diff options
author | Tom Joseph <tomjoseph@in.ibm.com> | 2017-02-20 09:31:43 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2017-02-21 17:21:01 +0300 |
commit | 1562bbcb50e2bf7b6130dc9f8d34494cd115c8d5 (patch) | |
tree | 3d272e4ec35ffcd0a541d7275ee46465e8bcd386 /meta-phosphor | |
parent | f7ef071db9da4fec6b43e683c1dae8b33c350479 (diff) | |
download | openbmc-1562bbcb50e2bf7b6130dc9f8d34494cd115c8d5.tar.xz |
IPMI Whitelisted commands for FRU and OEM repositories
The IPMI whitelisted commands for phosphor-ipmi-fru and openpower-ipmi-oem
is added. Only the IPMI whitelisted listed commands are allowed in
restricted mode.
The IPMI whitelisted commands for phosphor-ipmi-fru and openpower-ipmi-oem
are added as native packages and host-ipmid depends on those.
Change-Id: Ic4184773656567eb0dffa30ef29f8bc3ced3aff4
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
Diffstat (limited to 'meta-phosphor')
6 files changed, 61 insertions, 3 deletions
diff --git a/meta-phosphor/classes/obmc-phosphor-utils.bbclass b/meta-phosphor/classes/obmc-phosphor-utils.bbclass index 713c892fb..baaa19d57 100644 --- a/meta-phosphor/classes/obmc-phosphor-utils.bbclass +++ b/meta-phosphor/classes/obmc-phosphor-utils.bbclass @@ -42,3 +42,11 @@ def compose_list_zip(d, fmtvar, *listvars, **kw): lists = [listvar_to_list(d, x) for x in listvars] lst = [fmt.format(*x) for x in zip(*lists)] return (kw.get('sep') or ' ').join(lst) + + +def append_suffix(val, suffix): + words = val.split(' ') + newval = [] + for w in words: + newval.append(w + suffix) + return ' '.join(newval)
\ No newline at end of file diff --git a/meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass b/meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass new file mode 100644 index 000000000..7db71d5c3 --- /dev/null +++ b/meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass @@ -0,0 +1,27 @@ +# Common code for recipes that implement Phosphor IPMI Whitelist +# packages + +WHITELIST ?= "${PN}.conf" +INSTALLDIR = "${sysconfdir}/phosphor-ipmi-host/" + +python phosphor_ipmi_host_whitelist_postinstall() { + def install_whitelist(d): + # Create the install directory if needed + whitelist_file = d.getVar('WHITELIST', True) + install_dir = d.getVar('INSTALLDIR', True) + if not os.path.exists(install_dir): + os.makedirs(install_dir) + install_file = os.path.join(install_dir, whitelist_file) + + # Search for conf file in FILESPATH + searchpaths = d.getVar('FILESPATH', True) + path = bb.utils.which(searchpaths, whitelist_file) + if not os.path.isfile(path): + bb.fatal('Did not find conf file "%s"' % whitelist_file) + + # Copy the conf file into install directory + bb.utils.copyfile(path, install_file) + + install_whitelist(d) +} +do_install[postfuncs] += "phosphor_ipmi_host_whitelist_postinstall"
\ No newline at end of file diff --git a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist-native.bb b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist-native.bb new file mode 100644 index 000000000..30c2443c3 --- /dev/null +++ b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist-native.bb @@ -0,0 +1,6 @@ +SUMMARY = "Whitelisted IPMI FRU Parser commands" +DESCRIPTION = "Whitelisted IPMI FRU Parser commands for OpenBMC" + +inherit obmc-phosphor-license +inherit native +inherit phosphor-ipmi-host-whitelist
\ No newline at end of file diff --git a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist/phosphor-ipmi-fru-whitelist-native.conf b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist/phosphor-ipmi-fru-whitelist-native.conf new file mode 100644 index 000000000..365c3d952 --- /dev/null +++ b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist/phosphor-ipmi-fru-whitelist-native.conf @@ -0,0 +1,2 @@ +#<NetFn>:<Command> +0x0A:0x12 //<Storage>:<Write FRU Data>
\ No newline at end of file diff --git a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb index 0b8b93d52..285df5e8d 100644 --- a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb +++ b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb @@ -13,6 +13,7 @@ inherit obmc-phosphor-ipmiprovider-symlink DEPENDS += "phosphor-logging" DEPENDS += "phosphor-mapper" DEPENDS += "autoconf-archive-native" +DEPENDS += "packagegroup-obmc-ipmid-providers" RDEPENDS_${PN}-dev += "phosphor-logging" RDEPENDS_${PN}-dev += "phosphor-mapper-dev" RDEPENDS_${PN} += "clear-once" @@ -24,6 +25,15 @@ SRC_URI += "git://github.com/openbmc/phosphor-host-ipmid" SRCREV = "513d68e11cf6d392e847d39c743ce54ccaa0ebf7" +# Setup IPMI Whitelist Conf files +WHITELIST_CONF = " \ + ${STAGING_ETCDIR_NATIVE}/phosphor-ipmi-host/*.conf \ + ${S}/host-ipmid-whitelist.conf \ + " +EXTRA_OECONF = " \ + WHITELIST_CONF="${WHITELIST_CONF}" \ + " + S = "${WORKDIR}/git" HOSTIPMI_PROVIDER_LIBRARY += "libapphandler.so" diff --git a/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb b/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb index 6f82cb32c..476ad5037 100644 --- a/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb +++ b/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb @@ -7,7 +7,12 @@ inherit obmc-phosphor-license PROVIDES = "${PACKAGES}" PACKAGES = "${PN}-libs" +OBMC_IPMID_PROVIDERS = "phosphor-ipmi-fru" + SUMMARY_${PN}-libs = "Extra providers for ipmid." -RDEPENDS_${PN}-libs = " \ - phosphor-ipmi-fru \ - " +RDEPENDS_${PN}-libs = "${OBMC_IPMID_PROVIDERS}" + +WHITELIST_FORMAT = "{0}-whitelist-native" +OBMC_IPMID_WHITELISTS = "${@compose_list(d, 'WHITELIST_FORMAT', 'OBMC_IPMID_PROVIDERS')}" + +DEPENDS_append = "${OBMC_IPMID_WHITELISTS}"
\ No newline at end of file |