From: Zhihang Wei <wzh@ilbers.de>
To: isar-users@googlegroups.com, felix.moessbauer@siemens.com,
amikan@ilbers.de
Cc: wzh@ilbers.de, cedric.hombourger@siemens.com
Subject: [PATCH v3 15/20] testsuite: refactor sbom tests to avoid overhead
Date: Fri, 23 Jan 2026 09:24:56 +0100 [thread overview]
Message-ID: <20260123082501.240751-16-wzh@ilbers.de> (raw)
In-Reply-To: <20260123082501.240751-1-wzh@ilbers.de>
From: "MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
We currently test the SBOM infrastructure in all image builds, which
adds a significant overhead. We now change this to not generate SBOMs in
general (and by that avoid building the dependencies). To not have a
testing gap, we add a dedicated SBOM test that checks the SBOM creation
for various targets. In addition, we now also check the content of the
SBOM for plausibility.
In the future, the SBOM test can be extended without slowing down the
overall test execution.
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
testsuite/cibase.py | 26 ++++++++++++++++++++++++++
testsuite/cibuilder.py | 4 ++++
testsuite/citest.py | 33 +++++++++++++++++++++++++++++++++
3 files changed, 63 insertions(+)
diff --git a/testsuite/cibase.py b/testsuite/cibase.py
index 5ef1a5b5..fd6a3df9 100755
--- a/testsuite/cibase.py
+++ b/testsuite/cibase.py
@@ -140,6 +140,32 @@ class CIBaseTest(CIBuilder):
self.delete_from_build_dir('ccache')
self.unconfigure()
+ def perform_sbom_test(self, targets, **kwargs):
+ """
+ Build a rootfs containing a needle package and check if that package
+ is added to the sbom.
+ """
+ import json
+
+ needle_pkg = 'cowsay'
+ self.perform_build_test(
+ targets, image_install=needle_pkg,
+ generate_sbom=True
+ )
+
+ for t in targets:
+ ds, pn, distro, machine = \
+ CIUtils.getVars('DEPLOY_DIR_SBOM', 'PN', 'DISTRO', 'MACHINE',
+ target=t)
+ for t in ["cdx", "spdx"]:
+ sbom_path = os.path.join(ds, f'{pn}-{distro}-{machine}.{t}.json')
+ self.log.info(f"Check {t} SBOM in {sbom_path}")
+ with open(sbom_path) as f:
+ sbom = json.load(f)
+ pkg_key = 'components' if t == 'cdx' else 'packages'
+ if not any(c for c in sbom[pkg_key] if c['name'] == needle_pkg):
+ self.fail(f'{needle_pkg} package not found in SBOM {sbom_path}')
+
def perform_sstate_populate(self, image_target, **kwargs):
# Use a different isar root for populating sstate cache
isar_sstate = f"{isar_root}/isar-sstate"
diff --git a/testsuite/cibuilder.py b/testsuite/cibuilder.py
index 9c97115b..7538ade2 100755
--- a/testsuite/cibuilder.py
+++ b/testsuite/cibuilder.py
@@ -126,6 +126,7 @@ class CIBuilder(Test):
installer_distro=None,
installer_device=None,
customizations=None,
+ generate_sbom=False,
lines=None,
**kwargs,
):
@@ -176,6 +177,7 @@ class CIBuilder(Test):
f" image_install = {image_install}\n"
f" installer_image = {installer_image}\n"
f" customizations = {customizations}\n"
+ f" generate_sbom = {generate_sbom}\n"
f" lines = {strlines}\n"
f"==================================================="
)
@@ -275,6 +277,8 @@ class CIBuilder(Test):
'CUSTOMIZATION_FOR_IMAGES:append = " isar-image-ci"\n'
'HOSTNAME:isar-image-ci = "isar-ci"\n'
)
+ if generate_sbom is False:
+ f.write('ROOTFS_FEATURES:remove = "generate-sbom"\n')
if lines is not None:
f.writelines((line + '\n' if not line.endswith('\n') else line) for line in lines)
diff --git a/testsuite/citest.py b/testsuite/citest.py
index eaa4c440..d908f9bc 100755
--- a/testsuite/citest.py
+++ b/testsuite/citest.py
@@ -694,6 +694,39 @@ class CustomizationsTest(CIBaseTest):
)
+class SbomTest(CIBaseTest):
+ """
+ Test to check if sbom is generated and contains expected packages.
+ Most tests are rootfs tests to avoid costly initrd build and imaging.
+
+ :avocado: tags=sbom,fast
+ """
+
+ def test_sbom_rootfs_generate(self):
+ targets = [
+ 'mc:qemuamd64-bookworm:isar-rootfs-ci',
+ 'mc:qemuarm64-bookworm:isar-rootfs-ci',
+ 'mc:qemuamd64-trixie:isar-rootfs-ci',
+ 'mc:qemuarm64-trixie:isar-rootfs-ci',
+ 'mc:qemuamd64-noble:isar-rootfs-ci',
+ ]
+
+ self.init()
+ self.perform_sbom_test(targets)
+
+ def test_sbom_unsupported(self):
+ targets = [
+ 'mc:qemuamd64-bullseye:isar-rootfs-ci',
+ 'mc:qemuamd64-focal:isar-rootfs-ci',
+ ]
+
+ self.init()
+ self.perform_build_test(
+ targets, bitbake_cmd='do_rootfs', image_install='cowsay',
+ generate_sbom=True
+ )
+
+
class SignatureTest(CIBaseTest):
"""
--
2.39.5
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20260123082501.240751-16-wzh%40ilbers.de.
next prev parent reply other threads:[~2026-01-23 8:25 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-23 8:24 [PATCH v3 00/20] Various improvements to the testsuite Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 01/20] testsuite: move targets with custom kernel to separate test Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 02/20] testsuite: enable ccache on kernel tests Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 03/20] testsuite: make prebuilt container a feature test Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 04/20] testsuite: make compat test standalone test Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 05/20] testsuite: handle IMAGE_INSTALL solely in cibuilder.py Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 06/20] testsuite: limit cross_debsrc test to subset of packages Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 07/20] testsuite: forward SSTATE_MIRRORS into CI env on sstate Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 08/20] ci: add support for sstate cache Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 09/20] testsuite: make test_cross_deps more specific Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 10/20] testsuite: fix typo in log message in perform_signature_lint Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 11/20] testsuite: fix SignatureTest by avoiding absolute path in bblayers Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 12/20] testsuite: use more recent distros in SignatureTest Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 13/20] testsuite: make SignatureTest idempotent Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 14/20] testsuite: add rootfs target for rootfs only tests Zhihang Wei
2026-01-23 8:24 ` Zhihang Wei [this message]
2026-01-23 8:24 ` [PATCH v3 16/20] testsuite: make sbuild-flavor test standalone Zhihang Wei
2026-01-23 8:24 ` [PATCH v3 17/20] testsuite: skip VM tests if images are not available Zhihang Wei
2026-01-28 11:54 ` Zhihang Wei
2026-01-28 12:46 ` 'MOESSBAUER, Felix' via isar-users
2026-01-23 8:24 ` [PATCH v3 18/20] testsuite: Group prebuilt_containers related test cases together Zhihang Wei
2026-01-23 8:25 ` [PATCH v3 19/20] testsuite: Execute startvm testcases after building Zhihang Wei
2026-01-23 8:25 ` [PATCH v3 20/20] testsuite: Remove SstateTest from full testsuite Zhihang Wei
2026-01-23 8:37 ` [PATCH v3 00/20] Various improvements to the testsuite Zhihang Wei
2026-01-28 13:01 ` Zhihang Wei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260123082501.240751-16-wzh@ilbers.de \
--to=wzh@ilbers.de \
--cc=amikan@ilbers.de \
--cc=cedric.hombourger@siemens.com \
--cc=felix.moessbauer@siemens.com \
--cc=isar-users@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox