From: stondo@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: richard.purdie@linuxfoundation.org, ross.burton@arm.com,
jpewhacker@gmail.com, stefano.tondo.ext@siemens.com,
peter.marko@siemens.com, adrian.freihofer@siemens.com,
mathieu.dubois-briand@bootlin.com
Subject: [OE-core][PATCH v14 4/4] oeqa/selftest: Add tests for source download enrichment
Date: Tue, 24 Mar 2026 14:29:58 +0100 [thread overview]
Message-ID: <20260324132958.2316491-5-stondo@gmail.com> (raw)
In-Reply-To: <20260324132958.2316491-1-stondo@gmail.com>
From: Stefano Tondo <stefano.tondo.ext@siemens.com>
Add two tests for the new source download SPDX features:
test_download_location_defensive_handling:
Verify that packages with no download location (e.g. packagegroups,
images, virtual providers) are handled gracefully without crashing
the SPDX generation pipeline.
test_version_extraction_patterns:
Verify that Git source packages get SRCREV as their version in the
SPDX output, rather than the recipe PV.
Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com>
---
meta/lib/oeqa/selftest/cases/spdx.py | 76 ++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/spdx.py b/meta/lib/oeqa/selftest/cases/spdx.py
index af1144c1e5..9347e0bf7b 100644
--- a/meta/lib/oeqa/selftest/cases/spdx.py
+++ b/meta/lib/oeqa/selftest/cases/spdx.py
@@ -428,3 +428,79 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase):
value, ["enabled", "disabled"],
f"Unexpected PACKAGECONFIG value '{value}' for {key}"
)
+
+ def test_download_location_defensive_handling(self):
+ """Test that download_location handling is defensive.
+
+ Verifies SPDX generation succeeds and external references are
+ properly structured when download_location retrieval works.
+ """
+ objset = self.check_recipe_spdx(
+ "m4",
+ "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/builds/build-m4.spdx.json",
+ )
+
+ found_external_refs = False
+ for pkg in objset.foreach_type(oe.spdx30.software_Package):
+ if pkg.externalRef:
+ found_external_refs = True
+ for ref in pkg.externalRef:
+ self.assertIsNotNone(ref.externalRefType)
+ self.assertIsNotNone(ref.locator)
+ self.assertGreater(len(ref.locator), 0, "Locator should have at least one entry")
+ for loc in ref.locator:
+ self.assertIsInstance(loc, str)
+ break
+
+ self.logger.info(
+ f"External references {'found' if found_external_refs else 'not found'} "
+ f"in SPDX output (defensive handling verified)"
+ )
+
+ def test_version_extraction_patterns(self):
+ """Test that version extraction works for various package formats.
+
+ Verifies that Git source downloads carry extracted versions and that
+ the reported version strings are well-formed.
+ """
+ objset = self.check_recipe_spdx(
+ "opkg-utils",
+ "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/builds/build-opkg-utils.spdx.json",
+ )
+
+ # Collect all packages with versions
+ packages_with_versions = []
+ for pkg in objset.foreach_type(oe.spdx30.software_Package):
+ if pkg.software_packageVersion:
+ packages_with_versions.append((pkg.name, pkg.software_packageVersion))
+
+ self.assertGreater(
+ len(packages_with_versions), 0,
+ "Should find packages with extracted versions"
+ )
+
+ for name, version in packages_with_versions:
+ self.assertRegex(
+ version,
+ r"^[0-9a-f]{40}$",
+ f"Expected Git source version for {name} to be a full SHA-1",
+ )
+
+ self.logger.info(f"Found {len(packages_with_versions)} packages with versions")
+
+ # Log some examples for debugging
+ for name, version in packages_with_versions[:5]:
+ self.logger.info(f" {name}: {version}")
+
+ # Verify that versions follow expected patterns
+ for name, version in packages_with_versions:
+ # Version should not be empty
+ self.assertIsNotNone(version)
+ self.assertNotEqual(version, "")
+
+ # Version should contain digits
+ self.assertRegex(
+ version,
+ r'\d',
+ f"Version '{version}' for package '{name}' should contain digits"
+ )
--
2.53.0
next prev parent reply other threads:[~2026-03-24 13:30 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-23 21:07 [OE-core][PATCH v13 0/4] SPDX 3.0 SBOM enrichment and compliance improvements Stefano Tondo
2026-03-23 21:07 ` [PATCH v13 1/4] spdx30: Add configurable file exclusion pattern support Stefano Tondo
2026-03-23 21:07 ` [PATCH v13 2/4] spdx30: Add supplier support for image and SDK SBOMs Stefano Tondo
2026-03-23 21:07 ` [PATCH v13 3/4] spdx30: Enrich source downloads with version and PURL Stefano Tondo
2026-03-23 21:07 ` [PATCH v13 4/4] oeqa/selftest: Add tests for source download enrichment Stefano Tondo
2026-03-24 10:26 ` Richard Purdie
2026-03-24 14:48 ` Joshua Watt
2026-03-24 13:29 ` [OE-core][PATCH v14 0/4] SPDX 3.0 SBOM enrichment and compliance improvements stondo
2026-03-24 13:29 ` [OE-core][PATCH v14 1/4] spdx30: Add configurable file exclusion pattern support stondo
2026-03-24 14:22 ` Joshua Watt
2026-03-24 13:29 ` [OE-core][PATCH v14 2/4] spdx30: Add supplier support for image and SDK SBOMs stondo
2026-03-24 14:24 ` Joshua Watt
2026-03-24 13:29 ` [OE-core][PATCH v14 3/4] spdx30: Enrich source downloads with version and PURL stondo
2026-03-24 14:46 ` Joshua Watt
2026-03-24 13:29 ` stondo [this message]
2026-03-24 17:12 ` [PATCH v16 0/5] spdx30: PURL and source download enrichment Stefano Tondo
2026-03-24 17:12 ` [PATCH v16 1/5] spdx30: Add configurable file exclusion pattern support Stefano Tondo
2026-03-24 17:12 ` [PATCH v16 2/5] spdx30: Add supplier support for image and SDK SBOMs Stefano Tondo
2026-03-24 17:12 ` [PATCH v16 3/5] spdx30: Add ecosystem PURLs for recipe classes Stefano Tondo
2026-03-24 17:12 ` [PATCH v16 4/5] spdx30: Add Git version and PURL to source downloads Stefano Tondo
2026-03-26 20:14 ` Joshua Watt
2026-03-24 17:12 ` [PATCH v16 5/5] oeqa/selftest: Add tests for source download enrichment Stefano Tondo
2026-03-24 17:14 ` [PATCH v16 0/5] spdx30: PURL and " Stefano Tondo
2026-03-24 17:14 ` [PATCH v16 1/5] spdx30: Add configurable file exclusion pattern support Stefano Tondo
2026-03-26 20:11 ` Joshua Watt
2026-03-24 17:14 ` [PATCH v16 2/5] spdx30: Add supplier support for image and SDK SBOMs Stefano Tondo
2026-03-26 20:12 ` Joshua Watt
2026-03-24 17:15 ` [PATCH v16 3/5] spdx30: Add ecosystem PURLs for recipe classes Stefano Tondo
2026-03-26 20:13 ` Joshua Watt
2026-03-24 17:15 ` [PATCH v16 4/5] spdx30: Add Git version and PURL to source downloads Stefano Tondo
2026-03-24 17:15 ` [PATCH v16 5/5] oeqa/selftest: Add tests for source download enrichment Stefano Tondo
2026-03-26 20:15 ` [OE-core] " Joshua Watt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260324132958.2316491-5-stondo@gmail.com \
--to=stondo@gmail.com \
--cc=adrian.freihofer@siemens.com \
--cc=jpewhacker@gmail.com \
--cc=mathieu.dubois-briand@bootlin.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=peter.marko@siemens.com \
--cc=richard.purdie@linuxfoundation.org \
--cc=ross.burton@arm.com \
--cc=stefano.tondo.ext@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox