Date   

Re: [cip-core] Package Proposal #2 (Minimum base packages in Debian)

Kazuhiro Hayashi
 

Hello Kudo-san,

 

Thank you for pointing this out.

I created the issue about this on CIP GitLab.

https://gitlab.com/cip-project/cip-core/cip-pkglist/issues/1

 

Best regards,

Kazu

 

From: cip-dev [mailto:cip-dev-bounces@...] On Behalf Of masashi.kudo@...
Sent: Monday, January 20, 2020 9:18 AM
To: cip-dev@...
Subject: Re: [cip-dev] [cip-core] Package Proposal #2 (Minimum base packages in Debian)

 

Hi, Kazu-san,

 

Agree on this proposal on behalf of Cybertrust.

 

BTW, libpam-runtime listed as a binary package of pam has a dependency on debconf. The debconf is shown twice. It does not affect the result, but if you have time, please double check the script..

 

Best regards,

--

M. Kudo


From: <kazuhiro3.hayashi@...>
Date: 2020
116() 17:25
Subject: [cip-dev] [cip-core] Package Proposal #2 (Minimum base packages in Debian)
To: <cip-dev@...>



Hello CIP Core members,

I created a simple package proposal for the packages that are installed in the "minimum base system" of Debian.
These packages are installed by
        $ debootstrap --variant=minbase buster ...

It consists of 58 source packages and 84 binary packages, including all run-time dependencies.

The common reason to propose:
"This package is included in the minimum base system of Debian (debootstrap --variant=minbase),
which is essential for all Debian binary package based systems"


I would like to start the "review" phase (Phase 2) of the attached package proposal.
https://gitlab.com/cip-project/cip-core/cip-pkglist/blob/master/doc/pdp.md#phase-2-proposal-review

Please reply with you opinion, agree or disagree.
If you cannot agree to add specific packages, please show the reasons as well.

Due Date: January 20th (The next TSC meeting)

We have only 2-3 working days for this review, but
I think it may be enough to agree or disagree the very simple reason above.
(We can extend this due date if more time required for reviews, please let me know if any requests)

Best regards,
Kazu
_______________________________________________
cip-dev mailing list
cip-dev@...
https://lists.cip-project.org/mailman/listinfo/cip-dev


RFC: Python version of CIP's maintenance target

Kazuhiro Hayashi
 

Hello,

Python 2.x has become EOL on January 1st.
In Debian 10 buster (and older versions), there are many packages that depend on python 2.7.
e.g. https://packages.debian.org/buster/trace-cmd

When CIP wants to support some packages that depend on python 2.7,
though there has not been such packages are proposed to CIP Core yet,
should we keep these dependencies on 2.7 or replace them?

There are several options to replace these dependencies:

* Replace the package that depends on 2.7 by newer packages that depends on python 3
e.g. Use a package in buster-backports
* Modify the package (create CIP custom package) to replace the dependency on 2.7 by 3
...

However, adding unnecessary changes to the existing Debian packages should be avoided.
Also, package versions included in Debian stable release (or older releases) are
basically fixed, so there is not so much concern about using python 2.7 packages
provided (and maintained) in Debian / Debian (E)LTS.

Any thoughts?

Best regards,
Kazu


Audio Transcription Service Provider

George Cooly <info@...>
 

Hello,

Do you need someone reliable to transcribe both your short term and long term projects? Or do you need an accurate transcript for your audio or video? 

Allow us to transcribe your audio and provide you accurate transcripts and let us help you reach your business/project goals through the help of our transcription services.

What are our goals with each transcript?
  • Speed
  • Accuracy
  • Confidentiality
Each transcript is properly formatted. Strict grammar and punctuation rules are adhered to and of course, file security is something we take very seriously. 

Have any transcription queries? Send me a message. Let's discuss what you need to get done. We will address any concerns you have. 
  • Professional transcription
  • Accurate and thorough
  • Beautifully transcribed documents.
  • Grammar, spelling and jargon thoroughly checked
We have transcribed audios & videos under various requirements such as :
  • Medical transcription
  • Technical
  • Academic
  • Lectures
  • Business
  • Groups
  • Legal
  • Research interviews
more...

Skilled with international accents and prompt response. Our pricing is better or comparable to individual service provider. In addition we also assist in APA Style formatting for research papers. Please note we don’t conduct research but assist only in formatting of the papers.

Regards,
George Cooly



Re: RESUME REQUEST: [cip-core] Package Proposal #1 (Security packages)

punit1.agrawal@...
 

Hello Yoshida-san,

Kento Yoshida <kento.yoshida.wz@renesas.com> writes:

Hello,

I would like to resume our proposal from security working group.
As you know, Kazu has modified the script to generate a proposal and posted the minimum base system proposal, and then I created the new proposal.

The difference from the original (rev01) proposal is below:
1. We remove 'duplicity', 'google-authenticator', 'pam-shield' and 'suricata' in the new proposal because they have an issue such as non-well maintained, python version, too much dependencies and so on. We'll separately propose them after solved these issues.
2. The new proposal shows all source package as flat. Thanks to the new script, Kazu!
3. Actually several packages overlap with the proposed packages for minimum base system in Debian, so I added comment them like that.

@kazuhiro3.hayashi@toshiba.co.jp,
Would you check this proposal and set the due date to review it?

Please reply if you have any comments or questions.
I have a comment about packages in the proposal that depend on hardware
/ system features -

* Some packages in the proposal depend on special purpose hardware to
provide their functionality. e.g., TPM.

In systems, where TPM is not present (or similar functionality is
provided by alternate mechanisms), the TPM related packages will not
be useful. e.g., the non-x86 platforms in the CIP reference hardware
list.

* Similarly, some packages require the system to be connected to the
network.

In both of these situations, I am wondering what is the impact on
compliance? Is there a need to also define minimal set of hardware
features expected from reference hardware to be able to meet compliance
requirements?

To help review the package list (and also discuss alternatives), it
would help to define the underlying functionality that is required in
more detail, e.g., secure key storage, verified boot, etc. It'll make it
possible review the proposal more concretely.

Thoughts?

Thanks,
Punit

[...]


Re: [PATCH 4.19.y-cip 00/12] Renesas RZ/G2E backport IPA support along with minor fixes

Pavel Machek
 

Hi!

I quickly reviewed the patches, and might have minor comments, but the
series look good.

Tests are currently running at

https://gitlab.com/cip-project/cip-kernel/linux-cip/tree/ci/pavel/li
nux-cip

If there are no objections and tests succeed, I can push the applied
series.
I reviewed this series, I have nothing to point out.
Thanks. I pushed the series to kernel.org.
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


Re: RT Testing

punit1.agrawal@...
 

Chris Paterson <Chris.Paterson2@renesas.com> writes:

Hello Punit,

From: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Sent: 17 January 2020 01:02

Hi Chris,

Just thinking out loud below so please bear with me if I'm just stating
the obvious.
Please do ??
Apologies for the confusion - I was referring to the inline comments
further down in the previous mail.

[...]


Re: [PATCH 4.19.y-cip 00/12] Renesas RZ/G2E backport IPA support along with minor fixes

Nobuhiro Iwamatsu
 

Hi,

-----Original Message-----
From: Pavel Machek [mailto:pavel@denx.de]
Sent: Friday, January 17, 2020 12:26 AM
To: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Cc: cip-dev@lists.cip-project.org; iwamatsu nobuhiro(岩松 信洋 ○SW
C□OST) <nobuhiro1.iwamatsu@toshiba.co.jp>; Pavel Machek
<pavel@denx.de>; Chris Paterson <chris.paterson2@renesas.com>
Subject: Re: [PATCH 4.19.y-cip 00/12] Renesas RZ/G2E backport IPA support
along with minor fixes

Hi!

I quickly reviewed the patches, and might have minor comments, but the
series look good.

Tests are currently running at

https://gitlab.com/cip-project/cip-kernel/linux-cip/tree/ci/pavel/li
nux-cip

If there are no objections and tests succeed, I can push the applied
series.
I reviewed this series, I have nothing to point out.

Best regards,
Nobuhiro


Re: [cip-core] Package Proposal #2 (Minimum base packages in Debian)

masashi.kudo@...
 

Hi, Kazu-san,

 

Agree on this proposal on behalf of Cybertrust.

 

BTW, libpam-runtime listed as a binary package of pam has a dependency on debconf. The debconf is shown twice. It does not affect the result, but if you have time, please double check the script..

 

Best regards,

--

M. Kudo


From: <kazuhiro3.hayashi@...>
Date: 2020
116() 17:25
Subject: [cip-dev] [cip-core] Package Proposal #2 (Minimum base packages in Debian)
To: <cip-dev@...>



Hello CIP Core members,

I created a simple package proposal for the packages that are installed in the "minimum base system" of Debian.
These packages are installed by
        $ debootstrap --variant=minbase buster ...

It consists of 58 source packages and 84 binary packages, including all run-time dependencies.

The common reason to propose:
"This package is included in the minimum base system of Debian (debootstrap --variant=minbase),
which is essential for all Debian binary package based systems"


I would like to start the "review" phase (Phase 2) of the attached package proposal.
https://gitlab.com/cip-project/cip-core/cip-pkglist/blob/master/doc/pdp.md#phase-2-proposal-review

Please reply with you opinion, agree or disagree.
If you cannot agree to add specific packages, please show the reasons as well.

Due Date: January 20th (The next TSC meeting)

We have only 2-3 working days for this review, but
I think it may be enough to agree or disagree the very simple reason above.
(We can extend this due date if more time required for reviews, please let me know if any requests)

Best regards,
Kazu
_______________________________________________
cip-dev mailing list
cip-dev@...
https://lists.cip-project.org/mailman/listinfo/cip-dev


Re: RESUME REQUEST: [cip-core] Package Proposal #1 (Security packages)

Jan Kiszka
 

On 17.01.20 14:14, kazuhiro3.hayashi@toshiba.co.jp wrote:
Hello Kent,
[...]
3. Actually several packages overlap with the proposed packages for minimum base system in Debian, so I added comment
them like that.
Thank you for taking time to check this...
In order to clearly show the differences of my proposal #2 and your proposal,
it might be better to create additional yml file where the duplicated packages are dropped.
I will try to create this data next week :)


@kazuhiro3.hayashi@toshiba.co.jp,
Would you check this proposal and set the due date to review it?
The proposal #2 is now proceeding in parallel so it's a bit difficult to decide
but how about setting it to Jan 27th?
As I'm not in the house next week, I will not be able to comment on the new list, nor vote. In any case, one week might be ok for a short, obvious list. But if we are talking about a list of dozens of packages, that will be too short.

Jan

Best regards,
Kazu


Please reply if you have any comments or questions.

Kind regards,
Kent

-----Original Message-----
From: kazuhiro3.hayashi@toshiba.co.jp <kazuhiro3.hayashi@toshiba.co.jp>
Sent: Friday, December 20, 2019 6:59 PM
To: jan.kiszka@siemens.com; Kento Yoshida <kento.yoshida.wz@renesas.com>;
cip-dev@lists.cip-project.org; dinesh.kumar@toshiba-tsip.com
Subject: RE: [cip-dev] [cip-core] Package Proposal #1 (Security packages)

Hello,

On 20.12.19 03:25, Kento Yoshida wrote:
Thank you for your feedback, Jan.

Why still chrony, why not simply systemd timers? Legacy?
We agree that systemd-timesyncd is sufficient for users who need only SNTP
client functionality.
The reason we want to add Chrony to our core packages is to support
various use cases, and because Chrony is recognized
by CII as being a superior secure NTP implementation.
https://www.coreinfrastructure.org/blogs/securing-network-time/

Since the CII aims to invest in core infrastructure, providing funding for
fundamental projects, I think "chrony"
would be more secure and sustainable.
Oops, I actually confused cron and chrony here. Interestingly, the
question "can't systemd do that?" remained valid :).

I agree to pick the more mature solution for this purpose.

suricata:
bin_pkgs:
suricata:
depends:
- dpkg
- python
- python-simplejson
I'm missing the new dependencies in the top-list. Didn't we agree on listing
them flat?
This, e.g., pulls python, currently even v2 - anything but a
trivial package. Or did I miss that we have this in
our list already?

@kazuhiro3.hayashi@toshiba.co.jp and @Dinesh Kumar, Do you need a
script modification to address this issue?
We need to reconsider the format of proposal.yml (and scripts as well).
It seems not to be reviewed enough.

Actually, proposals for run-time dependencies package of top-lists
are still in preparation and are under investigation
in the security working group.
The automatic outputs of the script have been used as it is for the
dependencies package displayed in this proposal.

We can only decide about package sets which have their runtime
dependencies already fulfilled with the existing package set (where is
that now, BTW?) or include these dependencies in the set.
I'm assuming the "existing package set" is the list of packages that are already
accepted by CIP.
If so, there is no such list because this is the first proposal.

Also, it's difficult for me to agree with the opinion that "all runtime dependencies
must be fullfilled with the existing package set" because
1) Some dependency (binary) packages are not functionally necessary
from the CIP's long-term support point of view (debconf,
debian-archive-keyring, etc.)
2) The list including all dependencies may become big for CIP's "OSBL"
(e.g. If following this, the security package proposal pulls around 90 packages
finally)

I only checked
suricata because of the outstanding python dependency, but there might
be more issue. This needs to be checked carefully again.
Yes, we need to share the concrete examples of packages, PDP steps, and the
format of yml.
I will prepare this and will share in the next week.

So, please suspend this proposal process until requirements of all members
become clear.

Kazu


Jan


Best regards,
Kent
-----Original Message-----
From: cip-dev <cip-dev-bounces@lists.cip-project.org> On Behalf Of
Jan Kiszka
Sent: Thursday, December 19, 2019 7:48 PM
To: kazuhiro3.hayashi@toshiba.co.jp; cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] [cip-core] Package Proposal #1 (Security
packages)

On 09.12.19 14:54, kazuhiro3.hayashi@toshiba.co.jp wrote:
Hello CIP Core members,

I would like to start the "review" phase (Phase 2) of the attached package
proposal.
https://gitlab.com/cip-project/cip-core/cip-pkglist/blob/master/doc
/pd
p.md#phase-2-proposal-review

The packages are proposed by CIP security WG to satisfy their required
features.
See the "reason" fields in the proposal for more details.

Please reply with you opinion, agree or disagree.
If you cannot agree to add specific packages, please show the reasons as well.

Due Date: December 23rd
(We can extend this due date if more time required for reviews,
please let me know if any requests)
[...]

chrony:
bin_pkgs:
chrony:
depends:
- init-system-helpers
- adduser
- iproute2
- lsb-base
- ucf
- libc6
- libcap2
- libedit2
- libnettle6
- libseccomp2
in_target: 'True'
n_cve: '10'
reason: For supporting IEC-62443-4-2 certification for CR 2.11, 2.11(1)
security_criteria: network::server, network::service
Why still chrony, why not simply systemd timers? Legacy?

suricata:
bin_pkgs:
suricata:
depends:
- dpkg
- python
- python-simplejson
I'm missing the new dependencies in the top-list. Didn't we agree on
listing them flat? This, e.g., pulls python,
currently even
v2 - anything but a trivial package. Or did I miss that we have this in our list
already?

Jan

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate
Competence Center Embedded Linux
_______________________________________________
cip-dev mailing list
cip-dev@lists.cip-project.org
https://lists.cip-project.org/mailman/listinfo/cip-dev
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux


Re: [cip-core] Package Proposal #2 (Minimum base packages in Debian)

Jan Kiszka
 

On 16.01.20 09:25, kazuhiro3.hayashi@toshiba.co.jp wrote:
Hello CIP Core members,
I created a simple package proposal for the packages that are installed in the "minimum base system" of Debian.
These packages are installed by
$ debootstrap --variant=minbase buster ...
It consists of 58 source packages and 84 binary packages, including all run-time dependencies.
The common reason to propose:
"This package is included in the minimum base system of Debian (debootstrap --variant=minbase),
which is essential for all Debian binary package based systems"
I would like to start the "review" phase (Phase 2) of the attached package proposal.
https://gitlab.com/cip-project/cip-core/cip-pkglist/blob/master/doc/pdp.md#phase-2-proposal-review
Please reply with you opinion, agree or disagree.
Looks good to us: agree.

Jan

If you cannot agree to add specific packages, please show the reasons as well.
Due Date: January 20th (The next TSC meeting)
We have only 2-3 working days for this review, but
I think it may be enough to agree or disagree the very simple reason above.
(We can extend this due date if more time required for reviews, please let me know if any requests)
Best regards,
Kazu
_______________________________________________
cip-dev mailing list
cip-dev@lists.cip-project.org
https://lists.cip-project.org/mailman/listinfo/cip-dev
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux


Audio Transcription Service Provider

Mew Andre <info@...>
 

Hello,

Do you need someone reliable to transcribe both your short term and long term projects? Or do you need an accurate transcript for your audio or video? 

Allow us to transcribe your audio and provide you accurate transcripts and let us help you reach your business/project goals through the help of our transcription services.

What are our goals with each transcript?
  • Speed
  • Accuracy
  • Confidentiality
Each transcript is properly formatted. Strict grammar and punctuation rules are adhered to and of course, file security is something we take very seriously. 

Have any transcription queries? Send me a message. Let's discuss what you need to get done. We will address any concerns you have. 
  • Professional transcription
  • Accurate and thorough
  • Beautifully transcribed documents.
  • Grammar, spelling and jargon thoroughly checked
We have transcribed audios & videos under various requirements such as :
  • Medical transcription
  • Technical
  • Academic
  • Lectures
  • Business
  • Groups
  • Legal
  • Research interviews
more...

Skilled with international accents and prompt response. Our pricing is better or comparable to individual service provider. In addition we also assist in APA Style formatting for research papers. Please note we don’t conduct research but assist only in formatting of the papers.

Regards,
Mew Andre

Unsubscribe


Re: RESUME REQUEST: [cip-core] Package Proposal #1 (Security packages)

Kazuhiro Hayashi
 

Hello Kent,

[...]
3. Actually several packages overlap with the proposed packages for minimum base system in Debian, so I added comment
them like that.
Thank you for taking time to check this...
In order to clearly show the differences of my proposal #2 and your proposal,
it might be better to create additional yml file where the duplicated packages are dropped.
I will try to create this data next week :)


@kazuhiro3.hayashi@toshiba.co.jp,
Would you check this proposal and set the due date to review it?
The proposal #2 is now proceeding in parallel so it's a bit difficult to decide
but how about setting it to Jan 27th?

Best regards,
Kazu


Please reply if you have any comments or questions.

Kind regards,
Kent

-----Original Message-----
From: kazuhiro3.hayashi@toshiba.co.jp <kazuhiro3.hayashi@toshiba.co.jp>
Sent: Friday, December 20, 2019 6:59 PM
To: jan.kiszka@siemens.com; Kento Yoshida <kento.yoshida.wz@renesas.com>;
cip-dev@lists.cip-project.org; dinesh.kumar@toshiba-tsip.com
Subject: RE: [cip-dev] [cip-core] Package Proposal #1 (Security packages)

Hello,

On 20.12.19 03:25, Kento Yoshida wrote:
Thank you for your feedback, Jan.

Why still chrony, why not simply systemd timers? Legacy?
We agree that systemd-timesyncd is sufficient for users who need only SNTP
client functionality.
The reason we want to add Chrony to our core packages is to support
various use cases, and because Chrony is recognized
by CII as being a superior secure NTP implementation.
https://www.coreinfrastructure.org/blogs/securing-network-time/

Since the CII aims to invest in core infrastructure, providing funding for
fundamental projects, I think "chrony"
would be more secure and sustainable.
Oops, I actually confused cron and chrony here. Interestingly, the
question "can't systemd do that?" remained valid :).

I agree to pick the more mature solution for this purpose.

suricata:
bin_pkgs:
suricata:
depends:
- dpkg
- python
- python-simplejson
I'm missing the new dependencies in the top-list. Didn't we agree on listing
them flat?
This, e.g., pulls python, currently even v2 - anything but a
trivial package. Or did I miss that we have this in
our list already?

@kazuhiro3.hayashi@toshiba.co.jp and @Dinesh Kumar, Do you need a
script modification to address this issue?
We need to reconsider the format of proposal.yml (and scripts as well).
It seems not to be reviewed enough.

Actually, proposals for run-time dependencies package of top-lists
are still in preparation and are under investigation
in the security working group.
The automatic outputs of the script have been used as it is for the
dependencies package displayed in this proposal.

We can only decide about package sets which have their runtime
dependencies already fulfilled with the existing package set (where is
that now, BTW?) or include these dependencies in the set.
I'm assuming the "existing package set" is the list of packages that are already
accepted by CIP.
If so, there is no such list because this is the first proposal.

Also, it's difficult for me to agree with the opinion that "all runtime dependencies
must be fullfilled with the existing package set" because
1) Some dependency (binary) packages are not functionally necessary
from the CIP's long-term support point of view (debconf,
debian-archive-keyring, etc.)
2) The list including all dependencies may become big for CIP's "OSBL"
(e.g. If following this, the security package proposal pulls around 90 packages
finally)

I only checked
suricata because of the outstanding python dependency, but there might
be more issue. This needs to be checked carefully again.
Yes, we need to share the concrete examples of packages, PDP steps, and the
format of yml.
I will prepare this and will share in the next week.

So, please suspend this proposal process until requirements of all members
become clear.

Kazu


Jan


Best regards,
Kent
-----Original Message-----
From: cip-dev <cip-dev-bounces@lists.cip-project.org> On Behalf Of
Jan Kiszka
Sent: Thursday, December 19, 2019 7:48 PM
To: kazuhiro3.hayashi@toshiba.co.jp; cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] [cip-core] Package Proposal #1 (Security
packages)

On 09.12.19 14:54, kazuhiro3.hayashi@toshiba.co.jp wrote:
Hello CIP Core members,

I would like to start the "review" phase (Phase 2) of the attached package
proposal.
https://gitlab.com/cip-project/cip-core/cip-pkglist/blob/master/doc
/pd
p.md#phase-2-proposal-review

The packages are proposed by CIP security WG to satisfy their required
features.
See the "reason" fields in the proposal for more details.

Please reply with you opinion, agree or disagree.
If you cannot agree to add specific packages, please show the reasons as well.

Due Date: December 23rd
(We can extend this due date if more time required for reviews,
please let me know if any requests)
[...]

chrony:
bin_pkgs:
chrony:
depends:
- init-system-helpers
- adduser
- iproute2
- lsb-base
- ucf
- libc6
- libcap2
- libedit2
- libnettle6
- libseccomp2
in_target: 'True'
n_cve: '10'
reason: For supporting IEC-62443-4-2 certification for CR 2.11, 2.11(1)
security_criteria: network::server, network::service
Why still chrony, why not simply systemd timers? Legacy?

suricata:
bin_pkgs:
suricata:
depends:
- dpkg
- python
- python-simplejson
I'm missing the new dependencies in the top-list. Didn't we agree on
listing them flat? This, e.g., pulls python,
currently even
v2 - anything but a trivial package. Or did I miss that we have this in our list
already?

Jan

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate
Competence Center Embedded Linux


Re: RT Testing

Chris Paterson
 

Hello Hayashi-san,

From: kazuhiro3.hayashi@toshiba.co.jp <kazuhiro3.hayashi@toshiba.co.jp>
Sent: 17 January 2020 01:41

Hello Chris,

Hello,
[...]
Do either of the CIP Core profiles include Python support?
At the moment, we've just started creating the supported package list, so I
cannot clearly say Yes.
However, at least, the both profiles can create an image including python
only
for testing
because the python packages are already provided in upstream projects (isar,
meta-debian).
Okay. I'm thinking that we aren't going to be able to escape having a separate
'testing' version of CIP-Core, based on
ISAR on the assumption that it has more supported packages then Deby.
The IRC log of yesterday: https://irclogs.baserock.org/cip/%23cip.2020-01-
16.log.html

Starting from isar-cip-core would be better if we need to install
various packages for the testing like build-essential.
Deby also can generate an image including enough dependencies
of simple basic suites like LTP, cyclictest, etc. though.

Also, I guess LAVA can install additional packages for testing
(from Debian apt repository or some package directories on S3)
to their standard image after they boot on the target device.
We don't need to provide a separate testing image in this case.
This is an option. I guess I've spent too long in the oe world without apt.
A key dependency here though is to make sure that the boards have a direct connection to the internet.



Or not use CIP-Core for testing the Kernel as punit suggested ??
Personally, I would like to use CIP-Core image(s) for the kernel testing.
I have no concern about providing packages only for testing
as long as CIP is not responsible to maintain them.
Okay.

I'll try and run a test using CIP-Core + apt and go from there.

Kind regards, Chris




Whether CIP Core provides Python packages or not depends on
what kind of packages will be proposed (requested) by CIP WGs in future.
Currently, several packages which depend on Python packages would be
included in the next proposal from security WG (under review now).

BTW, it would be better to confirm which Python version (2.7 or 3) that
cyclictest.sh depends on.
Do you know anything about this?
Either version (thanks Daniel).
Thank you for your confirmation.


Presumably we'd want to target Python 3 though if that's what the world is
moving to?

I think this is one of the important topics to be discussed in CIP Core.
I agree with your idea (target on Python 3), but there are still
some packages in Debian buster that have a run-time dependency on python
2.7, unfortunately.
I would like to create another thread to think about this topic later :)

Best regards,
Kazu



Kind regards, Chris


Kazu


Linaro test-definitions [2] have the following tests marked within the
preempt-
rt scope:
cyclicdeadline/cyclicdeadline.yaml
pmqtest/pmqtest.yaml
rt-migrate-test/rt-migrate-test.yaml
cyclictest/cyclictest.yaml
svsematest/svsematest.yaml
pi-stress/pi-stress.yaml
signaltest/signaltest.yaml
ptsematest/ptsematest.yaml
sigwaittest/sigwaittest.yaml
hackbench/hackbench.yaml
ltp-realtime/ltp-realtime.yaml

Which of the above would be valuable to run on CIP RT Kernels?

A while back Daniel Wagner also did some work on a Jitterdebugger test
[3],
but it hasn't been merged yet and I'm not
sure what the current status is. Any updates Daniel?

Is anyone able to provide RT config/defconfigs for the x86 and arm boards
in
the Mentor lab? Or BBB, QEMU etc.? (assuming
that the hardware is suitable).


[0]
https://github.com/Linaro/test-
definitions/commit/4b5c46f275632932b3045f2ee16ad9cae5bb482d#diff-
c724b852b75aefda2cc3
505c4517828dR50
[1] https://s3-us-west-2.amazonaws.com/download.cip-project.org/cip-
core/iwg20m/core-image-minimal-iwg20m.tar.gz
[2] https://github.com/Linaro/test-
definitions/blob/master/automated/linux
[3] https://github.com/igaw/test-definitions/blob/preempt-
rt/automated/linux/jitterdebugger/jitterdebugger.yaml

Kind regards, Chris


Re: RT Testing

Chris Paterson
 

Hello Punit,

From: Punit Agrawal <punit1.agrawal@toshiba.co.jp>
Sent: 17 January 2020 01:02

Hi Chris,

Just thinking out loud below so please bear with me if I'm just stating
the obvious.
Please do ??


Chris Paterson <Chris.Paterson2@renesas.com> writes:

Hello,

From: kazuhiro3.hayashi@toshiba.co.jp <kazuhiro3.hayashi@toshiba.co.jp>
Sent: 16 January 2020 06:55

Hello Chris,

Thank you for your updates!

Hello Pavel, Hayashi-san, Jan, Daniel,
[...]

Currently there is an issue with the way that the cyclic test case results are
shown (i.e. they aren't) in LAVA due to
a change [0] made to Linaro's cyclictest.sh.
That means that the test parsing now depends on Python, which isn't
included
in the cip-core RFS [1] that is currently
being used.

Do either of the CIP Core profiles include Python support?
At the moment, we've just started creating the supported package list, so I
cannot clearly say Yes.
However, at least, the both profiles can create an image including python
only
for testing
because the python packages are already provided in upstream projects (isar,
meta-debian).
Okay. I'm thinking that we aren't going to be able to escape having a
separate 'testing' version of CIP-Core, based on ISAR on the
assumption that it has more supported packages then Deby.

Or not use CIP-Core for testing the Kernel as punit suggested ??
I think CIP-core shouldn't be thought of as a complete filesystem, but
the base components that should exist as part of any CIP system.

As it is, it's unlikely that any real product will need only the
functionality provided by CIP core.
True.


If that makes sense, then we should make it easy to create derived
images / filesystems that include additional software as needed for the
task at hand, e.g., testing CIP kernels.
Good point, agreed.


In addition, there is a need to test the functionality provided by the
core components, i.e., CIP-core packages along with relevant kernels on
supported devices. As yet, I don't think these tests exist (or even
defined).
This is something we do indeed need to do.

Thanks, Chris


But I'm new to the project so am very likely missing things.

Thanks,
Punit

[...]


RESUME REQUEST: [cip-core] Package Proposal #1 (Security packages)

Kento Yoshida
 

Hello,

I would like to resume our proposal from security working group.
As you know, Kazu has modified the script to generate a proposal and posted the minimum base system proposal, and then I created the new proposal.

The difference from the original (rev01) proposal is below:
1. We remove 'duplicity', 'google-authenticator', 'pam-shield' and 'suricata' in the new proposal because they have an issue such as non-well maintained, python version, too much dependencies and so on. We'll separately propose them after solved these issues.
2. The new proposal shows all source package as flat. Thanks to the new script, Kazu!
3. Actually several packages overlap with the proposed packages for minimum base system in Debian, so I added comment them like that.

@kazuhiro3.hayashi@toshiba.co.jp,
Would you check this proposal and set the due date to review it?

Please reply if you have any comments or questions.

Kind regards,
Kent

-----Original Message-----
From: kazuhiro3.hayashi@toshiba.co.jp <kazuhiro3.hayashi@toshiba.co.jp>
Sent: Friday, December 20, 2019 6:59 PM
To: jan.kiszka@siemens.com; Kento Yoshida <kento.yoshida.wz@renesas.com>;
cip-dev@lists.cip-project.org; dinesh.kumar@toshiba-tsip.com
Subject: RE: [cip-dev] [cip-core] Package Proposal #1 (Security packages)

Hello,

On 20.12.19 03:25, Kento Yoshida wrote:
Thank you for your feedback, Jan.

Why still chrony, why not simply systemd timers? Legacy?
We agree that systemd-timesyncd is sufficient for users who need only SNTP
client functionality.
The reason we want to add Chrony to our core packages is to support
various use cases, and because Chrony is recognized
by CII as being a superior secure NTP implementation.
https://www.coreinfrastructure.org/blogs/securing-network-time/

Since the CII aims to invest in core infrastructure, providing funding for
fundamental projects, I think "chrony"
would be more secure and sustainable.
Oops, I actually confused cron and chrony here. Interestingly, the
question "can't systemd do that?" remained valid :).

I agree to pick the more mature solution for this purpose.

suricata:
bin_pkgs:
suricata:
depends:
- dpkg
- python
- python-simplejson
I'm missing the new dependencies in the top-list. Didn't we agree on listing
them flat?
This, e.g., pulls python, currently even v2 - anything but a
trivial package. Or did I miss that we have this in
our list already?

@kazuhiro3.hayashi@toshiba.co.jp and @Dinesh Kumar, Do you need a
script modification to address this issue?
We need to reconsider the format of proposal.yml (and scripts as well).
It seems not to be reviewed enough.

Actually, proposals for run-time dependencies package of top-lists
are still in preparation and are under investigation
in the security working group.
The automatic outputs of the script have been used as it is for the
dependencies package displayed in this proposal.

We can only decide about package sets which have their runtime
dependencies already fulfilled with the existing package set (where is
that now, BTW?) or include these dependencies in the set.
I'm assuming the "existing package set" is the list of packages that are already
accepted by CIP.
If so, there is no such list because this is the first proposal.

Also, it's difficult for me to agree with the opinion that "all runtime dependencies
must be fullfilled with the existing package set" because
1) Some dependency (binary) packages are not functionally necessary
from the CIP's long-term support point of view (debconf,
debian-archive-keyring, etc.)
2) The list including all dependencies may become big for CIP's "OSBL"
(e.g. If following this, the security package proposal pulls around 90 packages
finally)

I only checked
suricata because of the outstanding python dependency, but there might
be more issue. This needs to be checked carefully again.
Yes, we need to share the concrete examples of packages, PDP steps, and the
format of yml.
I will prepare this and will share in the next week.

So, please suspend this proposal process until requirements of all members
become clear.

Kazu


Jan


Best regards,
Kent
-----Original Message-----
From: cip-dev <cip-dev-bounces@lists.cip-project.org> On Behalf Of
Jan Kiszka
Sent: Thursday, December 19, 2019 7:48 PM
To: kazuhiro3.hayashi@toshiba.co.jp; cip-dev@lists.cip-project.org
Subject: Re: [cip-dev] [cip-core] Package Proposal #1 (Security
packages)

On 09.12.19 14:54, kazuhiro3.hayashi@toshiba.co.jp wrote:
Hello CIP Core members,

I would like to start the "review" phase (Phase 2) of the attached package
proposal.
https://gitlab.com/cip-project/cip-core/cip-pkglist/blob/master/doc
/pd
p.md#phase-2-proposal-review

The packages are proposed by CIP security WG to satisfy their required
features.
See the "reason" fields in the proposal for more details.

Please reply with you opinion, agree or disagree.
If you cannot agree to add specific packages, please show the reasons as well.

Due Date: December 23rd
(We can extend this due date if more time required for reviews,
please let me know if any requests)
[...]

chrony:
bin_pkgs:
chrony:
depends:
- init-system-helpers
- adduser
- iproute2
- lsb-base
- ucf
- libc6
- libcap2
- libedit2
- libnettle6
- libseccomp2
in_target: 'True'
n_cve: '10'
reason: For supporting IEC-62443-4-2 certification for CR 2.11, 2.11(1)
security_criteria: network::server, network::service
Why still chrony, why not simply systemd timers? Legacy?

suricata:
bin_pkgs:
suricata:
depends:
- dpkg
- python
- python-simplejson
I'm missing the new dependencies in the top-list. Didn't we agree on
listing them flat? This, e.g., pulls python,
currently even
v2 - anything but a trivial package. Or did I miss that we have this in our list
already?

Jan

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate
Competence Center Embedded Linux


Re: RT Testing

Kazuhiro Hayashi
 

Hello Chris,

Hello,
[...]
Do either of the CIP Core profiles include Python support?
At the moment, we've just started creating the supported package list, so I
cannot clearly say Yes.
However, at least, the both profiles can create an image including python only
for testing
because the python packages are already provided in upstream projects (isar,
meta-debian).
Okay. I'm thinking that we aren't going to be able to escape having a separate 'testing' version of CIP-Core, based on
ISAR on the assumption that it has more supported packages then Deby.
The IRC log of yesterday: https://irclogs.baserock.org/cip/%23cip.2020-01-16.log.html

Starting from isar-cip-core would be better if we need to install
various packages for the testing like build-essential.
Deby also can generate an image including enough dependencies
of simple basic suites like LTP, cyclictest, etc. though.

Also, I guess LAVA can install additional packages for testing
(from Debian apt repository or some package directories on S3)
to their standard image after they boot on the target device.
We don't need to provide a separate testing image in this case.


Or not use CIP-Core for testing the Kernel as punit suggested ??
Personally, I would like to use CIP-Core image(s) for the kernel testing.
I have no concern about providing packages only for testing
as long as CIP is not responsible to maintain them.



Whether CIP Core provides Python packages or not depends on
what kind of packages will be proposed (requested) by CIP WGs in future.
Currently, several packages which depend on Python packages would be
included in the next proposal from security WG (under review now).

BTW, it would be better to confirm which Python version (2.7 or 3) that
cyclictest.sh depends on.
Do you know anything about this?
Either version (thanks Daniel).
Thank you for your confirmation.


Presumably we'd want to target Python 3 though if that's what the world is moving to?
I think this is one of the important topics to be discussed in CIP Core.
I agree with your idea (target on Python 3), but there are still
some packages in Debian buster that have a run-time dependency on python 2.7, unfortunately.
I would like to create another thread to think about this topic later :)

Best regards,
Kazu



Kind regards, Chris


Kazu


Linaro test-definitions [2] have the following tests marked within the preempt-
rt scope:
cyclicdeadline/cyclicdeadline.yaml
pmqtest/pmqtest.yaml
rt-migrate-test/rt-migrate-test.yaml
cyclictest/cyclictest.yaml
svsematest/svsematest.yaml
pi-stress/pi-stress.yaml
signaltest/signaltest.yaml
ptsematest/ptsematest.yaml
sigwaittest/sigwaittest.yaml
hackbench/hackbench.yaml
ltp-realtime/ltp-realtime.yaml

Which of the above would be valuable to run on CIP RT Kernels?

A while back Daniel Wagner also did some work on a Jitterdebugger test [3],
but it hasn't been merged yet and I'm not
sure what the current status is. Any updates Daniel?

Is anyone able to provide RT config/defconfigs for the x86 and arm boards in
the Mentor lab? Or BBB, QEMU etc.? (assuming
that the hardware is suitable).


[0]
https://github.com/Linaro/test-
definitions/commit/4b5c46f275632932b3045f2ee16ad9cae5bb482d#diff-
c724b852b75aefda2cc3
505c4517828dR50
[1] https://s3-us-west-2.amazonaws.com/download.cip-project.org/cip-
core/iwg20m/core-image-minimal-iwg20m.tar.gz
[2] https://github.com/Linaro/test-definitions/blob/master/automated/linux
[3] https://github.com/igaw/test-definitions/blob/preempt-
rt/automated/linux/jitterdebugger/jitterdebugger.yaml

Kind regards, Chris


Re: RT Testing

punit1.agrawal@...
 

Hi Chris,

Just thinking out loud below so please bear with me if I'm just stating
the obvious.

Chris Paterson <Chris.Paterson2@renesas.com> writes:

Hello,

From: kazuhiro3.hayashi@toshiba.co.jp <kazuhiro3.hayashi@toshiba.co.jp>
Sent: 16 January 2020 06:55

Hello Chris,

Thank you for your updates!

Hello Pavel, Hayashi-san, Jan, Daniel,
[...]

Currently there is an issue with the way that the cyclic test case results are
shown (i.e. they aren't) in LAVA due to
a change [0] made to Linaro's cyclictest.sh.
That means that the test parsing now depends on Python, which isn't included
in the cip-core RFS [1] that is currently
being used.

Do either of the CIP Core profiles include Python support?
At the moment, we've just started creating the supported package list, so I
cannot clearly say Yes.
However, at least, the both profiles can create an image including python only
for testing
because the python packages are already provided in upstream projects (isar,
meta-debian).
Okay. I'm thinking that we aren't going to be able to escape having a
separate 'testing' version of CIP-Core, based on ISAR on the
assumption that it has more supported packages then Deby.

Or not use CIP-Core for testing the Kernel as punit suggested ??
I think CIP-core shouldn't be thought of as a complete filesystem, but
the base components that should exist as part of any CIP system.

As it is, it's unlikely that any real product will need only the
functionality provided by CIP core.

If that makes sense, then we should make it easy to create derived
images / filesystems that include additional software as needed for the
task at hand, e.g., testing CIP kernels.

In addition, there is a need to test the functionality provided by the
core components, i.e., CIP-core packages along with relevant kernels on
supported devices. As yet, I don't think these tests exist (or even
defined).

But I'm new to the project so am very likely missing things.

Thanks,
Punit

[...]


Re: [PATCH 4.19.y-cip 10/12] arm64: dts: renesas: r8a774c0: cat874: Add definition for 12V regulator

Lad Prabhakar
 

Hi Pavel,

Thank you for the review.

-----Original Message-----
From: Pavel Machek <pavel@denx.de>
Sent: 16 January 2020 15:30
To: Prabhakar Mahadev Lad <prabhakar.mahadev-lad.rj@bp.renesas.com>
Cc: cip-dev@lists.cip-project.org; Nobuhiro Iwamatsu
<nobuhiro1.iwamatsu@toshiba.co.jp>; Pavel Machek <pavel@denx.de>;
Chris Paterson <Chris.Paterson2@renesas.com>
Subject: Re: [PATCH 4.19.y-cip 10/12] arm64: dts: renesas: r8a774c0: cat874:
Add definition for 12V regulator

Hi!

From: Fabrizio Castro <fabrizio.castro@bp.renesas.com>

commit 7fc009cbd7d11d6b27ba5443dbfa80a0513829e4 upstream.

Power rail "D12.0V" comes straight from the power barrel connector,
and it's used in both main board and sub board.
Given that line is always on, always constant, and not referenced anywhere,
does it need to be described in the dts?

Will it be used in future?
Yes the regulator will be used in future. (we plan to add support for lvds panel, the regulator will be used by the backlight)

Cheers,
--Prabhakar

Best regards,
Pavel

@@ -65,6 +65,15 @@
reg = <0x0 0x48000000 0x0 0x78000000>;
};

+reg_12p0v: regulator-12p0v {
+compatible = "regulator-fixed";
+regulator-name = "D12.0V";
+regulator-min-microvolt = <12000000>;
+regulator-max-microvolt = <12000000>;
+regulator-boot-on;
+regulator-always-on;
+};
+
sound: sound {
compatible = "simple-audio-card";

--
2.7.4
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

Renesas Electronics Europe GmbH, Geschaeftsfuehrer/President: Carsten Jauch, Sitz der Gesellschaft/Registered office: Duesseldorf, Arcadiastrasse 10, 40472 Duesseldorf, Germany, Handelsregister/Commercial Register: Duesseldorf, HRB 3708 USt-IDNr./Tax identification no.: DE 119353406 WEEE-Reg.-Nr./WEEE reg. no.: DE 14978647


Re: RT Testing

Daniel Wagner <wagi@...>
 

On Thu, Jan 16, 2020 at 02:25:27PM +0100, Pavel Machek wrote:
Even basic cyclictest is good to have, but it would be really good to
have some kind of background load. I'd expect latency to raise by
factor of 3 in make -j 5 of kernel.
I've been experimenting with compiling the kernel as workload to
trigger latency spikes. So far this test didn't trigger one. It is
quite good to see if there are performance rgressions (it takes
suddenly longer). As long there is enough space on the device and all
tools are available it's okay to run it.

I found it a bit difficult to use it in lava because the rootfs
doesn't bring all the tools and the kernel source it takes ages to
setup.

I tried to come up with simpler test reproducing comparable latencies,
but I did not get there. This creates cca factor of two for me:

cat /dev/urandom | head -c 10000000 | gzip -9 - > delme.random.gz
echo "Initial phase done"
for A in `seq 222`; do
( zcat delme.random.gz | gzip -9 - | zcat > /dev/null; echo -n [$A done] ) &
done

What is easily available on the test systems? gzip? python? bzip2?
I am using rt-tests and plan to run more stressors from
stress-ng. This seems to give a good reproducable workload and really
stresses the system.

Thanks,
Daniel


Re: [PATCH 4.19.y-cip 10/12] arm64: dts: renesas: r8a774c0: cat874: Add definition for 12V regulator

Pavel Machek
 

Hi!

From: Fabrizio Castro <fabrizio.castro@bp.renesas.com>

commit 7fc009cbd7d11d6b27ba5443dbfa80a0513829e4 upstream.

Power rail "D12.0V" comes straight from the power barrel connector,
and it's used in both main board and sub board.
Given that line is always on, always constant, and not referenced
anywhere, does it need to be described in the dts?

Will it be used in future?

Best regards,
Pavel

@@ -65,6 +65,15 @@
reg = <0x0 0x48000000 0x0 0x78000000>;
};

+ reg_12p0v: regulator-12p0v {
+ compatible = "regulator-fixed";
+ regulator-name = "D12.0V";
+ regulator-min-microvolt = <12000000>;
+ regulator-max-microvolt = <12000000>;
+ regulator-boot-on;
+ regulator-always-on;
+ };
+
sound: sound {
compatible = "simple-audio-card";

--
2.7.4
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

2861 - 2880 of 7061