This v7 fixes two SPDX selftest failures reported by Mathieu Dubois-Briand
on the ARM autobuilder (oe-selftest-armhost builder 23/3458):
- test_download_location_defensive_handling: recipe-m4.spdx.json does not
exist
- test_version_extraction_patterns: recipe-tar.spdx.json does not exist
Root cause: On the autobuilder, oe-selftest runs with parallel workers (-j 15).
All SPDX30Check tests land on the same worker but share sstate with prior tests
that use different configurations. Tests without unique extraconf may find
do_create_spdx satisfied by stale sstate stamps from earlier tests with
different SPDX configuration, causing the task to be skipped without deploying
the SPDX file to DEPLOY_DIR_SPDX.
The fix adds a unique SPDX_NAMESPACE_PREFIX to both tests, following the
established pattern from test_extra_opts which documents: "Many SPDX variables
do not trigger a rebuild... change the namespace prefix to include the hash
of the extra configuration." This ensures do_create_spdx always runs fresh
and deploys the expected recipe SPDX file.
Changes since v6:
- 07/10: Added SPDX_NAMESPACE_PREFIX extraconf to
test_download_location_defensive_handling to ensure do_create_spdx
runs fresh on autobuilder workers with shared sstate.
- 08/10: Added SPDX_NAMESPACE_PREFIX extraconf to
test_version_extraction_patterns (same fix).
Changes since v5:
- 04/10: Removed reintroduced d.getVar('SRCREV') fallback that caused
25+ devtool/recipetool selftest failures on autobuilder. Added safety
comment explaining the BBIMPORTS/AUTOREV constraint.
Changes since v4 (carried forward):
- Dropped v4 07/11: "spdx30: Include recipe base PURL in package external
identifiers" -- superseded by 874b2d301d (spdx: Add yocto PURLs,
Joshua Watt, merged to master Jan 8 2026)
Stefano Tondo (10):
spdx30: Add configurable file filtering support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Add ecosystem-specific PURL generation
spdx30: Add version extraction from SRCREV for Git source components
spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting
spdx30: Enrich source downloads with external refs and PURLs
oeqa/selftest: Add test for download_location defensive handling
spdx.py: Add test for version extraction patterns
cve_check: Escape special characters in CPE 2.3 formatted strings
spdx-common: Add documentation for undocumented SPDX variables
meta/classes/create-spdx-3.0.bbclass | 20 ++
meta/classes/spdx-common.bbclass | 63 +++++
meta/lib/oe/cve_check.py | 37 ++-
meta/lib/oe/spdx30_tasks.py | 333 ++++++++++++++++++++++++++-
meta/lib/oeqa/selftest/cases/spdx.py | 87 +++++++
5 files changed, 534 insertions(+), 6 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232566):
https://lists.openembedded.org/g/openembedded-core/message/232566
Mute This Topic: https://lists.openembedded.org/mt/118170490/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
