From 8ce2fddc7f5a9abe3cc9a718e9398b54197b0efa Mon Sep 17 00:00:00 2001 From: Gabriel Valcazar Date: Mon, 11 Mar 2024 18:28:08 +0100 Subject: [PATCH] build.sh: fix error when applying CVE layer In our previous commit, we changed the CVE scan class from "vigiles" to "digi_ccss" if we plan on building images with the CVE layer. However, we make this change in conf/local.conf and then run "bitbake-layers add-layer" to add said layer. Since the bbclass is exclusive to the CVE layer, bitbake isn't able to recognize it and fails. Add the CVE layer to the project before adding the Vigiles configuration template to conf/local.conf. Signed-off-by: Gabriel Valcazar --- sdk/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/build.sh b/sdk/build.sh index d6c0fc3aa..5bb1e5455 100755 --- a/sdk/build.sh +++ b/sdk/build.sh @@ -281,6 +281,8 @@ for platform in ${DY_PLATFORMS}; do if [ "${DY_MFG_IMAGE}" = "true" ] && ! grep -qs "meta-digi-mfg" conf/bblayers.conf; then sed -i -e "/meta-digi-dey/a\ ${YOCTO_INST_DIR}/sources/meta-digi-mfg \\\\" conf/bblayers.conf fi + # Apply CVE layer if needed (do so before potentially inheriting "digi_ccss" to avoid errors) + [ "${DY_USE_CVE_LAYER}" = "true" ] && bitbake-layers add-layer ${YOCTO_INST_DIR}/sources/meta-digi-security # If we want to generate a CVE report, update conf/local.conf if [ "${DY_CVE_REPORT}" = "true" ]; then # Build Vigiles config path using platform and patch status @@ -292,8 +294,6 @@ for platform in ${DY_PLATFORMS}; do [ ! -f "${VIGILES_CONF_PATH}" ] && error "Cannot find Vigiles config file ${VIGILES_CONF_PATH}" printf "%s" "${VIGILES_CFG}" | sed -e "s,##VIGILES_CONF_PATH##,${VIGILES_CONF_PATH},g" -e "s,##VIGILES_BBCLASS##,${bbclass},g" >> conf/local.conf fi - # Apply CVE layer if needed - [ "${DY_USE_CVE_LAYER}" = "true" ] && bitbake-layers add-layer ${YOCTO_INST_DIR}/sources/meta-digi-security printf "\n[INFO] Show customized local.conf.\n" cat conf/local.conf