@@ -414,3 +414,72 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase):
value, ["enabled", "disabled"],
f"Unexpected PACKAGECONFIG value '{value}' for {key}"
)
+
+ def test_download_location_defensive_handling(self):
+ """Test that download_location handling is defensive.
+
+ Verifies SPDX generation succeeds and external references are
+ properly structured when download_location retrieval works.
+ """
+ objset = self.check_recipe_spdx(
+ "m4",
+ "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/recipes/recipe-m4.spdx.json",
+ )
+
+ found_external_refs = False
+ for pkg in objset.foreach_type(oe.spdx30.software_Package):
+ if pkg.externalRef:
+ found_external_refs = True
+ for ref in pkg.externalRef:
+ self.assertIsNotNone(ref.externalRefType)
+ self.assertIsNotNone(ref.locator)
+ self.assertGreater(len(ref.locator), 0, "Locator should have at least one entry")
+ for loc in ref.locator:
+ self.assertIsInstance(loc, str)
+ break
+
+ self.logger.info(
+ f"External references {'found' if found_external_refs else 'not found'} "
+ f"in SPDX output (defensive handling verified)"
+ )
+
+ def test_version_extraction_patterns(self):
+ """Test that version extraction works for various package formats.
+
+ Verifies that version patterns correctly extract versions from
+ tarball sources and that all packages have proper version strings.
+ """
+ objset = self.check_recipe_spdx(
+ "tar",
+ "{DEPLOY_DIR_SPDX}/{SSTATE_PKGARCH}/recipes/recipe-tar.spdx.json",
+ )
+
+ # Collect all packages with versions
+ packages_with_versions = []
+ for pkg in objset.foreach_type(oe.spdx30.software_Package):
+ if pkg.software_packageVersion:
+ packages_with_versions.append((pkg.name, pkg.software_packageVersion))
+
+ self.assertGreater(
+ len(packages_with_versions), 0,
+ "Should find packages with extracted versions"
+ )
+
+ self.logger.info(f"Found {len(packages_with_versions)} packages with versions")
+
+ # Log some examples for debugging
+ for name, version in packages_with_versions[:5]:
+ self.logger.info(f" {name}: {version}")
+
+ # Verify that versions follow expected patterns
+ for name, version in packages_with_versions:
+ # Version should not be empty
+ self.assertIsNotNone(version)
+ self.assertNotEqual(version, "")
+
+ # Version should contain digits
+ self.assertRegex(
+ version,
+ r'\d',
+ f"Version '{version}' for package '{name}' should contain digits"
+ )