Qt attribution.json: Difference between revisions

From Qt Wiki
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Developing Qt]]
[[Category:Developing Qt::Process]]
qt_attribution.json files are used to document 3rd party code inside the Qt modules (from Qt 5.8 onwards). It is a JSON based format that can be processed with the licensescanner tool.  
qt_attribution.json files are used to document [[Third Party Code in Qt|3rd party code]] inside the Qt modules (from Qt 5.8 onwards). It is a JSON based format that can be processed with the licensescanner tool.  It is officially documented in {{QUIP|7}}.


A qt_attribution.json file  needs to contain one JSON object (or an array of JSON objects) with the following string properties:
A qt_attribution.json file  needs to contain one JSON object, or one array of JSON objects, with the following string properties:


= Content =
= Content =
Line 21: Line 21:
|-
|-
| Path || (Relative) path to the sources. Default is same directory is qt_attribution.json file. Optional. || Shown as text.
| Path || (Relative) path to the sources. Default is same directory is qt_attribution.json file. Optional. || Shown as text.
|-
| Files || List of files, relative to Path. Optional. || Shown as text.
|-
|-
| Description || A short description of what the package is and is used for. Optional. || Shown as text.
| Description || A short description of what the package is and is used for. Optional. || Shown as text.
Line 32: Line 34:
| '''License''' || The license under which the package is distributed, preferably with the names from [https://spdx.org/licenses/ SPDX] 'Full Name'. Mandatory. || Shown as text.
| '''License''' || The license under which the package is distributed, preferably with the names from [https://spdx.org/licenses/ SPDX] 'Full Name'. Mandatory. || Shown as text.
|-
|-
| LicenseId || [https://spdx.org/licenses/ SPDX] ID. Optional. || Shown as link (\l https://spdx.org/licenses/XXX).
| LicenseId || [https://spdx.org/licenses/ SPDX] or [https://enterprise.dejacode.com/licenses/ DejaCode] ID. Optional. || Shown as link (\l https://spdx.org/licenses/XXX).
|-
|-
| LicenseFile || Relative path to file containing the license text. Optional for code in the Public Domain, otherwise needed. || Content is shown as text.
| LicenseFile || Relative path to file containing the license text. Optional for code in the Public Domain, otherwise needed. || Content is shown as text.
|-
|-
| '''Copyright''' || (Aggregated) list of copyright lines. Mandatory. || Shown as text.
| LicenseFiles || List of license files. Handling is the same as for 'LicenseFile' (the content in the output will just be concatenated). Supported in Qt 6.0 onwards. || Content is shown as text.
|-
| '''Copyright''' || (Aggregated) list of copyright lines. Mandatory, except if CopyrightFile is provided. || Shown as text.
|-
| CopyrightFile || Relative path to a file containing the copyright text. Supported in Qt 6.0 onwards. || Content is shown as text.
|-
| CPE || A CPE (Common Platform Enumeration) string or list of strings for the component, formatted according to the CPE 2.3 specification. Supported in 6.5 onwards. Optional. Search for CPEs at https://nvd.nist.gov/products/cpe/search ||  Only shown in the SBOM documents.
|-
| PURL ||A Package URL (PURL) for the component (or a list of PURL strings), formatted according to the PURL specification. Supported in 6.5 onwards. Optional. Check https://wiki.qt.io/SBOM#PURL on how to find or create a PURL. || Only shown in the SBOM documents.
|}
|}



Latest revision as of 08:00, 23 September 2025

qt_attribution.json files are used to document 3rd party code inside the Qt modules (from Qt 5.8 onwards). It is a JSON based format that can be processed with the licensescanner tool. It is officially documented in QUIP 7.

A qt_attribution.json file needs to contain one JSON object, or one array of JSON objects, with the following string properties:

Content

Name Description Usage in qdoc
Id Unique name for package, without spaces. All lower case. Mandatory. \target and part of page name
Name Descriptive name of the package, without version number. Camel case. Mandatory. \title
QDocModule The qch file the documentation of the package should be part of. Mandatory. -
QtUsage Free text on where the 3rd party code in Qt is used, and how to avoid it (configure options?). Mandatory. Shown as text.
QtParts JS array with possible entries "examples", "tests", "tools", or "libs". Default is [ "libs" ]. Only code with "libs" is shown in the 3rd party overview per module.
Path (Relative) path to the sources. Default is same directory is qt_attribution.json file. Optional. Shown as text.
Files List of files, relative to Path. Optional. Shown as text.
Description A short description of what the package is and is used for. Optional. Shown as text.
Homepage Homepage of the upstream project. Optional. Shown as link.
Version Version used from the upstream project. Optional. Shown as text.
DownloadLocation Link to exact upstream version. Optional. Shown as link for Version text.
License The license under which the package is distributed, preferably with the names from SPDX 'Full Name'. Mandatory. Shown as text.
LicenseId SPDX or DejaCode ID. Optional. Shown as link (\l https://spdx.org/licenses/XXX).
LicenseFile Relative path to file containing the license text. Optional for code in the Public Domain, otherwise needed. Content is shown as text.
LicenseFiles List of license files. Handling is the same as for 'LicenseFile' (the content in the output will just be concatenated). Supported in Qt 6.0 onwards. Content is shown as text.
Copyright (Aggregated) list of copyright lines. Mandatory, except if CopyrightFile is provided. Shown as text.
CopyrightFile Relative path to a file containing the copyright text. Supported in Qt 6.0 onwards. Content is shown as text.
CPE A CPE (Common Platform Enumeration) string or list of strings for the component, formatted according to the CPE 2.3 specification. Supported in 6.5 onwards. Optional. Search for CPEs at https://nvd.nist.gov/products/cpe/search Only shown in the SBOM documents.
PURL A Package URL (PURL) for the component (or a list of PURL strings), formatted according to the PURL specification. Supported in 6.5 onwards. Optional. Check https://wiki.qt.io/SBOM#PURL on how to find or create a PURL. Only shown in the SBOM documents.

Example

{
    "Id": "sqlite",
    "Name": "SQLite",
    "QDocModule": "qtsql",
    "QtUsage": "Used in Qt SQL Lite plugin.",

    "Description": "SQLite is a small C library that implements a self-contained, embeddable, zero-configuration SQL database engine.
Configure with -system-sqlite or -no-sqlite to avoid.",
    "Homepage": "http://www.sqlite.org/",
    "Version": "3.11.1.0",
    "License": "Public Domain",
    "Copyright": "The author disclaims copyright to this source code. However, a license can be obtained if needed."
}