On Tue, Mar 24, 2026 at 11:15 AM Stefano Tondo via lists.openembedded.org <[email protected]> wrote: > > Add two new test methods to SPDX30Check: > > test_download_location_defensive_handling: > Builds m4 and verifies that SPDX generation succeeds and any > external references present are properly structured with valid > types and locator strings. > > test_version_extraction_patterns: > Builds opkg-utils (a Git-based recipe) and verifies that source > download packages carry the full SHA-1 commit hash as their > software_packageVersion. >
LGTM, thanks Reviewed-by: Joshua Watt <[email protected]> > Signed-off-by: Stefano Tondo <[email protected]> > --- > meta/lib/oeqa/selftest/cases/spdx.py | 76 ++++++++++++++++++++++++++++ > 1 file changed, 76 insertions(+) > > diff --git a/meta/lib/oeqa/selftest/cases/spdx.py > b/meta/lib/oeqa/selftest/cases/spdx.py > index af1144c1e5..9347e0bf7b 100644 > --- a/meta/lib/oeqa/selftest/cases/spdx.py > +++ b/meta/lib/oeqa/selftest/cases/spdx.py > @@ -428,3 +428,79 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase): > value, ["enabled", "disabled"], > f"Unexpected PACKAGECONFIG value '{value}' for {key}" > ) > + > + def test_download_location_defensive_handling(self): > + """Test that download_location handling is defensive. > + > + Verifies SPDX generation succeeds and external references are > + properly structured when download_location retrieval works. > + """ > + objset = self.check_recipe_spdx( > + "m4", > + "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/builds/build-m4.spdx.json", > + ) > + > + found_external_refs = False > + for pkg in objset.foreach_type(oe.spdx30.software_Package): > + if pkg.externalRef: > + found_external_refs = True > + for ref in pkg.externalRef: > + self.assertIsNotNone(ref.externalRefType) > + self.assertIsNotNone(ref.locator) > + self.assertGreater(len(ref.locator), 0, "Locator should > have at least one entry") > + for loc in ref.locator: > + self.assertIsInstance(loc, str) > + break > + > + self.logger.info( > + f"External references {'found' if found_external_refs else 'not > found'} " > + f"in SPDX output (defensive handling verified)" > + ) > + > + def test_version_extraction_patterns(self): > + """Test that version extraction works for various package formats. > + > + Verifies that Git source downloads carry extracted versions and that > + the reported version strings are well-formed. > + """ > + objset = self.check_recipe_spdx( > + "opkg-utils", > + > "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/builds/build-opkg-utils.spdx.json", > + ) > + > + # Collect all packages with versions > + packages_with_versions = [] > + for pkg in objset.foreach_type(oe.spdx30.software_Package): > + if pkg.software_packageVersion: > + packages_with_versions.append((pkg.name, > pkg.software_packageVersion)) > + > + self.assertGreater( > + len(packages_with_versions), 0, > + "Should find packages with extracted versions" > + ) > + > + for name, version in packages_with_versions: > + self.assertRegex( > + version, > + r"^[0-9a-f]{40}$", > + f"Expected Git source version for {name} to be a full SHA-1", > + ) > + > + self.logger.info(f"Found {len(packages_with_versions)} packages with > versions") > + > + # Log some examples for debugging > + for name, version in packages_with_versions[:5]: > + self.logger.info(f" {name}: {version}") > + > + # Verify that versions follow expected patterns > + for name, version in packages_with_versions: > + # Version should not be empty > + self.assertIsNotNone(version) > + self.assertNotEqual(version, "") > + > + # Version should contain digits > + self.assertRegex( > + version, > + r'\d', > + f"Version '{version}' for package '{name}' should contain > digits" > + ) > -- > 2.53.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#234051): https://lists.openembedded.org/g/openembedded-core/message/234051 Mute This Topic: https://lists.openembedded.org/mt/118487364/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
