00
|
|
|
_qt_internal_dealias_target(qt_module_target)
|
2021-03-30 09:27:04 +02:00
|
|
|
get_target_property(is_imported_qt_module ${qt_module_target} IMPORTED)
|
|
|
|
|
|
2022-07-27 11:35:50 +02:00
|
|
|
if(NOT is_imported_qt_module)
|
|
|
|
|
# This QT_PLUGINS assignment is only used by QtPostProcessHelpers to decide if a
|
|
|
|
|
# QtModulePlugins.cmake file should be generated.
|
|
|
|
|
set_property(TARGET "${qt_module_target}" APPEND PROPERTY QT_PLUGINS "${target}")
|
2024-10-30 18:18:05 +01:00
|
|
|
__qt_internal_add_interface_plugin_target(${qt_module_target} ${target} BUILD_ONLY)
|
2024-02-05 17:37:45 +01:00
|
|
|
else()
|
|
|
|
|
# The _qt_plugins property is considered when collecting the plugins in
|
|
|
|
|
# deployment process. The usecase is following:
|
|
|
|
|
# QtModuleX is built separately and installed, so it's imported.
|
|
|
|
|
# The plugin is built in some application build tree and its PLUGIN_TYPE is associated
|
|
|
|
|
# with QtModuleX.
|
|
|
|
|
set_property(TARGET "${qt_module_target}" APPEND PROPERTY _qt_plugins "${target}")
|
2024-10-30 18:18:05 +01:00
|
|
|
__qt_internal_add_interface_plugin_target(${qt_module_target} ${target})
|
2022-07-27 11:35:50 +02:00
|
|
|
endif()
|
|
|
|
|
|
2022-08-15 18:29:41 +02:00
|
|
|
qt_internal_add_autogen_sync_header_dependencies(${target} ${qt_module_target})
|
2020-08-13 17:37:47 +02:00
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
# Change the configuration file install location for qml plugins into the Qml package location.
|
|
|
|
|
if(plugin_type_escaped STREQUAL "qml_plugin" AND TARGET "${INSTALL_CMAKE_NAMESPACE}::Qml")
|
|
|
|
|
set(plugin_install_package_suffix "Qml/QmlPlugins")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
# Save the install package suffix as a property, so that the Dependencies file is placed
|
2021-03-23 15:48:56 +11:00
|
|
|
# in the correct location.
|
2020-08-13 17:37:47 +02:00
|
|
|
if(plugin_install_package_suffix)
|
|
|
|
|
set_target_properties("${target}" PROPERTIES
|
|
|
|
|
_qt_plugin_install_package_suffix "${plugin_install_package_suffix}")
|
|
|
|
|
endif()
|
|
|
|
|
|
2021-04-08 15:55:09 +02:00
|
|
|
if(TARGET qt_plugins)
|
|
|
|
|
add_dependencies(qt_plugins "${target}")
|
|
|
|
|
endif()
|
2023-02-06 16:51:40 +01:00
|
|
|
|
|
|
|
|
# Record plugin for current repo.
|
|
|
|
|
if(qt_repo_plugins AND TARGET ${qt_repo_plugins})
|
|
|
|
|
add_dependencies(${qt_repo_plugins} "${target}")
|
|
|
|
|
endif()
|
|
|
|
|
|
2021-08-04 16:18:44 +02:00
|
|
|
if(plugin_type STREQUAL "platforms")
|
2021-04-08 15:55:09 +02:00
|
|
|
if(TARGET qpa_plugins)
|
|
|
|
|
add_dependencies(qpa_plugins "${target}")
|
|
|
|
|
endif()
|
2020-10-26 11:24:27 +01:00
|
|
|
|
2021-04-08 15:55:09 +02:00
|
|
|
if(_default_plugin AND TARGET qpa_default_plugins)
|
2020-10-26 11:24:27 +01:00
|
|
|
add_dependencies(qpa_default_plugins "${target}")
|
|
|
|
|
endif()
|
2020-10-19 19:34:53 +02:00
|
|
|
endif()
|
|
|
|
|
|
2020-08-13 17:37:47 +02:00
|
|
|
set_property(TARGET "${target}" PROPERTY QT_DEFAULT_PLUGIN "${_default_plugin}")
|
|
|
|
|
set_property(TARGET "${target}" APPEND PROPERTY EXPORT_PROPERTIES "QT_PLUGIN_CLASS_NAME;QT_PLUGIN_TYPE;QT_MODULE;QT_DEFAULT_PLUGIN")
|
|
|
|
|
|
|
|
|
|
set(private_includes
|
|
|
|
|
"${CMAKE_CURRENT_SOURCE_DIR}"
|
|
|
|
|
"${CMAKE_CURRENT_BINARY_DIR}"
|
|
|
|
|
# For the syncqt headers
|
2021-04-06 16:01:51 +02:00
|
|
|
"$<BUILD_INTERFACE:${QT_BUILD_DIR}/include>"
|
2020-08-13 17:37:47 +02:00
|
|
|
${arg_INCLUDE_DIRECTORIES}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
set(public_includes
|
|
|
|
|
${arg_PUBLIC_INCLUDE_DIRECTORIES}
|
|
|
|
|
)
|
|
|
|
|
|
2023-03-15 10:46:22 +01:00
|
|
|
if(arg_NO_UNITY_BUILD)
|
|
|
|
|
set(arg_NO_UNITY_BUILD "NO_UNITY_BUILD")
|
|
|
|
|
else()
|
|
|
|
|
set(arg_NO_UNITY_BUILD "")
|
|
|
|
|
endif()
|
|
|
|
|
|
2020-09-22 10:02:27 +02:00
|
|
|
qt_internal_extend_target("${target}"
|
Improvement to NO_UNITY_BUILD_SOURCES, and fix related bugs
The source of the problem was in `qt_set_target_info_properties` which
was not able to process the NO_UNITY_BUILD_SOURCES, and therefore
leaking it into the `TARGET_COPYRIGHT`, ie., the last argument. So, I
decided to pass Unity Build arguments before them, and closer to
SOURCES, which is nicer to read, and avoid similar situation. And
I reverted the work around in the amend commit, and passing the
arguments normally.
This happens because we pass an unfiltered ${ARGN} from
qt_internal_add_executable to qt_set_target_info_properties and that the
current change is merely a workaround that ensures they get
circumstantially filtered out, because the NO_UNITY_BUILD_SOURCES option
appears before any of the first TARGET_ props.
Amend cd12c1f33281452d478bb94744d76bead5c7363a
Task-number: QTBUG-99238
Task-number: QTBUG-109394
Pick-to: 6.5
Change-Id: Idb37937cf53e708425402c90f55bda8816e27f29
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
2023-03-29 11:38:30 +02:00
|
|
|
${arg_NO_UNITY_BUILD}
|
2020-08-13 17:37:47 +02:00
|
|
|
SOURCES ${arg_SOURCES}
|
2023-08-06 12:58:45 +02:00
|
|
|
NO_PCH_SOURCES
|
|
|
|
|
${arg_NO_PCH_SOURCES}
|
Improvement to NO_UNITY_BUILD_SOURCES, and fix related bugs
The source of the problem was in `qt_set_target_info_properties` which
was not able to process the NO_UNITY_BUILD_SOURCES, and therefore
leaking it into the `TARGET_COPYRIGHT`, ie., the last argument. So, I
decided to pass Unity Build arguments before them, and closer to
SOURCES, which is nicer to read, and avoid similar situation. And
I reverted the work around in the amend commit, and passing the
arguments normally.
This happens because we pass an unfiltered ${ARGN} from
qt_internal_add_executable to qt_set_target_info_properties and that the
current change is merely a workaround that ensures they get
circumstantially filtered out, because the NO_UNITY_BUILD_SOURCES option
appears before any of the first TARGET_ props.
Amend cd12c1f33281452d478bb94744d76bead5c7363a
Task-number: QTBUG-99238
Task-number: QTBUG-109394
Pick-to: 6.5
Change-Id: Idb37937cf53e708425402c90f55bda8816e27f29
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
2023-03-29 11:38:30 +02:00
|
|
|
NO_UNITY_BUILD_SOURCES
|
|
|
|
|
${arg_NO_UNITY_BUILD_SOURCES}
|
2020-08-13 17:37:47 +02:00
|
|
|
INCLUDE_DIRECTORIES
|
|
|
|
|
${private_includes}
|
2022-11-21 17:55:13 -08:00
|
|
|
SYSTEM_INCLUDE_DIRECTORIES
|
|
|
|
|
${arg_SYSTEM_INCLUDE_DIRECTORIES}
|
2020-08-13 17:37:47 +02:00
|
|
|
PUBLIC_INCLUDE_DIRECTORIES
|
|
|
|
|
${public_includes}
|
|
|
|
|
LIBRARIES ${arg_LIBRARIES} Qt::PlatformPluginInternal
|
|
|
|
|
PUBLIC_LIBRARIES ${arg_PUBLIC_LIBRARIES}
|
|
|
|
|
DEFINES
|
|
|
|
|
${arg_DEFINES}
|
2020-10-19 19:34:17 +02:00
|
|
|
${deprecation_define}
|
2020-08-13 17:37:47 +02:00
|
|
|
PUBLIC_DEFINES
|
|
|
|
|
${arg_PUBLIC_DEFINES}
|
|
|
|
|
FEATURE_DEPENDENCIES ${arg_FEATURE_DEPENDENCIES}
|
2023-01-23 13:52:20 +01:00
|
|
|
DBUS_ADAPTOR_SOURCES ${arg_DBUS_ADAPTOR_SOURCES}
|
|
|
|
|
DBUS_ADAPTOR_FLAGS ${arg_DBUS_ADAPTOR_FLAGS}
|
|
|
|
|
DBUS_INTERFACE_SOURCES ${arg_DBUS_INTERFACE_SOURCES}
|
|
|
|
|
DBUS_INTERFACE_FLAGS ${arg_DBUS_INTERFACE_FLAGS}
|
2020-08-13 17:37:47 +02:00
|
|
|
COMPILE_OPTIONS ${arg_COMPILE_OPTIONS}
|
|
|
|
|
PUBLIC_COMPILE_OPTIONS ${arg_PUBLIC_COMPILE_OPTIONS}
|
|
|
|
|
LINK_OPTIONS ${arg_LINK_OPTIONS}
|
|
|
|
|
PUBLIC_LINK_OPTIONS ${arg_PUBLIC_LINK_OPTIONS}
|
|
|
|
|
MOC_OPTIONS ${arg_MOC_OPTIONS}
|
|
|
|
|
ENABLE_AUTOGEN_TOOLS ${arg_ENABLE_AUTOGEN_TOOLS}
|
|
|
|
|
DISABLE_AUTOGEN_TOOLS ${arg_DISABLE_AUTOGEN_TOOLS}
|
|
|
|
|
)
|
2021-01-21 11:17:58 +01:00
|
|
|
|
2022-03-11 12:41:36 +01:00
|
|
|
qt_internal_add_repo_local_defines("${target}")
|
|
|
|
|
|
2025-03-17 10:07:25 +01:00
|
|
|
if(NOT arg_EXCEPTIONS)
|
2024-08-01 16:25:09 +02:00
|
|
|
qt_internal_set_exceptions_flags("${target}" "DEFAULT")
|
|
|
|
|
else()
|
|
|
|
|
qt_internal_set_exceptions_flags("${target}" "${arg_EXCEPTIONS}")
|
|
|
|
|
endif()
|
2020-08-13 17:37:47 +02:00
|
|
|
|
|
|
|
|
set(qt_libs_private "")
|
|
|
|
|
qt_internal_get_qt_all_known_modules(known_modules)
|
|
|
|
|
foreach(it ${known_modules})
|
|
|
|
|
list(FIND arg_LIBRARIES "Qt::${it}Private" pos)
|
|
|
|
|
if(pos GREATER -1)
|
|
|
|
|
list(APPEND qt_libs_private "Qt::${it}Private")
|
|
|
|
|
endif()
|
|
|
|
|
endforeach()
|
|
|
|
|
|
2025-01-07 17:51:30 +01:00
|
|
|
set(qt_register_target_dependencies_args "")
|
|
|
|
|
if(arg_PUBLIC_LIBRARIES)
|
|
|
|
|
list(APPEND qt_register_target_dependencies_args PUBLIC ${arg_PUBLIC_LIBRARIES})
|
|
|
|
|
endif()
|
|
|
|
|
if(qt_libs_private)
|
2025-01-28 12:48:42 +01:00
|
|
|
qt_internal_wrap_private_modules(qt_libs_private ${qt_libs_private})
|
2025-01-07 17:51:30 +01:00
|
|
|
list(APPEND qt_register_target_dependencies_args PRIVATE ${qt_libs_private})
|
|
|
|
|
endif()
|
|
|
|
|
qt_internal_register_target_dependencies("${target}"
|
|
|
|
|
${qt_register_target_dependencies_args})
|
2021-06-11 16:56:59 +02:00
|
|
|
|
2022-07-18 14:31:37 +02:00
|
|
|
if(target_type STREQUAL STATIC_LIBRARY)
|
2021-05-11 11:19:19 +02:00
|
|
|
if(qt_module_target)
|
2024-09-10 18:20:51 +02:00
|
|
|
qt_internal_link_internal_platform_for_object_library("${plugin_init_target}"
|
|
|
|
|
PARENT_TARGET "${target}")
|
2021-05-11 11:19:19 +02:00
|
|
|
endif()
|
2020-11-19 15:35:28 +01:00
|
|
|
endif()
|
2020-08-13 17:37:47 +02:00
|
|
|
|
|
|
|
|
if (NOT arg_SKIP_INSTALL)
|
|
|
|
|
# Handle creation of cmake files for consumers of find_package().
|
|
|
|
|
# If we are part of a Qt module, the plugin cmake files are installed as part of that
|
|
|
|
|
# module.
|
|
|
|
|
# For qml plugins, they are all installed into the QtQml package location for automatic
|
|
|
|
|
# discovery.
|
|
|
|
|
if(plugin_install_package_suffix)
|
|
|
|
|
set(path_suffix "${INSTALL_CMAKE_NAMESPACE}${plugin_install_package_suffix}")
|
|
|
|
|
else()
|
|
|
|
|
set(path_suffix "${INSTALL_CMAKE_NAMESPACE}${target}")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
qt_path_join(config_build_dir ${QT_CONFIG_BUILD_DIR} ${path_suffix})
|
|
|
|
|
qt_path_join(config_install_dir ${QT_CONFIG_INSTALL_DIR} ${path_suffix})
|
|
|
|
|
|
2020-09-22 22:16:20 +02:00
|
|
|
qt_internal_export_additional_targets_file(
|
2021-05-20 13:38:30 +02:00
|
|
|
TARGETS ${target} ${plugin_init_target}
|
2020-09-22 22:16:20 +02:00
|
|
|
EXPORT_NAME_PREFIX ${INSTALL_CMAKE_NAMESPACE}${target}
|
|
|
|
|
CONFIG_INSTALL_DIR "${config_install_dir}")
|
2020-11-30 18:46:49 +11:00
|
|
|
|
|
|
|
|
qt_internal_get_min_new_policy_cmake_version(min_new_policy_version)
|
|
|
|
|
qt_internal_get_max_new_policy_cmake_version(max_new_policy_version)
|
2024-08-06 16:32:48 +02:00
|
|
|
|
|
|
|
|
# For test plugins we need to make sure plugins are not loaded from the Qt installation
|
|
|
|
|
# when building standalone tests.
|
|
|
|
|
if(QT_INTERNAL_CONFIGURING_TESTS OR arg_TEST_PLUGIN)
|
|
|
|
|
if(NOT arg_TEST_PLUGIN)
|
2025-04-28 16:24:02 +02:00
|
|
|
message(WARNING "The installable test plugin ${target} is built as part of a test"
|
|
|
|
|
" suite, but is not marked as TEST_PLUGIN using the respective argument."
|
2024-08-06 16:32:48 +02:00
|
|
|
"\nThis warning will soon become an error."
|
|
|
|
|
)
|
|
|
|
|
endif()
|
|
|
|
|
set(skip_internal_test_plugin
|
|
|
|
|
"if(QT_BUILD_STANDALONE_TESTS AND \"\${PROJECT_NAME}\" STREQUAL \"${PROJECT_NAME}\")
|
|
|
|
|
message(DEBUG \"Skipping loading ${target}Config.cmake during \"
|
|
|
|
|
\"standalone tests run of ${PROJECT_NAME}\")
|
|
|
|
|
return()
|
|
|
|
|
endif()"
|
|
|
|
|
)
|
|
|
|
|
endif()
|
|
|
|
|
|
2020-08-13 17:37:47 +02:00
|
|
|
configure_package_config_file(
|
|
|
|
|
"${QT_CMAKE_DIR}/QtPluginConfig.cmake.in"
|
|
|
|
|
"${config_build_dir}/${INSTALL_CMAKE_NAMESPACE}${target}Config.cmake"
|
|
|
|
|
INSTALL_DESTINATION "${config_install_dir}"
|
|
|
|
|
)
|
|
|
|
|
write_basic_package_version_file(
|
2021-10-22 13:38:00 +02:00
|
|
|
"${config_build_dir}/${INSTALL_CMAKE_NAMESPACE}${target}ConfigVersionImpl.cmake"
|
2020-08-13 17:37:47 +02:00
|
|
|
VERSION ${PROJECT_VERSION}
|
|
|
|
|
COMPATIBILITY AnyNewerVersion
|
|
|
|
|
)
|
2021-10-22 13:38:00 +02:00
|
|
|
qt_internal_write_qt_package_version_file(
|
|
|
|
|
"${INSTALL_CMAKE_NAMESPACE}${target}"
|
|
|
|
|
"${config_build_dir}/${INSTALL_CMAKE_NAMESPACE}${target}ConfigVersion.cmake"
|
|
|
|
|
)
|
2020-08-13 17:37:47 +02:00
|
|
|
|
|
|
|
|
qt_install(FILES
|
|
|
|
|
"${config_build_dir}/${INSTALL_CMAKE_NAMESPACE}${target}Config.cmake"
|
|
|
|
|
"${config_build_dir}/${INSTALL_CMAKE_NAMESPACE}${target}ConfigVersion.cmake"
|
2021-10-22 13:38:00 +02:00
|
|
|
"${config_build_dir}/${INSTALL_CMAKE_NAMESPACE}${target}ConfigVersionImpl.cmake"
|
2020-08-13 17:37:47 +02:00
|
|
|
DESTINATION "${config_install_dir}"
|
|
|
|
|
COMPONENT Devel
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Make the export name of plugins be consistent with modules, so that
|
|
|
|
|
# qt_add_resource adds its additional targets to the same export set in a static Qt build.
|
|
|
|
|
set(export_name "${INSTALL_CMAKE_NAMESPACE}${target}Targets")
|
2021-05-11 11:19:19 +02:00
|
|
|
qt_install(TARGETS
|
|
|
|
|
"${target}"
|
|
|
|
|
${plugin_init_target}
|
2020-08-13 17:37:47 +02:00
|
|
|
EXPORT ${export_name}
|
|
|
|
|
RUNTIME DESTINATION "${install_directory}"
|
|
|
|
|
LIBRARY DESTINATION "${install_directory}"
|
2021-05-11 11:19:19 +02:00
|
|
|
OBJECTS DESTINATION "${install_directory}"
|
2020-08-13 17:37:47 +02:00
|
|
|
ARCHIVE DESTINATION "${archive_install_directory}"
|
|
|
|
|
)
|
|
|
|
|
qt_install(EXPORT ${export_name}
|
|
|
|
|
NAMESPACE ${QT_CMAKE_EXPORT_NAMESPACE}::
|
|
|
|
|
DESTINATION "${config_install_dir}"
|
|
|
|
|
)
|
2020-09-03 18:29:41 +10:00
|
|
|
if(BUILD_SHARED_LIBS)
|
|
|
|
|
qt_apply_rpaths(TARGET "${target}" INSTALL_PATH "${install_directory}" RELATIVE_RPATH)
|
2022-04-14 18:04:41 +02:00
|
|
|
qt_internal_apply_staging_prefix_build_rpath_workaround()
|
2020-09-03 18:29:41 +10:00
|
|
|
endif()
|
2020-08-13 17:37:47 +02:00
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
if (NOT arg_ALLOW_UNDEFINED_SYMBOLS)
|
|
|
|
|
### fixme: cmake is missing a built-in variable for this. We want to apply it only to
|
|
|
|
|
# modules and plugins that belong to Qt.
|
|
|
|
|
qt_internal_add_link_flags_no_undefined("${target}")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
qt_internal_add_linker_version_script(${target})
|
2021-03-26 15:52:43 +01:00
|
|
|
set(finalizer_extra_args "")
|
|
|
|
|
if(NOT arg_SKIP_INSTALL)
|
|
|
|
|
list(APPEND finalizer_extra_args INSTALL_PATH "${install_directory}")
|
|
|
|
|
endif()
|
CMake: Generate an SPDX v2.3 SBOM file for each built repository
This change adds a new -sbom configure option to allow generating and
installing an SPDX v2.3 SBOM file when building a qt repo.
The -sbom-dir option can be used to configure the location where
each repo sbom file will be installed.
By default it is installed into
$prefix/$archdatadir/sbom/$sbom_lower_project_name.sdpx
which is basically ~/Qt/sbom/qtbase-6.8.0.spdx
The file is installed as part of the default installation rules, but
it can also be installed manually using the "sbom" installation
component, or "sbom_$lower_project_name" in a top-level build. For
example: cmake install . --component sbom_qtbase
CMake 3.19+ is needed to read the qt_attribution.json files for
copyrights, license info, etc. When using an older cmake version,
configuration will error out. It is possible to opt into using an
older cmake version, but the generated sbom will lack all the
attribution file information.
Using an older cmake version is untested and not officially supported.
Implementation notes.
The bulk of the implementation is split into 4 new files:
- QtPublicSbomHelpers.cmake - for Qt-specific collecting, processing
and dispatching the generation of various pieces of the SBOM document
e.g. a SDPX package associated with a target like Core, a SDPX
file entry for each target binary file (per-config shared library,
archive, executable, etc)
- QtPublicSbomGenerationHelpers.cmake - for non-Qt specific
implementation of SPDX generation. This also has some code that was
taken from the cmake-sbom 3rd party project, so it is dual licensed
under the usual Qt build system BSD license, as well as the MIT
license of the 3rd party project
- QtPublicGitHelpers.cmake - for git related features, mainly to embed
queried hashes or tags into version strings, is dual-licensed for
the same reasons as QtPublicSbomGenerationHelpers.cmake
- QtSbomHelpers.cmake - Qt-specific functions that just forward
arguments to the public functions. These are meant to be used in our
Qt CMakeLists.txt instead of the public _qt_internal_add_sbom ones
for naming consistency. These function would mostly be used to
annotate 3rd party libraries with sbom info and to add sbom info
for unusual target setups (like the Bootstrap library), because most
of the handling is already done automatically via
qt_internal_add_module/plugin/etc.
The files are put into Public cmake files, with the future hope of
making this available to user projects in some capacity.
The distinction of Qt-specific and non-Qt specific code might blur a
bit, and thus the separation across files might not always be
consistent, but it was best effort.
The main purpose of the code is to collect various information about
targets and their relationships and generate equivalent SPDX info.
Collection is currently done for the following targets: Qt modules,
plugins, apps, tools, system libraries, bundled 3rd party libraries
and partial 3rd party sources compiled directly as part of Qt targets.
Each target has an equivalent SPDX package generated with information
like version, license, copyright, CPE (common vulnerability
identifier), files that belong to the package, and relationships on
other SPDX packages (associated cmake targets), mostly gathered from
direct linking dependencies.
Each package might also contain files, e.g. libQt6Core.so for the Core
target. Each file also has info like license id, copyrights, but also
the list of source files that were used to generate the file and a
sha1 checksum.
SPDX documents can also refer to packages in other SPDX documents, and
those are referred to via external document references. This is the
case when building qtdeclarative and we refer to Core.
For qt provided targets, we have complete information regarding
licenses, and copyrights.
For bundled 3rd party libraries, we should also have most information,
which is usually parsed from the
src/3rdparty/libfoo/qt_attribution.json files.
If there are multiple attribution files, or if the files have multiple
entries, we create a separate SBOM package for each of those entries,
because each might have a separate copyright or version, and an sbom
package can have only one version (although many copyrights).
For system libraries we usually lack the information because we don't
have attribution files for Find scripts. So the info needs to be
manually annotated via arguments to the sbom function calls, or the
FindFoo.cmake scripts expose that information in some form and we
can query it.
There are also corner cases like 3rdparty sources being directly
included in a Qt library, like the m4dc files for Gui, or PCRE2 for
Bootstrap.
Or QtWebEngine libraries (either Qt bundled or Chromium bundled or
system libraries) which get linked in by GN instead of CMake, so there
are no direct targets for them.
The information for these need to be annotated manually as well.
There is also a distinction to be made for static Qt builds (or any
static Qt library in a shared build), where the system libraries found
during the Qt build might not be the same that are linked into the
final user application or library.
The actual generation of the SBOM is done by file(GENERATE)-ing one
.cmake file for each target, file, external ref, etc, which will be
included in a top-level cmake script.
The top-level cmake script will run through each included file, to
append to a "staging" spdx file, which will then be used in a
configure_file() call to replace some final
variables, like embedding a file checksum.
There are install rules to generate a complete SBOM during
installation, and an optional 'sbom' custom target that allows
building an incomplete SBOM during the build step.
The build target is just for convenience and faster development
iteration time. It is incomplete because it is missing the installed
file SHA1 checksums and the document verification code (the sha1 of
all sha1s). We can't compute those during the build before the files
are actually installed.
A complete SBOM can only be achieved at installation time. The install
script will include all the generated helper files, but also set some
additional variables to ensure checksumming happens, and also handle
multi-config installation, among other small things.
For multi-config builds, CMake doesn't offer a way to run code after
all configs are installed, because they might not always be installed,
someone might choose to install just Release.
To handle that, we rely on ninja installing each config sequentially
(because ninja places the install rules into the 'console' pool which
runs one task at a time).
For each installed config we create a config-specific marker file.
Once all marker files are present, whichever config ends up being
installed as the last one, we run the sbom generation once, and then
delete all marker files.
There are a few internal variables that can be set during
configuration to enable various checks (and other features) on the
generated spdx files:
- QT_INTERNAL_SBOM_VERIFY
- QT_INTERNAL_SBOM_AUDIT
- QT_INTERNAL_SBOM_AUDIT_NO_ERROR
- QT_INTERNAL_SBOM_GENERATE_JSON
- QT_INTERNAL_SBOM_SHOW_TABLE
- QT_INTERNAL_SBOM_DEFAULT_CHECKS
These use 3rd party python tools, so they are not enabled by default.
If enabled, they run at installation time after the sbom is installed.
We will hopefully enable them in CI.
Overall, the code is still a bit messy in a few places, due to time
constraints, but can be improved later.
Some possible TODOs for the future:
- Do we need to handle 3rd party libs linked into a Qt static library
in a Qt shared build, where the Qt static lib is not installed, but
linked into a Qt shared library, somehow specially?
We can record a package for it, but we can't
create a spdx file record for it (and associated source
relationships) because we don't install the file, and spdx requires
the file to be installed and checksummed. Perhaps we can consider
adding some free-form text snippet to the package itself?
- Do we want to add parsing of .cpp source files for Copyrights, to
embed them into the packages? This will likely slow down
configuration quite a bit.
- Currently sbom info attached to WrapFoo packages in one repo is
not exported / available in other repos. E.g. If we annotate
WrapZLIB in qtbase with CPE_VENDOR zlib, this info will not be
available when looking up WrapZLIB in qtimageformats.
This is because they are IMPORTED libraries, and are not
exported. We might want to record this info in the future.
[ChangeLog][Build System] A new -sbom configure option can be used
to generate and install a SPDX SBOM (Software Bill of Materials) file
for each built Qt repository.
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I9c730a6bbc47e02ce1836fccf00a14ec8eb1a5f4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2024-03-07 18:02:56 +01:00
|
|
|
|
|
|
|
|
if(QT_GENERATE_SBOM)
|
|
|
|
|
set(sbom_args "")
|
|
|
|
|
list(APPEND sbom_args TYPE QT_PLUGIN)
|
|
|
|
|
|
|
|
|
|
qt_get_cmake_configurations(configs)
|
|
|
|
|
foreach(config IN LISTS configs)
|
|
|
|
|
_qt_internal_sbom_append_multi_config_aware_single_arg_option(
|
|
|
|
|
INSTALL_PATH
|
|
|
|
|
"${install_directory}"
|
|
|
|
|
"${config}"
|
|
|
|
|
sbom_args
|
|
|
|
|
)
|
|
|
|
|
endforeach()
|
|
|
|
|
|
2024-06-14 19:07:16 +02:00
|
|
|
_qt_internal_forward_function_args(
|
|
|
|
|
FORWARD_APPEND
|
|
|
|
|
FORWARD_PREFIX arg
|
|
|
|
|
FORWARD_OUT_VAR sbom_args
|
|
|
|
|
FORWARD_OPTIONS
|
|
|
|
|
${__qt_internal_sbom_optional_args}
|
|
|
|
|
FORWARD_SINGLE
|
|
|
|
|
${__qt_internal_sbom_single_args}
|
|
|
|
|
FORWARD_MULTI
|
|
|
|
|
${__qt_internal_sbom_multi_args}
|
|
|
|
|
)
|
|
|
|
|
|
2025-01-13 15:30:15 +01:00
|
|
|
qt_internal_extend_qt_entity_sbom(${target} ${sbom_args})
|
CMake: Generate an SPDX v2.3 SBOM file for each built repository
This change adds a new -sbom configure option to allow generating and
installing an SPDX v2.3 SBOM file when building a qt repo.
The -sbom-dir option can be used to configure the location where
each repo sbom file will be installed.
By default it is installed into
$prefix/$archdatadir/sbom/$sbom_lower_project_name.sdpx
which is basically ~/Qt/sbom/qtbase-6.8.0.spdx
The file is installed as part of the default installation rules, but
it can also be installed manually using the "sbom" installation
component, or "sbom_$lower_project_name" in a top-level build. For
example: cmake install . --component sbom_qtbase
CMake 3.19+ is needed to read the qt_attribution.json files for
copyrights, license info, etc. When using an older cmake version,
configuration will error out. It is possible to opt into using an
older cmake version, but the generated sbom will lack all the
attribution file information.
Using an older cmake version is untested and not officially supported.
Implementation notes.
The bulk of the implementation is split into 4 new files:
- QtPublicSbomHelpers.cmake - for Qt-specific collecting, processing
and dispatching the generation of various pieces of the SBOM document
e.g. a SDPX package associated with a target like Core, a SDPX
file entry for each target binary file (per-config shared library,
archive, executable, etc)
- QtPublicSbomGenerationHelpers.cmake - for non-Qt specific
implementation of SPDX generation. This also has some code that was
taken from the cmake-sbom 3rd party project, so it is dual licensed
under the usual Qt build system BSD license, as well as the MIT
license of the 3rd party project
- QtPublicGitHelpers.cmake - for git related features, mainly to embed
queried hashes or tags into version strings, is dual-licensed for
the same reasons as QtPublicSbomGenerationHelpers.cmake
- QtSbomHelpers.cmake - Qt-specific functions that just forward
arguments to the public functions. These are meant to be used in our
Qt CMakeLists.txt instead of the public _qt_internal_add_sbom ones
for naming consistency. These function would mostly be used to
annotate 3rd party libraries with sbom info and to add sbom info
for unusual target setups (like the Bootstrap library), because most
of the handling is already done automatically via
qt_internal_add_module/plugin/etc.
The files are put into Public cmake files, with the future hope of
making this available to user projects in some capacity.
The distinction of Qt-specific and non-Qt specific code might blur a
bit, and thus the separation across files might not always be
consistent, but it was best effort.
The main purpose of the code is to collect various information about
targets and their relationships and generate equivalent SPDX info.
Collection is currently done for the following targets: Qt modules,
plugins, apps, tools, system libraries, bundled 3rd party libraries
and partial 3rd party sources compiled directly as part of Qt targets.
Each target has an equivalent SPDX package generated with information
like version, license, copyright, CPE (common vulnerability
identifier), files that belong to the package, and relationships on
other SPDX packages (associated cmake targets), mostly gathered from
direct linking dependencies.
Each package might also contain files, e.g. libQt6Core.so for the Core
target. Each file also has info like license id, copyrights, but also
the list of source files that were used to generate the file and a
sha1 checksum.
SPDX documents can also refer to packages in other SPDX documents, and
those are referred to via external document references. This is the
case when building qtdeclarative and we refer to Core.
For qt provided targets, we have complete information regarding
licenses, and copyrights.
For bundled 3rd party libraries, we should also have most information,
which is usually parsed from the
src/3rdparty/libfoo/qt_attribution.json files.
If there are multiple attribution files, or if the files have multiple
entries, we create a separate SBOM package for each of those entries,
because each might have a separate copyright or version, and an sbom
package can have only one version (although many copyrights).
For system libraries we usually lack the information because we don't
have attribution files for Find scripts. So the info needs to be
manually annotated via arguments to the sbom function calls, or the
FindFoo.cmake scripts expose that information in some form and we
can query it.
There are also corner cases like 3rdparty sources being directly
included in a Qt library, like the m4dc files for Gui, or PCRE2 for
Bootstrap.
Or QtWebEngine libraries (either Qt bundled or Chromium bundled or
system libraries) which get linked in by GN instead of CMake, so there
are no direct targets for them.
The information for these need to be annotated manually as well.
There is also a distinction to be made for static Qt builds (or any
static Qt library in a shared build), where the system libraries found
during the Qt build might not be the same that are linked into the
final user application or library.
The actual generation of the SBOM is done by file(GENERATE)-ing one
.cmake file for each target, file, external ref, etc, which will be
included in a top-level cmake script.
The top-level cmake script will run through each included file, to
append to a "staging" spdx file, which will then be used in a
configure_file() call to replace some final
variables, like embedding a file checksum.
There are install rules to generate a complete SBOM during
installation, and an optional 'sbom' custom target that allows
building an incomplete SBOM during the build step.
The build target is just for convenience and faster development
iteration time. It is incomplete because it is missing the installed
file SHA1 checksums and the document verification code (the sha1 of
all sha1s). We can't compute those during the build before the files
are actually installed.
A complete SBOM can only be achieved at installation time. The install
script will include all the generated helper files, but also set some
additional variables to ensure checksumming happens, and also handle
multi-config installation, among other small things.
For multi-config builds, CMake doesn't offer a way to run code after
all configs are installed, because they might not always be installed,
someone might choose to install just Release.
To handle that, we rely on ninja installing each config sequentially
(because ninja places the install rules into the 'console' pool which
runs one task at a time).
For each installed config we create a config-specific marker file.
Once all marker files are present, whichever config ends up being
installed as the last one, we run the sbom generation once, and then
delete all marker files.
There are a few internal variables that can be set during
configuration to enable various checks (and other features) on the
generated spdx files:
- QT_INTERNAL_SBOM_VERIFY
- QT_INTERNAL_SBOM_AUDIT
- QT_INTERNAL_SBOM_AUDIT_NO_ERROR
- QT_INTERNAL_SBOM_GENERATE_JSON
- QT_INTERNAL_SBOM_SHOW_TABLE
- QT_INTERNAL_SBOM_DEFAULT_CHECKS
These use 3rd party python tools, so they are not enabled by default.
If enabled, they run at installation time after the sbom is installed.
We will hopefully enable them in CI.
Overall, the code is still a bit messy in a few places, due to time
constraints, but can be improved later.
Some possible TODOs for the future:
- Do we need to handle 3rd party libs linked into a Qt static library
in a Qt shared build, where the Qt static lib is not installed, but
linked into a Qt shared library, somehow specially?
We can record a package for it, but we can't
create a spdx file record for it (and associated source
relationships) because we don't install the file, and spdx requires
the file to be installed and checksummed. Perhaps we can consider
adding some free-form text snippet to the package itself?
- Do we want to add parsing of .cpp source files for Copyrights, to
embed them into the packages? This will likely slow down
configuration quite a bit.
- Currently sbom info attached to WrapFoo packages in one repo is
not exported / available in other repos. E.g. If we annotate
WrapZLIB in qtbase with CPE_VENDOR zlib, this info will not be
available when looking up WrapZLIB in qtimageformats.
This is because they are IMPORTED libraries, and are not
exported. We might want to record this info in the future.
[ChangeLog][Build System] A new -sbom configure option can be used
to generate and install a SPDX SBOM (Software Bill of Materials) file
for each built Qt repository.
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I9c730a6bbc47e02ce1836fccf00a14ec8eb1a5f4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2024-03-07 18:02:56 +01:00
|
|
|
endif()
|
|
|
|
|
|
2021-03-26 15:52:43 +01:00
|
|
|
qt_add_list_file_finalizer(qt_finalize_plugin ${target} ${finalizer_extra_args})
|
2020-11-02 12:40:57 +01:00
|
|
|
|
2021-03-26 15:52:43 +01:00
|
|
|
if(NOT arg_SKIP_INSTALL)
|
|
|
|
|
qt_enable_separate_debug_info(${target} "${install_directory}")
|
|
|
|
|
qt_internal_install_pdb_files(${target} "${install_directory}")
|
|
|
|
|
endif()
|
2020-08-13 17:37:47 +02:00
|
|
|
endfunction()
|
|
|
|
|
|
2021-03-26 15:52:43 +01:00
|
|
|
function(qt_finalize_plugin target)
|
|
|
|
|
cmake_parse_arguments(arg "" "INSTALL_PATH" "" ${ARGN})
|
2020-11-05 12:20:35 +01:00
|
|
|
if(WIN32 AND BUILD_SHARED_LIBS)
|
|
|
|
|
_qt_internal_generate_win32_rc_file("${target}")
|
|
|
|
|
endif()
|
|
|
|
|
|
2024-06-17 11:02:52 +02:00
|
|
|
# Generate .prl and .pri files for installed static plugins.
|
2022-07-18 14:31:37 +02:00
|
|
|
get_target_property(target_type "${target}" TYPE)
|
2024-06-17 11:02:52 +02:00
|
|
|
if(target_type STREQUAL STATIC_LIBRARY AND arg_INSTALL_PATH)
|
|
|
|
|
qt_generate_prl_file(${target} "${arg_INSTALL_PATH}")
|
2022-08-07 15:09:34 +02:00
|
|
|
|
|
|
|
|
# There's no point in generating pri files for qml plugins.
|
|
|
|
|
# We didn't do it in Qt5 times.
|
|
|
|
|
get_target_property(plugin_type "${target}" QT_PLUGIN_TYPE)
|
|
|
|
|
if(NOT plugin_type STREQUAL "qml_plugin")
|
2022-08-07 15:40:58 +02:00
|
|
|
qt_generate_plugin_pri_file("${target}")
|
2022-08-07 15:09:34 +02:00
|
|
|
endif()
|
2020-08-13 17:37:47 +02:00
|
|
|
endif()
|
CMake: Generate an SPDX v2.3 SBOM file for each built repository
This change adds a new -sbom configure option to allow generating and
installing an SPDX v2.3 SBOM file when building a qt repo.
The -sbom-dir option can be used to configure the location where
each repo sbom file will be installed.
By default it is installed into
$prefix/$archdatadir/sbom/$sbom_lower_project_name.sdpx
which is basically ~/Qt/sbom/qtbase-6.8.0.spdx
The file is installed as part of the default installation rules, but
it can also be installed manually using the "sbom" installation
component, or "sbom_$lower_project_name" in a top-level build. For
example: cmake install . --component sbom_qtbase
CMake 3.19+ is needed to read the qt_attribution.json files for
copyrights, license info, etc. When using an older cmake version,
configuration will error out. It is possible to opt into using an
older cmake version, but the generated sbom will lack all the
attribution file information.
Using an older cmake version is untested and not officially supported.
Implementation notes.
The bulk of the implementation is split into 4 new files:
- QtPublicSbomHelpers.cmake - for Qt-specific collecting, processing
and dispatching the generation of various pieces of the SBOM document
e.g. a SDPX package associated with a target like Core, a SDPX
file entry for each target binary file (per-config shared library,
archive, executable, etc)
- QtPublicSbomGenerationHelpers.cmake - for non-Qt specific
implementation of SPDX generation. This also has some code that was
taken from the cmake-sbom 3rd party project, so it is dual licensed
under the usual Qt build system BSD license, as well as the MIT
license of the 3rd party project
- QtPublicGitHelpers.cmake - for git related features, mainly to embed
queried hashes or tags into version strings, is dual-licensed for
the same reasons as QtPublicSbomGenerationHelpers.cmake
- QtSbomHelpers.cmake - Qt-specific functions that just forward
arguments to the public functions. These are meant to be used in our
Qt CMakeLists.txt instead of the public _qt_internal_add_sbom ones
for naming consistency. These function would mostly be used to
annotate 3rd party libraries with sbom info and to add sbom info
for unusual target setups (like the Bootstrap library), because most
of the handling is already done automatically via
qt_internal_add_module/plugin/etc.
The files are put into Public cmake files, with the future hope of
making this available to user projects in some capacity.
The distinction of Qt-specific and non-Qt specific code might blur a
bit, and thus the separation across files might not always be
consistent, but it was best effort.
The main purpose of the code is to collect various information about
targets and their relationships and generate equivalent SPDX info.
Collection is currently done for the following targets: Qt modules,
plugins, apps, tools, system libraries, bundled 3rd party libraries
and partial 3rd party sources compiled directly as part of Qt targets.
Each target has an equivalent SPDX package generated with information
like version, license, copyright, CPE (common vulnerability
identifier), files that belong to the package, and relationships on
other SPDX packages (associated cmake targets), mostly gathered from
direct linking dependencies.
Each package might also contain files, e.g. libQt6Core.so for the Core
target. Each file also has info like license id, copyrights, but also
the list of source files that were used to generate the file and a
sha1 checksum.
SPDX documents can also refer to packages in other SPDX documents, and
those are referred to via external document references. This is the
case when building qtdeclarative and we refer to Core.
For qt provided targets, we have complete information regarding
licenses, and copyrights.
For bundled 3rd party libraries, we should also have most information,
which is usually parsed from the
src/3rdparty/libfoo/qt_attribution.json files.
If there are multiple attribution files, or if the files have multiple
entries, we create a separate SBOM package for each of those entries,
because each might have a separate copyright or version, and an sbom
package can have only one version (although many copyrights).
For system libraries we usually lack the information because we don't
have attribution files for Find scripts. So the info needs to be
manually annotated via arguments to the sbom function calls, or the
FindFoo.cmake scripts expose that information in some form and we
can query it.
There are also corner cases like 3rdparty sources being directly
included in a Qt library, like the m4dc files for Gui, or PCRE2 for
Bootstrap.
Or QtWebEngine libraries (either Qt bundled or Chromium bundled or
system libraries) which get linked in by GN instead of CMake, so there
are no direct targets for them.
The information for these need to be annotated manually as well.
There is also a distinction to be made for static Qt builds (or any
static Qt library in a shared build), where the system libraries found
during the Qt build might not be the same that are linked into the
final user application or library.
The actual generation of the SBOM is done by file(GENERATE)-ing one
.cmake file for each target, file, external ref, etc, which will be
included in a top-level cmake script.
The top-level cmake script will run through each included file, to
append to a "staging" spdx file, which will then be used in a
configure_file() call to replace some final
variables, like embedding a file checksum.
There are install rules to generate a complete SBOM during
installation, and an optional 'sbom' custom target that allows
building an incomplete SBOM during the build step.
The build target is just for convenience and faster development
iteration time. It is incomplete because it is missing the installed
file SHA1 checksums and the document verification code (the sha1 of
all sha1s). We can't compute those during the build before the files
are actually installed.
A complete SBOM can only be achieved at installation time. The install
script will include all the generated helper files, but also set some
additional variables to ensure checksumming happens, and also handle
multi-config installation, among other small things.
For multi-config builds, CMake doesn't offer a way to run code after
all configs are installed, because they might not always be installed,
someone might choose to install just Release.
To handle that, we rely on ninja installing each config sequentially
(because ninja places the install rules into the 'console' pool which
runs one task at a time).
For each installed config we create a config-specific marker file.
Once all marker files are present, whichever config ends up being
installed as the last one, we run the sbom generation once, and then
delete all marker files.
There are a few internal variables that can be set during
configuration to enable various checks (and other features) on the
generated spdx files:
- QT_INTERNAL_SBOM_VERIFY
- QT_INTERNAL_SBOM_AUDIT
- QT_INTERNAL_SBOM_AUDIT_NO_ERROR
- QT_INTERNAL_SBOM_GENERATE_JSON
- QT_INTERNAL_SBOM_SHOW_TABLE
- QT_INTERNAL_SBOM_DEFAULT_CHECKS
These use 3rd party python tools, so they are not enabled by default.
If enabled, they run at installation time after the sbom is installed.
We will hopefully enable them in CI.
Overall, the code is still a bit messy in a few places, due to time
constraints, but can be improved later.
Some possible TODOs for the future:
- Do we need to handle 3rd party libs linked into a Qt static library
in a Qt shared build, where the Qt static lib is not installed, but
linked into a Qt shared library, somehow specially?
We can record a package for it, but we can't
create a spdx file record for it (and associated source
relationships) because we don't install the file, and spdx requires
the file to be installed and checksummed. Perhaps we can consider
adding some free-form text snippet to the package itself?
- Do we want to add parsing of .cpp source files for Copyrights, to
embed them into the packages? This will likely slow down
configuration quite a bit.
- Currently sbom info attached to WrapFoo packages in one repo is
not exported / available in other repos. E.g. If we annotate
WrapZLIB in qtbase with CPE_VENDOR zlib, this info will not be
available when looking up WrapZLIB in qtimageformats.
This is because they are IMPORTED libraries, and are not
exported. We might want to record this info in the future.
[ChangeLog][Build System] A new -sbom configure option can be used
to generate and install a SPDX SBOM (Software Bill of Materials) file
for each built Qt repository.
Pick-to: 6.8
Task-number: QTBUG-122899
Change-Id: I9c730a6bbc47e02ce1836fccf00a14ec8eb1a5f4
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2024-03-07 18:02:56 +01:00
|
|
|
|
|
|
|
|
_qt_internal_finalize_sbom(${target})
|
2020-08-13 17:37:47 +02:00
|
|
|
endfunction()
|
|
|
|
|
|
|
|
|
|
function(qt_get_sanitized_plugin_type plugin_type out_var)
|
|
|
|
|
# Used to handle some edge cases such as platforms/darwin
|
|
|
|
|
string(REGEX REPLACE "[-/]" "_" plugin_type "${plugin_type}")
|
|
|
|
|
set("${out_var}" "${plugin_type}" PARENT_SCOPE)
|
|
|
|
|
endfunction()
|
|
|
|
|
|
|
|
|
|
# Utility function to find the module to which a plug-in belongs.
|
2021-03-01 17:17:54 +11:00
|
|
|
function(qt_internal_get_module_for_plugin target target_type out_var)
|
2020-08-13 17:37:47 +02:00
|
|
|
qt_internal_get_qt_all_known_modules(known_modules)
|
|
|
|
|
|
|
|
|
|
qt_get_sanitized_plugin_type("${target_type}" target_type)
|
|
|
|
|
foreach(qt_module ${known_modules})
|
|
|
|
|
get_target_property(module_type "${QT_CMAKE_EXPORT_NAMESPACE}::${qt_module}" TYPE)
|
|
|
|
|
# Assuming interface libraries can't have plugins. Otherwise we'll need to fix the property
|
|
|
|
|
# name, because the current one would be invalid for interface libraries.
|
|
|
|
|
if(module_type STREQUAL "INTERFACE_LIBRARY")
|
|
|
|
|
continue()
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
get_target_property(plugin_types
|
|
|
|
|
"${QT_CMAKE_EXPORT_NAMESPACE}::${qt_module}"
|
|
|
|
|
MODULE_PLUGIN_TYPES)
|
2021-03-01 17:17:54 +11:00
|
|
|
if(plugin_types AND target_type IN_LIST plugin_types)
|
|
|
|
|
set("${out_var}" "${qt_module}" PARENT_SCOPE)
|
|
|
|
|
return()
|
2020-08-13 17:37:47 +02:00
|
|
|
endif()
|
|
|
|
|
endforeach()
|
2021-03-01 17:17:54 +11:00
|
|
|
message(FATAL_ERROR "The plug-in '${target}' does not belong to any Qt module.")
|
2020-08-13 17:37:47 +02:00
|
|
|
endfunction()
|
2022-05-10 15:02:43 +02:00
|
|
|
|
|
|
|
|
function(qt_internal_add_darwin_permission_plugin permission)
|
|
|
|
|
string(TOLOWER "${permission}" permission_lower)
|
|
|
|
|
string(TOUPPER "${permission}" permission_upper)
|
|
|
|
|
set(permission_source_file "platform/darwin/qdarwinpermissionplugin_${permission_lower}.mm")
|
|
|
|
|
set(plugin_target "QDarwin${permission}PermissionPlugin")
|
|
|
|
|
set(plugin_name "qdarwin${permission_lower}permission")
|
|
|
|
|
qt_internal_add_plugin(${plugin_target}
|
|
|
|
|
STATIC # Force static, even in shared builds
|
|
|
|
|
OUTPUT_NAME ${plugin_name}
|
|
|
|
|
PLUGIN_TYPE permissions
|
|
|
|
|
DEFAULT_IF FALSE
|
|
|
|
|
SOURCES
|
|
|
|
|
${permission_source_file}
|
|
|
|
|
DEFINES
|
|
|
|
|
QT_DARWIN_PERMISSION_PLUGIN=${permission}
|
|
|
|
|
LIBRARIES
|
|
|
|
|
Qt::Core
|
|
|
|
|
Qt::CorePrivate
|
2022-11-08 15:12:14 +01:00
|
|
|
${FWFoundation}
|
2024-03-25 14:03:54 +08:00
|
|
|
NO_UNITY_BUILD # disable unity build: the same file is built with two different preprocessor defines.
|
2022-05-10 15:02:43 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Disable PCH since CMake falls over on single .mm source targets
|
|
|
|
|
set_target_properties(${plugin_target} PROPERTIES
|
|
|
|
|
DISABLE_PRECOMPILE_HEADERS ON
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Generate plugin JSON file
|
|
|
|
|
set(content "{ \"Permissions\": [ \"Q${permission}Permission\" ] }")
|
|
|
|
|
get_target_property(plugin_build_dir "${plugin_target}" BINARY_DIR)
|
|
|
|
|
set(output_file "${plugin_build_dir}/${plugin_target}.json")
|
|
|
|
|
qt_configure_file(OUTPUT "${output_file}" CONTENT "${content}")
|
|
|
|
|
|
|
|
|
|
# Associate required usage descriptions
|
|
|
|
|
set(usage_descriptions_property "_qt_info_plist_usage_descriptions")
|
|
|
|
|
set_target_properties(${plugin_target} PROPERTIES
|
|
|
|
|
${usage_descriptions_property} "NS${permission}UsageDescription"
|
|
|
|
|
)
|
|
|
|
|
set_property(TARGET ${plugin_target} APPEND PROPERTY
|
|
|
|
|
EXPORT_PROPERTIES ${usage_descriptions_property}
|
|
|
|
|
)
|
|
|
|
|
set(usage_descriptions_genex "$<JOIN:$<TARGET_PROPERTY:${plugin_target},${usage_descriptions_property}>, >")
|
|
|
|
|
set(extra_plugin_pri_content
|
|
|
|
|
"QT_PLUGIN.${plugin_name}.usage_descriptions = ${usage_descriptions_genex}"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Support granular check and request implementations
|
|
|
|
|
set(separate_request_source_file
|
|
|
|
|
"${plugin_build_dir}/qdarwinpermissionplugin_${permission_lower}_request.mm")
|
|
|
|
|
set(separate_request_genex
|
|
|
|
|
"$<BOOL:$<TARGET_PROPERTY:${plugin_target},_qt_darwin_permissison_separate_request>>")
|
|
|
|
|
file(GENERATE OUTPUT "${separate_request_source_file}" CONTENT
|
|
|
|
|
"
|
|
|
|
|
#define BUILDING_PERMISSION_REQUEST 1
|
|
|
|
|
#include \"${CMAKE_CURRENT_SOURCE_DIR}/${permission_source_file}\"
|
|
|
|
|
"
|
|
|
|
|
CONDITION "${separate_request_genex}"
|
|
|
|
|
)
|
2023-01-17 11:38:48 +01:00
|
|
|
if(CMAKE_VERSION VERSION_LESS "3.18")
|
|
|
|
|
set_property(SOURCE "${separate_request_source_file}" PROPERTY GENERATED TRUE)
|
2024-03-25 14:03:54 +08:00
|
|
|
set_property(SOURCE "${separate_request_source_file}" PROPERTY SKIP_UNITY_BUILD_INCLUSION TRUE)
|
2023-01-17 11:38:48 +01:00
|
|
|
endif()
|
2022-05-10 15:02:43 +02:00
|
|
|
target_sources(${plugin_target} PRIVATE
|
|
|
|
|
"$<${separate_request_genex}:${separate_request_source_file}>"
|
|
|
|
|
)
|
2024-03-25 14:03:54 +08:00
|
|
|
|
2022-05-10 15:02:43 +02:00
|
|
|
set_property(TARGET ${plugin_target} APPEND PROPERTY
|
|
|
|
|
EXPORT_PROPERTIES _qt_darwin_permissison_separate_request
|
|
|
|
|
)
|
|
|
|
|
set(permission_request_symbol "_QDarwin${permission}PermissionRequest")
|
|
|
|
|
set(permission_request_flag "-Wl,-u,${permission_request_symbol}")
|
|
|
|
|
set(has_usage_description_property "_qt_has_${plugin_target}_usage_description")
|
|
|
|
|
set(has_usage_description_genex "$<BOOL:$<TARGET_PROPERTY:${has_usage_description_property}>>")
|
|
|
|
|
target_link_options(${plugin_target} INTERFACE
|
|
|
|
|
"$<$<AND:${separate_request_genex},${has_usage_description_genex}>:${permission_request_flag}>")
|
|
|
|
|
list(APPEND extra_plugin_pri_content
|
|
|
|
|
"QT_PLUGIN.${plugin_name}.request_flag = $<${separate_request_genex}:${permission_request_flag}>"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Expose properties to qmake
|
|
|
|
|
set_property(TARGET ${plugin_target} PROPERTY
|
|
|
|
|
QT_PLUGIN_PRI_EXTRA_CONTENT ${extra_plugin_pri_content}
|
|
|
|
|
)
|
|
|
|
|
endfunction()
|
2024-03-27 18:55:40 +01:00
|
|
|
|
|
|
|
|
# The function looks and links the static plugins that the target depends on. The function behaves
|
|
|
|
|
# similar to qt_import_plugins, but should be used when building Qt executable or shared libraries.
|
|
|
|
|
# It's expected that all dependencies are valid targets at the time when the function is called.
|
|
|
|
|
# If not their plugins will be not collected for linking.
|
|
|
|
|
function(qt_internal_import_plugins target)
|
|
|
|
|
set(plugin_targets "")
|
|
|
|
|
foreach(dep_target IN LISTS ARGN)
|
|
|
|
|
if(dep_target AND TARGET ${dep_target})
|
|
|
|
|
get_target_property(plugins ${dep_target} _qt_plugins)
|
|
|
|
|
if(plugins)
|
|
|
|
|
list(APPEND plugin_targets ${plugins})
|
|
|
|
|
else()
|
|
|
|
|
# Fallback should be remove in Qt 7.
|
|
|
|
|
get_target_property(target_type ${dep_target} TYPE)
|
|
|
|
|
if(NOT "${target_type}" STREQUAL "INTERFACE_LIBRARY")
|
|
|
|
|
get_target_property(plugins ${dep_target} QT_PLUGINS)
|
|
|
|
|
if(plugins)
|
|
|
|
|
list(APPEND plugin_targets ${plugins})
|
|
|
|
|
endif()
|
|
|
|
|
endif()
|
|
|
|
|
endif()
|
|
|
|
|
endif()
|
|
|
|
|
endforeach()
|
|
|
|
|
|
|
|
|
|
set(non_imported_plugin_targets "")
|
|
|
|
|
foreach(plugin_target IN LISTS plugin_targets)
|
|
|
|
|
if(NOT TARGET ${plugin_target} OR "${plugin_target}" IN_LIST non_imported_plugin_targets)
|
|
|
|
|
continue()
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
get_target_property(is_imported ${plugin_target} IMPORTED)
|
|
|
|
|
if(NOT is_imported)
|
|
|
|
|
list(APPEND non_imported_plugin_targets "${plugin_target}")
|
|
|
|
|
endif()
|
|
|
|
|
endforeach()
|
|
|
|
|
|
|
|
|
|
if(plugin_targets)
|
|
|
|
|
__qt_internal_collect_plugin_init_libraries("${non_imported_plugin_targets}" init_libraries)
|
|
|
|
|
__qt_internal_collect_plugin_libraries("${non_imported_plugin_targets}" plugin_libraries)
|
|
|
|
|
if(plugin_libraries OR init_libraries)
|
|
|
|
|
target_link_libraries(${target} PRIVATE ${plugin_libraries} ${init_libraries})
|
|
|
|
|
endif()
|
|
|
|
|
endif()
|
|
|
|
|
endfunction()
|
