Thanks, it looks good Please send me a merge request > -----Original Message----- > From: venkata.pyla@toshiba-tsip.com > Sent: Tuesday, September 15, 2020 11:24 PM > To: sangorrin daniel(サンゴリン ダニエル □SWC◯ACT) > Cc: pyla venkata(TSIP) ; cip-dev@lists.cip-project.org > Subject: [cip-core:deby 1/3] cip-security: Create new layer for cip security > > From: venkata pyla > > This layer enables security packages and default configurations > required to evaluate IEC62443-4-2 assessment > > Signed-off-by: venkata pyla > --- > README.md | 5 +++++ > kas/opt/security.yml | 32 +++++++++++++++++++++++++++++++ > meta-cip-security/conf/layer.conf | 18 +++++++++++++++++ > 3 files changed, 55 insertions(+) > create mode 100644 kas/opt/security.yml > create mode 100644 meta-cip-security/conf/layer.conf > > diff --git a/README.md b/README.md > index f90e040..f59dd0c 100644 > --- a/README.md > +++ b/README.md > @@ -88,3 +88,8 @@ LTP test image for QEMU arm64 / hihope-rzg2m > > $ ./scripts/kas-build.sh kas/board/qemuarm64.yml:kas/opt/deby.yml:kas/opt/dhcp.yml:kas/opt/ltp.yml > > +Create Security image for QEMU x86-64 > +------------------------------------- > + > + $ ./scripts/kas-build.sh kas/board/qemux86-64.yml:kas/opt/deby.yml:kas/opt/security.yml > + > diff --git a/kas/opt/security.yml b/kas/opt/security.yml > new file mode 100644 > index 0000000..e84290c > --- /dev/null > +++ b/kas/opt/security.yml > @@ -0,0 +1,32 @@ > +# > +# CIP Core tiny profile with Security > +# packages and configuration > +# > +# Copyright (c) 2019 TOSHIBA Corp. > +# > +# SPDX-License-Identifier: MIT > +# > + > +header: > + version: 8 > + > +repos: > + meta-cip-security: > + layers: > + meta-cip-security: > + > +local_conf_header: > + security: | > + DISTRO_FEATURES_append += " pam" > + CORE_IMAGE_EXTRA_INSTALL += " \ > + aide aide-common \ > + openssl openssl-bin \ > + openssh openssh-misc \ > + chrony chronyc \ > + libpam pam-plugin-cracklib pam-plugin-tally2 \ > + syslog-ng \ > + acl \ > + sudo \ > + auditd \ > + util-linux \ > + " > diff --git a/meta-cip-security/conf/layer.conf b/meta-cip-security/conf/layer.conf > new file mode 100644 > index 0000000..b015436 > --- /dev/null > +++ b/meta-cip-security/conf/layer.conf > @@ -0,0 +1,18 @@ > +# We have a conf and classes directory, add to BBPATH > +BBPATH =. "${LAYERDIR}:" > + > +# We have recipes-* directories, add to BBFILES > +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ > + ${LAYERDIR}/recipes-*/*/*.bbappend" > + > +BBFILE_COLLECTIONS += "cip-security" > +BBFILE_PATTERN_cip-security = "^${LAYERDIR}/" > +BBFILE_PRIORITY_cip-security = "11" > + > +# This should only be incremented on significant changes that will > +# cause compatibility issues with other layers > +LAYERVERSION_cip-security = "1" > + > +LAYERDEPENDS_cip-security = "debian" > + > +LAYERSERIES_COMPAT_cip-security = "warrior" > -- > 2.27.0.windows.1 > > The information contained in this e-mail message and in any > attachments/annexure/appendices is confidential to the > recipient and may contain privileged information. > If you are not the intended recipient, please notify the > sender and delete the message along with any > attachments/annexure/appendices. You should not disclose, > copy or otherwise use the information contained in the > message or any annexure. Any views expressed in this e-mail > are those of the individual sender except where the sender > specifically states them to be the views of > Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. > > Although this transmission and any attachments are believed to be > free of any virus or other defect that might affect any computer > system into which it is received and opened, it is the responsibility > of the recipient to ensure that it is virus free and no responsibility > is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or > damage arising in any way from its use.