Hi Chiradeep, >>Okay this is the issue :) I'll fix in preseed.cfg so we'll have only >>one root partition (and maybe a small swap but not required I think?) >>like the present systemvm which too has only one / partition, unless >>you want a different scheme. > > Actually prefer different partitions for securing against local attacks. > The CIS > Benchmark [http://benchmarks.cisecurity.org/downloads/benchmarks/] > recommends the following: > "Minimally, the following conditions should must exist: > * user writable directories (i.e /tmp) should have their own partitions to > prevent hardlink attacks > * /var and /opt should should not share a partition with the system root > '/'"
Sure, I can do that. > > >> >>> >>> I've left a few FIXME in cloudstack-packages.sh, please take a look. >> >>Except for the signature creator I fixed other ones. How do you >>propose we create the signature, use latest git SHA? > > Currently it is the md5 of the patches/systemvm/debian/config and > patches/systemvm/debian/vpn tar gzip. Cool thanks. To update, I'm able to build a systemvm appliance with vbox and able to convert the disk image to vmdk, hyper-v vhd, qcow2 and ova (vmware), but I've not tested them. Next week, I'll take help from Prasanna to setup a jenkins job on j.c.o. I cannot do it on b.a.o, as I need to test it first, fix the building process and it would need a linux host that can run vbox. The total build time takes about ~25 mins on my laptop if internet speed is good enough. Regards. > >> >>Regards. >> >>> >>> -- >>> Chiradeep >>> >
