Versions Compared

Old Version 1

changes.mady.by.user Leena Sunthari D

Saved on

compared with

New Version Current

changes.mady.by.user Vaisakh Anand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Solution Overview

A BitBake class (factory_apps_installerinstall-factoryapps.bbclass) that reads a JSON manifest and installs factory applications into the rootfs during image creation. The solution leverages Yocto's native bb.fetch2 fetcher for robust download handling.

...

draw.io Diagram
bordertrue
diagramNamearch_1
simpleViewerfalse
width
linksauto
tbstyletop
lboxtrue
diagramWidth241
height391416
revision34

JSON File Format


No Format
[
    {
        "packagename": "string",    // Required: Final filename in rootfs
        "srcpathsrcuri": "string",         // Required: Source URL or file path
        "shasha256sum": "string"             // Optional: SHA256 hash for verification
    }
]

...

No Format
[
    {
        "packagename": "refui-5.0.20.bolt",
        "srcpathsrcuri": "https://github.com/rdkcentral/rdke-refui/releases/download/5.0.20/refui-5.0.20.bolt",
        "shasha256sum": "b0f3d00e1deb505a8f95e1ae9e4f88314a68665edccbb1a87ce0867a235e2a6b"
    },
    {
        "packagename": "wpe-webkit-browser.bolt",
        "srcpathsrcuri": "https://artifactory.example.com/wpe-browser/latest.bolt",
        "shasha256sum": "5d6c176b0c95f637da79e125f704aa5d2d8903663761f277e6674a0121cdaec5"
    },
    {
        "packagename": "lightning-ui.bolt",
        "srcpathsrcuri": "file:///home/jenkins/workspace/builds/lightning-ui.bolt",
        "shasha256sum": "a1b2c3d4e5f6789012345678901234567890123456789012345678901234567890"
    },
    {
        "packagename": "experimental-app.bolt",
        "srcpathsrcuri": "https://nightly.example.com/latest/app.bolt",
        "shasha256sum": "a1b2c3d4e5f6789012345678901234567890123456789012345678901234567890"
    }
]

Field Description

FieldTypeRequiredDescription
packagenamestringYesFinal filename when installed in rootfs. Must not contain directory traversal characters (., /, \)
srcpath
srcuristringYesSupports: http://, https://, ftp://, ftps://, file://, or absolute paths
sha
sha256sumstringNoSHA256 hash for integrity verification. If empty, verification is skipped (warning issued)

BitBake Class Implementation

https://github.com/rdkcentral/meta-rdk-auxiliary/blob/topicdevelop/RDKMVE-1639/classes/install-factoryapps.bbclass

Required Configurations

No Format
Set these in image recipe or local.conf:
# Path to JSON manifest
FACTORY_APPS_JSON_FILE = "${TOPDIR}/../factoryapps.json"

# Installation path in rootfs (without leading /) set in https://github.com/rdkcentral/rdke-common-config/blob/develop/conf/rdke-rdkm-config.inc
FACTORY_APPS_PATH ??= "/usretc/sharerdk/factoryfactoryapps"

Usage in image recipe

# In image recipe (e.g., rdk-fullstack-image.bb)
inherit factory_apps_installer

...

  1. Transparent: JSON file shows exactly what's being installed
  2. Verifiable: SHA256 ensures package integrity
  3. Flexible: Easy to swap package sources
  4. Simple Updates: Change JSON without modifying recipes
  5. Testing: Easy to test different package versions

Security Considerations

  1. SHA256 Verification
    •    Mandatory for production: Always provide SHA256 hashes for production builds
    •    Development flexibility: Can omit SHA for development (warning issued)
    •    Tamper detection: Build fails if downloaded file doesn't match hash
  2. Directory Traversal Protection
    •    Package names validated to prevent ../ attacks
    •    Cannot install outside designated directory
  3. File Permissions
    •    Files installed with 0644 permissions (rw-r--r--)
    •    No execute permissions by default