| Message ID | 20220704172122.11322-1-venkata.pyla@toshiba-tsip.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [isar-cip-core] security-testing.yml: Add kas option for IEC layer testing | expand |
On 04.07.22 19:21, venkata.pyla@toshiba-tsip.com wrote: > From: venkata pyla <venkata.pyla@toshiba-tsip.com> > > This kas option file adds additonal packages required only while testing > using cip-security-tests[1]. > > Also it provides additional rootfs size required for testing. > > [1] https://gitlab.com/cip-project/cip-testing/cip-security-tests > > Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com> > --- > kas/opt/security-testing.yml | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > create mode 100644 kas/opt/security-testing.yml > > diff --git a/kas/opt/security-testing.yml b/kas/opt/security-testing.yml > new file mode 100644 > index 0000000..19215f1 > --- /dev/null > +++ b/kas/opt/security-testing.yml > @@ -0,0 +1,20 @@ > +# > +# CIP Core, generic profile > +# > +# Copyright (c) Toshiba Corporation, 2022 > +# > +# Authors: > +# Venkata Pyla <venkata.pyla@toshiba-tsip.com> > +# > +# SPDX-License-Identifier: MIT > +# > +header: > + version: 10 > + includes: > + - kas/opt/security.yml > + > +local_conf_header: > + security_testing: | > + IMAGE_PREINSTALL_append = " sshpass" > + ROOTFS_EXTRA = "8192" > + There is already kas/opt/test.yml. Can't we piggy-back on that one? Would also already come with kconfig support. Jan
>-----Original Message----- >From: Jan Kiszka <jan.kiszka@siemens.com> >Sent: 05 July 2022 14:24 >To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba- >tsip.com>; cip-dev@lists.cip-project.org >Cc: dinesh kumar(TSIP) <dinesh.kumar@toshiba-tsip.com>; hayashi >kazuhiro(林 和宏 □SWC◯ACT) <kazuhiro3.hayashi@toshiba.co.jp> >Subject: Re: [isar-cip-core][PATCH] security-testing.yml: Add kas option for IEC >layer testing > >On 04.07.22 19:21, venkata.pyla@toshiba-tsip.com wrote: >> From: venkata pyla <venkata.pyla@toshiba-tsip.com> >> >> This kas option file adds additonal packages required only while >> testing using cip-security-tests[1]. >> >> Also it provides additional rootfs size required for testing. >> >> [1] https://gitlab.com/cip-project/cip-testing/cip-security-tests >> >> Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com> >> --- >> kas/opt/security-testing.yml | 20 ++++++++++++++++++++ >> 1 file changed, 20 insertions(+) >> create mode 100644 kas/opt/security-testing.yml >> >> diff --git a/kas/opt/security-testing.yml >> b/kas/opt/security-testing.yml new file mode 100644 index >> 0000000..19215f1 >> --- /dev/null >> +++ b/kas/opt/security-testing.yml >> @@ -0,0 +1,20 @@ >> +# >> +# CIP Core, generic profile >> +# >> +# Copyright (c) Toshiba Corporation, 2022 # # Authors: >> +# Venkata Pyla <venkata.pyla@toshiba-tsip.com> # # >> +SPDX-License-Identifier: MIT # >> +header: >> + version: 10 >> + includes: >> + - kas/opt/security.yml >> + >> +local_conf_header: >> + security_testing: | >> + IMAGE_PREINSTALL_append = " sshpass" >> + ROOTFS_EXTRA = "8192" >> + > >There is already kas/opt/test.yml. Can't we piggy-back on that one? >Would also already come with kconfig support. Yes I thin so, we can also add security testing requirements in to test.yml, but does it not create any side effect to the original test image? security testing requirements adds additional package `sshpass` and increases the rootfs size. Or, can we select the local_conf_header fragment ('testing' or 'security_testing') from the kconfig based on image is selected? > >Jan > >-- >Siemens AG, Technology >Competence Center Embedded Linux
On 05.07.22 13:14, Venkata.Pyla@toshiba-tsip.com wrote: > > >> -----Original Message----- >> From: Jan Kiszka <jan.kiszka@siemens.com> >> Sent: 05 July 2022 14:24 >> To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba- >> tsip.com>; cip-dev@lists.cip-project.org >> Cc: dinesh kumar(TSIP) <dinesh.kumar@toshiba-tsip.com>; hayashi >> kazuhiro(林 和宏 □SWC◯ACT) <kazuhiro3.hayashi@toshiba.co.jp> >> Subject: Re: [isar-cip-core][PATCH] security-testing.yml: Add kas option for IEC >> layer testing >> >> On 04.07.22 19:21, venkata.pyla@toshiba-tsip.com wrote: >>> From: venkata pyla <venkata.pyla@toshiba-tsip.com> >>> >>> This kas option file adds additonal packages required only while >>> testing using cip-security-tests[1]. >>> >>> Also it provides additional rootfs size required for testing. >>> >>> [1] https://gitlab.com/cip-project/cip-testing/cip-security-tests >>> >>> Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com> >>> --- >>> kas/opt/security-testing.yml | 20 ++++++++++++++++++++ >>> 1 file changed, 20 insertions(+) >>> create mode 100644 kas/opt/security-testing.yml >>> >>> diff --git a/kas/opt/security-testing.yml >>> b/kas/opt/security-testing.yml new file mode 100644 index >>> 0000000..19215f1 >>> --- /dev/null >>> +++ b/kas/opt/security-testing.yml >>> @@ -0,0 +1,20 @@ >>> +# >>> +# CIP Core, generic profile >>> +# >>> +# Copyright (c) Toshiba Corporation, 2022 # # Authors: >>> +# Venkata Pyla <venkata.pyla@toshiba-tsip.com> # # >>> +SPDX-License-Identifier: MIT # >>> +header: >>> + version: 10 >>> + includes: >>> + - kas/opt/security.yml >>> + >>> +local_conf_header: >>> + security_testing: | >>> + IMAGE_PREINSTALL_append = " sshpass" >>> + ROOTFS_EXTRA = "8192" >>> + >> >> There is already kas/opt/test.yml. Can't we piggy-back on that one? >> Would also already come with kconfig support. > > Yes I thin so, we can also add security testing requirements in to test.yml, > but does it not create any side effect to the original test image? > security testing requirements adds additional package `sshpass` and increases > the rootfs size. > > Or, can we select the local_conf_header fragment ('testing' or 'security_testing') > from the kconfig based on image is selected? Adding Nobuhiro, he once wrote that. But I strongly suspect the impact is not relevant, in both directions. If there should be, we can look into image-specific additions, but via the same option file. My goal here is to keep the number of kas option files low whenever possible. From a user perspective, it does not matter if a regular or a security image is augmented with testing features. Jan
diff --git a/kas/opt/security-testing.yml b/kas/opt/security-testing.yml new file mode 100644 index 0000000..19215f1 --- /dev/null +++ b/kas/opt/security-testing.yml @@ -0,0 +1,20 @@ +# +# CIP Core, generic profile +# +# Copyright (c) Toshiba Corporation, 2022 +# +# Authors: +# Venkata Pyla <venkata.pyla@toshiba-tsip.com> +# +# SPDX-License-Identifier: MIT +# +header: + version: 10 + includes: + - kas/opt/security.yml + +local_conf_header: + security_testing: | + IMAGE_PREINSTALL_append = " sshpass" + ROOTFS_EXTRA = "8192" +