[PATCH v4 08/11] oeqa/selftest: Add test for download_location defensive handling

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: stondo@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: stefano.tondo.ext@siemens.com, Peter.Marko@siemens.com,
	adrian.freihofer@siemens.com, jpewhacker@gmail.com,
	mathieu@bootlin.com, Ross.Burton@arm.com
Subject: [PATCH v4 08/11] oeqa/selftest: Add test for download_location defensive handling
Date: Thu, 26 Feb 2026 13:18:20 +0100	[thread overview]
Message-ID: <20260226121823.149327-9-stondo@gmail.com> (raw)
In-Reply-To: <20260226121823.149327-1-stondo@gmail.com>

From: Stefano Tondo <stefano.tondo.ext@siemens.com>

Add test to verify that SPDX generation handles download_location
failures gracefully and doesn't crash if fetch_data_to_uri() behavior
changes.

Test verifies:
1. SPDX file generation succeeds for recipes with tarball sources
2. External references are properly structured when generated
3. ExternalRef.locator is a list of strings (SPDX 3.0 spec requirement)
4. Defensive try/except and isinstance() checks prevent crashes

The test uses m4 recipe which has tarball sources, allowing verification
of the download location handling without requiring complex setup.

Test can be run with:
  oe-selftest -r spdx.SPDX30Check.test_download_location_defensive_handling

Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com>
---
 meta/lib/oeqa/selftest/cases/spdx.py | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/meta/lib/oeqa/selftest/cases/spdx.py b/meta/lib/oeqa/selftest/cases/spdx.py
index 41ef52fce1..d7dee5e2ee 100644
--- a/meta/lib/oeqa/selftest/cases/spdx.py
+++ b/meta/lib/oeqa/selftest/cases/spdx.py
@@ -414,3 +414,31 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase):
                 value, ["enabled", "disabled"],
                 f"Unexpected PACKAGECONFIG value '{value}' for {key}"
             )
+
+    def test_download_location_defensive_handling(self):
+        """Test that download_location handling is defensive.
+
+        Verifies SPDX generation succeeds and external references are
+        properly structured when download_location retrieval works.
+        """
+        objset = self.check_recipe_spdx(
+            "m4",
+            "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/recipes/recipe-m4.spdx.json",
+        )
+
+        found_external_refs = False
+        for pkg in objset.foreach_type(oe.spdx30.software_Package):
+            if hasattr(pkg, 'externalRef') and pkg.externalRef:
+                found_external_refs = True
+                for ref in pkg.externalRef:
+                    self.assertIsNotNone(ref.externalRefType)
+                    self.assertIsNotNone(ref.locator)
+                    self.assertGreater(len(ref.locator), 0, "Locator should have at least one entry")
+                    for loc in ref.locator:
+                        self.assertIsInstance(loc, str)
+                break
+
+        self.logger.info(
+            f"External references {'found' if found_external_refs else 'not found'} "
+            f"in SPDX output (defensive handling verified)"
+        )
-- 
2.53.0

next prev parent reply	other threads:[~2026-02-26 12:19 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-26 12:18 [PATCH v4 00/11] spdx30: SBOM enrichment and documentation stondo
2026-02-26 12:18 ` [PATCH v4 01/11] spdx30: Add configurable file filtering support stondo
2026-02-26 12:18 ` [PATCH v4 02/11] spdx30: Add supplier support for image and SDK SBOMs stondo
2026-02-26 12:18 ` [PATCH v4 03/11] spdx30: Add ecosystem-specific PURL generation stondo
2026-02-26 12:18 ` [PATCH v4 04/11] spdx30: Add version extraction from SRCREV for Git source components stondo
2026-02-26 12:18 ` [PATCH v4 05/11] spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting stondo
2026-02-26 12:18 ` [PATCH v4 06/11] spdx30: Enrich source downloads with external refs and PURLs stondo
2026-02-26 12:18 ` [PATCH v4 07/11] spdx30: Include recipe base PURL in package external identifiers stondo
2026-02-26 12:18 ` stondo [this message]
2026-02-26 12:18 ` [PATCH v4 09/11] spdx.py: Add test for version extraction patterns stondo
2026-02-26 12:18 ` [PATCH v4 10/11] cve_check: Escape special characters in CPE 2.3 formatted strings stondo
2026-02-26 12:18 ` [PATCH v4 11/11] spdx-common: Add documentation for undocumented SPDX variables stondo

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:41ef52fce dfblob:d7dee5e2e )
 OR (
bs:"[PATCH v4 08/11] oeqa/selftest: Add test for download_location defensive handling" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260226121823.149327-9-stondo@gmail.com \
    --to=stondo@gmail.com \
    --cc=Peter.Marko@siemens.com \
    --cc=Ross.Burton@arm.com \
    --cc=adrian.freihofer@siemens.com \
    --cc=jpewhacker@gmail.com \
    --cc=mathieu@bootlin.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=stefano.tondo.ext@siemens.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox