Dev

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
+# SPDX-FileCopyrightText: 2023-2025 Jochem Rutgers
 #
 # SPDX-License-Identifier: CC0-1.0
 

CHANGELOG.rst

@@ -1,7 +1,7 @@
 
 
 ..
-   SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
+   SPDX-FileCopyrightText: 2023-2025 Jochem Rutgers
 
    SPDX-License-Identifier: CC0-1.0
 
@@ -25,7 +25,25 @@ Added
 
 ...
 
-.. _Unreleased: https://github.com/DEMCON/cmake-sbom/compare/v1.1.2...HEAD
+.. _Unreleased: https://github.com/DEMCON/cmake-sbom/compare/v1.2.0...HEAD
+
+
+
+`1.2.0`_ - 2025-02-06
+---------------------
+
+Added
+`````
+
+- Allow running ``reuse-lint`` during configure, as workaround for a race in changing files while linting during build.
+
+Fixed
+`````
+
+- Postpone expansion of ``CMAKE_INSTALL_PREFIX`` for CPack support.
+- Handle non-alphanum characters in branch names.
+
+.. _1.2.0: https://github.com/DEMCON/cmake-sbom/releases/tag/v1.2.0
 
 
 

CMakeLists.txt

@@ -1,12 +1,12 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
+# SPDX-FileCopyrightText: 2023-2025 Jochem Rutgers
 #
 # SPDX-License-Identifier: MIT
 
 # This file only performs a few sanity checks on the repo. No building is required to use the
 # cmake/*.cmake files.
 
-cmake_minimum_required(VERSION 3.5)
-cmake_policy(VERSION 3.5)
+cmake_minimum_required(VERSION 3.10)
+cmake_policy(VERSION 3.10)
 
 project(cmake-sbom)
 

README.rst

@@ -18,7 +18,7 @@ It automates two tasks:
 The version extraction helps to get the version in the application and SBOM right.
 The SBOM contains the files you mention explicitly, just like you mention what to ``install()`` in CMake.
 
-To integrate this library in your project, see `below <sec_how_to_use_>` for basic instructions or the `example`_ for a complete example project.
+To integrate this library in your project, see `below <sec_how_to_use_>`_ for basic instructions or the `example`_ for a complete example project.
 
 .. _SPDX: https://spdx.github.io/spdx-spec/v2.3/
 .. _NTIA: http://ntia.gov/SBOM
@@ -36,6 +36,9 @@ To integrate this library in your project, see `below <sec_how_to_use_>` for bas
       - `sbom_generate() <sec_sbom_generate_>`_
       - `sbom_add() <sec_sbom_add_>`_
       - `sbom_finalize() <sec_sbom_finalize_>`_
+   - `REUSE compliance <sec_reuse_>`_
+      - `reuse_lint() <sec_reuse_lint_>`_
+      - `reuse_spdx() <sec_reuse_spdx_>`_
    - `How to use <sec_how_to_use_>`_
    - `Testing <sec_testing_>`_
    - `License <sec_license_>`_
@@ -390,6 +393,69 @@ Finalize the SBOM and verify its contents and/or format.
 
 
 
+.. _sec_reuse:
+
+|  
+
+REUSE
+-----
+
+This section lists a few functions that help with `REUSE`_ compliance of your repository.
+
+.. _sec_reuse_lint:
+
+|  
+
+``reuse_lint``
+``````````````
+
+Perform checking for `REUSE`_ compliance of the project repository source files.
+
+.. code:: cmake
+
+   reuse_lint(
+      [TARGET <target>]
+      [CONFIG] [ALL]
+   )
+
+``TARGET``
+   Target name to run the linter.
+   Defaults to ``${PROJECT_NAME}-reuse-lint`` when omitted.
+
+``CONFIG``
+   Run the linting during CMake configure instead of during build.
+   When this flag is set, the target is still created too.
+
+``ALL``
+   Add a dependency from ``all`` to the ``TARGET``.
+
+
+
+.. _sec_reuse_spdx:
+
+|  
+
+``reuse_spdx``
+``````````````
+
+Export an SPDX file based on the source code of the project with copyright and license information.
+
+.. code:: cmake
+
+   reuse_spdx(
+      [TARGET <target>]
+      [OUTPUT <file>]
+   )
+
+``TARGET``
+   Target name that executes the exporter.
+   Defaults to ``${PROJECT_NAME}-reuse-spdx``.
+
+``OUTPUT``
+   The output SPDX file.
+
+
+
 .. _sec_how_to_use:
 
 |  

cmake/sbom.cmake

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
+# SPDX-FileCopyrightText: 2023-2025 Jochem Rutgers
 #
 # SPDX-License-Identifier: MIT
 
@@ -124,7 +124,7 @@ function(sbom_generate)
 
 	if("${SBOM_GENERATE_OUTPUT}" STREQUAL "")
 		set(SBOM_GENERATE_OUTPUT
-		    "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/${PROJECT_NAME}/${PROJECT_NAME}-sbom-${GIT_VERSION_PATH}.spdx"
+		    "\${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/${PROJECT_NAME}/${PROJECT_NAME}-sbom-${GIT_VERSION_PATH}.spdx"
 		)
 	endif()
 
@@ -508,12 +508,12 @@ function(sbom_file)
 			"
 			cmake_policy(SET CMP0011 NEW)
 			cmake_policy(SET CMP0012 NEW)
-			if(NOT EXISTS ${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME})
+			if(NOT EXISTS \"\${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME}\")
 				if(NOT ${SBOM_FILE_OPTIONAL})
 					message(FATAL_ERROR \"Cannot find ${SBOM_FILE_FILENAME}\")
 				endif()
 			else()
-				file(SHA1 ${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME} _sha1)
+				file(SHA1 \${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME} _sha1)
 				list(APPEND SBOM_VERIFICATION_CODES \${_sha1})
 				file(APPEND \"${PROJECT_BINARY_DIR}/sbom/sbom.spdx.in\"
 \"
@@ -632,13 +632,13 @@ function(sbom_directory)
 		CONTENT
 			"
 			file(GLOB_RECURSE _files
-				LIST_DIRECTORIES false RELATIVE \"${CMAKE_INSTALL_PREFIX}\"
-				\"${CMAKE_INSTALL_PREFIX}/${SBOM_DIRECTORY_DIRECTORY}/*\"
+				LIST_DIRECTORIES false RELATIVE \"\${CMAKE_INSTALL_PREFIX}\"
+				\"\${CMAKE_INSTALL_PREFIX}/${SBOM_DIRECTORY_DIRECTORY}/*\"
 			)
 
 			set(_count 0)
 			foreach(_f IN LISTS _files)
-				file(SHA1 \"${CMAKE_INSTALL_PREFIX}/\${_f}\" _sha1)
+				file(SHA1 \"\${CMAKE_INSTALL_PREFIX}/\${_f}\" _sha1)
 				list(APPEND SBOM_VERIFICATION_CODES \${_sha1})
 				file(APPEND \"${PROJECT_BINARY_DIR}/sbom/sbom.spdx.in\"
 \"
@@ -894,30 +894,73 @@ endfunction()
 # Adds a target that performs `python3 -m reuse lint'.  Python is required with the proper packages
 # installed (see dist/common/requirements.txt).
 function(reuse_lint)
-	if(NOT TARGET ${PROJECT_NAME}-reuse-lint)
+	set(options CONFIG ALL)
+	set(oneValueArgs TARGET)
+	set(multiValueArgs)
+	cmake_parse_arguments(REUSE_LINT "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+	if(NOT REUSE_LINT_TARGET)
+		set(REUSE_LINT_TARGET ${PROJECT_NAME}-reuse-lint)
+	endif()
+
+	if(REUSE_LINT_ALL OR NOT REUSE_LINT_CONFIG)
+		set(lint_all ALL)
+	else()
+		set(lint_all)
+	endif()
+
+	if(NOT TARGET ${REUSE_LINT_TARGET})
 		sbom_find_python(REQUIRED)
 
 		add_custom_target(
-			${PROJECT_NAME}-reuse-lint ALL
+			${REUSE_LINT_TARGET}
+			${lint_all}
 			COMMAND ${Python3_EXECUTABLE} -m reuse --root "${PROJECT_SOURCE_DIR}" lint
 			WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
 			VERBATIM
 		)
 	endif()
+
+	if(REUSE_LINT_CONFIG)
+		sbom_find_python(REQUIRED)
+
+		# It seems that there is a race in linting and generating build artifacts. So, run
+		# this (also) during config, to make sure that there is nothing else going on.
+		execute_process(
+			COMMAND ${Python3_EXECUTABLE} -m reuse --root "${PROJECT_SOURCE_DIR}" lint
+			WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
+			RESULT_VARIABLE res
+		)
+
+		if(NOT "${res}" EQUAL 0)
+			message(FATAL_ERROR "${REUSE_LINT_TARGET} failed")
+		endif()
+	endif()
 endfunction()
 
 # Adds a target that generates a SPDX file of the source code.  Python is required with the proper
 # packages installed (see dist/common/requirements.txt).
 function(reuse_spdx)
-	if(NOT TARGET ${PROJECT_NAME}-reuse-spdx)
-		sbom_find_python(REQUIRED)
+	set(options)
+	set(oneValueArgs TARGET OUTPUT)
+	set(multiValueArgs)
+	cmake_parse_arguments(REUSE_SPDX "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+	if(NOT REUSE_SPDX_TARGET)
+		set(REUSE_SPDX_TARGET ${PROJECT_NAME}-reuse-spdx)
+	endif()
 
-		set(outfile "${PROJECT_BINARY_DIR}/${PROJECT_NAME}-src.spdx")
+	if(NOT REUSE_SPDX_OUTPUT)
+		set(REUSE_SPDX_OUTPUT "${PROJECT_BINARY_DIR}/${PROJECT_NAME}-src.spdx")
+	endif()
+
+	if(NOT TARGET ${REUSE_SPDX_TARGET})
+		sbom_find_python(REQUIRED)
 
 		add_custom_target(
-			${PROJECT_NAME}-reuse-spdx ALL
+			${REUSE_SPDX_TARGET} ALL
 			COMMAND ${Python3_EXECUTABLE} -m reuse --root "${PROJECT_SOURCE_DIR}" spdx
-				-o "${outfile}"
+				-o "${REUSE_SPDX_OUTPUT}"
 			WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
 			VERBATIM
 		)

cmake/version.cmake

@@ -1,8 +1,8 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
+# SPDX-FileCopyrightText: 2023-2025 Jochem Rutgers
 #
 # SPDX-License-Identifier: MIT
 
-cmake_minimum_required(VERSION 3.5)
+cmake_minimum_required(VERSION 3.10)
 
 if(COMMAND version_generate)
 	version_extract()
@@ -152,8 +152,11 @@ function(version_extract)
 
 		set(GIT_VERSION "${_GIT_VERSION}${version_git_dirty}")
 	else()
+		string(REGEX REPLACE "[^A-Za-z0-9]+" "+" _version_git_branch
+				     "${version_git_branch}"
+		)
 		set(GIT_VERSION
-		    "${version_git_head}+${version_git_branch}${version_build}${version_git_dirty}"
+		    "${version_git_head}+${_version_git_branch}${version_build}${version_git_dirty}"
 		)
 	endif()
 

example/CMakeLists.txt

@@ -1,12 +1,12 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
+# SPDX-FileCopyrightText: 2023-2025 Jochem Rutgers
 #
 # SPDX-License-Identifier: CC0-1.0
 
 # ##################################################################################################
 # Preamble
 
-cmake_minimum_required(VERSION 3.7.1)
-cmake_policy(VERSION 3.7.1)
+cmake_minimum_required(VERSION 3.10)
+cmake_policy(VERSION 3.10)
 
 project(example-project)
 

test/CMakeLists.txt

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
+# SPDX-FileCopyrightText: 2023-2025 Jochem Rutgers
 #
 # SPDX-License-Identifier: MIT
 
@@ -18,8 +18,8 @@ function(test name)
 	make_directory(${_dir}/build)
 
 	set(TEST_PREAMBLE
-	    "cmake_minimum_required(VERSION 3.5)
-cmake_policy(VERSION 3.5)
+	    "cmake_minimum_required(VERSION 3.10)
+cmake_policy(VERSION 3.10)
 project(${name})"
 	)