Re: [cip-dev] [PATCH 1/3] cip-security: Add packages for IEC-62443-4-2 Evaluation.

From: "Jan Kiszka" <jan.kiszka@siemens.com>
To: cip-dev@lists.cip-project.org,
	Venkata Pyla <venkata.pyla@toshiba-tsip.com>
Subject: Re: [cip-dev] [PATCH 1/3] cip-security: Add packages for IEC-62443-4-2 Evaluation.
Date: Thu, 23 Jul 2020 15:52:47 +0200	[thread overview]
Message-ID: <06f7fc59-f004-3d68-d169-0e7d41f33038@siemens.com> (raw)
In-Reply-To: <15065.1595510009905529924@lists.cip-project.org>

[-- Attachment #1: Type: text/plain, Size: 3678 bytes --]

On 23.07.20 15:13, Venkata Pyla wrote:
> Hi Jan,
> 
> sorry i am resending this mail
> 
> On Thu, Jul 23, 2020 at 04:07 PM, Jan Kiszka wrote:
> 
>>
>> On 21.07.20 10:16, Venkata Pyla wrote:
>>> From: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
>>>
>>> Identified security packages are added to the target image
>>> and that will be used for IEC-62443-4-2 evaluation
>>>
>>> Signed-off-by: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
>>> Signed-off-by: pvenkata2 <venkata.pyla@toshiba-tsip.com>
>>                    ^^^^^^^^^
>> Can you configure your git to add you written name here as well? It's in
>> the email, yes, but it would be nicer to have it displayed as well.
> 
> sure, i didn't notice, it was missed in my git config
> 
>>> ---
>>>    .../images/cip-core-image-security.bb         | 37 +++++++++++++++++++
>>>    1 file changed, 37 insertions(+)
>>>    create mode 100644 recipes-core/images/cip-core-image-security.bb
>>>
>>> diff --git a/recipes-core/images/cip-core-image-security.bb
>> b/recipes-core/images/cip-core-image-security.bb
>>> new file mode 100644
>>> index 0000000..8253952
>>> --- /dev/null
>>> +++ b/recipes-core/images/cip-core-image-security.bb
>>> @@ -0,0 +1,37 @@
>>> +#
>>> +# A reference image which includes security packages
>>> +#
>>> +# Copyright (c) Toshiba Corporation, 2020
>>> +#
>>> +# Authors:
>>> +#  Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
>>> +#
>>> +# SPDX-License-Identifier: MIT
>>> +#
>>> +
>>> +inherit image
>>> +
>>> +DESCRIPTION = "CIP Core image including security packages"
>>> +
>>> +# Use the same customizations as cip-core-image
>>
>> That comment is not needed. It just creates the risk of becoming
>> outdated if cip-core-image decides to do something else.
>>
> 
> Understood, i will modify and resend this patch series
> 
>>> +IMAGE_INSTALL += "customizations"
>>> +
>>> +# Debian packages that provide security features
>>> +IMAGE_PREINSTALL += " \
>>> +	openssl libssl1.1 \
>>> +	fail2ban \
>>> +	openssh-server openssh-sftp-server openssh-client \
>>> +	syslog-ng-core syslog-ng-mod-journal \
>>> +	aide aide-common \
>>> +	libnftables0 nftables \
>>> +	libpam-pkcs11 \
>>> +	chrony \
>>> +	tpm2-tools \
>>> +	tpm2-abrmd \
>>> +	libtss2-esys0 libtss2-udev \
>>> +	libpam-cracklib \
>>> +	acl \
>>> +	libauparse0 audispd-plugins auditd \
>>> +	uuid-runtime \
>>> +	sudo \
>>> +"
>>>
>>
>> Can you close
>> https://gitlab.com/cip-project/cip-core/isar-cip-core/-/merge_requests/8
>> if this series obsoletes it?
>>
> 
> I have rebased the branch and sent the patches over mail,
> I think i should close this MR in gitlab, i will do that.
> 
>> BTW, a cover letter would help structuring the patches together. And
>> please add a tag like "[isar-cip-core]" in order to clarify the series
>> target. That is all configurable in git format-patch/send-email.
>>
> 
> Got it,
> i was sending the patches to the community for the first time so i was missing some basic stuff.
> next time i will do care of it,
> thanks for showing patience on me

Don't worry. The submission looked fairly good otherwise, not like 
first-time!

BTW, I'm still ambivalent whether to do UI (MRs) or cip-dev based patch 
reviews for isar-cip-core. As contributions increase, you contributors 
need to express your preference. I'm used to both by now, I have 
troubles with both by now. However, we just need to consolidate over one 
system because we can't couple them reasonably.

And then we should document the current state of affairs, I know. There 
is a CONTRIBUTING guild missing for this repo.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#4991): https://lists.cip-project.org/g/cip-dev/message/4991
Mute This Topic: https://lists.cip-project.org/mt/75699592/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-