Conversation
Tag 5.0.1 Release
This version is released from HEAD main and contain changes regarding UserPreferences to UserSettings switch.
…hanges based on 8.4.1.0 MW release
RDKEAPPRT-434 : Resolve build failure in Application layer with the changes based on 8.4.1.0 MW release
RDKEAPPRT-500 To update the package revision and residentui.bb
There was a problem hiding this comment.
Pull request overview
This pull request prepares Release 5.1.0 of the meta-application-rdke-dev layer, updating core application packages and modifying Mosquitto MQTT broker configuration handling.
Key changes include:
- Updated dab-adapter from version 0.7.0 to 0.8.0-dev with new upstream commit
- Updated rdkresidentapp and residentui packages to version 5.0.20
- Modified Mosquitto broker configuration approach from file removal to in-place sed modifications
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| recipes-thirdparty/mosquitto/mosquitto_%.bbappend | Changed to modify mosquitto.conf with sed instead of removing it; enables anonymous access and root user |
| recipes-thirdparty/dab-adapter/files/mosquitto.conf | Removed custom mosquitto.conf file (904 lines) as configuration now handled via bbappend |
| recipes-thirdparty/dab-adapter/dab-adapter.inc | Removed mosquitto.conf installation logic and deprecated variable syntax |
| recipes-thirdparty/dab-adapter/dab-adapter.bb | Updated to dab-adapter 0.8.0-dev with new SRCREV and commit hash |
| recipes-core/packagegroups/packagegroup-application-layer.bb | Version bump from 5.0.1 to 5.1.0 |
| recipes-apps/residentui/residentui.bb | Updated SHA256 checksum for new release tarball |
| conf/machine/include/package_revisions.inc | Updated version and SRCREV for rdkresidentapp, residentui, and dab-adapter |
| CHANGELOG.md | Added release notes for version 5.1.0 with PR references and commit links |
Comments suppressed due to low confidence (2)
recipes-thirdparty/mosquitto/mosquitto_%.bbappend:4
- The mosquitto broker is configured to allow anonymous connections without authentication and to run as the root user. This creates significant security vulnerabilities:
allow_anonymous true- Anyone can connect to the broker without credentialsuser root- Running as root violates the principle of least privilege
These settings should only be used in development/testing environments. For production systems, consider:
- Requiring authentication with username/password
- Running mosquitto as a dedicated unprivileged user (e.g., 'mosquitto')
- Implementing proper ACL controls
if [ -f "${D}${sysconfdir}/mosquitto/mosquitto.conf" ]; then
sed -i 's/# allow_anonymous$/allow_anonymous true/' ${D}${sysconfdir}/mosquitto/mosquitto.conf
sed -i 's/#user mosquitto/user root/' ${D}${sysconfdir}/mosquitto/mosquitto.conf
recipes-thirdparty/dab-adapter/dab-adapter.bb:402
- Two consecutive blank lines have been added here without any apparent purpose. This appears to be unintentional whitespace that should be removed to maintain clean formatting.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| rm -f ${D}${sysconfdir}/mosquitto/mosquitto.conf | ||
| fi | ||
| if [ -f "${D}${sysconfdir}/mosquitto/mosquitto.conf" ]; then | ||
| sed -i 's/# allow_anonymous$/allow_anonymous true/' ${D}${sysconfdir}/mosquitto/mosquitto.conf |
There was a problem hiding this comment.
The sed pattern 's/# allow_anonymous$/allow_anonymous true/' requires an exact match with '# allow_anonymous' at the end of the line. If the mosquitto.conf file has trailing whitespace or a different comment format (e.g., '#allow_anonymous' without space), this pattern will silently fail to match and the configuration won't be updated. Consider using a more robust pattern like 's/^[[:space:]]*#[[:space:]]allow_anonymous.$/allow_anonymous true/' to handle variations in whitespace and comments.
| sed -i 's/# allow_anonymous$/allow_anonymous true/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | |
| sed -i 's/^[[:space:]]*#[[:space:]]*allow_anonymous.*$/allow_anonymous true/' ${D}${sysconfdir}/mosquitto/mosquitto.conf |
| if [ -f "${D}${sysconfdir}/mosquitto/mosquitto.conf" ]; then | ||
| sed -i 's/# allow_anonymous$/allow_anonymous true/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | ||
| sed -i 's/#user mosquitto/user root/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | ||
| sed -i 's/#listener$/listener 1883/' ${D}${sysconfdir}/mosquitto/mosquitto.conf |
There was a problem hiding this comment.
The sed pattern 's/#listener$/listener 1883/' only matches lines ending with '#listener' exactly. If the default mosquitto.conf has a different comment format or additional text (e.g., '#listener port-number'), the substitution will fail silently. Consider a more flexible pattern like 's/^[[:space:]]*#[[:space:]]listener.$/listener 1883/' to handle various comment formats.
| sed -i 's/#listener$/listener 1883/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | |
| sed -i 's/^[[:space:]]*#[[:space:]]*listener.*$/listener 1883/' ${D}${sysconfdir}/mosquitto/mosquitto.conf |
| sed -i 's/# allow_anonymous$/allow_anonymous true/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | ||
| sed -i 's/#user mosquitto/user root/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | ||
| sed -i 's/#listener$/listener 1883/' ${D}${sysconfdir}/mosquitto/mosquitto.conf |
There was a problem hiding this comment.
This recipe modifies mosquitto.conf at install time to set allow_anonymous true, change user to root, and un-comment a listener 1883, which together expose an unauthenticated MQTT broker running as root on the default TCP port. Any client able to reach port 1883 can connect without credentials and publish/subscribe, and any vulnerability in mosquitto or its plugins would then lead to full root compromise of the device. Please keep mosquitto running as an unprivileged user, disable or tightly scope anonymous access, and require proper authentication/ACLs before enabling a listener reachable from untrusted networks.
| sed -i 's/# allow_anonymous$/allow_anonymous true/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | |
| sed -i 's/#user mosquitto/user root/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | |
| sed -i 's/#listener$/listener 1883/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | |
| sed -i 's/# allow_anonymous$/allow_anonymous false/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | |
| sed -i 's/#user mosquitto/user mosquitto/' ${D}${sysconfdir}/mosquitto/mosquitto.conf | |
| sed -i 's/#listener$/listener 1883 127.0.0.1/' ${D}${sysconfdir}/mosquitto/mosquitto.conf |
3 participants
No description provided.