Hi Mathieu, this is weird. In V4 I ran successfully all tests locally before submitting. I will take a look right away, curious to see what V5 broke.
Stefano ________________________________ From: Mathieu Dubois-Briand <[email protected]> Sent: Tuesday, March 3, 2026 09:42 To: [email protected] <[email protected]>; [email protected] <[email protected]> Cc: [email protected] <[email protected]>; [email protected] <[email protected]>; Tondo, Stefano (ext) (SI B PRO AUT PD ZUG SW 2) <[email protected]>; Marko, Peter (FT D EU SK BFS1) <[email protected]>; Freihofer, Adrian (SI B PRO TI EAC CCP) <[email protected]> Subject: Re: [OE-core] [PATCH v5 04/10] spdx30: Add version extraction from SRCREV for Git source components On Mon Mar 2, 2026 at 5:01 PM CET, Stefano Tondo via lists.openembedded.org wrote: > Extract version information for Git-based source components in SPDX 3.0 > SBOMs to improve SBOM completeness and enable better supply chain tracking. > > Problem: > Git repositories fetched as SRC_URI entries currently appear in SBOMs > without version information (software_packageVersion is null). This makes > it difficult to track which specific revision of a dependency was used, > reducing SBOM usefulness for security and compliance tracking. > > Solution: > - Extract SRCREV for Git sources and use it as packageVersion > - Use fd.revision attribute (the resolved Git commit) > - Fallback to SRCREV variable if fd.revision not available > - Use first 12 characters as version (standard Git short hash) > - Generate pkg:github PURLs for GitHub repositories (official PURL type) > - Add comprehensive debug logging for troubleshooting > > Impact: > - Git source components now have version information > - GitHub repositories get proper PURLs (pkg:github/owner/repo@commit) > - Enables tracking specific commit dependencies in SBOMs > > Signed-off-by: Stefano Tondo <[email protected]> > --- Hi Stefano, Thanks for the new version, but we again have a lot of selftests failing: 2026-03-02 17:36:16,484 - oe-selftest - INFO - devtool.DevtoolAddTests.test_devtool_add_binary (subunit.RemotedTestCase) 2026-03-02 17:36:16,484 - oe-selftest - INFO - ... FAIL ... 2026-03-02 17:36:16,486 - oe-selftest - INFO - 7: 7/29 178/673 (21.91s) (0 failed) (devtool.DevtoolAddTests.test_devtool_add_binary) 2026-03-02 17:36:16,486 - oe-selftest - INFO - testtools.testresult.real._StringException: Traceback (most recent call last): File "/srv/pokybuild/yocto-worker/oe-selftest-debian/build/layers/openembedded-core/meta/lib/oeqa/selftest/cases/devtool.py", line 419, in test_devtool_add_binary result = runCmd('devtool add -b %s %s' % (pn, bin_package_path)) File "/srv/pokybuild/yocto-worker/oe-selftest-debian/build/layers/openembedded-core/meta/lib/oeqa/utils/commands.py", line 214, in runCmd raise AssertionError("Command '%s' returned non-zero exit status %d:\n%s" % (command, result.status, exc_output)) AssertionError: Command 'devtool add -b tst-bin /tmp/devtoolqalnb521vt/tst-bin.tar.gz' returned non-zero exit status 1: ... 2026-03-02 17:36:37,300 - oe-selftest - INFO - devtool.DevtoolAddTests.test_devtool_add_fetch (subunit.RemotedTestCase) 2026-03-02 17:36:37,301 - oe-selftest - INFO - ... FAIL ... 2026-03-02 17:36:37,302 - oe-selftest - INFO - 7: 8/29 181/673 (20.82s) (2 failed) (devtool.DevtoolAddTests.test_devtool_add_fetch) 2026-03-02 17:36:37,302 - oe-selftest - INFO - testtools.testresult.real._StringException: Traceback (most recent call last): File "/srv/pokybuild/yocto-worker/oe-selftest-debian/build/layers/openembedded-core/meta/lib/oeqa/selftest/cases/devtool.py", line 554, in test_devtool_add_fetch result = runCmd('devtool add --no-pypi %s %s -f %s' % (testrecipe, srcdir, url)) File "/srv/pokybuild/yocto-worker/oe-selftest-debian/build/layers/openembedded-core/meta/lib/oeqa/utils/commands.py", line 214, in runCmd raise AssertionError("Command '%s' returned non-zero exit status %d:\n%s" % (command, result.status, exc_output)) AssertionError: Command 'devtool add --no-pypi python-markupsafe /tmp/devtoolqaamxld4_b/python-markupsafe -f https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffiles.pythonhosted.org%2Fpackages%2Fc0%2F41%2Fbae1254e0396c0cc8cf1751cb7d9afc90a602353695af5952530482c963f%2FMarkupSafe-0.23.tar.gz&data=05%7C02%7Cstefano.tondo.ext%40siemens.com%7Cfa7273d9ff86436f48af08de7900c21d%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C639081241603094951%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=8F4uong%2BOpYL%2FDGs7JXQv4eiNpO35f2hMedzRnFG0ic%3D&reserved=0'<https://files.pythonhosted.org/packages/c0/41/bae1254e0396c0cc8cf1751cb7d9afc90a602353695af5952530482c963f/MarkupSafe-0.23.tar.gz> returned non-zero exit status 1: ... 2026-03-02 17:37:54,668 - oe-selftest - INFO - devtool.DevtoolAddTests.test_devtool_add_fetch_simple (subunit.RemotedTestCase) 2026-03-02 17:37:54,668 - oe-selftest - INFO - ... FAIL ... 2026-03-02 17:41:18,826 - oe-selftest - INFO - devtool.DevtoolAddTests.test_devtool_add_python_egg_requires (subunit.RemotedTestCase) 2026-03-02 17:41:18,826 - oe-selftest - INFO - ... FAIL ... Continuing with 25 test fails. https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Fvalkyrie%2F%23%2Fbuilders%2F35%2Fbuilds%2F3314&data=05%7C02%7Cstefano.tondo.ext%40siemens.com%7Cfa7273d9ff86436f48af08de7900c21d%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C639081241603157675%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=KDCdm12DN4fL1iGLQZ%2FZmLPSjg%2BgOZzVggpncz%2FFcj8%3D&reserved=0<https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/3314> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Fvalkyrie%2F%23%2Fbuilders%2F48%2Fbuilds%2F3204&data=05%7C02%7Cstefano.tondo.ext%40siemens.com%7Cfa7273d9ff86436f48af08de7900c21d%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C639081241603212892%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=5BeBNBPHUGGL3nzdHc7aEHxhDgiy3LWR%2F%2F4XHZic%2BMY%3D&reserved=0<https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/3204> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fautobuilder.yoctoproject.org%2Fvalkyrie%2F%23%2Fbuilders%2F23%2Fbuilds%2F3434&data=05%7C02%7Cstefano.tondo.ext%40siemens.com%7Cfa7273d9ff86436f48af08de7900c21d%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C639081241603271951%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=f63cwRTFpSuC%2B5nla372zSRE3oBgp9fET7W9hA2DpSE%3D&reserved=0<https://autobuilder.yoctoproject.org/valkyrie/#/builders/23/builds/3434> Can you have a look at these failures? Thanks, Mathieu -- Mathieu Dubois-Briand, Bootlin Embedded Linux and Kernel engineering https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbootlin.com%2F&data=05%7C02%7Cstefano.tondo.ext%40siemens.com%7Cfa7273d9ff86436f48af08de7900c21d%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C639081241603328730%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=8f9pqxCsj2L4NXqIIe4KCylV%2FMTzhPJrZp2aw8w9y54%3D&reserved=0<https://bootlin.com/>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232308): https://lists.openembedded.org/g/openembedded-core/message/232308 Mute This Topic: https://lists.openembedded.org/mt/118096087/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
