1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
From b6863f9a0c1c36705eba0c3181541f67cd1a202a Mon Sep 17 00:00:00 2001
From: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Date: Wed, 14 Jul 2021 09:04:42 +0000
Subject: [PATCH] Revert "Disable nbd proxy from the build"
NBD Proxy has been disabled upstream. Reenable as we use it for Virtual
Media
This reverts commit efb8062c306474942bc94f15d748b2eb0b58fbb6.
Change-Id: I19a88b30c1074dd376f2df8f5668245b638b881f
---
meson.build | 3 ++-
meson_options.txt | 10 ++--------
2 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/meson.build b/meson.build
index 650a5ec..5738b10 100644
--- a/meson.build
+++ b/meson.build
@@ -83,7 +83,8 @@ feature_map = {
'rest' : '-DBMCWEB_ENABLE_DBUS_REST',
'static-hosting' : '-DBMCWEB_ENABLE_STATIC_HOSTING',
'insecure-tftp-update' : '-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE',
- #'vm-nbdproxy' : '-DBMCWEB_ENABLE_VM_NBDPROXY',
+ 'validate-unsecure-feature' : '-DBMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE',
+ 'vm-nbdproxy' : '-DBMCWEB_ENABLE_VM_NBDPROXY',
'vm-websocket' : '-DBMCWEB_ENABLE_VM_WEBSOCKET',
}
diff --git a/meson_options.txt b/meson_options.txt
index ff5b887..645f224 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -3,14 +3,7 @@ option('yocto-deps', type: 'feature', value: 'disabled', description : 'Use YOCT
option('kvm', type : 'feature',value : 'enabled', description : 'Enable the KVM host video WebSocket. Path is \'/kvm/0\'. Video is from the BMC\'s \'/dev/video\' device.')
option ('tests', type : 'feature', value : 'enabled', description : 'Enable Unit tests for bmcweb')
option('vm-websocket', type : 'feature', value : 'enabled', description : '''Enable the Virtual Media WebSocket. Path is \'/vm/0/0\'to open the websocket. See https://github.com/openbmc/jsnbd/blob/master/README.''')
-
-# if you use this option and are seeing this comment, please comment here:
-# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
-# for this code. At this point, no daemon has been upstreamed that implements
-# this interface, so for the moment this appears to be dead code; In leiu of
-# removing it, it has been disabled to try to give those that use it the
-# opportunity to upstream their backend implementation
-#option('vm-nbdproxy', type: 'feature', value : 'disabled', description : 'Enable the Virtual Media WebSocket.')
+option('vm-nbdproxy', type: 'feature', value : 'disabled', description : 'Enable the Virtual Media WebSocket.')
option('rest', type : 'feature', value : 'enabled', description : '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, \'/xyz/openbmc_project/logging/entry/enumerate\'. See https://github.com/openbmc/docs/blob/master/rest-api.md.''')
option('redfish', type : 'feature',value : 'enabled', description: 'Enable Redfish APIs. Paths are under \'/redfish/v1/\'. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.')
option('host-serial-socket', type : 'feature', value : 'enabled', description : 'Enable host serial console WebSocket. Path is \'/console0\'. See https://github.com/openbmc/docs/blob/master/console.md.')
@@ -39,6 +32,7 @@ option ('https_port', type : 'integer', min : 1, max : 65535, value : 443, descr
# the implications of doing so.In general, enabling these options will cause security
# problems of varying degrees
+option ('validate-unsecure-feature', type : 'feature', value : 'disabled', description : '''Enables unsecure features required by validation. Note: mustbe turned off for production images.''')
option ('insecure-disable-csrf', type : 'feature', value : 'disabled', description : 'Disable CSRF prevention checks.Should be set to false for production systems.')
option ('insecure-disable-ssl', type : 'feature', value : 'disabled', description : 'Disable SSL ports. Should be set to false for production systems.')
option ('insecure-disable-auth', type : 'feature', value : 'disabled', description : 'Disable authentication on all ports. Should be set to false for production systems')
--
2.17.1
|
