diff mbox series

[isar-cip-core,RFC,v2,7/9] cip-core-image-security: Move packages to security-customization

Message ID 20231031084943.3105056-8-Quirin.Gylstorff@siemens.com (mailing list archive)
State Accepted
Headers show
Series cleanup of customizations | expand

Commit Message

Gylstorff Quirin Oct. 31, 2023, 8:37 a.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

To ensure that the package security-customizations is installable
move packages from cip-core-image-security as dependencies to
security-packges.

Remove libtss2-esys* as it is already installed together with
tpm2-tools.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 recipes-core/images/cip-core-image-security.bb       | 12 +-----------
 .../security-customizations.bb                       | 11 ++++++++---
 2 files changed, 9 insertions(+), 14 deletions(-)
diff mbox series

Patch

diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb
index 3421ce5..525a346 100644
--- a/recipes-core/images/cip-core-image-security.bb
+++ b/recipes-core/images/cip-core-image-security.bb
@@ -28,24 +28,14 @@  IMAGE_PREINSTALL += " \
 	tpm2-tools \
 	tpm2-abrmd \
 	acl \
-	audispd-plugins auditd \
+	audispd-plugins \
 	uuid-runtime \
 	sudo \
 	aide-common \
-	libpam-google-authenticator \
 	passwd \
 	login \
-	libpam-runtime \
 	util-linux \
 "
 
-# Package names based on the distro version
-IMAGE_PREINSTALL:append:buster = " libtss2-esys0 \
-                                   libpam-cracklib"
-IMAGE_PREINSTALL:append:bullseye = " libtss2-esys-3.0.2-0 \
-                                     libpam-cracklib"
-IMAGE_PREINSTALL:append:bookworm = " libtss2-esys-3.0.2-0 \
-                                     libpam-passwdqc"
-
 CIP_IMAGE_OPTIONS ?= ""
 require ${CIP_IMAGE_OPTIONS}
diff --git a/recipes-core/security-customizations/security-customizations.bb b/recipes-core/security-customizations/security-customizations.bb
index d3cede8..75a6a99 100644
--- a/recipes-core/security-customizations/security-customizations.bb
+++ b/recipes-core/security-customizations/security-customizations.bb
@@ -11,14 +11,19 @@ 
 
 inherit dpkg-raw
 
-DESCRIPTION = "CIP Security image for IEC62443-4-2 evaluation"
+DESCRIPTION = "CIP Security configuration for IEC62443-4-2 evaluation"
 
 SRC_URI = "file://postinst \
            file://ssh-remote-session-term.conf \
            file://ssh-pam-remote.conf"
 
-DEPENDS = "customizations, sshd-regen-keys"
-DEBIAN_DEPENDS = "customizations , sshd-regen-keys, libpam-google-authenticator"
+DEPENDS = "customizations sshd-regen-keys"
+DEBIAN_DEPENDS = "customizations, sshd-regen-keys, libpam-google-authenticator, libpam-modules, libpam-runtime, auditd"
+
+# Package names based on the distro version
+DEBIAN_DEPENDS:append:buster = ", libpam-cracklib"
+DEBIAN_DEPENDS:append:bullseye = ", libpam-cracklib"
+DEBIAN_DEPENDS:append:bookworm = ", libpam-passwdqc"
 
 do_install[cleandirs] += "${D}/etc/ssh/sshd_config.d/"
 do_install () {