diff mbox series

[isar-cip-core,RFC,4/9] security-customizations: Add dependency to customizations

Message ID 20231023150243.3990309-5-Quirin.Gylstorff@siemens.com (mailing list archive)
State Superseded
Headers show
Series cleanup of customizations | expand

Commit Message

Gylstorff Quirin Oct. 23, 2023, 3 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

To simplify package structure Security customizations no
longer set the hostname and use a dependency instead of a include.

Add the OVERRIDE `security` to enable or disable security related
configuration settings.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 kas/opt/security.yml                                      | 2 ++
 recipes-core/customizations/customizations.bb             | 2 ++
 recipes-core/security-customizations/files/postinst       | 4 ----
 .../security-customizations/security-customizations.bb    | 8 ++++----
 4 files changed, 8 insertions(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/kas/opt/security.yml b/kas/opt/security.yml
index d87235a..000c522 100644
--- a/kas/opt/security.yml
+++ b/kas/opt/security.yml
@@ -24,3 +24,5 @@  local_conf_header:
   adjust-swupdate: |
     ABROOTFS_IMAGE_RECIPE = "cip-core-image-security"
     VERITY_IMAGE_RECIPE = "cip-core-image-security"
+  security-override: |
+    OVERRIDES .= ":security"
diff --git a/recipes-core/customizations/customizations.bb b/recipes-core/customizations/customizations.bb
index 3dbeb3f..3f6b5de 100644
--- a/recipes-core/customizations/customizations.bb
+++ b/recipes-core/customizations/customizations.bb
@@ -12,6 +12,8 @@ 
 require common.inc
 
 SRC_URI += "file://ssh-permit-root.conf"
+SRC_URI:remove:security = "file://ssh-permit-root.conf"
+
 DESCRIPTION = "CIP Core image demo & customizations"
 
 do_prepare_build:prepend:qemu-riscv64() {
diff --git a/recipes-core/security-customizations/files/postinst b/recipes-core/security-customizations/files/postinst
index 620c863..bbd21bd 100755
--- a/recipes-core/security-customizations/files/postinst
+++ b/recipes-core/security-customizations/files/postinst
@@ -8,10 +8,6 @@  set -e
 
 echo "CIP Core Security Image (login: root/CIPsecurity@123)" > /etc/issue
 
-HOSTNAME=demo
-echo "$HOSTNAME" > /etc/hostname
-echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
-
 # CR1.7: Strength of password-based authentication
 # Pam configuration to  enforce password strength
 PAM_PWD_FILE="/etc/pam.d/common-password"
diff --git a/recipes-core/security-customizations/security-customizations.bb b/recipes-core/security-customizations/security-customizations.bb
index 240a577..d5249a2 100644
--- a/recipes-core/security-customizations/security-customizations.bb
+++ b/recipes-core/security-customizations/security-customizations.bb
@@ -9,12 +9,12 @@ 
 # SPDX-License-Identifier: MIT
 #
 
-require recipes-core/customizations/common.inc
+inherit dpkg-raw
 
 DESCRIPTION = "CIP Security image for IEC62443-4-2 evaluation"
 
-SRC_URI += "file://postinst"
+SRC_URI = "file://postinst"
 
-DEPENDS += "sshd-regen-keys"
-DEBIAN_DEPENDS += ", sshd-regen-keys, libpam-google-authenticator"
+DEPENDS = "customizations, sshd-regen-keys"
+DEBIAN_DEPENDS = "customizations , sshd-regen-keys, libpam-google-authenticator"