Hello Daniel-san Thanks for bringing this topic as this will help us in many ways such as creating images for various requirements as well as flexibility for customizations. I have a question, while planning this activity can we define some version for CIP Core itself? As currently we have CIP Kernel versions and versions for individual application packages. e.g. If we want to share CIP Kernel and CIP Core version for IEC assessment we lack CIP Core version. May be we can discuss it in upcoming CIP Core meeting. I have added my comments inline. Thanks & Regards, Dinesh Kumar -----Original Message----- From: daniel.sangorrin@toshiba.co.jp Sent: 18 May 2020 12:07 To: Dinesh Kumar ; jan.kiszka@siemens.com; Chris.Paterson2@renesas.com Cc: cip-dev@lists.cip-project.org; cip-security@lists.cip-project.org Subject: [cip-dev][isar-cip-core] Integration of test and security dependencies with cip-core Hello Dinesh, Chris, Jan: # BACKGROUND As I mentioned in our last technical steering commite meeting, our gitlab-ci scripts should be able to produce multiple OS images. For example, the testing team needs to have python and possibly other software including the tests themshelves; and the security team needs to have extra packages and probably lots of customizations. # CURRENT STATUS At the moment we have what I would call "target images", which contain: * something close to what I would call the "CIP Core Generic profile": * the ISAR core packages * I think these are basically debootstrap minbase (isar/meta/recipes-core/isar-bootstrap) * some extra customizations * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/tree/master/recipes-core/ * target-dependent packages (kernel, u-boot, firmware, etc) * these are added using KAS opt.yaml syntax, instead of using a meta-layer * options * opt-rt: will use a kernel with PREEMPT-RT patch * opt-stretch: will use stretch as distro * opt-4.4: will use kernel v4.4 instead of the default 4.10 * opt-targz-img: exports the image as a tarball for LAVA On the branch, iec-evaluation there is an initial implementation of the security image: * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/tree/security/iec-evaluation * at first they added an opt-security.yaml file: * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commit/a8216d4ca5eed4d73dff2e00601dea7c9d733f45 * then they changed to use recipes-core/images/cip-core-image-security.bb that extends IMAGE_PREINSTALL * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commit/3461a50297e370210d76d85d434fb625c8c4248c * see the original thread here: * https://lore.kernel.org/cip-dev/TYXPR01MB180817C883F874B321DBA264E1FD0@TYXPR01MB1808.jpnprd01.prod.outlook.com/T/#m752a116d8372222d727722f4fe18ca19d94838eb # MY PROPOSAL My proposal as the next task for the CIP Core work group is to add metadata for releasing these images: * target images: isar debootstrap + customizations + kernel/u-boot/fw * [NEW] release them as bmap images for our reference hardware boards * [NEW] create a page (gitlab wiki) that will contain links to the latest images and how-to-install readmes for each reference board * [NEW] refer to that page from the CIP wiki page (https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/cipreferencehardware) * [NEW] testing images: target images + test dependencies * release them using opt-targz-img so they can be used in LAVA * add the test dependencies * packages: python2.7, python3, ... * tests: LTP, ... * method 1: build them on a separate repo and include in the image * method 2: build them with ISAR (new recipes) and include in the image * method 3: the artifacts are downloaded by LAVA <-- My preference * How to implement this * method 1: using the opt yaml format <-- My preference if we only need to specify packages * method 2: creating a separate meta layer * method 3: using a new image (cip-core-image-testing.bb) * [NEW] security: target + security packages + security tests and dependencies * release in two formats * using opt-targz-img so they can be used in LAVA * as images for our reference hardware boards * add to the gitlab wiki links to the latest images and how-to-install readmes too * How to implement this * method 1: using the opt yaml format * method 2: creating a separate meta layer <-- My preference if it gets complex * method 3: using a new image (cip-core-image-security.bb) <-- Current method Dinesh>>I am fine with your current proposal. However, as Jan mentioned in future based on need or shortcomings of above proposal we may have to make changes as required. # FEEDBACK Please check my initial proposal and send me feedback. Thanks, Daniel Sangorrin The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the recipient and may contain privileged information. If you are not the intended recipient, please notify the sender and delete the message along with any attachments/annexure/appendices. You should not disclose, copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail are those of the individual sender except where the sender specifically states them to be the views of Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or damage arising in any way from its use.