On Fri, Mar 6, 2026 at 7:00 AM Stefano Tondo via
lists.openembedded.org <[email protected]>
wrote:
>
> Add test to verify that SPDX generation handles download_location
> failures gracefully and doesn't crash if fetch_data_to_uri() behavior
> changes.
>
> Test verifies:
> 1. SPDX file generation succeeds for recipes with tarball sources
> 2. External references are properly structured when generated
> 3. ExternalRef.locator is a list of strings (SPDX 3.0 spec requirement)
> 4. Defensive try/except and isinstance() checks prevent crashes
>
> The test uses m4 recipe which has tarball sources, allowing verification
> of the download location handling without requiring complex setup.
>
> Test can be run with:
> oe-selftest -r spdx.SPDX30Check.test_download_location_defensive_handling
>
> Signed-off-by: Stefano Tondo <[email protected]>
> ---
> meta/lib/oeqa/selftest/cases/spdx.py | 34 ++++++++++++++++++++++++++++
> 1 file changed, 34 insertions(+)
>
> diff --git a/meta/lib/oeqa/selftest/cases/spdx.py
> b/meta/lib/oeqa/selftest/cases/spdx.py
> index 41ef52fce1..9b6fcd335c 100644
> --- a/meta/lib/oeqa/selftest/cases/spdx.py
> +++ b/meta/lib/oeqa/selftest/cases/spdx.py
> @@ -414,3 +414,37 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase):
> value, ["enabled", "disabled"],
> f"Unexpected PACKAGECONFIG value '{value}' for {key}"
> )
> +
> + def test_download_location_defensive_handling(self):
> + """Test that download_location handling is defensive.
> +
> + Verifies SPDX generation succeeds and external references are
> + properly structured when download_location retrieval works.
> + """
> + objset = self.check_recipe_spdx(
> + "m4",
> + "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/recipes/recipe-m4.spdx.json",
> + # Use a unique namespace prefix to ensure do_create_spdx runs
> + # fresh regardless of sstate from prior tests in the same
> + # oe-selftest worker (see test_extra_opts for rationale)
> + extraconf="""\
> + SPDX_NAMESPACE_PREFIX =
> "http://spdx.org/spdxdocs/test-download-loc";
> + """,
> + )
test_extra_opts has a good reason it doesn't want to pull from the
"normal" sstate; this test doesn't. I'm not sure why this test would
not be able to pull from existing sstate and pass, since you aren't
changing any configuration.
> +
> + found_external_refs = False
> + for pkg in objset.foreach_type(oe.spdx30.software_Package):
> + if hasattr(pkg, 'externalRef') and pkg.externalRef:
I'm pretty sure hasattr is redundant here; software_Package has that attribute.
> + found_external_refs = True
> + for ref in pkg.externalRef:
> + self.assertIsNotNone(ref.externalRefType)
> + self.assertIsNotNone(ref.locator)
> + self.assertGreater(len(ref.locator), 0, "Locator should
> have at least one entry")
> + for loc in ref.locator:
> + self.assertIsInstance(loc, str)
> + break
> +
> + self.logger.info(
> + f"External references {'found' if found_external_refs else 'not
> found'} "
> + f"in SPDX output (defensive handling verified)"
> + )
> --
> 2.53.0
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232623):
https://lists.openembedded.org/g/openembedded-core/message/232623
Mute This Topic: https://lists.openembedded.org/mt/118170501/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
