Qt attribution.json: Difference between revisions
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
|  (Added CPE, PURL entries to table.) | |||
| (2 intermediate revisions by the same user not shown) | |||
| Line 44: | Line 44: | ||
| | CopyrightFile || Relative path to a file containing the copyright text. Supported in Qt 6.0 onwards. || Content is shown as text. | | CopyrightFile || Relative path to a file containing the copyright text. Supported in Qt 6.0 onwards. || Content is shown as text. | ||
| |- | |- | ||
| | CPE || A CPE (Common Platform Enumeration) string for the component, formatted according to the CPE 2.3 specification. Supported in 6.5 onwards. Optional. ||  Only shown in the SBOM documents. | | CPE || A CPE (Common Platform Enumeration) string or list of strings for the component, formatted according to the CPE 2.3 specification. Supported in 6.5 onwards. Optional. Search for CPEs at https://nvd.nist.gov/products/cpe/search ||  Only shown in the SBOM documents. | ||
| |- | |- | ||
| | PURL ||A Package URL (PURL) for the component, formatted according to the PURL specification. Supported in 6.5 onwards. Optional. || Only shown in the SBOM documents. | | PURL ||A Package URL (PURL) for the component (or a list of PURL strings), formatted according to the PURL specification. Supported in 6.5 onwards. Optional. Check https://wiki.qt.io/SBOM#PURL on how to find or create a PURL. || Only shown in the SBOM documents. | ||
| |} | |} | ||
Latest revision as of 08:00, 23 September 2025
qt_attribution.json files are used to document 3rd party code inside the Qt modules (from Qt 5.8 onwards). It is a JSON based format that can be processed with the licensescanner tool. It is officially documented in QUIP 7.
A qt_attribution.json file needs to contain one JSON object, or one array of JSON objects, with the following string properties:
Content
| Name | Description | Usage in qdoc | 
|---|---|---|
| Id | Unique name for package, without spaces. All lower case. Mandatory. | \target and part of page name | 
| Name | Descriptive name of the package, without version number. Camel case. Mandatory. | \title | 
| QDocModule | The qch file the documentation of the package should be part of. Mandatory. | - | 
| QtUsage | Free text on where the 3rd party code in Qt is used, and how to avoid it (configure options?). Mandatory. | Shown as text. | 
| QtParts | JS array with possible entries "examples", "tests", "tools", or "libs". Default is [ "libs" ]. | Only code with "libs" is shown in the 3rd party overview per module. | 
| Path | (Relative) path to the sources. Default is same directory is qt_attribution.json file. Optional. | Shown as text. | 
| Files | List of files, relative to Path. Optional. | Shown as text. | 
| Description | A short description of what the package is and is used for. Optional. | Shown as text. | 
| Homepage | Homepage of the upstream project. Optional. | Shown as link. | 
| Version | Version used from the upstream project. Optional. | Shown as text. | 
| DownloadLocation | Link to exact upstream version. Optional. | Shown as link for Version text. | 
| License | The license under which the package is distributed, preferably with the names from SPDX 'Full Name'. Mandatory. | Shown as text. | 
| LicenseId | SPDX or DejaCode ID. Optional. | Shown as link (\l https://spdx.org/licenses/XXX). | 
| LicenseFile | Relative path to file containing the license text. Optional for code in the Public Domain, otherwise needed. | Content is shown as text. | 
| LicenseFiles | List of license files. Handling is the same as for 'LicenseFile' (the content in the output will just be concatenated). Supported in Qt 6.0 onwards. | Content is shown as text. | 
| Copyright | (Aggregated) list of copyright lines. Mandatory, except if CopyrightFile is provided. | Shown as text. | 
| CopyrightFile | Relative path to a file containing the copyright text. Supported in Qt 6.0 onwards. | Content is shown as text. | 
| CPE | A CPE (Common Platform Enumeration) string or list of strings for the component, formatted according to the CPE 2.3 specification. Supported in 6.5 onwards. Optional. Search for CPEs at https://nvd.nist.gov/products/cpe/search | Only shown in the SBOM documents. | 
| PURL | A Package URL (PURL) for the component (or a list of PURL strings), formatted according to the PURL specification. Supported in 6.5 onwards. Optional. Check https://wiki.qt.io/SBOM#PURL on how to find or create a PURL. | Only shown in the SBOM documents. | 
Example
{
    "Id": "sqlite",
    "Name": "SQLite",
    "QDocModule": "qtsql",
    "QtUsage": "Used in Qt SQL Lite plugin.",
    "Description": "SQLite is a small C library that implements a self-contained, embeddable, zero-configuration SQL database engine.
Configure with -system-sqlite or -no-sqlite to avoid.",
    "Homepage": "http://www.sqlite.org/",
    "Version": "3.11.1.0",
    "License": "Public Domain",
    "Copyright": "The author disclaims copyright to this source code. However, a license can be obtained if needed."
}