[isar-cip-core][PATCH] security-testing.yml: Add kas option for IEC layer testing


Venkata Pyla
 

From: venkata pyla <venkata.pyla@...>

This kas option file adds additonal packages required only while testing
using cip-security-tests[1].

Also it provides additional rootfs size required for testing.

[1] https://gitlab.com/cip-project/cip-testing/cip-security-tests

Signed-off-by: venkata pyla <venkata.pyla@...>
---
kas/opt/security-testing.yml | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 kas/opt/security-testing.yml

diff --git a/kas/opt/security-testing.yml b/kas/opt/security-testing.yml
new file mode 100644
index 0000000..19215f1
--- /dev/null
+++ b/kas/opt/security-testing.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Toshiba Corporation, 2022
+#
+# Authors:
+# Venkata Pyla <venkata.pyla@...>
+#
+# SPDX-License-Identifier: MIT
+#
+header:
+ version: 10
+ includes:
+ - kas/opt/security.yml
+
+local_conf_header:
+ security_testing: |
+ IMAGE_PREINSTALL_append = " sshpass"
+ ROOTFS_EXTRA = "8192"
+
--
2.20.1


Jan Kiszka
 

On 04.07.22 19:21, venkata.pyla@... wrote:
From: venkata pyla <venkata.pyla@...>

This kas option file adds additonal packages required only while testing
using cip-security-tests[1].

Also it provides additional rootfs size required for testing.

[1] https://gitlab.com/cip-project/cip-testing/cip-security-tests

Signed-off-by: venkata pyla <venkata.pyla@...>
---
kas/opt/security-testing.yml | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 kas/opt/security-testing.yml

diff --git a/kas/opt/security-testing.yml b/kas/opt/security-testing.yml
new file mode 100644
index 0000000..19215f1
--- /dev/null
+++ b/kas/opt/security-testing.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Toshiba Corporation, 2022
+#
+# Authors:
+# Venkata Pyla <venkata.pyla@...>
+#
+# SPDX-License-Identifier: MIT
+#
+header:
+ version: 10
+ includes:
+ - kas/opt/security.yml
+
+local_conf_header:
+ security_testing: |
+ IMAGE_PREINSTALL_append = " sshpass"
+ ROOTFS_EXTRA = "8192"
+
There is already kas/opt/test.yml. Can't we piggy-back on that one?
Would also already come with kconfig support.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Venkata Pyla
 

-----Original Message-----
From: Jan Kiszka <jan.kiszka@...>
Sent: 05 July 2022 14:24
To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba-
tsip.com>; cip-dev@...
Cc: dinesh kumar(TSIP) <dinesh.kumar@...>; hayashi
kazuhiro(林 和宏 □SWC◯ACT) <kazuhiro3.hayashi@...>
Subject: Re: [isar-cip-core][PATCH] security-testing.yml: Add kas option for IEC
layer testing

On 04.07.22 19:21, venkata.pyla@... wrote:
From: venkata pyla <venkata.pyla@...>

This kas option file adds additonal packages required only while
testing using cip-security-tests[1].

Also it provides additional rootfs size required for testing.

[1] https://gitlab.com/cip-project/cip-testing/cip-security-tests

Signed-off-by: venkata pyla <venkata.pyla@...>
---
kas/opt/security-testing.yml | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 kas/opt/security-testing.yml

diff --git a/kas/opt/security-testing.yml
b/kas/opt/security-testing.yml new file mode 100644 index
0000000..19215f1
--- /dev/null
+++ b/kas/opt/security-testing.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Toshiba Corporation, 2022 # # Authors:
+# Venkata Pyla <venkata.pyla@...> # #
+SPDX-License-Identifier: MIT #
+header:
+ version: 10
+ includes:
+ - kas/opt/security.yml
+
+local_conf_header:
+ security_testing: |
+ IMAGE_PREINSTALL_append = " sshpass"
+ ROOTFS_EXTRA = "8192"
+
There is already kas/opt/test.yml. Can't we piggy-back on that one?
Would also already come with kconfig support.
Yes I thin so, we can also add security testing requirements in to test.yml,
but does it not create any side effect to the original test image?
security testing requirements adds additional package `sshpass` and increases
the rootfs size.

Or, can we select the local_conf_header fragment ('testing' or 'security_testing')
from the kconfig based on image is selected?


Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Jan Kiszka
 

On 05.07.22 13:14, Venkata.Pyla@... wrote:


-----Original Message-----
From: Jan Kiszka <jan.kiszka@...>
Sent: 05 July 2022 14:24
To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba-
tsip.com>; cip-dev@...
Cc: dinesh kumar(TSIP) <dinesh.kumar@...>; hayashi
kazuhiro(林 和宏 □SWC◯ACT) <kazuhiro3.hayashi@...>
Subject: Re: [isar-cip-core][PATCH] security-testing.yml: Add kas option for IEC
layer testing

On 04.07.22 19:21, venkata.pyla@... wrote:
From: venkata pyla <venkata.pyla@...>

This kas option file adds additonal packages required only while
testing using cip-security-tests[1].

Also it provides additional rootfs size required for testing.

[1] https://gitlab.com/cip-project/cip-testing/cip-security-tests

Signed-off-by: venkata pyla <venkata.pyla@...>
---
kas/opt/security-testing.yml | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 kas/opt/security-testing.yml

diff --git a/kas/opt/security-testing.yml
b/kas/opt/security-testing.yml new file mode 100644 index
0000000..19215f1
--- /dev/null
+++ b/kas/opt/security-testing.yml
@@ -0,0 +1,20 @@
+#
+# CIP Core, generic profile
+#
+# Copyright (c) Toshiba Corporation, 2022 # # Authors:
+# Venkata Pyla <venkata.pyla@...> # #
+SPDX-License-Identifier: MIT #
+header:
+ version: 10
+ includes:
+ - kas/opt/security.yml
+
+local_conf_header:
+ security_testing: |
+ IMAGE_PREINSTALL_append = " sshpass"
+ ROOTFS_EXTRA = "8192"
+
There is already kas/opt/test.yml. Can't we piggy-back on that one?
Would also already come with kconfig support.
Yes I thin so, we can also add security testing requirements in to test.yml,
but does it not create any side effect to the original test image?
security testing requirements adds additional package `sshpass` and increases
the rootfs size.

Or, can we select the local_conf_header fragment ('testing' or 'security_testing')
from the kconfig based on image is selected?
Adding Nobuhiro, he once wrote that. But I strongly suspect the impact
is not relevant, in both directions. If there should be, we can look
into image-specific additions, but via the same option file.

My goal here is to keep the number of kas option files low whenever
possible. From a user perspective, it does not matter if a regular or a
security image is augmented with testing features.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux