diff mbox series

[cip-core:deby,1/3] cip-security: Create new layer for cip security

Message ID 20200915142345.179-2-venkata.pyla@toshiba-tsip.com (mailing list archive)
State Accepted
Headers show
Series deby security layer changes | expand

Commit Message

Venkata Pyla Sept. 15, 2020, 2:23 p.m. UTC 
From: venkata pyla <venkata.pyla@toshiba-tsip.com>

This layer enables security packages and default configurations
required to evaluate IEC62443-4-2 assessment

Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
---
 README.md                         |  5 +++++
 kas/opt/security.yml              | 32 +++++++++++++++++++++++++++++++
 meta-cip-security/conf/layer.conf | 18 +++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 kas/opt/security.yml
 create mode 100644 meta-cip-security/conf/layer.conf

Comments

Daniel Sangorrin Sept. 17, 2020, 3:05 a.m. UTC | #1 
Thanks, it looks good
Please send me a merge request

> -----Original Message-----
> From: venkata.pyla@toshiba-tsip.com <venkata.pyla@toshiba-tsip.com>
> Sent: Tuesday, September 15, 2020 11:24 PM
> To: sangorrin daniel(サンゴリン ダニエル □SWC◯ACT) <daniel.sangorrin@toshiba.co.jp>
> Cc: pyla venkata(TSIP) <Venkata.Pyla@toshiba-tsip.com>; cip-dev@lists.cip-project.org
> Subject: [cip-core:deby 1/3] cip-security: Create new layer for cip security
> 
> From: venkata pyla <venkata.pyla@toshiba-tsip.com>
> 
> This layer enables security packages and default configurations
> required to evaluate IEC62443-4-2 assessment
> 
> Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
> ---
>  README.md                         |  5 +++++
>  kas/opt/security.yml              | 32 +++++++++++++++++++++++++++++++
>  meta-cip-security/conf/layer.conf | 18 +++++++++++++++++
>  3 files changed, 55 insertions(+)
>  create mode 100644 kas/opt/security.yml
>  create mode 100644 meta-cip-security/conf/layer.conf
> 
> diff --git a/README.md b/README.md
> index f90e040..f59dd0c 100644
> --- a/README.md
> +++ b/README.md
> @@ -88,3 +88,8 @@ LTP test image for QEMU arm64 / hihope-rzg2m
> 
>      $ ./scripts/kas-build.sh kas/board/qemuarm64.yml:kas/opt/deby.yml:kas/opt/dhcp.yml:kas/opt/ltp.yml
> 
> +Create Security image for QEMU x86-64
> +-------------------------------------
> +
> +    $ ./scripts/kas-build.sh kas/board/qemux86-64.yml:kas/opt/deby.yml:kas/opt/security.yml
> +
> diff --git a/kas/opt/security.yml b/kas/opt/security.yml
> new file mode 100644
> index 0000000..e84290c
> --- /dev/null
> +++ b/kas/opt/security.yml
> @@ -0,0 +1,32 @@
> +#
> +# CIP Core tiny profile with Security
> +# packages and configuration
> +#
> +# Copyright (c) 2019 TOSHIBA Corp.
> +#
> +# SPDX-License-Identifier: MIT
> +#
> +
> +header:
> +    version: 8
> +
> +repos:
> +    meta-cip-security:
> +       layers:
> +          meta-cip-security:
> +
> +local_conf_header:
> +  security: |
> +    DISTRO_FEATURES_append += " pam"
> +    CORE_IMAGE_EXTRA_INSTALL += " \
> +                                 aide aide-common \
> +                                 openssl openssl-bin \
> +                                 openssh openssh-misc \
> +                                 chrony chronyc \
> +                                 libpam pam-plugin-cracklib pam-plugin-tally2 \
> +                                 syslog-ng \
> +                                 acl \
> +                                 sudo \
> +                                 auditd \
> +                                 util-linux \
> +                                 "
> diff --git a/meta-cip-security/conf/layer.conf b/meta-cip-security/conf/layer.conf
> new file mode 100644
> index 0000000..b015436
> --- /dev/null
> +++ b/meta-cip-security/conf/layer.conf
> @@ -0,0 +1,18 @@
> +# We have a conf and classes directory, add to BBPATH
> +BBPATH =. "${LAYERDIR}:"
> +
> +# We have recipes-* directories, add to BBFILES
> +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
> +            ${LAYERDIR}/recipes-*/*/*.bbappend"
> +
> +BBFILE_COLLECTIONS += "cip-security"
> +BBFILE_PATTERN_cip-security = "^${LAYERDIR}/"
> +BBFILE_PRIORITY_cip-security = "11"
> +
> +# This should only be incremented on significant changes that will
> +# cause compatibility issues with other layers
> +LAYERVERSION_cip-security = "1"
> +
> +LAYERDEPENDS_cip-security = "debian"
> +
> +LAYERSERIES_COMPAT_cip-security = "warrior"
> --
> 2.27.0.windows.1
> 
> The information contained in this e-mail message and in any
> attachments/annexure/appendices is confidential to the
> recipient and may contain privileged information.
> If you are not the intended recipient, please notify the
> sender and delete the message along with any
> attachments/annexure/appendices. You should not disclose,
> copy or otherwise use the information contained in the
> message or any annexure. Any views expressed in this e-mail
> are those of the individual sender except where the sender
> specifically states them to be the views of
> Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.
> 
> Although this transmission and any attachments are believed to be
> free of any virus or other defect that might affect any computer
> system into which it is received and opened, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility
> is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
> damage arising in any way from its use.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5458): https://lists.cip-project.org/g/cip-dev/message/5458
Mute This Topic: https://lists.cip-project.org/mt/76865927/4520428
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129116/1171672734/xyzzy [patchwork-cip-dev@patchwork.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
diff mbox series

Patch

diff --git a/README.md b/README.md
index f90e040..f59dd0c 100644
--- a/README.md
+++ b/README.md
@@ -88,3 +88,8 @@  LTP test image for QEMU arm64 / hihope-rzg2m
 
     $ ./scripts/kas-build.sh kas/board/qemuarm64.yml:kas/opt/deby.yml:kas/opt/dhcp.yml:kas/opt/ltp.yml
 
+Create Security image for QEMU x86-64
+-------------------------------------
+
+    $ ./scripts/kas-build.sh kas/board/qemux86-64.yml:kas/opt/deby.yml:kas/opt/security.yml
+
diff --git a/kas/opt/security.yml b/kas/opt/security.yml
new file mode 100644
index 0000000..e84290c
--- /dev/null
+++ b/kas/opt/security.yml
@@ -0,0 +1,32 @@ 
+#
+# CIP Core tiny profile with Security
+# packages and configuration
+#
+# Copyright (c) 2019 TOSHIBA Corp.
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+    version: 8
+
+repos:
+    meta-cip-security:
+       layers:
+          meta-cip-security:
+
+local_conf_header:
+  security: |
+    DISTRO_FEATURES_append += " pam"
+    CORE_IMAGE_EXTRA_INSTALL += " \
+                                 aide aide-common \
+                                 openssl openssl-bin \
+                                 openssh openssh-misc \
+                                 chrony chronyc \
+                                 libpam pam-plugin-cracklib pam-plugin-tally2 \
+                                 syslog-ng \
+                                 acl \
+                                 sudo \
+                                 auditd \
+                                 util-linux \
+                                 "
diff --git a/meta-cip-security/conf/layer.conf b/meta-cip-security/conf/layer.conf
new file mode 100644
index 0000000..b015436
--- /dev/null
+++ b/meta-cip-security/conf/layer.conf
@@ -0,0 +1,18 @@ 
+# We have a conf and classes directory, add to BBPATH
+BBPATH =. "${LAYERDIR}:"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+            ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "cip-security"
+BBFILE_PATTERN_cip-security = "^${LAYERDIR}/"
+BBFILE_PRIORITY_cip-security = "11"
+
+# This should only be incremented on significant changes that will
+# cause compatibility issues with other layers
+LAYERVERSION_cip-security = "1"
+
+LAYERDEPENDS_cip-security = "debian"
+
+LAYERSERIES_COMPAT_cip-security = "warrior"