meta-quanta: meta-common: enable TLS with static CA and specific user
Add Security Feature:
1. default-users: Add static User "Megapede"
2. enable-tls: Enable TLS authentication with static CA
3. phosphor-monitor-hostname: Generate a self-signed certificate once
the hostname is assigned
Note:
1. CA PATH:
meta-quanta\meta-common\recipes-phosphor\certificate\phosphor-certificate-manager\certs\authority
All CAs under the folder will be encapsulated into the firmware image
(From meta-quanta rev: a310726a27974a471386d4e5f6d4b79f3bc6906e)
Signed-off-by: AlanKuo <Alan_Kuo@quantatw.com>
Change-Id: If033222b72c59a86c1f818a3350d6eb55bba10b5
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb b/meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb
new file mode 100755
index 0000000..0bb9be8
--- /dev/null
+++ b/meta-quanta/meta-common/recipes-quanta/default-users/default-users.bb
@@ -0,0 +1,24 @@
+SUMMARY = "Add default Users"
+DESCRIPTION = "Add Users"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+
+EXCLUDE_FROM_WORLD = "1"
+
+DEPENDS = "bmcweb"
+DEPENDS += "phosphor-ipmi-host"
+DEPENDS += "phosphor-user-manager"
+RDEPENDS_${PN} = "bmcweb"
+RDEPENDS_${PN} += "phosphor-ipmi-host"
+RDEPENDS_${PN} += "phosphor-user-manager"
+
+inherit useradd
+USERADD_PACKAGES = "${PN}"
+
+USERADD_PARAM_${PN} = "-m -N -u 1000 -g 100 -s /bin/nologin \
+ -p '\$1\$UGMqyqdG\$FZiylVFmRRfl9Z0Ue8G7e/' \
+ -G 'web,redfish,priv-admin' Megapede; "
+GROUPMEMS_PARAM_${PN} = "-g priv-admin -a root; "
+GROUPMEMS_PARAM_${PN} += "-g ipmi -a root; "
+
+ALLOW_EMPTY_${PN} = "1"