On Mon, Jul 27, 2020 at 08:04 PM, Jan Kiszka wrote:
On 27.07.20 13:41, firstname.lastname@example.org wrote:
From: Kazuhiro Hayashi <email@example.com>b/recipes-core/images/cip-core-image-security.bb
Identified security packages are added to the target image
and that will be used for IEC-62443-4-2 evaluation
Signed-off-by: Kazuhiro Hayashi <firstname.lastname@example.org>
Signed-off-by: Venkata Pyla <email@example.com>
.../images/cip-core-image-security.bb | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
create mode 100644 recipes-core/images/cip-core-image-security.bb
diff --git a/recipes-core/images/cip-core-image-security.bb
new file mode 100644Still no CI for this. You can send that separately on top, the series
@@ -0,0 +1,36 @@
+# A reference image which includes security packages
+# Copyright (c) Toshiba Corporation, 2020
+# Kazuhiro Hayashi <firstname.lastname@example.org>
+# SPDX-License-Identifier: MIT
+DESCRIPTION = "CIP Core image including security packages"
+IMAGE_INSTALL += "customizations"
+# Debian packages that provide security features
+IMAGE_PREINSTALL += " \
+ openssl libssl1.1 \
+ fail2ban \
+ openssh-server openssh-sftp-server openssh-client \
+ syslog-ng-core syslog-ng-mod-journal \
+ aide aide-common \
+ libnftables0 nftables \
+ libpam-pkcs11 \
+ chrony \
+ tpm2-tools \
+ tpm2-abrmd \
+ libtss2-esys0 libtss2-udev \
+ libpam-cracklib \
+ acl \
+ libauparse0 audispd-plugins auditd \
+ uuid-runtime \
+ sudo \
looks fine otherwise.
To add security image in gitlab-ci.yml i need some suggestions...
in deploy-cip-core script that is used in gitlab-ci is expecting *.wic image for copying the files,
but because there is no wks file yet for QEMU it is not generating the image.
i think we should add wks file for the qemu target, can you guide me how to do that?
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux