Re: [OE-core] [PATCH v2 04/18] spdx30: Add version extraction from SRCREV for Git source components

Sun, 22 Feb 2026 05:34:58 -0800 

On Sat Feb 21, 2026 at 6:09 AM CET, Stefano Tondo via lists.openembedded.org 
wrote:
> From: Stefano Tondo <[email protected]>
>
> Extract version information for Git-based source components in SPDX 3.0
> SBOMs to improve SBOM completeness and enable better supply chain tracking.
>
> Problem:
> Git repositories fetched as SRC_URI entries currently appear in SBOMs
> without version information (software_packageVersion is null). This makes
> it difficult to track which specific revision of a dependency was used,
> reducing SBOM usefulness for security and compliance tracking.
>
> Solution:
> - Extract SRCREV for Git sources and use it as packageVersion
> - Use fd.revision attribute (the resolved Git commit)
> - Fallback to SRCREV variable if fd.revision not available
> - Use first 12 characters as version (standard Git short hash)
> - Generate pkg:github PURLs for GitHub repositories (official PURL type)
> - Add comprehensive debug logging for troubleshooting
>
> Impact:
> - Git source components now have version information
> - GitHub repositories get proper PURLs (pkg:github/owner/repo@commit)
> - Enables tracking specific commit dependencies in SBOMs
>
> Signed-off-by: Stefano Tondo <[email protected]>
> ---

Hi Stefano,

Thanks for your patch.

It looks like several selftests are failing on the autobuilder with this
series, possibly because of this commit.

We have the following errors:

2026-02-21 15:08:11,906 - oe-selftest - INFO - 
devtool.DevtoolUpgradeTests.test_devtool_finish_upgrade_origlayer 
(subunit.RemotedTestCase)
2026-02-21 15:08:11,907 - oe-selftest - INFO -  ... FAIL
...
2026-02-21 15:08:11,907 - oe-selftest - INFO - 1: 21/52 212/672 (96.59s) (0 
failed) (devtool.DevtoolUpgradeTests.test_devtool_finish_upgrade_origlayer)
2026-02-21 15:08:11,907 - oe-selftest - INFO - 
testtools.testresult.real._StringException: Traceback (most recent call last):
  File 
"/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/layers/openembedded-core/meta/lib/oeqa/selftest/cases/devtool.py",
 line 2236, in test_devtool_finish_upgrade_origlayer
    recipe, oldrecipefile, recipedir, olddir, newversion, patchfn, 
backportedpatchfn = self._setup_test_devtool_finish_upgrade()
                                                                                
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File 
"/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/layers/openembedded-core/meta/lib/oeqa/selftest/cases/devtool.py",
 line 2216, in _setup_test_devtool_finish_upgrade
    result = runCmd('devtool upgrade %s %s -V %s' % (recipe, tempdir, 
newversion))
             
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File 
"/srv/pokybuild/yocto-worker/oe-selftest-armhost/build/layers/openembedded-core/meta/lib/oeqa/utils/commands.py",
 line 214, in runCmd
    raise AssertionError("Command '%s' returned non-zero exit status %d:\n%s" % 
(command, result.status, exc_output))
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no 
addDuration method
  warnings.warn("TestResult has no addDuration method",

AssertionError: Command 'devtool upgrade devtool-upgrade-test1 
/tmp/devtoolqaskjpeqye -V 1.6.0' returned non-zero exit status 1:
...
2026-02-21 15:09:47,787 - oe-selftest - INFO - 
devtool.DevtoolUpgradeTests.test_devtool_finish_upgrade_otherlayer 
(subunit.RemotedTestCase)
2026-02-21 15:09:47,788 - oe-selftest - INFO -  ... FAIL
...
2026-02-21 15:10:37,499 - oe-selftest - INFO - 
devtool.DevtoolUpgradeTests.test_devtool_rename (subunit.RemotedTestCase)
2026-02-21 15:10:37,500 - oe-selftest - INFO -  ... FAIL
...
2026-02-21 15:12:11,843 - oe-selftest - INFO - 
devtool.DevtoolUpgradeTests.test_devtool_upgrade (subunit.RemotedTestCase)
2026-02-21 15:12:11,843 - oe-selftest - INFO -  ... FAIL
...

We have 29 test fails in total, I will let you look at the logs for the
whole list.

https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/3368
https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/3250
https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/3128

Can you have a look at these issues?

Thanks,
Mathieu

-- 
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#231633): 
https://lists.openembedded.org/g/openembedded-core/message/231633
Mute This Topic: https://lists.openembedded.org/mt/117922736/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to