Age | Commit message (Collapse) | Author | Files | Lines |
|
This commit is entirely just moving code, such that not all compile
units need to pull in the full html serializer.
Tested: Unit tests pass. Pretty good coverage.
Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifaebe9534c0693dc678fd994517563b89aca0cc5
|
|
This commit adds a meson option to allow selecting which dns resolver
bmcweb uses. There are use cases, like Open Compute Project Inband
Management Agent, that would require not using dbus, which would require
us to fall back to the asio resolver. This commit makes the existing
asio resolver constructor, and async_resolve methods match the
equivalents in asio (which we intended to do anyway), then adds a macro
and configure option for being able to select which resolver backend to
rely on.
Tested: Code can now compile without sdbusplus.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I3220214367179f131a60082bdfaf7e725d35c125
|
|
System includes should be included with <>, in-tree includes should be
included with "". This was found manually, with the help of the
following grep statement[1].
git grep -o -h "#include .*" | sort | uniq
Tested:
Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1a6b2a5ba35ccbbb61c67b7c4b036a2d7b3a36a3
|
|
Neither of these files make use of io_context, so they shouldn't be here
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I86c195a5881a50a275e977aa73b9d7144b53844b
|
|
clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.
Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
In order to be able to more easily debug bmcweb related issue,
a new meson option is added to set a specific logging level
Which generates the targeted logging traces rather than all of
debug traces.
The current option -Dbmcweb-logging which can be either
disabled or enabled is changed to allow to set the log level
for the specific level traces (e.g. error or critical traces)
to be written to the journal.
-Dbmcweb-logging=<log-level>
where <log-level> can be disabled, enabled, debug, info,
warning, error, or critical.
- `disabled`: Turns off all bmcweb log traces.
- `enabled` : treated as `debug`
- Other option can be described in
[Logging Levels](DEVELOPING.md).
For an example, to enable only 'error', 'critical' log
entries, bmcweb can be built with
-Dbmcweb-logging=error
Testing:
- Verified that only the specific logs (e.g. error and
critical logs) were displayed by compiling bmcweb with the
specific bmcweb-logging level.
Change-Id: I522ca26700ea420fee1a5cf688d3e8c6661f2f55
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
With Redfish aggregation, responses from satellite BMCs can be on the
order of MBs due to use cases like logging or binary payloads.
Offloading $expand could similar result in responses that exceed the
current read limit of 128 KB.
Splits the connection pools used for aggregation and EventService so
that the response read limit is 50MB for responses associated with
aggregation. Pools used by EventService keep the current limit of 2^17
bytes or 128 KB. It also propogates a ConnectionPolicy object that gets
instantiated within HttpClient, which allows per-client policies for
retry/byte limits. This allows EventService and aggregation to have
different policies.
Tested:
With aggregation enabled I was able to return a response from a
satellite BMC which was than 2MB. Ran the Redfish Mockup Creator and it
was able to successfully query all aggregated resources as part of
walking the tree. Also verified that HTTP push events still work with
EventListener.
Change-Id: I91de6f82aadf8ad6f7bc3f58dfa0d14c0759dd47
Signed-off-by: Carson Labrado <clabrado@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
An Internal server Error will happen if you delete the login user.
Match the "InterfacesRemoved" signal for monitoring the user status and
delete the session to fix this bug.
Tested:
1. Add a new user such as test
2. Login with the new user in web
3. Delete or rename the user by web and ipmi command
4. Refresh the web and a new user was needed to login in the web
Signed-off-by: Xie Ning <xiening.xll@bytedance.com>
Change-Id: I2b53edb71d9a4e904c7da54393539f87eeb2d7a3
|
|
We haven't had security middleware for a long time.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie8b2803139921eda6168495ab3b0b39b0cb34fa7
|
|
Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't catch most of these.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8
|
|
We don't follow this cpp core guidelines rule well. This is something
that we should aspire to cleaning up in the future, but for the moment,
lets turn the rule on in clang-tidy to stop the bleeding, add ignores
for the things that we know need some better abstractions, and work on
these over time.
Most of this commit is just adding NOLINTNEXTLINE exceptions for all of
our globals. There was one case in the sensor code where clang
correctly noted that those globals weren't actually const, which got
missed because of the use of auto.
Tested: CI should be good enough for this. Passes clang-tidy.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ieda08fee69a3b209d4b3e9771809a6c41524f066
|
|
Like other C++ projects, unit tests normally are in a separate repo and
respect the folder structure of the file under test.
This commit deleted all "ut" folder and move tests to a "test" folder.
The test folder also has similar structure as the main folder.
This commit also made neccessary include changes to make codes compile.
Unused tests are untouched.
Tested: unit test passed.
Reference:
[1] https://github.com/grpc/grpc/tree/master/test
[2] https://github.com/boostorg/core/tree/414dfb466878af427d33b36e6ccf84d21c0e081b/test
[3] Many other OpenBMC repos: https://github.com/openbmc/entity-manager/tree/master/test
[4] https://stackoverflow.com/questions/2360734/whats-a-good-directory-structure-for-larger-c-projects-using-makefile
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I4521c7ef5fa03c47cca5c146d322bbb51365ee96
|
|
Different HTTP protocols have different http responses for 404. This
commit adds support for registering a route designed to host a handler
meant for when a response would otherwise return. This allows
registering a custom 404 handler for Redfish, for which all routes will
now return a Redfish response.
This was in response to the 404 handler not working in all cases (in the
case of POST/PATCH/DELETE). Allowing an explicit registration helps to
give the intended behavior in all cases.
Tested:
GET /redfish/v1/foo returns 404 Not found
PATCH /redfish/v1/foo returns 404 Not found
GET /redfish/v1 returns 200 OK, and content
PATCH /redfish/v1 returns 405 Method Not Allowed
With Redfish Aggregation:
GET /redfish/v1/foo gets forwarded to satellite BMC
PATCH /redfish/v1/foo does not get forwarded and returns 404
PATCH /redfish/v1/foo/5B247A_bar gets forwarded
Unit tests pass
Redfish-service-validator passes
Redfish-Protocol-Validator fails 7 tests (same as before)
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I731a5b4e736a2480700d8f3e81f9c9c6cbe6efca
Signed-off-by: Carson Labrado <clabrado@google.com>
|
|
Although exceptions should not happen in bmcweb, the underlying Crow
code sometimes throws, and so do bugs caused by accidental usage of
functions that throw.
Adding e.what() output when std::exception is thrown.
Tested: Accidentally tested more often than I would care to admit....
Signed-off-by: Josh Lehan <krellan@google.com>
Change-Id: Ifcd30dc53369708b21bf958c627755651422f18a
|
|
These changes are done by running iwyu manually under clang14.
Suppressed some obvious impl or details headers. Kept the recommended
public headers.
IWYU can increase readability, make maintenance easier, and avoid errors
in some cases. See details in
https://github.com/include-what-you-use/include-what-you-use/blob/master/docs/WhyIWYU.md.
This commit also uses its best effort to correct obvious errors through
iwyu pragma.
See reference here:
https://github.com/include-what-you-use/include-what-you-use#how-to-correct-iwyu-mistakes
Tested: unit test passed.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I983b6f75601707cbb0f2f04546c3362ff4ba7fee
|
|
Log statement was after the return, so therefore didn't do anything.
cppcheck found.
Tested: No way to test without a bug that causes an uncaught exception.
Code review only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I5a4ae7d5ac83065040e3c4d9e390b5883fd0f1f9
|
|
Currently, the |systemBus| connection is a static variable declared in
headers. This has a problem that every translation unit will keep its
own copy. It's not a problem today because there's only one translation
unit "webserver_main.cpp.o". This issue was brounght up in
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/54758
Actually, the |systemBus| doesn't need to be a singleton. It can just be
a stack variable, which is normally more efficient than heap variables.
To keep minimum changes treeside, this commits keeps the existing
|systemBus| variable as an external variable. It is defined in its own
translation unit. It is initialized in the main translation unit.
Reference:
1. Extern
https://stackoverflow.com/questions/1433204/how-do-i-use-extern-to-share-variables-between-source-files
Tested:
1. Romulus QEMU robot Redfish test passed;
2. Start and restart service on real hardware, no issues;
3. No new validator failures
4. Code compies
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I03b387bd5f218a86c9d1765415a46e3c2ad83ff9
|
|
We very intentionally don't do this "only include header if option is
enabled" thing to make sure that compile issues are seen across all
builds.
Tested: Code compiles. Header changes only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I749aed62ed6cd73690f3d89d75df65bec77562c2
|
|
It's a common practise to put tests to its corresponding namespace. This
commit also removed duplicate namespace scoping (::testing).
Tested: unit test passed
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I447a4c05c4487245b1c31c5e19a8eac2c6086001
|
|
The test today exists but it isn't enabled. This commit revives the
test, and fixed obsolete interfaces.
Note that the current codes don't return the "/" route correctly. This
commit doesn't fix it but left a TODO.
Tested: unit test passed
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ie5be7f545f1930ddb2c01b829d8de2e312e936dc
|
|
This commit does nothing but moving test codes from
openbmc_jtag_rest_test.cc, a very old test file whose name is obsolote
now, to a more recent and well maintained unit test file
(openbmc_dbus_rest_test.cc).
Tested: unit test passed.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I3709d18c8ef5cbba5b3f6490a1e9d1798dfc8b52
|
|
The test today exists but it isn't enabled. This commit revives the
test, and fixed obsolete interfaces.
This commit also fixes the test case "i{si}b", which should be split
into {"i", "{si}", "b"}. Existing values might be typos.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I962c349c237d59be89337af5df88d3ee6f625f13
|
|
This test is not enabled and referenced anywhere. Per Discord
discussion, this test is obsolete and can be deleted now.
https://discord.com/channels/775381525260664832/855566794994221117/985996960840429568
"""
bmcweb used to have the full RFB (VNC) server in it, and access the
linux device directly, that's what that unit test was checking, but
that code is long gone in lieu of what we have now (unix socket to the
rfbserver) which is better.
"""
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: If42801c15009f8b33ea5d15749a067dccda935e9
|
|
Make /redfish/v1 get instantiated in the same place as the other redfish
routes, and not in main().
Tested:
curl -vvvv --insecure --user root:0penBmc https://192.168.7.2/redfish
returns the same value as previously.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Icb93954c00a4cf41708f1b323ddbd83e61146e5d
|
|
clang-tidy has a setting, LambdaBodyIndentation, which it says:
"For callback-heavy code, it may improve readability to have the
signature indented two levels and to use OuterScope."
bmcweb is very callback heavy code. Try to enable it and see if that
improves things. There are many cases where the length of a lambda call
will change, and reindent the entire lambda function. This is really
bad for code reviews, as it's difficult to see the lines changed. This
commit should resolve it. This does have the downside of reindenting a
lot of functions, which is unfortunate, but probably worth it in the
long run.
All changes except for the .clang-format file were made by the robot.
Tested: Code compiles, whitespace changes only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib4aa2f1391fada981febd25b67dcdb9143827f43
|
|
Adds a RedfishAggregator class which is able to pull configuration
information from D-Bus for Satellite BMCs. These BMCs will be
aggregated by Redfish Aggregation. Also added is a new compiler
option which will be used to enable Redfish Aggregation.
This patch only allows configurations with unencrypted and
unauthenticated satellite BMC communication. Support for encryption
and authentication willneed to be added in future patches.
Note that this patch does not actually use the config information
after it has been fetched. That functionality will be added in
future patches.
Tested:
I made this example config information available on D-Bus
busctl introspect xyz.openbmc_project.EntityManager \
/xyz/openbmc_project/inventory/system/board/SatelliteBMC/aggregated0 \
xyz.openbmc_project.Configuration.SatelliteController
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
.AuthType property s "None" emits-change
.Hostname property s "127.0.0.1" emits-change
.Name property s "aggregated0" emits-change
.Port property t 443 emits-change
.Type property s "SatelliteController" emits-change
That information was picked up by the changes in this CL:
[DEBUG "redfish_aggregator.hpp":80] Found Satellite Controller at /xyz/openbmc_project/inventory/system/board/SatelliteBMC/aggregated0
[DEBUG "redfish_aggregator.hpp":209] Added satellite config aggregated0 at http://127.0.0.1:443
[DEBUG "redfish_aggregator.hpp":52] Redfish Aggregation enabled with 1 satellite BMCs
[DEBUG "redfish_aggregator.hpp":21] There were 1 satellite configs found at startup
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: Ib5eee2c93aeb209157191055975c127759d73627
|
|
clang correctly notes that this should be static, as it's not used
outside the compile unit.
Tested: code compiles with clang.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I7c540fe74b9fce1f3e498fb75089a143c7af4581
|
|
These checks ensure that we're not implicitly converting ints or
pointers into bools, which makes the code easier to read.
Tested:
Ran series through redfish service validator. No changes observed.
UUID failing in Qemu both before and after.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1ca0be980d136bd4e5474341f4fd62f2f6bbdbae
|
|
Now that https://github.com/chriskohlhoff/asio/issues/533 is resolved
and https://github.com/boostorg/beast/pull/2331
and https://github.com/boostorg/beast/pull/2337
Are merged and updated into yocto, we can get rid of this ugliness, and
do as the author intends.
Tested: Unit tests pass, code compiles. Header changes only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifa61053c5a7e7fe9b5b0232614e8daa9741b1d6c
|
|
clang-13 includes new checks, and finds some issues. The first is that
the boost::vector constructor can possibly throw, so replace the
underlying flat_map container with std::vector instead.
The others are places where we could possibly throw in destructors,
which would be bad. Ideally we wouldn't use the destructor pattern, but
that would be non-trivial to clean up at this point, so just catch the
exception, and log it. At the same time, catch exceptions thrown to
main and log them.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I77b86eaa2fc79e43d1ca044c78ca3b0ce0a7c38c
|
|
As much as I dislike removing tests, this one has been broken for a
very... very long time, and as written can't really pass given that we
no longer include the webui in the bmcweb repo.
Tested: no-op.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If486fc45547203339b3e39ffbb28c2926c1247a2
|
|
This commit enables separate compilation for asio and beast. Details on
how this option works are here:
https://www.boost.org/doc/libs/1_77_0/doc/html/boost_asio/using.html
This allows separating out the build of the boost components from the
rest of the components, which should decrease our intermediate build
times in the future as we start breaking things up better.
Tested:
Code builds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1614bb4ccddebcf1d4858112a25a870378497ecc
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I93925bf34b4fec181a56d6524cbe9c6182a16b1f
|
|
Update to the latest version of boost::uri
The newest version of boost uri makes some breaking changes that we need
to account for. At the same time, we take the opportunity to move to
the error code based parse methods that don't rely on exceptions.
The biggest changes are:
The standalone build is no longer present. A discussion with the
boost::url maintainers shows that our best option is to do a simple
copy of the headers, and compile boost/url/src.hpp in a separate file.
This is intended to allow people to pull the library in "standalone" and
not have to rely on the build machinery in boost-url, which we don't
really need. Interestingly, this file doesn't have a newline at the
end, which clang correctly flags. OpenBMC doesn't really need that
warning, as we rely on clang-format to do that, so we add
-Wno-newline-eof clang to get the code to compile there.
All url parsers are moved to the parse_uri, or parse_relative_uri
equivalents. This slightly tightens the requirements around what URLs
are accepted, but in no ways that should break anything. (Ie,
"/redfish/v1" is no longer accepted for a virtual media endpoint.
boost::urls::url_view::params_type has been renamed to
query_params_type, and the relevant methods have been updated.
Because of the missing standalone mode, we now need to use
boost::string_view which doesn't implicitly construct from
std::string_view. Some discussion on the boost list shows that this is
coming soon, so that cruft can eventually be cleaned up, but for now we
need the construction.
Tested:
Loaded in qemu, and ran some URLs (/redfish/v1 and /redfish/v1/Chassis)
to ensure that the url handler functions as intended.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I5843776d4ec01b4d92af2ee3a9cf1ebb1d920ae7
|
|
`catch` should always be done by reference to avoid object slicing and
excess copy-constructor calls. Preference is for exceptions to also
be caught 'const'. (Both of these come from the C++ Core Guidelines)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7753abbef218a87ceecbd068245c14f413fadabc
|
|
This commit introduces the following
=> Service root for Google
=> compiler option for the Google Root of Trust specific functionalities
Tested:
curl -vvvv --insecure --user $user_pass https://${bmc}/google/v1
Desing Doc can be found here https://github.com/openbmc/docs/blob/master/designs/oem/google/root_of_trust.md
Change-Id: I941b5cab55179279d0eff18aa29df62c3f226e47
Signed-off-by: Feras Aldahlawi <faldahlawi@gmail.com>
|
|
Add return 0 for int main()
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: Ifa3216ae1b4cd0eb422679149ace6a1b59dbf85e
|
|
As part of rearranging include files, it was found that a couple files
don't include what they use. bmcweb_config.h.in uses size_t, which
isn't in cstdint, and a couple files use variables out of
bmcweb_config.h, which it didn't include.
Tested:
Code compiles; No functional changes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6d8f3617d10a30a1f0209e492841e9d3adc9c3f3
|
|
The bmcweb crash issue seen when there is eventservice
config with subscriptions in persistent file.
During EventService instantiation, it uses the "get_io_context()"
from systemBus, so it should be called after systemBus init. So
moved systemBus initialization to early stage of main process to
avoid ordering issue.
Tested:
- bmcweb crash issue resolved.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: Iab52f0e89478e306af475066fb5691153a05677d
|
|
The requestRoutes somehow got put into the crow namespace, despite
everything else being put into redfish. This commit makes the
namespacing consistent, which is a good thing overall for complexity.
Tested:
curl -vvvv --insecure --user root:0penBmc https://192.168.7.2/redfish/v1
returns 200
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I954e1a34893b1b5918eeee25d201c938ef4b55b6
|
|
Added instantiation of EventServiceManager Object to
initialize Event Service Config and register the subscriptions
from the config.
During BMC boot, there would be many redfish events logged
due to which, once bmcweb service is up, the EventServiceManager
object is instantiated by getInstance method called from
inotify. But, on bmcweb service restart, the getInstance
method is not called untill a redfish event is logged, or
untill a GET/POST/PATCH/DELETE etc. call is made to
/redfish/v1/EventService route, due to which none of the
Subscriptions would be functional.
Hence this commit.
Tested:
- Subscribed Events were successfully received on restart
of bmcweb Service as well as on reboot of bmc
- Redfish validator passed
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I50b6fd21a262e7b73fbf9f2ac94c1ffdacef4800
|
|
Fixes #178
Every few months, this option breaks because of some combination of
compiler options. I'm hoping that this is a more permenant fix, and
will keep it working forever.
Functionally, this commit changes a couple things.
1. It fixes the regression that snuck into this option, by making the
req variable optional using the c++17 [[maybe_unused]] syntax.
2. It promotes the BMCWEB_INSECURE_DISABLE_XSS_PREVENTION into the
config.h file, and a constexpr variable rather than a #define. This has
the benefit that both the code paths in question will compiled
regardless of whether or not they're used, thus ensuring they stay
buildable forever. The optimization path will still delete the code
later, but we won't have so many one-off build options breaking. We
should move all the other feature driven #ifdefs to this pattern in the
future.
3. As a mechnaical change to #2, this adds a config.h.in, which delcares
the various variables as their respective constexpr types. This allows
the constants to be used in a cleaner way.
As an aside, at some point, DISABLE_XSS_PREVENTION should really move to
a non-persistent runtime option rather than a compile time option. Too
many people get hung up on having to recompile their BMC, and moving it
to runtime under admin credentials is no more a security risk.
As another aside, we should move all the other #ifdef style options to
this pattern. It seems like it would help with keeping all options
buildable, and is definitely more modern than #ifdefs for features,
especially if they don't require #include changes or linker changes.
Tested:
enabled meson option insecure-disable-xss, and verified code builds and
works again.
Change-Id: Id03faa17cffdbabaf4e5b0d46b24bb58b7f44669
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Remove some ancient files that are no longer used or required.
1. JenkinsFile: Was used when this was a project that only existed on my
desktop, and I used a private Jenkins instance to test it. Today,
bmcweb uses the openbmc CI, which doesn't require this file.
2. scripts/run_clang_tiidy.py. This script is now part of the clang
builds themselves, so it should be used from there.
3. src/ast*.cpp and src/test_resources. These were left from when
bmcweb handled the ast video driver itself, and had unit tests to prove
it worked. The code to run the unit tests has been long removed, we
just forgot to remove the tests.
4. static/highlight.pack.js. This was previously used for json parsing
in the HTML UI. It is no longer used as of commit
57fce80e24cfe08e530e0697d6c70bba14076d1c and should've been removed as
part of it, but unfortunately was not.
Tested:
None of the above were used previously, so should have no measurable
impact to the build.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I757b0dc8e4dc6cc93ba60d39218016e2f4d47ed0
|
|
- Add a hostname listener that will create a self-signed HTTPS
certificate with the appropriate subject when the BMC gets its
hostname assigned via IPMI. The "insecure-disable-ssl" must be
disabled for this feature to take effect.
Note:
- New self-signed certificate subject: C=US, O=OpenBMC, CN=${hostname}
- If the same hostname is assigned, it will not be triggered
- Only the self-signed certificate with Netscape Comment of
"Generated from OpenBMC service" will be replaced
Details about certificate key usage:
- NID_basic_constraints
The CA boolean indicates whether the certified public key may be
used to verify certificate signatures.
Refer to: https://tools.ietf.org/html/rfc5280#section-4.2.1.9
- NID_subject_alt_name
Although the use of the Common Name is existing practice, it is
deprecated and Certification Authorities are encouraged to use the
dNSName instead.
Refer to: https://tools.ietf.org/html/rfc2818#section-3.1
- NID_subject_key_identifier
The subject key identifier extension provides a means of
identifying certificates that contain a particular public key.
Refer to: https://tools.ietf.org/html/rfc5280#section-4.2.1.2
- NID_authority_key_identifier
The authority key identifier extension provides a means of
identifying the public key corresponding to the private key used
to sign a certificate.
Refer to: https://tools.ietf.org/html/rfc5280#section-4.2.1.1
- NID_key_usage
- NID_ext_key_usage
id-kp-serverAuth
-- TLS WWW server authentication
-- Key usage bits that may be consistent: digitalSignature,
-- keyEncipherment or keyAgreement
Refer to: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
Refer to: https://tools.ietf.org/html/rfc5280#section-4.2.1.12
Tested:
- To test and verify the service is functionally working correctly,
we can use `openssl` and `ipmitool` to execute the following
commands:
- Assign BMC hostname
ipmitool -H $IP -I lanplus -U root -P 0penBmc -C 17 dcmi
set_mc_id_string $hostname
- Get BMC server certificate infomation
echo quit | openssl s_client -showcerts -servername $IP -connect
$IP:443
Signed-off-by: Alan Kuo <Alan_Kuo@quantatw.com>
Change-Id: I24aeb4d2fb46ff5f0cc1c6aa65984f46b0e1d3e2
|
|
cppcheck isn't smart enough to recognize these are c++ headers, not c
headers. Considering we're already inconsistent about our naming, it's
easier to just be consistent, and move the last few files to use .hpp
instead of .h.
Tested:
Code builds, no changes.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Ic348d695f8527fa4a0ded53f433e1558c319db40
|
|
Lots of the utils functions have been superceeded or replaced by std::
implementations, or are no longer needed because of the removal of
middlewares.
Tested:
Ran on a bmc with this implemented. Pulled down the webui, and
observed no issues. Code compiles and passes clang-tidy cert checks.
Change-Id: If29bb5f4ba9979912aeb2a8fa4cbd9f4e4f32006
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Tested:
No functional changes.
Change-Id: I10144229b07959de4d8a5d5a471caff8a2b87e6f
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
- It looks like there were certain experiments done related
to memory santinizer builds in the past, but right now in
the current state of bmcweb , msan_test.cpp can be removed
as it is not doing any worthy job in CI and eats up time.
- CI for meson repos already runs an address sanitizer apart
from normal build, and that can be extended for memory as
well without needing any changes in the repo incase we need
it.
[The value of b_sanitize can be one of: none, address, thread,
undefined, memory, address,undefined]
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I3fd473ec6e5764b59fc437b390374a372a29efa1
|
|
- This commit enables the support for meson build system for
bmcweb and also remove the cmake support
- The inital thought of migrating to meson build system was based
on [link](https://mesonbuild.com/Simple-comparison.html)
- Other things to praise about meson are its simplicity and userfriendly ness.
It also have native support for modern tools such as precompiled headers,
coverage, Valgrind , unity builds e.t.c
- This commit also support the automatic download and setup of dependencies
if they are not found in usual places using meson wraps that are already
available in [wrap db](https://wrapdb.mesonbuild.com/)
- For few dependencies like boost, boost-url which does not have meson
wrap support yet, i have misused the meson subproject command to download
boost & boot-url and build against them if they are not found in usual
places.
- For boost & boost-url the subproject command will always fail as meson
supports other meson projects as subprojects but it will always download
the source, and since we dont actually build boost/boost-url but just use
the the source headers this should not be a problem.
- Cmake options removed:
- BUILD_STATIC_LIBS has been removed as it is not being used any where as per the
review comments.
- By default the meson wraps are enabled and it downloads the dependencies if they
are not found, and via bitbake this behaviour is disabled by default as download
fallback feature is disabled.
- This commit also adds the README, changes for bmcweb as well.
- The meta-* layer changes are also pushed and marked as WIP under bmcweb_meson_port
topic.
Tested By :
===========
1. Compilation is passed without error or warning in both arm & x86 sdks that
are populated by yocto.
2. The unittests are also passed on both x86 & arm machines.
3. Compilation passed with various build types supported by meson (debug,debugoptimized,
relase)
4. modified the meta-phosphor & meta-ibm to leverage meson build for bmcweb, and loaded
the resulted image on qemu & real machine, checked the bmcweb status and was also able
to pull the web-gui on both.
5. Tested few common commands related to session service & network service manually on a
real machine and also also had run a CT regression bucket, and it looked clean.
The binary sizes when bmcweb is compiled via bitbake(using meta-ibm) are :
cmake: 3100080 bytes approx (3 MB)
meson: 2822596 bytes approx (2.7 MB)
1:1 equivalent hash is not possible due to couple of things:
1. The build types in meson does not have a 1:1 mapping with cmake build types.
2. Meson adds below mentioned compiler & linker flags than cmake as a part of
warning_level & build types
CXXFLAGS :' -O2 -pipe -g -feliminate-unused-debug-types -fdiagnostics-color=always
-D_FILE_OFFSET_BITS=64 -Winvalid-pch -DNDEBUG'
LDFLAGS : ' -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -Wl,--no-undefined,-Wl,--end-group'
Tried to match the compile commands in both cmake & meson as much as possible and this
is what i could get.I have attached the compile_commands.json for both duing an yocto
full build in the [link](https://gofile.io/d/gM80fw) for reference.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ia65689fdacb8c398dd0a019258369b2442fad2f3
|
|
Lots of missing inline definitions, a case where a RVO move is not
guaranteed when returning a variant, and removing the header checks,
which means that these types of build errors wont happen in the future.
Tested:
Should be no impact, but could someone from the IBM team grab these
changes and sanity check them?
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Iea0a06b8e744542a7d08e38217718e7a969f2827
|