diff mbox series

[isar-cip-core,3/3] customizations-security: add curl to download LAVA overlay

Message ID 20250124080659.469424-4-Quirin.Gylstorff@siemens.com (mailing list archive)
State New, archived
Headers show
Series Security testing with MTDA | expand

Commit Message

Quirin Gylstorff Jan. 24, 2025, 8:06 a.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Lava generates an directory, in LAVA called overlay, which contains
all scripts and tests of the test stage. The Device-under-test
needs to be instrumented with with this overlay.  LAVA provides the
possibility to download the overlay via http or NFS. We use curl
to download to the overlay from a http server.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 recipes-core/security-customizations/security-customizations.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jan Kiszka Jan. 24, 2025, 8:33 a.m. UTC | #1 
On 24.01.25 09:06, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> Lava generates an directory, in LAVA called overlay, which contains
> all scripts and tests of the test stage. The Device-under-test
> needs to be instrumented with with this overlay.  LAVA provides the
> possibility to download the overlay via http or NFS. We use curl
> to download to the overlay from a http server.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  recipes-core/security-customizations/security-customizations.bb | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/recipes-core/security-customizations/security-customizations.bb b/recipes-core/security-customizations/security-customizations.bb
> index 75a6a99..9fbc2a5 100644
> --- a/recipes-core/security-customizations/security-customizations.bb
> +++ b/recipes-core/security-customizations/security-customizations.bb
> @@ -18,7 +18,7 @@ SRC_URI = "file://postinst \
>             file://ssh-pam-remote.conf"
>  
>  DEPENDS = "customizations sshd-regen-keys"
> -DEBIAN_DEPENDS = "customizations, sshd-regen-keys, libpam-google-authenticator, libpam-modules, libpam-runtime, auditd"
> +DEBIAN_DEPENDS = "customizations, sshd-regen-keys, libpam-google-authenticator, libpam-modules, libpam-runtime, auditd, curl"
>  

Shouldn't this go into some test version of the image?

Jan

>  # Package names based on the distro version
>  DEBIAN_DEPENDS:append:buster = ", libpam-cracklib"
Sai.Sathujoda@toshiba-tsip.com Jan. 24, 2025, 11:30 a.m. UTC | #2 
Hi,

Based on my understanding curl is required in the security image only if we want to test its features on LAVA. As Jan mentioned we can install it in the test version of the image and add build target like:

build:x86-uefi-test-security:
  extends:
    - .build_base
  variables:
    target: x86-uefi
    extension: security
    test: enable
    use_rt: disable
    targz: disable
    disable_watchdog: enable

Note:  Since test is treated an extension value, we can declare a new variable like test (disabled by default) so that we can have both security & test extensions in one target.

This target can be used mainly for LAVA testing use-case.

Thanks and regards,
Sai Ashrith
diff mbox series

Patch

diff --git a/recipes-core/security-customizations/security-customizations.bb b/recipes-core/security-customizations/security-customizations.bb
index 75a6a99..9fbc2a5 100644
--- a/recipes-core/security-customizations/security-customizations.bb
+++ b/recipes-core/security-customizations/security-customizations.bb
@@ -18,7 +18,7 @@  SRC_URI = "file://postinst \
            file://ssh-pam-remote.conf"
 
 DEPENDS = "customizations sshd-regen-keys"
-DEBIAN_DEPENDS = "customizations, sshd-regen-keys, libpam-google-authenticator, libpam-modules, libpam-runtime, auditd"
+DEBIAN_DEPENDS = "customizations, sshd-regen-keys, libpam-google-authenticator, libpam-modules, libpam-runtime, auditd, curl"
 
 # Package names based on the distro version
 DEBIAN_DEPENDS:append:buster = ", libpam-cracklib"