From: Stefano Tondo <[email protected]>
This v4 fixes the recipetool/devtool selftest failures reported by
Mathieu Dubois-Briand (Bootlin) on the v3 autobuilder run.
Changes since v3:
- Fixed "AUTOREV/SRCPV set too late for the fetcher to work properly"
errors that caused ~17 recipetool/devtool selftest failures (04/11)
- Removed d.getVar('SRCREV') fallback in version extraction code;
this reference caused bitbake's signature generator to trace the
SRCREV -> AUTOREV dependency chain during recipe finalization,
triggering fatal errors for non-git temp recipes used by
recipetool/devtool with HTTP sources
- fd.revision is always available for git sources after fetch, so
the fallback was unnecessary
Root cause details:
spdx30_tasks.py is registered via BBIMPORTS (oe/__init__.py), which
means bb.codeparser.add_module_functions() parses all its public
functions for variable references. The d.getVar('SRCREV') call caused
SRCREV to be tracked as a dependency. During siggen.finalise(),
expanding SRCREV -> ${AUTOREV} -> ${@bb.fetch2.get_autorev(d)} set
__BBAUTOREV_SEEN. Combined with __BBSRCREV_SEEN (from
fetcher_hashes_dummyfunc), the sanity check at ast.py:550-551 fired
for non-git recipes where __BBAUTOREV_ACTED_UPON was never set.
Verified locally:
- recipetool create (HTTP tarball): PASSED
- recipetool create (git URL): PASSED
- oe-selftest recipetool.RecipetoolCreateTests.test_recipetool_create_simple:
PASSED
- oe-selftest recipetool.RecipetoolCreateTests.test_recipetool_create_cmake:
PASSED
- oe-selftest devtool.DevtoolAddTests.test_devtool_add_fetch_simple: PASSED
- All SPDX selftests: PASSED
Stefano Tondo (11):
spdx30: Add configurable file filtering support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Add ecosystem-specific PURL generation
spdx30: Add version extraction from SRCREV for Git source components
spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting
spdx30: Enrich source downloads with external refs and PURLs
spdx30: Include recipe base PURL in package external identifiers
oeqa/selftest: Add test for download_location defensive handling
spdx.py: Add test for version extraction patterns
cve_check: Escape special characters in CPE 2.3 formatted strings
spdx-common: Add documentation for undocumented SPDX variables
meta/classes/create-spdx-3.0.bbclass | 20 ++
meta/classes/spdx-common.bbclass | 63 +++++
meta/lib/oe/cve_check.py | 37 ++-
meta/lib/oe/spdx30_tasks.py | 341 ++++++++++++++++++++++++++-
meta/lib/oeqa/selftest/cases/spdx.py | 75 ++++++
5 files changed, 529 insertions(+), 7 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232005):
https://lists.openembedded.org/g/openembedded-core/message/232005
Mute This Topic: https://lists.openembedded.org/mt/118010851/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
