diff options
author | AlanKuo <Alan_Kuo@quantatw.com> | 2020-11-02 04:35:28 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-11-03 23:32:06 +0300 |
commit | 20f7943773dc0f028f33e0b7bc8cb5c87fa5e0f2 (patch) | |
tree | 33aeeabd11833c2887d914536e1505c4c4812702 /meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb | |
parent | 2525593cf7448157e818358ac4c8c468df7210f4 (diff) | |
download | openbmc-20f7943773dc0f028f33e0b7bc8cb5c87fa5e0f2.tar.xz |
meta-quanta: meta-common: enable TLS with static CA and specific user
Add Security Feature:
1. default-users: Add static User "Megapede"
2. enable-tls: Enable TLS authentication with static CA
3. phosphor-monitor-hostname: Generate a self-signed certificate once
the hostname is assigned
Note:
1. CA PATH:
meta-quanta\meta-common\recipes-phosphor\certificate\phosphor-certificate-manager\certs\authority
All CAs under the folder will be encapsulated into the firmware image
(From meta-quanta rev: a310726a27974a471386d4e5f6d4b79f3bc6906e)
Signed-off-by: AlanKuo <Alan_Kuo@quantatw.com>
Change-Id: If033222b72c59a86c1f818a3350d6eb55bba10b5
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb')
-rwxr-xr-x | meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb b/meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb new file mode 100755 index 000000000..0bb9be821 --- /dev/null +++ b/meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb @@ -0,0 +1,24 @@ +SUMMARY = "Add default Users" +DESCRIPTION = "Add Users" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +EXCLUDE_FROM_WORLD = "1" + +DEPENDS = "bmcweb" +DEPENDS += "phosphor-ipmi-host" +DEPENDS += "phosphor-user-manager" +RDEPENDS_${PN} = "bmcweb" +RDEPENDS_${PN} += "phosphor-ipmi-host" +RDEPENDS_${PN} += "phosphor-user-manager" + +inherit useradd +USERADD_PACKAGES = "${PN}" + +USERADD_PARAM_${PN} = "-m -N -u 1000 -g 100 -s /bin/nologin \ + -p '\$1\$UGMqyqdG\$FZiylVFmRRfl9Z0Ue8G7e/' \ + -G 'web,redfish,priv-admin' Megapede; " +GROUPMEMS_PARAM_${PN} = "-g priv-admin -a root; " +GROUPMEMS_PARAM_${PN} += "-g ipmi -a root; " + +ALLOW_EMPTY_${PN} = "1" |