Re: [PATCH 1/3] cip-security: Add packages for IEC-62443-4-2 Evaluation.


Venkata Pyla
 

Hi Jan,

On Thu, Jul 23, 2020 at 04:07 PM, Jan Kiszka wrote:

On 21.07.20 10:16, Venkata Pyla wrote: > From: Kazuhiro Hayashi kazuhiro3.hayashi@... > > Identified security packages are added to the target image > and that will be used for IEC-62443-4-2 evaluation > > Signed-off-by: Kazuhiro Hayashi kazuhiro3.hayashi@... > Signed-off-by: pvenkata2 venkata.pyla@... ^^^^^^^^^ Can you configure your git to add you written name here as well? It's in the email, yes, but it would be nicer to have it displayed as well.

sure, i didn't notice, it was missed in my git config


.../images/cip-core-image-security.bb | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 recipes-core/images/cip-core-image-security.bb

diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb new file mode 100644 index 0000000..8253952 --- /dev/null +++ b/recipes-core/images/cip-core-image-security.bb @@ -0,0 +1,37 @@ +# +# A reference image which includes security packages +# +# Copyright (c) Toshiba Corporation, 2020 +# +# Authors: +# Kazuhiro Hayashi kazuhiro3.hayashi@... +# +# SPDX-License-Identifier: MIT +# + +inherit image + +DESCRIPTION = "CIP Core image including security packages" + +# Use the same customizations as cip-core-image

That comment is not needed. It just creates the risk of becoming outdated if cip-core-image decides to do something else.

Understood, i will modify and resend this patch series.

+IMAGE_INSTALL += "customizations" + +# Debian packages that provide security features +IMAGE_PREINSTALL += " \ + openssl libssl1.1 \ + fail2ban \ + openssh-server openssh-sftp-server openssh-client \ + syslog-ng-core syslog-ng-mod-journal \ + aide aide-common \ + libnftables0 nftables \ + libpam-pkcs11 \ + chrony \ + tpm2-tools \ + tpm2-abrmd \ + libtss2-esys0 libtss2-udev \ + libpam-cracklib \ + acl \ + libauparse0 audispd-plugins auditd \ + uuid-runtime \ + sudo \ +"

Can you close https://gitlab.com/cip-project/cip-core/isar-cip-core/-/merge_requests/8 if this series obsoletes it? I have rebased the branch and sent the patches over mail, I think i should close this MR in gitlab, i will do that.

BTW, a cover letter would help structuring the patches together. And please add a tag like "[isar-cip-core]" in order to clarify the series target. That is all configurable in git format-patch/send-email.

Jan

-- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux

Join cip-dev@lists.cip-project.org to automatically receive all group messages.