Skip to content

RDKB-63009 RDKB-63010: Native build for Coverity #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sowmiyachelliah wants to merge 8 commits into
base: develop
Choose a base branch
from
Open

RDKB-63009 RDKB-63010: Native build for Coverity #9

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
3855e63
RDKB-63009 RDKB-63010: Native build for Coverity
sowmiyachelliah Jan 30, 2026
0fc1dd4
Update code
sowmiyachelliah Jan 30, 2026
57427b8
Update component_config.json
sowmiyachelliah Feb 5, 2026
04c1b61
Update configure_options.conf
sowmiyachelliah Feb 5, 2026
14918ef
Adding sub-module
sowmiyachelliah Feb 9, 2026
10591c6
Updating README.md
sowmiyachelliah Feb 9, 2026
7010a65
Updating configure_options.conf
sowmiyachelliah Feb 11, 2026
a29e97c
Updating configure_options.conf
sowmiyachelliah Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .github/workflows/native-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Build XDNS Component in Native Environment

on:
push:
branches: [ main, 'sprint/**', 'release/**', develop ]
pull_request:
branches: [ main, 'sprint/**', 'release/**', topic/RDK*, develop ]

jobs:
build-xdns-on-pr:
name: Build XDNS component in github rdkcentral
runs-on: ubuntu-latest
container:
image: ghcr.io/rdkcentral/docker-rdk-ci:latest

steps:
- name: Checkout code
uses: actions/checkout@v3
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow uses 'actions/checkout@v3' which is an older version. GitHub Actions has released newer versions (v4 is available as of 2023). Consider updating to '@v4' for improved performance and features. This is the same pattern used in the L1-tests.yml workflow, so updating both together would maintain consistency.

Suggested change
uses: actions/checkout@v3
uses: actions/checkout@v4

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider upgrading to actions/checkout@v4 to stay current with GitHub Actions runtime updates and avoid potential deprecation issues tied to older major versions.

Suggested change
uses: actions/checkout@v3
uses: actions/checkout@v4

Copilot uses AI. Check for mistakes.

- name: native build
run: |
chmod +x cov_docker_script/run_setup_dependencies.sh
./cov_docker_script/run_setup_dependencies.sh
chmod +x cov_docker_script/run_native_build.sh
./cov_docker_script/run_native_build.sh
env:
GITHUB_TOKEN: ${{ secrets.RDKCM_RDKE }}
Comment on lines 11 to 36

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 8 days ago

In general, the fix is to add an explicit permissions block either at the workflow root (affecting all jobs) or at the job level, granting only the minimal required scopes. Since this workflow only checks out code and runs build scripts, contents: read is sufficient in most cases.

For this specific file, the minimal, non‑disruptive change is to add a job-level permissions block to build-xdns-on-pr, just under the job name (or runs-on). This will limit the workflow’s automatically provided GITHUB_TOKEN to read-only repository contents while leaving the rest of the job unchanged. Because the job already uses a secret RDKCM_RDKE for the GITHUB_TOKEN environment variable, adding this block does not interfere with that secret; it only constrains the implicit GITHUB_TOKEN that GitHub injects. No imports or additional methods are needed, only YAML changes in .github/workflows/native-build.yml.

Concretely:

  • Edit .github/workflows/native-build.yml.
  • Under build-xdns-on-pr: (around line 11), insert: 
      permissions:
    contents: read
  • Keep indentation aligned with other job keys (name, runs-on, etc.).
    No other functional behavior needs to change.
Suggested changeset 1
.github/workflows/native-build.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/native-build.yml b/.github/workflows/native-build.yml
--- a/.github/workflows/native-build.yml
+++ b/.github/workflows/native-build.yml
@@ -9,6 +9,8 @@
 jobs:
   build-xdns-on-pr:
     name: Build XDNS component in github rdkcentral
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/rdkcentral/docker-rdk-ci:latest
EOF
@@ -9,6 +9,8 @@
jobs:
build-xdns-on-pr:
name: Build XDNS component in github rdkcentral
permissions:
contents: read
runs-on: ubuntu-latest
container:
image: ghcr.io/rdkcentral/docker-rdk-ci:latest
Copilot is powered by AI and may make mistakes. Always verify output.
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GITHUB_TOKEN environment variable is set to use a custom secret 'secrets.RDKCM_RDKE', but it's not clear if this is actually needed for the build process. If the build scripts are cloning public repositories (as seen in run_setup_dependencies.sh where it clones from https://github.com/rdkcentral/build_tools_workflows), the default GITHUB_TOKEN provided by GitHub Actions should be sufficient. If this custom token is required, please add a comment explaining why. If it's not needed, consider removing it to reduce secret dependencies.

Suggested change
GITHUB_TOKEN: ${{ secrets.RDKCM_RDKE }}
GITHUB_TOKEN: ${{ github.token }}

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This overrides the built-in GITHUB_TOKEN with a repository secret, which increases the risk of credential exposure because the subsequent scripts run code from the checked-out repository in a PR context. Prefer using the default ${{ github.token }} for GitHub API operations, and if an elevated token is required, pass it under a different env name and ensure the workflow does not run untrusted PR code with that secret available.

Suggested change
GITHUB_TOKEN: ${{ secrets.RDKCM_RDKE }}
GITHUB_TOKEN: ${{ github.token }}

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On pull_request events, repository secrets are not available to forks, which can cause CI to fail unexpectedly. If a token is required, prefer the built-in ${{ github.token }} (or only use the secret on non-fork contexts); if it’s not required for public submodules, remove this override.

Suggested change
GITHUB_TOKEN: ${{ secrets.RDKCM_RDKE }}
GITHUB_TOKEN: ${{ github.token }}

Copilot uses AI. Check for mistakes.
102 changes: 102 additions & 0 deletions cov_docker_script/component_config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
{
"_comment": "Component Build Configuration for Coverity/Native Builds",
"_version": "2.0",
"_description": "Defines dependencies and build settings for the native component",

"dependencies": {
"_comment": "External repositories needed by this component",
"repos": [
{
"name": "rbus",
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The component_config.json specifies rbus version "v2.7.0" as a branch name (line 12), which appears to be a tag rather than a branch. Git clone with '-b' flag accepts both branches and tags, so this will work, but it's semantically misleading to call it a "branch" in the configuration. Consider either: 1) Renaming the field from "branch" to "ref" or "version" to be more accurate, or 2) Adding a comment explaining that this field accepts both branches and tags. This affects consistency with other dependencies that use actual branch names like "develop".

Suggested change
"name": "rbus",
"name": "rbus",
"_comment": "\"branch\" may refer to a branch or a tag; here v2.7.0 is a Git tag.",

Copilot uses AI. Check for mistakes.
"repo": "https://github.com/rdkcentral/rbus.git",
"branch": "v2.7.0",
"header_paths": [
{ "source": "include", "destination": "$HOME/usr/include/rdkb/rbus" }
],
"build": {
"type": "cmake",
"build_dir": "build",
"cmake_flags": "-DCMAKE_INSTALL_PREFIX=$HOME/usr -DCMAKE_PREFIX_PATH=/usr -DBUILD_FOR_DESKTOP=ON -DCMAKE_BUILD_TYPE=Debug"
}
},
{
"name": "common-library",
"repo": "https://github.com/rdkcentral/common-library.git",
"branch": "develop",
"header_paths": [
{ "source": "source/cosa/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/cosa/include/linux", "destination": "$HOME/usr/include/rdkb/linux" },
{ "source": "source/ccsp/custom", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/ccsp/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/debug_api/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/util_api/http/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/ccsp/components/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/util_api/ansc/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/cosa/package/slap/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/ccsp/components/common/MessageBusHelper/include", "destination": "$HOME/usr/include/rdkb" },
{ "source": "source/dm_pack", "destination": "$HOME/usr/include/rdkb" }
],
"build": {
"type": "script",
"script": "cov_docker_script/run_external_build.sh"
}
Comment on lines 39 to 42
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build configuration references "cov_docker_script/run_external_build.sh" as the build script for common-library (line 41) and Utopia (line 86). However, run_external_build.sh clones the build_tools_workflows repository if it doesn't exist (lines 25-33), which could lead to race conditions or conflicts if multiple dependencies try to build in parallel. Additionally, this creates a circular dependency where component_config.json references run_external_build.sh, which in turn reads component_config.json. Consider: 1) Documenting that builds must be sequential, not parallel, or 2) Restructuring to avoid the script cloning build_tools_workflows (since run_setup_dependencies.sh should handle this).

Copilot uses AI. Check for mistakes.
},
{
"name": "WebconfigFramework",
"repo": "https://github.com/rdkcentral/WebconfigFramework.git",
"branch": "develop",
"header_paths": [
{ "source": "include", "destination": "$HOME/usr/include/rdkb" }
],
"build": {
"type": "autotools",
"configure_flags": "CPPFLAGS=\"-I$HOME/usr/include/rdkb -I$HOME/usr/include/rdkb/rbus -I$HOME/usr/local/include -I$HOME/usr/include/rdkb/rtmessage\" LDFLAGS=\"-L$HOME/usr/local/lib -L$HOME/usr/lib\" LIBS=\"-lrbus -lrtMessage\""
}
},
{
"name": "libSyscallWrapper",
"repo": "https://github.com/rdkcentral/libSyscallWrapper.git",
"branch": "develop",
"header_paths": [
{ "source": "source", "destination": "$HOME/usr/include/rdkb" }
],
"build": {
"type": "autotools",
"configure_flags": "CPPFLAGS=\"-I$HOME/usr/include/rdkb\" LDFLAGS=\"-L$HOME/usr/local/lib\""
}
},
{
"name": "rdk-libunpriv",
"repo": "https://github.com/rdkcentral/rdk-libunpriv.git",
"branch": "develop",
"header_paths": [
{ "source": "source", "destination": "$HOME/usr/include/rdkb" }
]
},
{
"name": "Utopia",
"repo": "https://github.com/rdkcentral/utopia.git",
"branch": "develop",
"header_paths": [
{ "source": "include", "destination": "$HOME/usr/include/rdkb/utopia" },
{ "source": "source/include/utctx", "destination": "$HOME/usr/include/rdkb/utctx" }
],
"build": {
"type": "script",
"script": "cov_docker_script/run_external_build.sh"
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build configuration for the "Utopia" dependency references "cov_docker_script/run_external_build.sh" as the build script. However, this creates a circular dependency issue: run_external_build.sh is meant to be called from the build_tools_workflows repository to build external dependencies, but here it's being referenced as a script within a dependency being built. This will likely fail as the script path would need to exist within the Utopia repository, not this repository. Consider using the correct script path from build_tools_workflows or using "common_external_build.sh" directly.

Suggested change
"script": "cov_docker_script/run_external_build.sh"
"script": "cov_docker_script/common_external_build.sh"

Copilot uses AI. Check for mistakes.
}
Comment on lines 83 to 87
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue as with common-library dependency at lines 39-42. The build configuration references "cov_docker_script/run_external_build.sh" which may cause conflicts if run_setup_dependencies.sh has already cloned build_tools_workflows, or create race conditions if dependencies build in parallel.

Suggested change
],
"build": {
"type": "script",
"script": "cov_docker_script/run_external_build.sh"
}
]

Copilot uses AI. Check for mistakes.
}
]
},

Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a trailing comma after the closing brace of the "dependencies" object. While many JSON parsers are lenient and accept trailing commas, this is technically invalid according to the JSON specification and could cause parsing errors in strict JSON parsers. Remove the comma on this line.

Copilot uses AI. Check for mistakes.
"native_component": {
"_comment": "Configuration for the main component being built",
"name": "xdns",
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The component name in this configuration is "xdns" (line 94) but the PR title mentions "RDKB-63009 RDKB-63010" without mentioning the XDNS component name. Additionally, this appears to be in a repository that should be named consistently with the component. Please verify this is the correct component name for this repository.

Copilot uses AI. Check for mistakes.
"include_path": "$HOME/usr/include/rdkb/",
"lib_output_path": "$HOME/usr/local/lib/",
Comment on lines +95 to +96
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All paths throughout the configuration use "$HOME" for constructing include and library paths (e.g., lines 14, 95, 96). While this provides flexibility, it assumes HOME is properly set in the build environment. In containerized builds or CI environments, this might not always point to the expected location. Consider documenting this requirement or adding validation in the build scripts to ensure HOME is set correctly before proceeding with the build.

Copilot uses AI. Check for mistakes.
"build": {
"type": "autotools",
"configure_options_file": "cov_docker_script/configure_options.conf"
}
}
}
137 changes: 137 additions & 0 deletions cov_docker_script/configure_options.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
# MoCA Agent Configure Options
# This file contains autotools configure options for the moca-agent component
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The header comment says this file is for the 'moca-agent' component, but this PR configures a native build for the XDNS component. Please update the header/comments to match XDNS to avoid confusion when maintaining these build flags.

Suggested change
# MoCA Agent Configure Options
# This file contains autotools configure options for the moca-agent component
# XDNS Configure Options
# This file contains autotools configure options for the XDNS component

Copilot uses AI. Check for mistakes.
# Each section can be edited independently for better maintainability

# ============================================================================
# CPPFLAGS - Preprocessor flags (includes and defines)
# ============================================================================
[CPPFLAGS]
# Autotools configuration
-DHAVE_CONFIG_H

# Include paths
-I$HOME/usr/include/rdkb/
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script uses "$HOME" variable in multiple paths (lines 13-14, 135), but this assumes HOME is set in the build environment. While this is typically true, in containerized or CI environments, HOME might not be set as expected. Consider verifying that HOME is set or using a more explicit path variable that's controlled by the build system.

Suggested change
-I$HOME/usr/include/rdkb/
-I${HOME:?HOME environment variable is not set}/usr/include/rdkb/

Copilot uses AI. Check for mistakes.
-I$HOME/usr/include/rdkb/rbus
-I/usr/include/dbus-1.0
-I/usr/lib/x86_64-linux-gnu/dbus-1.0/include
Comment on lines 13 to 15
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CPPFLAGS section uses $HOME to reference user home directory paths (e.g., lines 13-14, 135), but this may not work reliably in all build environments, particularly containerized builds. The $HOME variable expansion depends on when and how it's processed. Consider: 1) Documenting the expected $HOME value for the build environment, or 2) Using a more explicit build-time variable that's set by the build system, or 3) Verifying that the build scripts properly expand $HOME before passing these flags to the configure script.

Copilot uses AI. Check for mistakes.

# Core system defines
-DSAFEC_DUMMY_API
-D_COSA_HAL_
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to line 31, the flag '-U_COSA_SIM_' explicitly undefines a macro without a prior definition in this configuration. While this might be defensive programming to ensure simulation mode is disabled, consider adding a comment explaining the intent.

Suggested change
-D_COSA_HAL_
-D_COSA_HAL_
# Explicitly undefine simulation mode macro to ensure non-sim build, even if defined elsewhere

Copilot uses AI. Check for mistakes.
-U_COSA_SIM_
-DCONFIG_SYSTEM_MOCA

# ANSC framework defines
-D_ANSC_LINUX
-D_ANSC_USER
-D_ANSC_LITTLE_ENDIAN_
-D_ANSC_USE_OPENSSL_
-D_ANSC_AES_USED_
-D_NO_ANSC_ZLIB_
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The flag '-U_ANSC_IPV6_COMPATIBLE_' on line 31 undefines this macro, but there's no corresponding '-D' definition for it in the list. This is intentional to ensure IPv6 compatibility is disabled, but it's unusual to explicitly undefine something that was never defined. Consider adding a comment explaining why this specific macro needs to be explicitly undefined, or verify if this is actually necessary.

Suggested change
-D_NO_ANSC_ZLIB_
-D_NO_ANSC_ZLIB_
# Explicitly undefine ANSC IPv6 compatibility to ensure it is disabled,
# even if defined by global, toolchain, or shared build flags.

Copilot uses AI. Check for mistakes.
-U_ANSC_IPV6_COMPATIBLE_

# CCSP/Component defines
-D_CCSP_CWMP_TCP_CONNREQ_HANDLER
-D_DSLH_STUN_
-D_NO_PKI_KB5_SUPPORT
-D_BBHM_SSE_FILE_IO
-DCCSP_SUPPORT_ENABLED

# Product/Platform defines
-D_COSA_INTEL_USG_ARM_
-D_COSA_FOR_COMCAST_
-D_COSA_BCM_ARM_
-D_XB6_PRODUCT_REQ_
-D_XB7_PRODUCT_REQ_
-D_XB8_PRODUCT_REQ_
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Multiple product/platform macros that are typically mutually exclusive are defined simultaneously. This makes the native build configuration hard to reason about and can enable unintended compile-time paths. Consider splitting these into per-target option sets (or selecting a single platform/product via a variable in the build scripts) instead of enabling all of them at once.

Suggested change
-D_COSA_INTEL_USG_ARM_
-D_COSA_FOR_COMCAST_
-D_COSA_BCM_ARM_
-D_XB6_PRODUCT_REQ_
-D_XB7_PRODUCT_REQ_
-D_XB8_PRODUCT_REQ_
# NOTE:
# The following macros represent mutually exclusive platform/product
# combinations. Only enable the ones that match the target you are
# building for. By default, we build for the BCM ARM XB8 profile.
#
# Platform selection (choose exactly one):
# -D_COSA_INTEL_USG_ARM_ # Intel USG ARM platform
# -D_COSA_FOR_COMCAST_ # Generic Comcast platform profile
-D_COSA_BCM_ARM_ # Broadcom ARM platform (default)
#
# Product selection (choose exactly one):
# -D_XB6_PRODUCT_REQ_ # XB6 product requirements
# -D_XB7_PRODUCT_REQ_ # XB7 product requirements
-D_XB8_PRODUCT_REQ_ # XB8 product requirements (default)

Copilot uses AI. Check for mistakes.

# Vendor/Customer configuration
-DCONFIG_VENDOR_CUSTOMER_COMCAST
-DCONFIG_CISCO_HOTSPOT

# Security and debugging
-DENABLE_SA_KEY
-D_NO_EXECINFO_H_
-D_DEBUG
-DINCLUDE_BREAKPAD

# System features
-DFEATURE_SUPPORT_RDKLOG
-DFEATURE_SUPPORT_SYSLOG
-DBUILD_WEB
-DUSE_NOTIFY_COMPONENT
-DNTPD_ENABLE
-DUTC_ENABLE
-DUTC_ENABLE_ATOM
-DXDNS_ENABLE

# Network features
-DENABLE_ETH_WAN
-DEROUTER_DHCP_OPTION_MTA
-DETH_4_PORTS
-D_2_5G_ETHERNET_SUPPORT_
-D_MACSEC_SUPPORT_
-D_BRIDGE_UTILS_BIN_
-DAUTOWAN_ENABLE
-DENABLE_WANMODECHANGE_NOREBOOT
-DFEATURE_RDKB_WAN_MANAGER
-DFEATURE_RDKB_CONFIGURABLE_WAN_INTERFACE
-DWAN_MANAGER_UNIFICATION_ENABLED
-DWAN_FAILOVER_SUPPORTED
-DGATEWAY_FAILOVER_SUPPORTED

# WiFi features
-D_ENABLE_BAND_STEERING_
-D_BEACONRATE_SUPPORT
-D_TRI_BAND_WIFI_
-D_WIFI_AX_SUPPORT_
-D_WIFI_CONSOLIDATED_STANDARDS_
-DWIFI_HAL_VERSION_3
-DFEATURE_SUPPORT_MESH
-DFEATURE_SUPPORT_WEBCONFIG
-DFEATURE_SUPPORT_INTERWORKING
-DFEATURE_SUPPORT_PASSPOINT
-DWIFI_STATS_DISABLE_SPEEDTEST_RUNNING
-DFEATURE_SUPPORT_RADIUSGREYLIST
-DFEATURE_SUPPORT_ACL_SELFHEAL
-DFEATURE_CSI
-DFEATURE_SUPPORT_ONBOARD_LOGGING
-DFEATURE_OFF_CHANNEL_SCAN_5G
-DRDK_ONEWIFI
-DWIFI_MANAGE_SUPPORTED

# Advanced features
-D_PSM_TRANS_RDK_TRIGG_
-D_CM_HIGHSPLIT_SUPPORTED_
-DFEATURE_RDKB_INTER_DEVICE_MANAGER
-DFEATURE_SUPPORT_MAPT_NAT46
-DMAPT_UNIFICATION_ENABLED
-DSPEED_BOOST_SUPPORTED
-DAMENITIES_NETWORK_ENABLED

# Test/Development
-DCOLUMBO_HWTEST

# Build system
-DRBUS_BUILD_FLAG_ENABLE

# Standard defines
-D_GNU_SOURCE
-D__USE_XOPEN

Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

__USE_XOPEN is a libc-internal feature test macro (glibc uses __USE_* internally) and should not be defined by applications. Prefer using standard feature test macros (for example _XOPEN_SOURCE with an explicit value) or remove this define if it isn't required.

Suggested change
-D__USE_XOPEN

Copilot uses AI. Check for mistakes.
# ============================================================================
# CFLAGS - Compiler flags
# ============================================================================
[CFLAGS]
-ffunction-sections
-fdata-sections
-fomit-frame-pointer
-fno-strict-aliasing

# ============================================================================
# LDFLAGS - Linker flags
# ============================================================================
[LDFLAGS]
-L$HOME/usr/local/lib/
-Wl,--allow-shlib-undefined
-Wl,--unresolved-symbols=ignore-all
51 changes: 51 additions & 0 deletions cov_docker_script/run_external_build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/usr/bin/env bash
set -e
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script is missing a copyright header. Other shell scripts in the repository (e.g., autogen.sh and source/test/run_ut.sh) include Apache 2.0 license headers with RDK Management copyright. For consistency and legal compliance, this script should include the same copyright and license header as used in other scripts in the codebase.

Copilot uses AI. Check for mistakes.

################################################################################
# External Build Wrapper Script
# Verifies build tools and runs common_external_build.sh
# Usage: ./run_external_build.sh
# Note: run_setup_dependencies.sh should be executed first
################################################################################

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
NATIVE_COMPONENT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
BUILD_TOOLS_REPO_URL="https://github.com/rdkcentral/build_tools_workflows"
BUILD_TOOLS_DIR="$NATIVE_COMPONENT_DIR/build_tools_workflows"

# Basic logging functions
log() { echo "[INFO] $*"; }
ok() { echo "[OK] $*"; }
err() { echo "[ERROR] $*" >&2; }

echo ""
echo "===== External Build Pipeline ====="
echo ""

# Clone build_tools_workflows if it doesn't exist
if [[ ! -d "$BUILD_TOOLS_DIR" ]]; then
log "build_tools_workflows not found, cloning repository..."
cd "$NATIVE_COMPONENT_DIR"
git clone -b develop "$BUILD_TOOLS_REPO_URL" || { err "Clone failed"; exit 1; }
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script clones build_tools_workflows from GitHub using the mutable develop branch and then relies on build scripts from that checkout. Without pinning to a specific commit or verifying integrity, an attacker who compromises or force-pushes the develop branch could run arbitrary code in your CI/build environment via common_external_build.sh. Consider pinning this dependency to a known-good commit or signed tag (or vendoring it) and/or adding integrity checks before executing scripts from the cloned repository.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to run_setup_dependencies.sh, this git clone command does not pin to a specific commit SHA or tag, relying instead on the 'develop' branch. This could lead to inconsistent builds or unexpected failures if the upstream repository changes. Consider pinning to a specific version for more reproducible builds.

Copilot uses AI. Check for mistakes.
ok "Repository cloned successfully"
else
log "build_tools_workflows already exists"
fi
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script clones the build_tools_workflows repository if it doesn't exist, but unlike run_native_build.sh, it doesn't clean up the directory after completion. This creates an inconsistency in cleanup behavior - run_native_build.sh cleans up build_tools_workflows (lines 46-49), but this script leaves it behind. Consider either: 1) Adding cleanup at the end of this script for consistency, or 2) Documenting why cleanup is handled differently for external builds vs native builds.

Copilot uses AI. Check for mistakes.

if [[ ! -f "$BUILD_TOOLS_DIR/cov_docker_script/common_external_build.sh" ]]; then
err "common_external_build.sh not found in build_tools_workflows. Please run run_setup_dependencies.sh first."
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message states "Please run run_setup_dependencies.sh first", but this script actually clones the repository itself at lines 25-33 if it doesn't exist. This makes the error message misleading - if the directory exists but the script is missing, it suggests running run_setup_dependencies.sh, but that script won't help since the directory already exists and won't be re-cloned. Consider either: 1) Removing the self-cloning logic and truly requiring run_setup_dependencies.sh to be run first, or 2) Changing the error message to reflect that the cloned repository is missing expected files.

Suggested change
err "common_external_build.sh not found in build_tools_workflows. Please run run_setup_dependencies.sh first."
err "common_external_build.sh not found in build_tools_workflows. The repository may be incomplete or out of date. Please delete '$BUILD_TOOLS_DIR' and rerun this script, or run run_setup_dependencies.sh to re-fetch the build_tools_workflows dependencies."

Copilot uses AI. Check for mistakes.
exit 1
fi

log "Build script found, proceeding with build..."

# Run common_external_build.sh from build_tools_workflows
echo ""
log "Running common_external_build.sh from build_tools_workflows..."
cd "$NATIVE_COMPONENT_DIR"
"$BUILD_TOOLS_DIR/cov_docker_script/common_external_build.sh" "$SCRIPT_DIR/component_config.json" "$NATIVE_COMPONENT_DIR"
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a trailing space after the second argument on this line. While this won't cause functional issues, it's inconsistent with run_native_build.sh line 41 which doesn't have trailing whitespace in the equivalent command invocation.

Suggested change
"$BUILD_TOOLS_DIR/cov_docker_script/common_external_build.sh" "$SCRIPT_DIR/component_config.json" "$NATIVE_COMPONENT_DIR"
"$BUILD_TOOLS_DIR/cov_docker_script/common_external_build.sh" "$SCRIPT_DIR/component_config.json" "$NATIVE_COMPONENT_DIR"

Copilot uses AI. Check for mistakes.

echo ""
ok "External build completed successfully!"

echo ""
51 changes: 51 additions & 0 deletions cov_docker_script/run_native_build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/usr/bin/env bash
set -e
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script is missing a copyright header. Other shell scripts in the repository (e.g., autogen.sh and source/test/run_ut.sh) include Apache 2.0 license headers with RDK Management copyright. For consistency and legal compliance, this script should include the same copyright and license header as used in other scripts in the codebase.

Copilot uses AI. Check for mistakes.

################################################################################
# Native Build Wrapper Script
# Verifies build tools and runs build_native.sh
# Usage: ./run_native_build.sh
# Note: run_setup_dependencies.sh should be executed first
################################################################################

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
NATIVE_COMPONENT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
BUILD_TOOLS_DIR="$NATIVE_COMPONENT_DIR/build_tools_workflows"

# Basic logging functions
log() { echo "[INFO] $*"; }
ok() { echo "[OK] $*"; }
err() { echo "[ERROR] $*" >&2; }

echo ""
echo "===== Native Build Pipeline ====="
echo ""

# Verify build_tools_workflows exists (should be cloned by run_setup_dependencies.sh)
if [[ ! -d "$BUILD_TOOLS_DIR" ]]; then
err "build_tools_workflows directory not found. Please run run_setup_dependencies.sh first."
exit 1
fi

if [[ ! -f "$BUILD_TOOLS_DIR/cov_docker_script/build_native.sh" ]]; then
err "build_native.sh not found in build_tools_workflows. Please run run_setup_dependencies.sh first."
exit 1
fi

log "Build script found, proceeding with build..."

# Run build_native.sh from build_tools_workflows
echo ""
log "Running build_native.sh from build_tools_workflows..."
cd "$NATIVE_COMPONENT_DIR"
"$BUILD_TOOLS_DIR/cov_docker_script/build_native.sh" "$SCRIPT_DIR/component_config.json" "$NATIVE_COMPONENT_DIR"

echo ""
ok "Native build completed successfully!"

# Cleanup build_tools_workflows directory
log "Cleaning up build_tools_workflows directory..."
rm -rf "$BUILD_TOOLS_DIR"
ok "Cleanup completed"
Copy link

Copilot AI Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cleanup step removes the build_tools_workflows directory immediately after the build completes. If the build fails or needs to be debugged, this directory and its logs would be lost. Consider: 1) Only cleaning up on successful build completion, or 2) Making cleanup optional via an environment variable, or 3) Documenting that the directory should be preserved for debugging failed builds. This is especially important since the error suggests running run_setup_dependencies.sh first (line 26), which implies the directory should persist between script runs.

Suggested change
# Cleanup build_tools_workflows directory
log "Cleaning up build_tools_workflows directory..."
rm -rf "$BUILD_TOOLS_DIR"
ok "Cleanup completed"
# Cleanup build_tools_workflows directory unless preservation is requested
if [[ -n "${PRESERVE_BUILD_TOOLS:-}" ]]; then
log "PRESERVE_BUILD_TOOLS is set; skipping cleanup of build_tools_workflows directory."
else
log "Cleaning up build_tools_workflows directory..."
rm -rf "$BUILD_TOOLS_DIR"
ok "Cleanup completed"
fi

Copilot uses AI. Check for mistakes.

echo ""
Loading
Loading