From patchwork Fri Jun 26 06:44:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Venkata Pyla X-Patchwork-Id: 11626601 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 499EE92A for ; Fri, 26 Jun 2020 06:44:26 +0000 (UTC) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D0906207E8 for ; Fri, 26 Jun 2020 06:44:25 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.cip-project.org header.i=@lists.cip-project.org header.b="Fkxx2rl/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D0906207E8 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=toshiba-tsip.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+64572+4832+4520428+8129116@lists.cip-project.org X-Received: by 127.0.0.2 with SMTP id 5ypsYY4521763xspERNYMuhf; Thu, 25 Jun 2020 23:44:25 -0700 X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com [202.56.254.199]) by mx.groups.io with SMTP id smtpd.web11.2378.1593153863517336676 for ; Thu, 25 Jun 2020 23:44:24 -0700 IronPort-SDR: 4PDEdIZSi9W2tPocq29MGV3KoO2QdI3Pnx8YYvjHuT46OdE90L8a/qMIi9k8S4qT4dvl5xpsvA 7vl67Hs6+GSg== X-IronPort-AV: E=Sophos;i="5.75,282,1589221800"; d="scan'208,217";a="4552709" X-Received: from unknown (HELO TOSBLRMBX0219.TOSHIBA-TSIP.COM) ([172.28.80.119]) by peak.toshiba-tesi.com with ESMTP; 26 Jun 2020 12:44:53 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Fri, 26 Jun 2020 12:14:16 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM ([::1]) by TOSBLRMBX0219.TOSHIBA-TSIP.COM ([fe80::8d35:f069:2af2:deff%9]) with mapi id 15.01.1847.003; Fri, 26 Jun 2020 12:14:16 +0530 From: "venkata" To: "cip-dev@lists.cip-project.org" CC: "cip-security@lists.cip-project.org" Subject: [cip-dev][isar-cip-core PATCH 1/6] opt-security.yml: Sample settings to install security Thread-Topic: [cip-dev][isar-cip-core PATCH 1/6] opt-security.yml: Sample settings to install security Thread-Index: AdZLgw09VZScIMwHQ0+wrCRdhfQsyg== Date: Fri, 26 Jun 2020 06:44:16 +0000 Message-ID: <3ec242c02a3948fe9194df2517cbe0ad@toshiba-tsip.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.28.80.121] MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: cip-dev@lists.cip-project.org List-Id: Mailing-List: list cip-dev@lists.cip-project.org; contact cip-dev+owner@lists.cip-project.org Delivered-To: mailing list cip-dev@lists.cip-project.org Reply-To: cip-dev@lists.cip-project.org X-Gm-Message-State: XssmrSjp9s3QGhNVSEiPQhFux4520428AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cip-project.org; q=dns/txt; s=20140610; t=1593153865; bh=u8jao07J0t5v9c5NI8sOy/B4kcdvQFb4xQss/jJaKPk=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Fkxx2rl/dWfFnlEPaNTpnGncHfgVLJdKWuz4UDs+Ktnzr4AZC+c9lAHWH2Vg4TWyZkh RPnZO94gYuybTNEzOOdlqnNo8i2cNkv7URcpNSS4/cHzVA5MK+knVJm+vhJMyluAe17Mc UjPuerKjdOtkfLnWvW+EjCzQPcJOpJ5dbWM= From: Kazuhiro Hayashi kazuhiro3.hayashi@toshiba.co.jp opt-security.yml: Sample settings to install security packages Signed-off-by: Kazuhiro Hayashi --- SECURITY.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ opt-security.yml | 34 +++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 SECURITY.md create mode 100644 opt-security.yml -- 2.20.1 The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4832): https://lists.cip-project.org/g/cip-dev/message/4832 Mute This Topic: https://lists.cip-project.org/mt/75119562/4520428 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129116/1171672734/xyzzy [patchwork-cip-dev@patchwork.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..a8bccc7 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,52 @@ +How to customize images for security features +============================================= + +This is the "temporal" document about how to create and use +the CIP Core generic profile images for security feature evaluation. + +Official manuals +---------------- + +* isar-cip-core: https://gitlab.com/zuka0828/isar-cip-core/-/blob/master/README.md +* ISAR User Manual: https://github.com/ilbers/isar/blob/master/doc/user_manual.md + +Assumed environment +------------------- + +* isar-cip-core: master branch +* Host: Debian 10 buster amd64 + * Installed packages: `docker-ce`, `qemu-system` + * Users who does the following actions must be in the groups `docker` and `kvm` + +Create kas file +--------------- + +Create a kas file named `opt-security.yml` to add security settings. + +Add security packages to rootfs +------------------------------- + +Set `IMAGE_PREINSTALL` to the list of packages required to enable +the security features. This variable can be set through the kas file. + +Example: + +``` +local_conf_header: + security: | + IMAGE_PREINSTALL = "openssl" +``` + +Build images +------------ + +Build images for QEMU x86 64bit machine: + + $ ./kas-docker --isar build kas.yml:board-qemu-amd64.yml:opt-security.yml + +Run on QEMU +----------- + +Run the generated images on QEMU (x86 64bit). + + $ ./start-qemu.sh amd64 diff --git a/opt-security.yml b/opt-security.yml new file mode 100644 index 0000000..7c6b39c --- /dev/null +++ b/opt-security.yml @@ -0,0 +1,34 @@ +# +# KAS configuration for CIP Core generic profile to enable security features +# +# Copyright (c) Toshiba Corporation, 2020 +# +# Authors: +# Kazuhiro Hayashi +# +# SPDX-License-Identifier: MIT +# + +header: + version: 8 + +local_conf_header: + security: | + # TODO: Add sudo or sudo-ldap + IMAGE_PREINSTALL = "\ + openssl libssl1.1 \ + fail2ban \ + openssh-server openssh-sftp-server openssh-client \ + syslog-ng-core syslog-ng-mod-journal \ + aide aide-common \ + libnftables0 nftables \ + libpam-pkcs11 \ + chrony \ + tpm2-tools \ + tpm2-abrmd \ + libtss2-esys0 libtss2-udev \ + libpam-cracklib \ + acl \ + libauparse0 audispd-plugins auditd \ + uuid-runtime \ + " \ No newline at end of file From patchwork Fri Jun 26 06:44:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Venkata Pyla X-Patchwork-Id: 11626603 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7568D90 for ; Fri, 26 Jun 2020 06:44:27 +0000 (UTC) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4FD1B207E8 for ; Fri, 26 Jun 2020 06:44:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.cip-project.org header.i=@lists.cip-project.org header.b="tJVvkCih" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4FD1B207E8 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=toshiba-tsip.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+64572+4833+4520428+8129116@lists.cip-project.org X-Received: by 127.0.0.2 with SMTP id tl45YY4521763xZIkJpDDD3U; Thu, 25 Jun 2020 23:44:27 -0700 X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com []) by mx.groups.io with SMTP id smtpd.web11.2378.1593153863517336676 for ; Thu, 25 Jun 2020 23:44:26 -0700 IronPort-SDR: e2EKIuupGQ130f+W9xaBSL4BtCv+4d53lpUcTDXliatOW/b9E4InwK/c1NzTWrp50bJpe7i5Y+ +HOzenvqv38g== X-IronPort-AV: E=Sophos;i="5.75,282,1589221800"; d="scan'208,217";a="4552710" X-Received: from unknown (HELO TOSBLRMBX0219.TOSHIBA-TSIP.COM) ([172.28.80.119]) by peak.toshiba-tesi.com with ESMTP; 26 Jun 2020 12:44:55 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Fri, 26 Jun 2020 12:14:18 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM ([::1]) by TOSBLRMBX0219.TOSHIBA-TSIP.COM ([fe80::8d35:f069:2af2:deff%9]) with mapi id 15.01.1847.003; Fri, 26 Jun 2020 12:14:18 +0530 From: "venkata" To: "cip-dev@lists.cip-project.org" CC: "cip-security@lists.cip-project.org" Subject: [cip-dev][isar-cip-core PATCH 2/6] Disable GitLab CI Thread-Topic: [cip-dev][isar-cip-core PATCH 2/6] Disable GitLab CI Thread-Index: AdZLhR9N3HRF1IsjTvOpPSfI6NF1jA== Date: Fri, 26 Jun 2020 06:44:17 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.28.80.121] MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: cip-dev@lists.cip-project.org List-Id: Mailing-List: list cip-dev@lists.cip-project.org; contact cip-dev+owner@lists.cip-project.org Delivered-To: mailing list cip-dev@lists.cip-project.org Reply-To: cip-dev@lists.cip-project.org X-Gm-Message-State: BpVruwfy65pjswkPstB6or5Qx4520428AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cip-project.org; q=dns/txt; s=20140610; t=1593153867; bh=BGgYnHP+txdhAPdt9UuCU8GG6DbuFaZXOlqXTdgrhSg=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=tJVvkCihA/NIGdLFSgO9snwOcbGG1TzgPSaAZCWIMAy7iimU1D2feUlFXvDfLZPL3L4 DXPLuGg8dNycZmCBg1ponhtGlpbAxcP6pi5dGkhXR4JGZ18qrNUvxoABmB8TjaAurbSTo su+tGMIiqAxsaUqLigl/goT2vduJsRvumM0= From: Kazuhiro Hayashi kazuhiro3.hayashi@toshiba.co.jp This experimental branch is assumed not to be associated with CIP GitLab Signed-off-by: Kazuhiro Hayashi --- .gitlab-ci.yml | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 .gitlab-ci.yml -- 2.20.1 The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4833): https://lists.cip-project.org/g/cip-dev/message/4833 Mute This Topic: https://lists.cip-project.org/mt/75119564/4520428 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129116/1171672734/xyzzy [patchwork-cip-dev@patchwork.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 523e759..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,29 +0,0 @@ -image: kasproject/kas-isar:1.1 - -variables: - GIT_STRATEGY: clone - -all: - stage: build - script: - - export http_proxy=$HTTP_PROXY - - export https_proxy=$HTTPS_PROXY - - export ftp_proxy=$FTP_PROXY - - export no_proxy=$NO_PROXY - - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID - - export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY - - - kas build kas.yml:board-simatic-ipc227e.yml:opt-rt.yml:opt-targz-img.yml - - scripts/deploy-cip-core.sh buster simatic-ipc227e - - - sudo rm -rf build/tmp - - kas build kas.yml:board-bbb.yml:opt-rt.yml:opt-targz-img.yml - - scripts/deploy-cip-core.sh buster bbb am335x-boneblack.dtb - - - sudo rm -rf build/tmp - - kas build kas.yml:board-iwg20m.yml:opt-rt.yml:opt-targz-img.yml - - scripts/deploy-cip-core.sh buster iwg20m r8a7743-iwg20d-q7-dbcm-ca.dtb - - - sudo rm -rf build/tmp - - kas build kas.yml:board-rzg2m.yml:opt-rt.yml:opt-targz-img.yml - - scripts/deploy-cip-core.sh buster hihope-rz2gm r8a774a1-hihope-rzg2m-ex.dtb From patchwork Fri Jun 26 06:44:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Venkata Pyla X-Patchwork-Id: 11626605 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 21F4B14F6 for ; Fri, 26 Jun 2020 06:44:28 +0000 (UTC) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F0A4E2076E for ; Fri, 26 Jun 2020 06:44:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.cip-project.org header.i=@lists.cip-project.org header.b="azQrX3rD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F0A4E2076E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=toshiba-tsip.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+64572+4834+4520428+8129116@lists.cip-project.org X-Received: by 127.0.0.2 with SMTP id DBBJYY4521763xS1vnckwKFy; Thu, 25 Jun 2020 23:44:27 -0700 X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com [202.56.254.199]) by mx.groups.io with SMTP id smtpd.web12.2466.1593153866203042705 for ; Thu, 25 Jun 2020 23:44:27 -0700 IronPort-SDR: rGhq8TnJUoRNLHUgY+mqmN7szQ7F+7XnsnTJif0CLJP82XceA1nFLApcIU9S9TzNs8CZ1GMnDR PU5fWxFUyC+g== X-IronPort-AV: E=Sophos;i="5.75,282,1589221800"; d="scan'208,217";a="4552711" X-Received: from unknown (HELO TOSBLRMBX0319.TOSHIBA-TSIP.COM) ([172.28.80.120]) by peak.toshiba-tesi.com with ESMTP; 26 Jun 2020 12:44:56 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by TOSBLRMBX0319.TOSHIBA-TSIP.COM (172.28.80.120) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Fri, 26 Jun 2020 12:14:19 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM ([::1]) by TOSBLRMBX0219.TOSHIBA-TSIP.COM ([fe80::8d35:f069:2af2:deff%9]) with mapi id 15.01.1847.003; Fri, 26 Jun 2020 12:14:19 +0530 From: "venkata" To: "cip-dev@lists.cip-project.org" CC: "cip-security@lists.cip-project.org" Subject: [cip-dev][isar-cip-core PATCH 3/6] Revert "Disable GitLab CI" Thread-Topic: [cip-dev][isar-cip-core PATCH 3/6] Revert "Disable GitLab CI" Thread-Index: AdZLhUgPIeHokcbGQD+OZCk9QrrNgg== Date: Fri, 26 Jun 2020 06:44:19 +0000 Message-ID: <715201b6cae14119960d8c3091fdd419@toshiba-tsip.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.28.80.121] MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: cip-dev@lists.cip-project.org List-Id: Mailing-List: list cip-dev@lists.cip-project.org; contact cip-dev+owner@lists.cip-project.org Delivered-To: mailing list cip-dev@lists.cip-project.org Reply-To: cip-dev@lists.cip-project.org X-Gm-Message-State: xhpNu06YhI0p7OFyArn72yzSx4520428AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cip-project.org; q=dns/txt; s=20140610; t=1593153867; bh=6txTYopt8ZPtl04NcWvDnLWV5nAEUGmYKJrxH9jedng=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=azQrX3rDPyBplsJH/jYyZT1kSb3B+fJj/WuhhVC6Zj2JJWnyUHnjHQpkc8ksoQ2JWrY jC0YMVcil+SEQhW3rKWAU8TVrx6XmkyU0QpHI8Voum0UiqDDmEJl4NxbRjJI79AIdSRpI iurNNwKPf7LFH7Ie5l7t5qy/TAaA7ZVI7u8= From: Kazuhiro Hayashi kazuhiro3.hayashi@toshiba.co.jp This reverts commit 7a8153fe4ba8127a7d86b6db90f1bbcb0dd73fd7. --- .gitlab-ci.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .gitlab-ci.yml -- 2.20.1 The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4834): https://lists.cip-project.org/g/cip-dev/message/4834 Mute This Topic: https://lists.cip-project.org/mt/75119566/4520428 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129116/1171672734/xyzzy [patchwork-cip-dev@patchwork.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..523e759 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,29 @@ +image: kasproject/kas-isar:1.1 + +variables: + GIT_STRATEGY: clone + +all: + stage: build + script: + - export http_proxy=$HTTP_PROXY + - export https_proxy=$HTTPS_PROXY + - export ftp_proxy=$FTP_PROXY + - export no_proxy=$NO_PROXY + - export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID + - export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY + + - kas build kas.yml:board-simatic-ipc227e.yml:opt-rt.yml:opt-targz-img.yml + - scripts/deploy-cip-core.sh buster simatic-ipc227e + + - sudo rm -rf build/tmp + - kas build kas.yml:board-bbb.yml:opt-rt.yml:opt-targz-img.yml + - scripts/deploy-cip-core.sh buster bbb am335x-boneblack.dtb + + - sudo rm -rf build/tmp + - kas build kas.yml:board-iwg20m.yml:opt-rt.yml:opt-targz-img.yml + - scripts/deploy-cip-core.sh buster iwg20m r8a7743-iwg20d-q7-dbcm-ca.dtb + + - sudo rm -rf build/tmp + - kas build kas.yml:board-rzg2m.yml:opt-rt.yml:opt-targz-img.yml + - scripts/deploy-cip-core.sh buster hihope-rz2gm r8a774a1-hihope-rzg2m-ex.dtb From patchwork Fri Jun 26 06:44:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Venkata Pyla X-Patchwork-Id: 11626607 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4682090 for ; Fri, 26 Jun 2020 06:44:42 +0000 (UTC) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2110B207E8 for ; Fri, 26 Jun 2020 06:44:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.cip-project.org header.i=@lists.cip-project.org header.b="nychqbwb" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2110B207E8 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=toshiba-tsip.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+64572+4835+4520428+8129116@lists.cip-project.org X-Received: by 127.0.0.2 with SMTP id 22gaYY4521763xhTmy9ufhl3; Thu, 25 Jun 2020 23:44:41 -0700 X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com [202.56.254.199]) by mx.groups.io with SMTP id smtpd.web11.2382.1593153880067566133 for ; Thu, 25 Jun 2020 23:44:41 -0700 IronPort-SDR: opu8vlUgneBp5Mnq6Ebn1nVHc/H8qrK298HZaULVw+GcSmPZvEPcamj0olvN8vmaU7Ht0fXuB+ 82ThG0UgUKhA== X-IronPort-AV: E=Sophos;i="5.75,282,1589221800"; d="scan'208,217";a="4552737" X-Received: from unknown (HELO TOSBLRMBX0419.TOSHIBA-TSIP.COM) ([10.116.85.28]) by peak.toshiba-tesi.com with ESMTP; 26 Jun 2020 12:45:16 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by TOSBLRMBX0419.TOSHIBA-TSIP.COM (10.116.85.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Fri, 26 Jun 2020 12:14:38 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM ([::1]) by TOSBLRMBX0219.TOSHIBA-TSIP.COM ([fe80::8d35:f069:2af2:deff%9]) with mapi id 15.01.1847.003; Fri, 26 Jun 2020 12:14:38 +0530 From: "venkata" To: "cip-dev@lists.cip-project.org" CC: "cip-security@lists.cip-project.org" Subject: [cip-dev][isar-cip-core PATCH 4/6] Use an image recipe to define installed packages instead of kas option Thread-Topic: [cip-dev][isar-cip-core PATCH 4/6] Use an image recipe to define installed packages instead of kas option Thread-Index: AdZLhVcNSinQl5PfRTyoazF0atL3EA== Date: Fri, 26 Jun 2020 06:44:38 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.28.80.121] MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: cip-dev@lists.cip-project.org List-Id: Mailing-List: list cip-dev@lists.cip-project.org; contact cip-dev+owner@lists.cip-project.org Delivered-To: mailing list cip-dev@lists.cip-project.org Reply-To: cip-dev@lists.cip-project.org X-Gm-Message-State: ydRAvFDwAoVckM7xlDmS4viOx4520428AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cip-project.org; q=dns/txt; s=20140610; t=1593153881; bh=M4MeWSJOsmHtwG4QDqE2MxmvK1t82tjxv2ZPd0pCXNU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=nychqbwbY9yeHbHOyS6NMztpTfXfKE5pPPgI0W1eCprgvNv1jaEVUQ0oDbjIMnyYhjh HUFM1a+6aVilsxXdCE0C2/570mF+1ABjG+PtD3r5aOWWcDyvjJIyFe6j33kmn8QT+HktD yCqkuD0bBlJd8NA06qF86jQuES4u1/5axto= From: Kazuhiro Hayashi kazuhiro3.hayashi@toshiba.co.jp Signed-off-by: Kazuhiro Hayashi --- SECURITY.md | 23 ++++-------- opt-security.yml | 34 ----------------- .../images/cip-core-image-security.bb | 37 +++++++++++++++++++ 3 files changed, 45 insertions(+), 49 deletions(-) delete mode 100644 opt-security.yml create mode 100644 recipes-core/images/cip-core-image-security.bb +# +# A reference image which includes security packages +# +# Copyright (c) Toshiba Corporation, 2020 +# +# Authors: +# Kazuhiro Hayashi +# +# SPDX-License-Identifier: MIT +# + +inherit image + +DESCRIPTION = "CIP Core image including security packages" + +# Use the same customizations as cip-core-image +IMAGE_INSTALL += "customizations" + +# Debian packages that provide security features +# TODO: Add sudo or sudo-ldap which conflict each other +IMAGE_PREINSTALL = " \ + openssl libssl1.1 \ + fail2ban \ + openssh-server openssh-sftp-server openssh-client \ + syslog-ng-core syslog-ng-mod-journal \ + aide aide-common \ + libnftables0 nftables \ + libpam-pkcs11 \ + chrony \ + tpm2-tools \ + tpm2-abrmd \ + libtss2-esys0 libtss2-udev \ + libpam-cracklib \ + acl \ + libauparse0 audispd-plugins auditd \ + uuid-runtime \ +" -- 2.20.1 The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4835): https://lists.cip-project.org/g/cip-dev/message/4835 Mute This Topic: https://lists.cip-project.org/mt/75119568/4520428 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129116/1171672734/xyzzy [patchwork-cip-dev@patchwork.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- diff --git a/SECURITY.md b/SECURITY.md index a8bccc7..ddceee5 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -18,31 +18,24 @@ Assumed environment * Installed packages: `docker-ce`, `qemu-system` * Users who does the following actions must be in the groups `docker` and `kvm` -Create kas file ---------------- - -Create a kas file named `opt-security.yml` to add security settings. - -Add security packages to rootfs -------------------------------- +Create image recipe +------------------- -Set `IMAGE_PREINSTALL` to the list of packages required to enable -the security features. This variable can be set through the kas file. +Create the recipe `recipes-core/images/cip-core-image-security.bb` +to generate a image including required packages. +We can install existing Debian packages by setting +`IMAGE_PREINSTALL` in the image recipe. Example: -``` -local_conf_header: - security: | IMAGE_PREINSTALL = "openssl" -``` Build images ------------ -Build images for QEMU x86 64bit machine: +Build images for QEMU x86 64bit machine. - $ ./kas-docker --isar build kas.yml:board-qemu-amd64.yml:opt-security.yml + $ ./kas-docker --isar build --target cip-core-image-security kas.yml:board-qemu-amd64.yml Run on QEMU ----------- diff --git a/opt-security.yml b/opt-security.yml deleted file mode 100644 index 7c6b39c..0000000 --- a/opt-security.yml +++ /dev/null @@ -1,34 +0,0 @@ -# -# KAS configuration for CIP Core generic profile to enable security features -# -# Copyright (c) Toshiba Corporation, 2020 -# -# Authors: -# Kazuhiro Hayashi -# -# SPDX-License-Identifier: MIT -# - -header: - version: 8 - -local_conf_header: - security: | - # TODO: Add sudo or sudo-ldap - IMAGE_PREINSTALL = "\ - openssl libssl1.1 \ - fail2ban \ - openssh-server openssh-sftp-server openssh-client \ - syslog-ng-core syslog-ng-mod-journal \ - aide aide-common \ - libnftables0 nftables \ - libpam-pkcs11 \ - chrony \ - tpm2-tools \ - tpm2-abrmd \ - libtss2-esys0 libtss2-udev \ - libpam-cracklib \ - acl \ - libauparse0 audispd-plugins auditd \ - uuid-runtime \ - " \ No newline at end of file diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb new file mode 100644 index 0000000..70571f8 --- /dev/null +++ b/recipes-core/images/cip-core-image-security.bb @@ -0,0 +1,37 @@ From patchwork Fri Jun 26 06:44:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Venkata Pyla X-Patchwork-Id: 11626609 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A574590 for ; Fri, 26 Jun 2020 06:44:57 +0000 (UTC) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7FC062076E for ; Fri, 26 Jun 2020 06:44:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.cip-project.org header.i=@lists.cip-project.org header.b="kqdaEOsV" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7FC062076E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=toshiba-tsip.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+64572+4836+4520428+8129116@lists.cip-project.org X-Received: by 127.0.0.2 with SMTP id fqBAYY4521763x5FzpGWxMFn; Thu, 25 Jun 2020 23:44:57 -0700 X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com [202.56.254.199]) by mx.groups.io with SMTP id smtpd.web11.2386.1593153895310791692 for ; Thu, 25 Jun 2020 23:44:56 -0700 IronPort-SDR: agyFpT8uTNK+I6N8ciFrpgKrrubunNYI1KfSinCOe50ti6/b55DDHJajdE16fyZEJo9JtqE1ip 1WHYAcPrW0QA== X-IronPort-AV: E=Sophos;i="5.75,282,1589221800"; d="scan'208,217";a="4552753" X-Received: from unknown (HELO TOSBLRMBX0219.TOSHIBA-TSIP.COM) ([172.28.80.119]) by peak.toshiba-tesi.com with ESMTP; 26 Jun 2020 12:45:31 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Fri, 26 Jun 2020 12:14:53 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM ([::1]) by TOSBLRMBX0219.TOSHIBA-TSIP.COM ([fe80::8d35:f069:2af2:deff%9]) with mapi id 15.01.1847.003; Fri, 26 Jun 2020 12:14:53 +0530 From: "venkata" To: "cip-dev@lists.cip-project.org" CC: "cip-security@lists.cip-project.org" Subject: [cip-dev][isar-cip-core PATCH 5/6] cip-core-image-security.bb: append security packages to existing 'IMAGE_PREINSTALL' Thread-Topic: [cip-dev][isar-cip-core PATCH 5/6] cip-core-image-security.bb: append security packages to existing 'IMAGE_PREINSTALL' Thread-Index: AdZLhVk9kGb4Ln1sSqKXGAK78d6ABQ== Date: Fri, 26 Jun 2020 06:44:53 +0000 Message-ID: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.28.80.121] MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: cip-dev@lists.cip-project.org List-Id: Mailing-List: list cip-dev@lists.cip-project.org; contact cip-dev+owner@lists.cip-project.org Delivered-To: mailing list cip-dev@lists.cip-project.org Reply-To: cip-dev@lists.cip-project.org X-Gm-Message-State: DQgoC8mZpaTiZG8k6g9cdyC4x4520428AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cip-project.org; q=dns/txt; s=20140610; t=1593153897; bh=0YOC5amloCwCG5W+NEqtyKn375kEEslnAE+b4Dx3dSg=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=kqdaEOsV1eKu1jf7GsxQBk34SlnJC1N6hCy53YDEEVAwpMLhLs5QLi+X2xMh2fUmwsx mg6mrKWLps6flWiRkT92LxIEL4JlhC7PSaHhpeHRu3/7suS8pMeaW4nTxLbl4HuJH+uBJ hgT6o6Ec3j/CA6HM0fhHvup1OTfuiihjuUk= From: venkata pyla venkata.pyla@toshiba-tsip.com Signed-off-by: venkata pyla --- recipes-core/images/cip-core-image-security.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4836): https://lists.cip-project.org/g/cip-dev/message/4836 Mute This Topic: https://lists.cip-project.org/mt/75119573/4520428 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129116/1171672734/xyzzy [patchwork-cip-dev@patchwork.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb index 70571f8..b883414 100644 --- a/recipes-core/images/cip-core-image-security.bb +++ b/recipes-core/images/cip-core-image-security.bb @@ -18,7 +18,7 @@ IMAGE_INSTALL += "customizations" # Debian packages that provide security features # TODO: Add sudo or sudo-ldap which conflict each other -IMAGE_PREINSTALL = " \ +IMAGE_PREINSTALL += " \ openssl libssl1.1 \ fail2ban \ openssh-server openssh-sftp-server openssh-client \ -- 2.20.1 From patchwork Fri Jun 26 06:45:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Venkata Pyla X-Patchwork-Id: 11626611 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3E1EB6C1 for ; Fri, 26 Jun 2020 06:45:06 +0000 (UTC) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 16B062076E for ; Fri, 26 Jun 2020 06:45:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=lists.cip-project.org header.i=@lists.cip-project.org header.b="XvlMvjh8" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 16B062076E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=toshiba-tsip.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=bounce+64572+4837+4520428+8129116@lists.cip-project.org X-Received: by 127.0.0.2 with SMTP id 5jdhYY4521763xYGn6gbEmc1; Thu, 25 Jun 2020 23:45:05 -0700 X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com [202.56.254.199]) by mx.groups.io with SMTP id smtpd.web12.2478.1593153904285716553 for ; Thu, 25 Jun 2020 23:45:05 -0700 IronPort-SDR: +4vl1NmgkTkQ+OCTzAsIrtngwluL0wrDdjROemWm9KxWr9UgKzEl4YRk8WKWcyL0ZTIkmiCXnG 7OcQWDr1Kt/Q== X-IronPort-AV: E=Sophos;i="5.75,282,1589221800"; d="scan'208,217";a="4552759" X-Received: from unknown (HELO TOSBLRMBX0119.TOSHIBA-TSIP.COM) ([172.28.80.118]) by peak.toshiba-tesi.com with ESMTP; 26 Jun 2020 12:45:40 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by TOSBLRMBX0119.TOSHIBA-TSIP.COM (172.28.80.118) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Fri, 26 Jun 2020 12:15:02 +0530 X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM ([::1]) by TOSBLRMBX0219.TOSHIBA-TSIP.COM ([fe80::8d35:f069:2af2:deff%9]) with mapi id 15.01.1847.003; Fri, 26 Jun 2020 12:15:02 +0530 From: "venkata" To: "cip-dev@lists.cip-project.org" CC: "cip-security@lists.cip-project.org" Subject: [cip-dev][isar-cip-core PATCH 6/6] cip-core-image-security.bb: Add sudo package Thread-Topic: [cip-dev][isar-cip-core PATCH 6/6] cip-core-image-security.bb: Add sudo package Thread-Index: AdZLhWWGu/SW/DItShSBvOuATnEm2Q== Date: Fri, 26 Jun 2020 06:45:02 +0000 Message-ID: <31b1675663114343b3888f3c601a0b20@toshiba-tsip.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.28.80.121] MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: cip-dev@lists.cip-project.org List-Id: Mailing-List: list cip-dev@lists.cip-project.org; contact cip-dev+owner@lists.cip-project.org Delivered-To: mailing list cip-dev@lists.cip-project.org Reply-To: cip-dev@lists.cip-project.org X-Gm-Message-State: hxxGVs4UYA0yPwRthwAuwBdmx4520428AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.cip-project.org; q=dns/txt; s=20140610; t=1593153905; bh=la+JJkCiiNlS5Uvb5Xj844Z4FG+1HyzZX5AoqQAWfXY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=XvlMvjh8R7XGTJStX9FHX/471oh1M7w63rQY/yxXFPNT4x40k3LTskxCvluR57oxmak 81+OupbpuYEaeTT1oMCB18RibT/z0Vd9C0IOxaecBl3H6Vs67tY1j/KXsoaUBJnpQ7126 ES19W2ABLRYedHJ6hv0Tcx3Q/Nga4rllVRs= From: venkata pyla venkata.pyla@toshiba-tsip.com Added sudo package for security feature Signed-off-by: venkata pyla --- recipes-core/images/cip-core-image-security.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) acl \ libauparse0 audispd-plugins auditd \ uuid-runtime \ + sudo \ " -- 2.20.1 The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4837): https://lists.cip-project.org/g/cip-dev/message/4837 Mute This Topic: https://lists.cip-project.org/mt/75119575/4520428 Group Owner: cip-dev+owner@lists.cip-project.org Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129116/1171672734/xyzzy [patchwork-cip-dev@patchwork.kernel.org] -=-=-=-=-=-=-=-=-=-=-=- diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb index b883414..8253952 100644 --- a/recipes-core/images/cip-core-image-security.bb +++ b/recipes-core/images/cip-core-image-security.bb @@ -17,7 +17,6 @@ DESCRIPTION = "CIP Core image including security packages" IMAGE_INSTALL += "customizations" # Debian packages that provide security features -# TODO: Add sudo or sudo-ldap which conflict each other IMAGE_PREINSTALL += " \ openssl libssl1.1 \ fail2ban \ @@ -34,4 +33,5 @@ IMAGE_PREINSTALL += " \