[cip-dev][isar-cip-core] Integration of test and security dependencies with cip-core

["Daniel Sangorrin" <daniel.sangorrin@toshiba.co.jp>]

[-- Attachment #1: Type: text/plain, Size: 3946 bytes --]

Hello Dinesh, Chris, Jan:

# BACKGROUND

As I mentioned in our last technical steering commite meeting, our gitlab-ci scripts should be able to produce multiple OS images. For example, the testing team needs to have python and possibly other software including the tests themshelves; and the security team needs to have extra packages and probably lots of customizations.

# CURRENT STATUS

At the moment we have what I would call "target images", which contain:

* something close to what I would call the "CIP Core Generic profile": 
    * the ISAR core packages
        * I think these are basically debootstrap minbase (isar/meta/recipes-core/isar-bootstrap)
    * some extra customizations
        * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/tree/master/recipes-core/
* target-dependent packages (kernel, u-boot, firmware, etc)
    * these are added using KAS opt.yaml syntax, instead of using a meta-layer
* options
    * opt-rt: will use a kernel with PREEMPT-RT patch
    * opt-stretch: will use stretch as distro
    * opt-4.4: will use kernel v4.4 instead of the default 4.10
    * opt-targz-img: exports the image as a tarball for LAVA

On the branch, iec-evaluation there is an initial implementation of the security image:
    * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/tree/security/iec-evaluation
    * at first they added an opt-security.yaml file:
        * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commit/a8216d4ca5eed4d73dff2e00601dea7c9d733f45
    * then they changed to use recipes-core/images/cip-core-image-security.bb that extends IMAGE_PREINSTALL
        * https://gitlab.com/cip-project/cip-core/isar-cip-core/-/commit/3461a50297e370210d76d85d434fb625c8c4248c
    * see the original thread here:
        * https://lore.kernel.org/cip-dev/TYXPR01MB180817C883F874B321DBA264E1FD0@TYXPR01MB1808.jpnprd01.prod.outlook.com/T/#m752a116d8372222d727722f4fe18ca19d94838eb

# MY PROPOSAL

My proposal as the next task for the CIP Core work group is to add metadata for releasing these images:

* target images: isar debootstrap + customizations + kernel/u-boot/fw
    * [NEW] release them as bmap images for our reference hardware boards
    * [NEW] create a page (gitlab wiki) that will contain links to the latest images and how-to-install readmes for each reference board
    * [NEW] refer to that page from the CIP wiki page (https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting/cipreferencehardware)
* [NEW] testing images: target images + test dependencies
    * release them using opt-targz-img so they can be used in LAVA
    * add the test dependencies
        * packages: python2.7, python3, ...
        * tests: LTP, ...
            * method 1: build them on a separate repo and include in the image
            * method 2: build them with ISAR (new recipes) and include in the image
            * method 3: the artifacts are downloaded by LAVA <-- My preference
        * How to implement this
            * method 1: using the opt yaml format <-- My preference if we only need to specify packages
            * method 2: creating a separate meta layer
            * method 3: using a new image (cip-core-image-testing.bb)
* [NEW] security: target + security packages + security tests and dependencies
    * release in two formats
        * using opt-targz-img so they can be used in LAVA
        * as images for our reference hardware boards
            * add to the gitlab wiki links to the latest images and how-to-install readmes too
    * How to implement this
        * method 1: using the opt yaml format
        * method 2: creating a separate meta layer <-- My preference if it gets complex
        * method 3: using a new image (cip-core-image-security.bb) <-- Current method

# FEEDBACK

Please check my initial proposal and send me feedback.

Thanks,
Daniel Sangorrin





[-- Attachment #2: Type: text/plain, Size: 419 bytes --]

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#4624): https://lists.cip-project.org/g/cip-dev/message/4624
Mute This Topic: https://lists.cip-project.org/mt/74286250/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy  [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-