Re: [PATCH 1/3] cip-security: Add packages for IEC-62443-4-2 Evaluation.


Jan Kiszka
 

On 23.07.20 15:13, Venkata Pyla wrote:
Hi Jan,
sorry i am resending this mail
On Thu, Jul 23, 2020 at 04:07 PM, Jan Kiszka wrote:


On 21.07.20 10:16, Venkata Pyla wrote:
From: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>

Identified security packages are added to the target image
and that will be used for IEC-62443-4-2 evaluation

Signed-off-by: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
Signed-off-by: pvenkata2 <venkata.pyla@toshiba-tsip.com>
^^^^^^^^^
Can you configure your git to add you written name here as well? It's in
the email, yes, but it would be nicer to have it displayed as well.
sure, i didn't notice, it was missed in my git config

---
.../images/cip-core-image-security.bb | 37 +++++++++++++++++++
1 file changed, 37 insertions(+)
create mode 100644 recipes-core/images/cip-core-image-security.bb

diff --git a/recipes-core/images/cip-core-image-security.bb
b/recipes-core/images/cip-core-image-security.bb
new file mode 100644
index 0000000..8253952
--- /dev/null
+++ b/recipes-core/images/cip-core-image-security.bb
@@ -0,0 +1,37 @@
+#
+# A reference image which includes security packages
+#
+# Copyright (c) Toshiba Corporation, 2020
+#
+# Authors:
+# Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit image
+
+DESCRIPTION = "CIP Core image including security packages"
+
+# Use the same customizations as cip-core-image
That comment is not needed. It just creates the risk of becoming
outdated if cip-core-image decides to do something else.
Understood, i will modify and resend this patch series

+IMAGE_INSTALL += "customizations"
+
+# Debian packages that provide security features
+IMAGE_PREINSTALL += " \
+ openssl libssl1.1 \
+ fail2ban \
+ openssh-server openssh-sftp-server openssh-client \
+ syslog-ng-core syslog-ng-mod-journal \
+ aide aide-common \
+ libnftables0 nftables \
+ libpam-pkcs11 \
+ chrony \
+ tpm2-tools \
+ tpm2-abrmd \
+ libtss2-esys0 libtss2-udev \
+ libpam-cracklib \
+ acl \
+ libauparse0 audispd-plugins auditd \
+ uuid-runtime \
+ sudo \
+"
Can you close
https://gitlab.com/cip-project/cip-core/isar-cip-core/-/merge_requests/8
if this series obsoletes it?
I have rebased the branch and sent the patches over mail,
I think i should close this MR in gitlab, i will do that.

BTW, a cover letter would help structuring the patches together. And
please add a tag like "[isar-cip-core]" in order to clarify the series
target. That is all configurable in git format-patch/send-email.
Got it,
i was sending the patches to the community for the first time so i was missing some basic stuff.
next time i will do care of it,
thanks for showing patience on me
Don't worry. The submission looked fairly good otherwise, not like first-time!

BTW, I'm still ambivalent whether to do UI (MRs) or cip-dev based patch reviews for isar-cip-core. As contributions increase, you contributors need to express your preference. I'm used to both by now, I have troubles with both by now. However, we just need to consolidate over one system because we can't couple them reasonably.

And then we should document the current state of affairs, I know. There is a CONTRIBUTING guild missing for this repo.

Jan

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Join cip-dev@lists.cip-project.org to automatically receive all group messages.