Message ID | 20231031084943.3105056-1-Quirin.Gylstorff@siemens.com (mailing list archive) |
---|---|
Headers | show |
Series | cleanup of customizations | expand |
> -----Original Message----- > From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf > Of Quirin Gylstorff via lists.cip-project.org > Sent: Tuesday, October 31, 2023 2:08 PM > To: jan.kiszka@siemens.com; cip-dev@lists.cip-project.org; pyla > venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba-tsip.com>; > dinesh kumar(TSIP TMIEC ODG Porting) <dinesh.kumar@toshiba- > tsip.com>; hayashi kazuhiro(林 和宏 DME ○DIG□MPS○MP4) > <kazuhiro3.hayashi@toshiba.co.jp> > Subject: [cip-dev][isar-cip-core][RFC v2 0/9] cleanup of customizations > > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > cleanup the customizations scripts by: > - Move the ssh configuration from postinst to /etc/ssh/sshd_config.d > - Move systemd service overrides to files instead of setting it in > postinst > - fix formatting > - fix scripting error in security customizations > > Changes v2: > - Remove explicit installation of libtss2-esys* as it is required by > tpm2-tools. LGTM, I don't have any other comments thanks. > - Add note about used style checker > > Quirin Gylstorff (9): > scripts/deploy-kernelci: Format python code and remove unused import > customizations: Add variable to set the HOSTNAME > customizations: Move ssh configuration from postinst to sshd_config.d > security-customizations: Add dependency to customizations > security-customizations: Fix shell error > security-customizations: Extract sshd config from postinst to files > cip-core-image-security: Move packages to security-customization > customization-kernelci: Add dependency to customizations > kas/opt/reproducible.yml: Move SOURCE_DATE_EPOCH to layer.conf > > conf/layer.conf | 2 ++ > kas/opt/reproducible.yml | 1 - > kas/opt/security.yml | 2 ++ > recipes-core/customizations/common.inc | 6 +++- > recipes-core/customizations/customizations.bb | 10 ++++++ > .../files/{postinst => postinst.tmpl} | 8 ++--- > .../customizations/files/ssh-permit-root.conf | 1 + > .../images/cip-core-image-security.bb | 12 +------ > .../kernelci-customizations/files/postinst | 11 ------- > .../files/serial-getty-kernelci-override.conf | 3 ++ > .../files/ssh-permit-empty-passwords.conf | 2 ++ > .../kernelci-customizations.bb | 18 ++++++++--- > .../security-customizations/files/postinst | 24 ++------------ > .../files/ssh-pam-remote.conf | 4 +++ > .../files/ssh-remote-session-term.conf | 5 +++ > .../security-customizations.bb | 22 ++++++++++--- > scripts/deploy-kernelci.py | 31 ++++++++++--------- > 17 files changed, 86 insertions(+), 76 deletions(-) rename recipes- > core/customizations/files/{postinst => postinst.tmpl} (62%) create mode > 100644 recipes-core/customizations/files/ssh-permit-root.conf > create mode 100644 recipes-core/kernelci-customizations/files/serial-getty- > kernelci-override.conf > create mode 100644 recipes-core/kernelci-customizations/files/ssh-permit- > empty-passwords.conf > create mode 100644 recipes-core/security-customizations/files/ssh-pam- > remote.conf > create mode 100644 recipes-core/security-customizations/files/ssh-remote- > session-term.conf > > -- > 2.42.0
On 31.10.23 09:37, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > cleanup the customizations scripts by: > - Move the ssh configuration from postinst to /etc/ssh/sshd_config.d > - Move systemd service overrides to files instead of setting it in > postinst > - fix formatting > - fix scripting error in security customizations > > Changes v2: > - Remove explicit installation of libtss2-esys* as it is required by > tpm2-tools. > - Add note about used style checker > > Quirin Gylstorff (9): > scripts/deploy-kernelci: Format python code and remove unused import > customizations: Add variable to set the HOSTNAME > customizations: Move ssh configuration from postinst to sshd_config.d > security-customizations: Add dependency to customizations > security-customizations: Fix shell error > security-customizations: Extract sshd config from postinst to files > cip-core-image-security: Move packages to security-customization > customization-kernelci: Add dependency to customizations > kas/opt/reproducible.yml: Move SOURCE_DATE_EPOCH to layer.conf > > conf/layer.conf | 2 ++ > kas/opt/reproducible.yml | 1 - > kas/opt/security.yml | 2 ++ > recipes-core/customizations/common.inc | 6 +++- > recipes-core/customizations/customizations.bb | 10 ++++++ > .../files/{postinst => postinst.tmpl} | 8 ++--- > .../customizations/files/ssh-permit-root.conf | 1 + > .../images/cip-core-image-security.bb | 12 +------ > .../kernelci-customizations/files/postinst | 11 ------- > .../files/serial-getty-kernelci-override.conf | 3 ++ > .../files/ssh-permit-empty-passwords.conf | 2 ++ > .../kernelci-customizations.bb | 18 ++++++++--- > .../security-customizations/files/postinst | 24 ++------------ > .../files/ssh-pam-remote.conf | 4 +++ > .../files/ssh-remote-session-term.conf | 5 +++ > .../security-customizations.bb | 22 ++++++++++--- > scripts/deploy-kernelci.py | 31 ++++++++++--------- > 17 files changed, 86 insertions(+), 76 deletions(-) > rename recipes-core/customizations/files/{postinst => postinst.tmpl} (62%) > create mode 100644 recipes-core/customizations/files/ssh-permit-root.conf > create mode 100644 recipes-core/kernelci-customizations/files/serial-getty-kernelci-override.conf > create mode 100644 recipes-core/kernelci-customizations/files/ssh-permit-empty-passwords.conf > create mode 100644 recipes-core/security-customizations/files/ssh-pam-remote.conf > create mode 100644 recipes-core/security-customizations/files/ssh-remote-session-term.conf > Thanks, applied. Jan
From: Quirin Gylstorff <quirin.gylstorff@siemens.com> cleanup the customizations scripts by: - Move the ssh configuration from postinst to /etc/ssh/sshd_config.d - Move systemd service overrides to files instead of setting it in postinst - fix formatting - fix scripting error in security customizations Changes v2: - Remove explicit installation of libtss2-esys* as it is required by tpm2-tools. - Add note about used style checker Quirin Gylstorff (9): scripts/deploy-kernelci: Format python code and remove unused import customizations: Add variable to set the HOSTNAME customizations: Move ssh configuration from postinst to sshd_config.d security-customizations: Add dependency to customizations security-customizations: Fix shell error security-customizations: Extract sshd config from postinst to files cip-core-image-security: Move packages to security-customization customization-kernelci: Add dependency to customizations kas/opt/reproducible.yml: Move SOURCE_DATE_EPOCH to layer.conf conf/layer.conf | 2 ++ kas/opt/reproducible.yml | 1 - kas/opt/security.yml | 2 ++ recipes-core/customizations/common.inc | 6 +++- recipes-core/customizations/customizations.bb | 10 ++++++ .../files/{postinst => postinst.tmpl} | 8 ++--- .../customizations/files/ssh-permit-root.conf | 1 + .../images/cip-core-image-security.bb | 12 +------ .../kernelci-customizations/files/postinst | 11 ------- .../files/serial-getty-kernelci-override.conf | 3 ++ .../files/ssh-permit-empty-passwords.conf | 2 ++ .../kernelci-customizations.bb | 18 ++++++++--- .../security-customizations/files/postinst | 24 ++------------ .../files/ssh-pam-remote.conf | 4 +++ .../files/ssh-remote-session-term.conf | 5 +++ .../security-customizations.bb | 22 ++++++++++--- scripts/deploy-kernelci.py | 31 ++++++++++--------- 17 files changed, 86 insertions(+), 76 deletions(-) rename recipes-core/customizations/files/{postinst => postinst.tmpl} (62%) create mode 100644 recipes-core/customizations/files/ssh-permit-root.conf create mode 100644 recipes-core/kernelci-customizations/files/serial-getty-kernelci-override.conf create mode 100644 recipes-core/kernelci-customizations/files/ssh-permit-empty-passwords.conf create mode 100644 recipes-core/security-customizations/files/ssh-pam-remote.conf create mode 100644 recipes-core/security-customizations/files/ssh-remote-session-term.conf