Licensing in Qt's modules: Difference between revisions
| Line 1: | Line 1: | ||
This page provides an overview of how we document copyright and license within the Qt modules | This page provides an overview of how we document copyright and license within the Qt modules and how this information is used. | ||
and how this information is used. | |||
==Where is licensing documented?== | ==Where is licensing documented?== | ||
===In file using, SPDX tags=== | ===In-file using, SPDX tags=== | ||
When possible the copyright and license are documented using a license header. | When possible the copyright and license are documented using a license header. | ||
| Line 11: | Line 10: | ||
The license Ids must be linked together with a separator: ''WITH'', ''AND'', ''OR''. | The license Ids must be linked together with a separator: ''WITH'', ''AND'', ''OR''. | ||
License header example: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 20: | Line 21: | ||
====REUSE.toml==== | ====REUSE.toml==== | ||
The REUSE.toml files are used to document the copyright and licensing that cannot be documented in-file or because the in-file license corresponds to an other file for generation or documentation purpose. | The ''REUSE.toml'' files are used to document the copyright and licensing that cannot be documented in-file or because the in-file license corresponds to an other file for generation or documentation purpose. | ||
The REUSE.toml files, together with the in-file licensing information are read by [https://reuse.software/ reuse] to check for [https://reuse.software/tutorial/ '''reuse compliance'''] and generate the [https://reuse.readthedocs.io/en/stable/man/reuse-spdx.html '''source SBOM''']. | The ''REUSE.toml'' files, together with the in-file licensing information are read by the [https://reuse.software/ reuse tool] to check for [https://reuse.software/tutorial/ '''reuse compliance'''] and generate the [https://reuse.readthedocs.io/en/stable/man/reuse-spdx.html '''source SBOM''']. | ||
Please refer to [https://reuse.software/spec-3.2/#reusetoml REUSE.toml full documentation]. Below an example of how a REUSE.toml looks like. | Please refer to [https://reuse.software/spec-3.2/#reusetoml ''REUSE.toml'' full documentation]. Below an example of how a ''REUSE.toml'' looks like. | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| Line 55: | Line 56: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
A REUSE.toml file always starts with ''version''. Each annotation represents a license and copyright assignment. | A ''REUSE.toml'' file always starts with ''version''. Each ''annotation'' represents a license and copyright assignment. | ||
About the ''path'': | About the ''path'': | ||
* it determines where the annotation applies | * it determines where the annotation applies | ||
* it can be a list | * it can be a list | ||
* exception is not part of its syntax | * exception is not part of its syntax | ||
* ''*'' means everything in the folder | |||
* ''**'' means everything in and down this folder | * ''**'' means everything in and down this folder | ||
For a given file, licensing can be present in-file and in multiple REUSE.toml files. ''precedence'' | For a given file, licensing can be present in-file and in multiple ''REUSE.toml'' files. A precedence rule is set using ''precedence'' field, it can be: | ||
* ''closest'' | * ''closest'' - the in-file licensing will be used if available, if not the corresponding annotation within the ''REUSE.toml'' file closest to the file is used. | ||
* ''aggregate'' | * ''aggregate'' - all available licensing corresponding to a given file (in-file, ''REUSE.toml'' files) is collected. | ||
* ''override'' | * ''override'' - only the licensing in the ''REUSE.toml'' file closer to the base of the module is used. In case of a ''precedence'' set to ''override'' the licensing in-file or in a ''REUSE.toml'' file down the module is ignored. | ||
''SPDX-FileCopyrightText'' and ''SPDX-License-Identifier'' are self explanatory. They can contain a list. | ''SPDX-FileCopyrightText'' and ''SPDX-License-Identifier'' are self explanatory. They can contain a list. | ||
Any other entry can be added for documentation purpose, like comment for example. | Any other entry can be added for documentation purpose, like ''comment'' for example. | ||
====licenseRule.json==== | ====licenseRule.json==== | ||
There is only one licenseRule.json file per Qt's module. This file lists the | There is only one ''licenseRule.json'' file per Qt's module. This file lists the licensing rule for this module. It enforces the [https://contribute.qt-project.org/quips/18 QUIP18] rule set and offers the possibility to add exceptions. The file's format is presented in the patch introducing it, [https://codereview.qt-project.org/c/qt/qtbase/+/536879 for example for qtbase]. | ||
This file is read by qtqa license test tst_license.pl to check the in-file licensing and the source SBOM. | This file is read by qtqa license test ''tst_license.pl'' to check the in-file licensing and the source SBOM. | ||
====qt_attribution.json==== | ====qt_attribution.json==== | ||
[https://contribute.qt-project.org/quips/7 qt_attribution.json] files document information related to the 3rd components of the module (see [https://contribute.qt-project.org/quips/4 QUIP4]). | [https://contribute.qt-project.org/quips/7 ''qt_attribution.json''] files document information related to the 3rd party components of the module (see [https://contribute.qt-project.org/quips/4 QUIP4]). | ||
The licensing information there is read by qattributionscanner to provide the 3rd party licensing information in the Qt documentation. | The licensing information there is read by qattributionscanner to provide the 3rd party licensing information in the Qt documentation. | ||
| Line 85: | Line 86: | ||
==License files== | ==License files== | ||
License files corresponding to SDPX license tag or within a used ''REUSE.toml'' annotation must be found in the ''LICENSES'' directory at the base of the module. The license file name must be ''Id.txt''. | License files corresponding to SDPX license tag or within a used ''REUSE.toml'' annotation must be found in the ''LICENSES'' directory at the base of the module. The license file name must be ''<Id>.txt''. | ||
An unused license file present in ''LICENSES'' directory breaks reuse compliance. | An unused license file present in ''LICENSES'' directory breaks reuse compliance. | ||
| Line 131: | Line 132: | ||
===qattributionscanner=== | ===qattributionscanner=== | ||
This reads the qt_attribution.json files to provide the licensing for Qt documentation pages. | This reads the ''qt_attribution.json'' files to provide the licensing for Qt documentation pages. | ||
''qattributionscanner'' is looking for the license files documented in the qt_attribution.json. | ''qattributionscanner'' is looking for the license files documented in the ''qt_attribution.json''. It searches for the ''<LicenseID>.txt'' files withing the ''LICENSES'' directory or for ''LICENSE.<LicenseID>.txt'' next to the ''qt_attribution.json'' file. The use of ''LicenseFile'' within ''qt_attribtion.json'' is discouraged and will soon be deprecated. | ||
It searches for the ''<LicenseID>.txt'' files withing the LICENSES directory or | |||
for ''LICENSE.<LicenseID>.txt'' next to the qt_attribution.json file. | |||
The use of LicenseFile within | |||
==Useful links== | ==Useful links== | ||
| Line 150: | Line 148: | ||
[https://reuse.readthedocs.io/en/stable/man/reuse-spdx.html source SBOM]: the other type of Qt Software Bill of Materials. | [https://reuse.readthedocs.io/en/stable/man/reuse-spdx.html source SBOM]: the other type of Qt Software Bill of Materials. | ||
[https://reuse.software/spec-3.2 reuse tool]: all you need to know. | [https://reuse.software/spec-3.2 reuse tool]: all you need to know about the reuse tool. | ||
[https://reuse.software/spec-3.2/#reusetoml REUSE.toml]: the other way to document licensing. | [https://reuse.software/spec-3.2/#reusetoml REUSE.toml]: the other way to document licensing. | ||
Revision as of 11:14, 4 February 2025
This page provides an overview of how we document copyright and license within the Qt modules and how this information is used.
Where is licensing documented?
In-file using, SPDX tags
When possible the copyright and license are documented using a license header.
There must be at least one line for copyright and one line for the license. It is possible to have multiple copyright lines but there can only be one line for the license.
The license must be documented using a SPDX tag and License Id. A license that is not part of the SPDX license list can be documented using LicenseRef- followed by the Id of your choice.
The license Ids must be linked together with a separator: WITH, AND, OR.
License header example:
# Copyright (C) 2022 The Qt Company Ltd.
# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0
In three types of external files
REUSE.toml
The REUSE.toml files are used to document the copyright and licensing that cannot be documented in-file or because the in-file license corresponds to an other file for generation or documentation purpose.
The REUSE.toml files, together with the in-file licensing information are read by the reuse tool to check for reuse compliance and generate the source SBOM.
Please refer to REUSE.toml full documentation. Below an example of how a REUSE.toml looks like.
version = 1
[[annotations]]
path = ["<path1>",
"<folder1/**>",
"<folder2/*>"]
precedence = "override"
comment = "test"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
[[annotations]]
path = "<path2>"
precedence = "closest"
comment = "test"
SPDX-FileCopyrightText = ["Copyright (C) 2024 The Qt Company Ltd.",
"Copyright (C) 2023 someone else"]
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
[[annotations]]
path = "<path3>"
precedence = "aggregate"
comment = "test"
SPDX-FileCopyrightText = "Copyright (C) 2024 The Qt Company Ltd."
SPDX-License-Identifier = "LicenseRef-Qt-Commercial OR GPL-3.0-only"
A REUSE.toml file always starts with version. Each annotation represents a license and copyright assignment.
About the path:
- it determines where the annotation applies
- it can be a list
- exception is not part of its syntax
- * means everything in the folder
- ** means everything in and down this folder
For a given file, licensing can be present in-file and in multiple REUSE.toml files. A precedence rule is set using precedence field, it can be:
- closest - the in-file licensing will be used if available, if not the corresponding annotation within the REUSE.toml file closest to the file is used.
- aggregate - all available licensing corresponding to a given file (in-file, REUSE.toml files) is collected.
- override - only the licensing in the REUSE.toml file closer to the base of the module is used. In case of a precedence set to override the licensing in-file or in a REUSE.toml file down the module is ignored.
SPDX-FileCopyrightText and SPDX-License-Identifier are self explanatory. They can contain a list.
Any other entry can be added for documentation purpose, like comment for example.
licenseRule.json
There is only one licenseRule.json file per Qt's module. This file lists the licensing rule for this module. It enforces the QUIP18 rule set and offers the possibility to add exceptions. The file's format is presented in the patch introducing it, for example for qtbase.
This file is read by qtqa license test tst_license.pl to check the in-file licensing and the source SBOM.
qt_attribution.json
qt_attribution.json files document information related to the 3rd party components of the module (see QUIP4).
The licensing information there is read by qattributionscanner to provide the 3rd party licensing information in the Qt documentation.
License files
License files corresponding to SDPX license tag or within a used REUSE.toml annotation must be found in the LICENSES directory at the base of the module. The license file name must be <Id>.txt.
An unused license file present in LICENSES directory breaks reuse compliance.
License file corresponding to a license Id documented only in a qt_attribution.json file should be placed next to the qt_attribution.json file and be named LICENSE.Id.json
License files must be in LICENSES directory or have a LICENSE. prefix to ignored by the reuse tool.
Where is license used?
reuse tool
The reuse tool reads in-file SPDX tags and copyright as well as REUSE.toml files for reuse compliance and source SBOM generation.
To be reuse compliant a module must provide licensing information for all files present in this module with few exceptions, typically .gitignore, files within LICENSES directory and LICENCE. prefixed files.
The source SBOM is a SPDX document providing copyright and licensing information for all files in the module, with the same exceptions as for reuse compliance.
qtqa license test: tst_licenses.pl
License check mode
In license check mode, tst_licenses.pl reads copyright and SPDX tag in the file's license header and checks what has been found against our rule set in licenseRule.json. In this test the checking was not made compulsory for every file.
To run a license check on a module, run:
QT_MODULE_TO_TEST=<path_to_module> perl <path_to_qtqa>/tests/prebuild/license/tst_licenses.pl
Source SBOM check mode
In source SBOM check mode, tst_licenses.pl reads the source SBOM generated by the reuse tool. It checks the license ID against our rule set in licenseRule.json.
To create a source SBOM run:
reuse spdx -o <module_source_SBOM>
from the base of the module.
To check the generated source SBOM, run:
QT_MODULE_TO_TEST=<path_to_module> perl <path_to_qtqa>/tests/prebuild/license/tst_licenses.pl -sbom <module_source_SBOM> -sbomonly
At the moment the check is skipping files down the 3rdparty directories.
qattributionscanner
This reads the qt_attribution.json files to provide the licensing for Qt documentation pages.
qattributionscanner is looking for the license files documented in the qt_attribution.json. It searches for the <LicenseID>.txt files withing the LICENSES directory or for LICENSE.<LicenseID>.txt next to the qt_attribution.json file. The use of LicenseFile within qt_attribtion.json is discouraged and will soon be deprecated.
Useful links
QUIP18: The licensing specification in Qt's modules.
QUIP04: Third party components.
SBOM: Qt Software Bill of Materials (build SBOM).
SPDX Id: the official SPDX license Id.
source SBOM: the other type of Qt Software Bill of Materials.
reuse tool: all you need to know about the reuse tool.
REUSE.toml: the other way to document licensing.