Age | Commit message (Collapse) | Author | Files | Lines |
|
Remove checkAndDoSensorsOverride function, this will be handled via dbus-sensor when the user set-value from external.
This is unlikely to break any users because the Intel special mode function is no change, only move to dbus-sensor to handle, "busctl" command also belongs to the external setting, so move to dbus-sensor is more suitable, this will including users to set value use busctl command and Redfish from external.
Dbus-sensor needs to be merged at the same time.
Dbus-sensor changes are pushed to Gerrit:
https://gerrit.openbmc-project.xyz/c/openbmc/dbus-sensors/+/42453
The mailing list discussion links:
https://lists.ozlabs.org/pipermail/openbmc/2021-March/025597.html
Signed-off-by: Bruce Lee <Bruce_Lee@quantatw.com>
Change-Id: I74356f2b65e41cc0e9d8947c160f313334b78331
|
|
The raw PECI command is recommended not to include in a standard
build, so removing it from the bmcweb to avoid accidental
inclusion.
Tested:
Confirmed that the raw PECI command is gone.
Change-Id: I2b52e0ede089da6df6ca3ad304194de8af27b709
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Added POST action in MetricReportDefinitions node to allow user
to add new MetricReportDefinition. Using minimal set of
MetricReportDefinition parameters from user bmcweb converts it to
DBus call "AddReport" to Telemetry that serves as a backend
for Redfish TelemetryService.
Added DELETE request in MetricReportDefinitions node to allow user
to remove report from Telemetry.
Added conversion from string that represents duration format into
its numeric equivalent.
Added unit tests for conversion from and to Duration format.
Tested:
- Tested using witherspoon image on QEMU
- Verified POST action in different cases:
- all parameters are provided, new report is added to collection
- some parameters are missing or invalid, user gets response with
description of the issue
- Verified that reports are removed on DELETE request
- Verified that on invalid DELETE request user receives response
with error
- Verified time_utils::fromDurationString()
- Succesfully passed RedfishServiceValidator.py
Signed-off-by: Wludzik, Jozef <jozef.wludzik@intel.com>
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Change-Id: I2fed96848594451e22fde686f8c066d7770cc65a
|
|
The ManagerNetworkProtocol schema defines the HostName entry to be
read-only. Change the doPatch code to prevent updating the hostname
attribute.
The DMTF redfish/v1/Managers/bmc/NetworkProtocol is a read-only
location.
The DMTF approved location for changing the HostName is:
redfish/v1/Managers/bmc/EthernetInterfaces/<str>
This change does not impact phosphor-webui, as it uses D-Bus to
perform all of its work.
This change does not impact webui-vue, as it is using the DMTF
approved API.
This commit deprecates allowing Read/Write access to the Hostname in
the ManagersNetworkProtocol URI. To reduce the impact to Redfish
clients that rely upon Read/Write access a Meson compile time flag has
been added to allow Read/Write access to be restored. The Meson build
flag, redfish-allow-deprecated-hostname-patch, can be enabled to
restore Read/Write access. The Meson build flag is slated to be
removed in Q4 2021 enforcing the read-only state.
Tested:
Explicitly PATCH'd HostName to confirm it cannot be modified.
Enabled the HostName feature, and confirmed the HostName accepted a
PATCH command.
Ran Redfish_Service_Validator (deprecated, and re-enabled).
Change-Id: If7f2148d8bbb8a7b420c4abde086272c4320977a
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
The inline comment mostly describes this patchset. As far as OpenBMC is
concerned, no platforms or distros implement a backend for this code,
therefore this is dead "unused" code. Clearly the authors intended to
use it, but haven't been able to upstream anything.
For the moment, this patchset makes the nbd proxy option unenablable.
This will have no impact to any OpenBMC platforms, as there are no
implementations of this API in OpenBMC itself, only in downstream forks.
It's not clear what the intentions are with this code, so hopefully this
disabling and comment encourages those that care about it to interact
and add some details around how this was designed, and the plans to
upstream it into OpenBMC. If not, presumably the code can be deleted
without any harm.
For timelines, this was checked in Jul 12, 2019, so we're now 20 months
past its initial entry. This seems like enough time for the dust to
have settled on getting the appropriate things upstreamed.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I217493b97d62282b8781608805bcfe319e6f7d85
|
|
The router has an old sanity check in it to verify that nodes are
simple. This is no longer the case, as we can have multiple,
overlapping routes between different handlers, so non-simple root nodes
are allowed.
The commit here broke a couple things.
0260d9d6b252d5fef81a51d4797e27a6893827f4
First, when that route gets injected, the root node is no longer simple,
as the first root in the trie can be a complex node. This should be ok,
and this commit comments out the check.
Also, because the meson node for the option was loaded directly into
set10, instead of the boolean equivalent, the XSS feature always gets
enabled, regardless of whether or not that's what the user wanted. The
fix to this was to simply include a .enabled(), which correctly calls
the bool.
Tested:
Built with insecure-disable-xss set, and observed crash was removed.
Tried several routes including /redfish/v1 and observed them working.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib9fb55a61796ddbda65b7ee5d2803a5cbd2ae75f
|
|
Clang tidy 11 got some really neat checks that do a much better job.
Unfortunately, this, combined with the change in how std::executors has
defined how callbacks should work differently in the past, which we
picked up in 1.73, and now in theory we have recursion in a bunch of our
IO loops that we have to break manually. In practice, this is unlikely
to matter, as there's almost a 0% chance that we go through N thousand
requests without ever starving the IO buffer.
Other changes to make this build include:
1. Adding inline on the appropriate places where declared in a header.
2. Removing an Openssl call that did nothing, as the result was
immediately overwritten.
3. Declaring the subproject dependencies as system dependencies, which
silences the clang-tidy checks for those projects.
Tested:
Code builds again, clang-tidy passes
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic11b1002408e8ac19a17a955e9477cac6e0d7504
|
|
config.h is a generic filename, unprefixed by any sort of name, that
other dependencies could use. Namely, nghttp2 uses an identical
filename, which can cause issues with getting the right one. This
commit renames that file to bmcweb_config.h to disambiguate it from
generic config.h files.
Tested:
Compiled bmcweb and observed compile time params get applied. There are
no defaults on any of this stuff, so there's no way to silently miss the
config file.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9a3e73c37161fa438c5612344dfb01f1f19aff2c
|
|
Fixes #178
Every few months, this option breaks because of some combination of
compiler options. I'm hoping that this is a more permenant fix, and
will keep it working forever.
Functionally, this commit changes a couple things.
1. It fixes the regression that snuck into this option, by making the
req variable optional using the c++17 [[maybe_unused]] syntax.
2. It promotes the BMCWEB_INSECURE_DISABLE_XSS_PREVENTION into the
config.h file, and a constexpr variable rather than a #define. This has
the benefit that both the code paths in question will compiled
regardless of whether or not they're used, thus ensuring they stay
buildable forever. The optimization path will still delete the code
later, but we won't have so many one-off build options breaking. We
should move all the other feature driven #ifdefs to this pattern in the
future.
3. As a mechnaical change to #2, this adds a config.h.in, which delcares
the various variables as their respective constexpr types. This allows
the constants to be used in a cleaner way.
As an aside, at some point, DISABLE_XSS_PREVENTION should really move to
a non-persistent runtime option rather than a compile time option. Too
many people get hung up on having to recompile their BMC, and moving it
to runtime under admin credentials is no more a security risk.
As another aside, we should move all the other #ifdef style options to
this pattern. It seems like it would help with keeping all options
buildable, and is definitely more modern than #ifdefs for features,
especially if they don't require #include changes or linker changes.
Tested:
enabled meson option insecure-disable-xss, and verified code builds and
works again.
Change-Id: Id03faa17cffdbabaf4e5b0d46b24bb58b7f44669
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
- With meson 0.57.0 released yesterday, we now have meson
support to automatically deduce the number of threads that
can be used for link time optimization.This would add flto=[n],
where n is the number of threads to be used while linking.
- For more details, check the below meson issue:
https://github.com/mesonbuild/meson/issues/7820
Tested By:
- Downladed meson 0.57.0, and compiled bmcweb using that and
observed the improvement in compilation time.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ifcbc2f56d4a1ad9d30e59c8ac008d658fefefdfe
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
The bug mentioned in the comment has been resolved in boost 1.75.
Reenable this to drop our binary size again. As a consequence of this,
this commit also upgrades the subproject dependencies to 1.75 from 1.73.
They technically weren't updated to 1.74, so I'm not sure if anyone
really uses these anymore.
Tested:
Code builds with this enabled.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id86a6358dc5a73a8b5e386661f9317f24cdbe21c
|
|
The IBM management console usecase - ConfigFile upload was allowing
to create or modify any file at the BMC when the path url is given
as below.
PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../../../<any file under root dir> --data-binary "junk data"
This commit adds validation to the "path" variable after the "ConfigFiles/"
in the url - so that only the ConfigFiles are created or modified.
The filename validation includes:
Restrict the maximum filename length to 20 characters
Restrict the allowed charaters to [A-Za-z0-9-]
The minimum size of the file allowed is 100 bytes
The maximum size of the file allowed is 500KB
Maximum total size of the ConfigFile directory at BMC file system allowed is 10MB
Tested by:
1. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../../../etc/p2 --data-binary "some data"
Bad Request
2. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../../../etc/p2 --data-binary "some data"
Bad Request
3. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/../etc/p2 --data-binary "some data"
Bad Request
4. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/etc/p2 --data-binary "some data"
{
"Description": "Error while creating the file"
}
5. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/mydir/p2 --data-binary "some data"
{
"Description": "Error while creating the file"
}
6. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/ --data-binary "some data"
Not Found
7. PUT https://${bmc}/ibm/v1/Host/ConfigFiles --data-binary "some data"
Method Not Allowed
8. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/../p2 --data-binary "some data"
Bad Request
9. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/p2 --data-binary "some data"
{
"Description": "Error while creating the file"
}
10. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2/../../../p2 --data-binary "some data"
Bad Request
11. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/./../../p2 --data-binary "some data"
Bad Request
12. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/. --data-binary "some data"
Bad Request
13. PUT https://${bmc}/ibm/v1/Host/../ConfigFiles/p2 --data-binary "some data"
Not Found
14. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2 --data-binary "some data"
{
"Description": "File Created"
}
15. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2 --data-binary "some data"
{
"Description": "File Updated"
}
16. PUT https://${bmc}/ibm/v1/Host/ConfigFiles/p2.ext --data-binary "some data"
{
"Description": "File Created"
}
17. Tested sending filename greater than 20 charaters
Bad Request
18. Tested sending filename with special charaters
Bad Request
19. Tested sending filesize less than 100bytes
Bad request
20. Tested sending filesize greater than 500KB
Bad request
21. Tested uploading the file when the directory size is nearly full
Bad request
22. Added unit test for isValidConfigFileName
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: I838d39d5765ddc8701f7e5c533a93eebde021cbf
|
|
Dead code elimation gives us a way to reduce our binary size for "free"
with basically no downsides. While the wins are relatively small given
how little dead code we actually have, they're worth it for the low cost
of a single extra CXXFLAG.
Tested:
Enabled this option, and compared pre-compression binary size. Build of
current master 3399816 bytes, build with this change 3428488 bytes means
28672 bytes saved. Not a lot, but everything helps, and this option is
more or less "free".
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I78b76ed631b8ddc45c9338ac8d04a76cb7441035
|
|
The management console is enabling itself in CI arbitrarily. CI should
be running on default parameters, as that's the most common config, and
the config we want tested the best.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie8748676b17df56d3cff35a4b40c9ff5561ede6d
|
|
Boost itself uses deprecated headers within its own dependency tree.
This largely doesn't effect bmcweb, and rarely (if ever) has been a
problem, so enable BOOST_ALLOW_DEPRECATED_HEADERS which suppresses the
internal warnings in boost.
Tested:
Built with option enabled, and saw no deprecated header warnings.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib371084463e4b2fb661c226a81c466121cf1f2dd
|
|
Add meson options to enabled/disabled authentication methods:
- basic-auth : For enable basic authentication, default is enabled
- session-auth : For enable session token authentication, default is
enabled
- xtoken-auth : For enable x-token authentication, default is enabled
- cookie-auth : For enabled cookie authentication, default is enabled
Signed-off-by: Alan Kuo <Alan_Kuo@quantatw.com>
Change-Id: I52e636f2534a14897cb57d35e563ea8841cc68b9
|
|
Fixes openbmc/bmcweb#162
Signed-off-by: Sathish V <sathish.v@saankhyalabs.com>
Change-Id: If0c226dd8d5cf6f4524604977041d3b88844db24
|
|
When the rest option is disabled the build fails with the following
error:
ERROR: Unknown variable "tinyxml".
This change creates a bmcweb_dependencies variable that is updated
as new dependencies are defined. This allows the tinyxml
dependency to be added as part of the 'rest' option so it isn't in
the dependency list when the option is disabled.
Change-Id: Id392dd068902643cf90ec135733c31bf265bf75f
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
- This commit improves certain while loops to range based for loops.
- This commit also fixes the cppcheck warning that mentions about
performance issues when using postfix operators on non-primitive
types.
Tested By:
- A function is unittested.
- GET on both EthernetInterfaces & certificate service
looks good without any issues.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I85420f7bf9af45a97e1a93b916f292c2516f5802
|
|
Currently 'redfish-sysdump-log' flag does not compiling Dump
LogServices code.
to fix compilation this commit uses 'BMCWEB_ENABLE_REDFISH_DUMP_LOG'
Modified redfish-sysdump-log to redfish-dump-log as both BMC and System
dump are enabled using this flag.
Tested by:
Compiled bmcweb with compilation flag with 'redfish-dump-log'
Verfied Dump Logservices on bmc.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: Iaecad125d8a0acfda0b4357534a19580544b15e1
|
|
Tested:
Code builds as it did before. Trying to fix CI
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: If7135f9e9aeb222a0da0e42aadfcca789524c551
|
|
- Ideally bmcweb-logging & debug build should be able to enable
the debug logs individually and not together.This was missed
during the meson port.This commit would replicate this behaviour
for meson.
- As CI will always do a debug/debugoptimized buid,we can catch
errors related to debug statements as well.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Id0d7c0a5a46d0ad529c1abf1450b2d1df9aa1ec7
|
|
- nlohmann-json is treated as header dependency for meson,
and is already exists, but for some reason if nlohmann-json
dependency is not found in the host system, then we trigger
the wrap dependency system for nlohmann-json through which
we download the source code,and add header to the includes.
- But as that is not added as an explicit dependency, bmcweb
might fail to locate the downloaded header files, this commit
would fix that behaviour.
Tested By:
- removed json-devel(in fedora), and tried compiling bmcweb and
it successfully compiles with this patchset.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Id98b7320c326fa41485caeb2e1b99a43dbfcef1f
|
|
- It looks like there were certain experiments done related
to memory santinizer builds in the past, but right now in
the current state of bmcweb , msan_test.cpp can be removed
as it is not doing any worthy job in CI and eats up time.
- CI for meson repos already runs an address sanitizer apart
from normal build, and that can be extended for memory as
well without needing any changes in the repo incase we need
it.
[The value of b_sanitize can be one of: none, address, thread,
undefined, memory, address,undefined]
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I3fd473ec6e5764b59fc437b390374a372a29efa1
|
|
- This commit enables the support for meson build system for
bmcweb and also remove the cmake support
- The inital thought of migrating to meson build system was based
on [link](https://mesonbuild.com/Simple-comparison.html)
- Other things to praise about meson are its simplicity and userfriendly ness.
It also have native support for modern tools such as precompiled headers,
coverage, Valgrind , unity builds e.t.c
- This commit also support the automatic download and setup of dependencies
if they are not found in usual places using meson wraps that are already
available in [wrap db](https://wrapdb.mesonbuild.com/)
- For few dependencies like boost, boost-url which does not have meson
wrap support yet, i have misused the meson subproject command to download
boost & boot-url and build against them if they are not found in usual
places.
- For boost & boost-url the subproject command will always fail as meson
supports other meson projects as subprojects but it will always download
the source, and since we dont actually build boost/boost-url but just use
the the source headers this should not be a problem.
- Cmake options removed:
- BUILD_STATIC_LIBS has been removed as it is not being used any where as per the
review comments.
- By default the meson wraps are enabled and it downloads the dependencies if they
are not found, and via bitbake this behaviour is disabled by default as download
fallback feature is disabled.
- This commit also adds the README, changes for bmcweb as well.
- The meta-* layer changes are also pushed and marked as WIP under bmcweb_meson_port
topic.
Tested By :
===========
1. Compilation is passed without error or warning in both arm & x86 sdks that
are populated by yocto.
2. The unittests are also passed on both x86 & arm machines.
3. Compilation passed with various build types supported by meson (debug,debugoptimized,
relase)
4. modified the meta-phosphor & meta-ibm to leverage meson build for bmcweb, and loaded
the resulted image on qemu & real machine, checked the bmcweb status and was also able
to pull the web-gui on both.
5. Tested few common commands related to session service & network service manually on a
real machine and also also had run a CT regression bucket, and it looked clean.
The binary sizes when bmcweb is compiled via bitbake(using meta-ibm) are :
cmake: 3100080 bytes approx (3 MB)
meson: 2822596 bytes approx (2.7 MB)
1:1 equivalent hash is not possible due to couple of things:
1. The build types in meson does not have a 1:1 mapping with cmake build types.
2. Meson adds below mentioned compiler & linker flags than cmake as a part of
warning_level & build types
CXXFLAGS :' -O2 -pipe -g -feliminate-unused-debug-types -fdiagnostics-color=always
-D_FILE_OFFSET_BITS=64 -Winvalid-pch -DNDEBUG'
LDFLAGS : ' -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,--no-undefined,-Wl,--end-group'
Tried to match the compile commands in both cmake & meson as much as possible and this
is what i could get.I have attached the compile_commands.json for both duing an yocto
full build in the [link](https://gofile.io/d/gM80fw) for reference.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ia65689fdacb8c398dd0a019258369b2442fad2f3
|