incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <bhais...@apache.org>
Subject Re: Building SystemVM template appliance
Date Thu, 14 Feb 2013 10:30:13 GMT
Hi Chiradeep,

>>Okay this is the issue :) I'll fix in preseed.cfg so we'll have only
>>one root partition (and maybe a small swap but not required I think?)
>>like the present systemvm which too has only one / partition, unless
>>you want a different scheme.
>
> Actually prefer different partitions for securing against local attacks.
> The CIS
> Benchmark [http://benchmarks.cisecurity.org/downloads/benchmarks/]
> recommends the following:
> "Minimally, the following conditions should must exist:
> * user writable directories (i.e /tmp) should have their own partitions to
> prevent hardlink attacks
> * /var and /opt should should not share a partition with the system root
> '/'"

Sure, I can do that.

>
>
>>
>>>
>>> I've left a few FIXME in cloudstack-packages.sh, please take a look.
>>
>>Except for the signature creator I fixed other ones. How do you
>>propose we create the signature, use latest git SHA?
>
> Currently it is the md5 of the patches/systemvm/debian/config and
> patches/systemvm/debian/vpn tar gzip.

Cool thanks.

To update, I'm able to build a systemvm appliance with vbox and able
to convert the disk image to vmdk, hyper-v vhd, qcow2 and ova
(vmware), but I've not tested them. Next week, I'll take help from
Prasanna to setup a jenkins job on j.c.o. I cannot do it on b.a.o, as
I need to test it first, fix the building process and it would need a
linux host that can run vbox. The total build time takes about ~25
mins on my laptop if internet speed is good enough.

Regards.

>
>>
>>Regards.
>>
>>>
>>> --
>>> Chiradeep
>>>
>

Mime
View raw message