This v6 fixes the autobuilder selftest failures (25+ devtool/recipetool
tests) reported by Mathieu Dubois-Briand for v5. The root cause was a
reintroduced d.getVar('SRCREV') call in patch 04 ("Add version extraction
from SRCREV for Git source components") that was accidentally restored
during the v5 rebase/squash.
Because spdx30_tasks.py is registered via BBIMPORTS, bitbake's code parser
traces all variable references in its public functions. The d.getVar('SRCREV')
call caused the signature generator to follow the SRCREV -> AUTOREV
dependency chain during recipe finalization, triggering "AUTOREV/SRCPV set
too late" fatal errors for non-git temporary recipes used by recipetool
and devtool with HTTP sources.
The fix removes the d.getVar('SRCREV') fallback entirely, relying solely on
fd.revision which is always available for git sources after fetch. A safety
comment explains why d.getVar('SRCREV') must never be used in this context.
Changes since v5:
- 04/10: Removed reintroduced d.getVar('SRCREV') fallback that caused
25+ devtool/recipetool selftest failures on autobuilder. Added safety
comment explaining the BBIMPORTS/AUTOREV constraint.
- 06/10: Carried forward the version_source tracking from the SRCREV
fix resolution (context change only, no functional change).
Changes since v4 (carried forward):
- Dropped v4 07/11: "spdx30: Include recipe base PURL in package external
identifiers" -- superseded by 874b2d301d (spdx: Add yocto PURLs,
Joshua Watt, merged to master Jan 8 2026)
Stefano Tondo (10):
spdx30: Add configurable file filtering support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Add ecosystem-specific PURL generation
spdx30: Add version extraction from SRCREV for Git source components
spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting
spdx30: Enrich source downloads with external refs and PURLs
oeqa/selftest: Add test for download_location defensive handling
spdx.py: Add test for version extraction patterns
cve_check: Escape special characters in CPE 2.3 formatted strings
spdx-common: Add documentation for undocumented SPDX variables
meta/classes/create-spdx-3.0.bbclass | 20 ++
meta/classes/spdx-common.bbclass | 63 +++++
meta/lib/oe/cve_check.py | 37 ++-
meta/lib/oe/spdx30_tasks.py | 333 ++++++++++++++++++++++++++-
meta/lib/oeqa/selftest/cases/spdx.py | 75 ++++++
5 files changed, 522 insertions(+), 6 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232403):
https://lists.openembedded.org/g/openembedded-core/message/232403
Mute This Topic: https://lists.openembedded.org/mt/118136150/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
