blob: 547fef086d324962616e5538190a1f43f1fef5ef [file] [log] [blame]
cmake_minimum_required (VERSION 3.5 FATAL_ERROR)
project (bmc-webserver CXX)
cmake_policy (SET CMP0054 NEW)
set (CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake ${CMAKE_MODULE_PATH})
option (BUILD_STATIC_LIBS "Built static libraries" ON)
option (YOCTO_DEPENDENCIES "Use YOCTO dependencies system" OFF)
option (
BMCWEB_ENABLE_KVM
"Enable the KVM host video WebSocket. Path is '/kvm/0'. Video is from the
BMC's '/dev/video' device."
ON
)
option (
BMCWEB_ENABLE_VM_WEBSOCKET
"Enable the Virtual Media WebSocket. Path is '/vm/0/0'to open the websocket.
See https://github.com/openbmc/jsnbd/blob/master/README."
ON
)
option (
BMCWEB_ENABLE_VM_NBDPROXY
"Enable the Virtual Media WebSocket."
OFF
)
option (
BMCWEB_ENABLE_DBUS_REST
"Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus
object paths, for example, '/xyz/openbmc_project/logging/entry/enumerate'.
See https://github.com/openbmc/docs/blob/master/rest-api.md."
ON
)
option (
BMCWEB_ENABLE_REDFISH
"Enable Redfish APIs. Paths are under '/redfish/v1/'. See
https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish."
ON
)
option (
BMCWEB_ENABLE_HOST_SERIAL_WEBSOCKET
"Enable host serial console WebSocket. Path is '/console0'. See
https://github.com/openbmc/docs/blob/master/console.md."
ON
)
option (
BMCWEB_ENABLE_STATIC_HOSTING
"Enable serving files from the '/usr/share/www' directory as paths under
'/'."
ON
)
option (
BMCWEB_ENABLE_REDFISH_BMC_JOURNAL
"Enable BMC journal access through Redfish. Paths are under
'/redfish/v1/Managers/bmc/LogServices/Journal'."
OFF
)
option (
BMCWEB_ENABLE_REDFISH_RAW_PECI
"Enable PECI transactions through Redfish. Paths are under
'/redfish/v1/Systems/system/LogServices/CpuLog/Actions/Oem/CpuLog.SendRawPeci'."
OFF
)
option (
BMCWEB_ENABLE_REDFISH_CPU_LOG
"Enable CPU log service transactions through Redfish. Paths are under
'/redfish/v1/Systems/system/LogServices/Crashdump'."
OFF
)
option (
BMCWEB_ENABLE_REDFISH_SYSTEMDUMP_LOG
"Enable System dump log service transactions through Redfish. Paths are under
'/redfish/v1/Systems/system/LogServices/SystemDump'."
OFF
)
option (
BMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES
"Enable DBUS log service transactions through Redfish. Paths are under
'/redfish/v1/Systems/system/LogServices/EventLog/Entries'."
OFF
)
option (
BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE
"Enable provisioning feature support in redfish. Paths are under
'/redfish/v1/Systems/system/'."
OFF
)
option (
BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
"Enables authenticating users through TLS client certificates.
The BMCWEB_INSECURE_DISABLE_SSL must be OFF for this option to take effect."
ON
)
option (
BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
"Enable the IBM management console specific functionality. Paths are under
'/ibm/v1/'."
OFF
)
# Insecure options. Every option that starts with a BMCWEB_INSECURE flag should
# not be enabled by default for any platform, unless the author fully
# comprehends the implications of doing so. In general, enabling these options
# will cause security problems of varying degrees
option (
BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION
"Disable CSRF prevention checks. Should be set to OFF for production
systems."
OFF
)
option (BMCWEB_INSECURE_DISABLE_SSL
"Disable SSL ports. Should be set to OFF for production systems." OFF)
option (
BMCWEB_INSECURE_DISABLE_AUTHENTICATION
"Disable authentication on all ports. Should be set to OFF for production
systems"
OFF
)
option (BMCWEB_INSECURE_DISABLE_XSS_PREVENTION "Disable XSS preventions" OFF)
option (
BMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE
"Enable TFTP based firmware update transactions through Redfish
UpdateService.SimpleUpdate."
OFF
)
option (
BMCWEB_INSECURE_ENABLE_HTTP_PUSH_STYLE_EVENTING
"Enable HTTP push style eventing feature" OFF
)
option (
BMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE
"Enables unsecure features required by validation. Note: must
be turned off for production images."
OFF)
option (
BMCWEB_INSECURE_UNRESTRICTED_SENSOR_OVERRIDE
"Enables Sensor override feature without any check."
OFF)
set (BMCWEB_HTTP_REQ_BODY_LIMIT_MB "30" CACHE STRING
"The max HTTP request body size in MB")
configure_file(config.h.in ${CMAKE_CURRENT_SOURCE_DIR}/include/config.h)
if (BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION AND BMCWEB_INSECURE_DISABLE_SSL)
message("SSL Must be enabled to allow SSL authentication")
set(BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION OFF)
endif()
include (CTest)
set (CMAKE_CXX_STANDARD 17)
set (CMAKE_CXX_STANDARD_REQUIRED ON)
set (CMAKE_EXPORT_COMPILE_COMMANDS ON)
set (CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS} -Wall")
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} \
-fno-rtti \
")
set (
CMAKE_CXX_FLAGS
"${CMAKE_CXX_FLAGS} \
-Wall \
-Wextra \
-Wnon-virtual-dtor \
-Wold-style-cast \
-Wcast-align \
-Wunused \
-Woverloaded-virtual \
-Wpedantic \
-Wconversion \
-Wsign-conversion \
-Wnull-dereference \
-Wdouble-promotion \
-Wformat=2 \
-Wno-unused-parameter \
"
)
# only set -Werror if we're on a compiler that we know passes
if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
if (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 8.0)
set (
CMAKE_CXX_FLAGS
"${CMAKE_CXX_FLAGS} \
-Werror \
-Wduplicated-cond \
-Wduplicated-branches \
-Wlogical-op \
-Wnull-dereference \
-Wdouble-promotion \
-Wformat=2 \
-Wno-unused-parameter \
"
)
endif (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 8.0)
endif ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-rtti")
# general
option (BMCWEB_BUILD_UT "Enable Unit test" OFF)
# security flags
set (
SECURITY_FLAGS
"-fstack-protector-strong \
-fPIE \
-fPIC \
-D_FORTIFY_SOURCE=2 \
-Wformat \
-Wformat-security"
)
set (CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} ${SECURITY_FLAGS}")
set (CMAKE_CXX_FLAGS_RELWITHDEBINFO
"${CMAKE_CXX_FLAGS_RELWITHDEBINFO} ${SECURITY_FLAGS}")
set (CMAKE_C_FLAGS_MINSIZEREL "${CMAKE_C_FLAGS_MINSIZEREL} ${SECURITY_FLAGS}")
# Enable link time optimization This is a temporary workaround because
# INTERPROCEDURAL_OPTIMIZATION isn't available until cmake 3.9. gcc-ar and gcc-
# ranlib are wrappers around ar and ranlib which add the lto plugin to the
# command line.
if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
if (NOT CMAKE_BUILD_TYPE MATCHES Debug)
string (REGEX REPLACE "ar$" "gcc-ar" CMAKE_AR ${CMAKE_AR})
string (REGEX
REPLACE "ranlib$" "gcc-ranlib" CMAKE_RANLIB ${CMAKE_RANLIB})
set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -flto -fno-fat-lto-objects")
# Reduce the binary size by removing unnecessary dynamic symbol table
# entries
set (
CMAKE_CXX_FLAGS
"${CMAKE_CXX_FLAGS} \
-fvisibility=hidden \
-fvisibility-inlines-hidden \
-Wl,--exclude-libs,ALL"
)
endif (NOT CMAKE_BUILD_TYPE MATCHES Debug)
endif ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
if (NOT ${YOCTO_DEPENDENCIES}) # Download and unpack googletest at configure
# time
configure_file (CMakeLists.txt.in 3rdparty/CMakeLists.txt)
execute_process (COMMAND ${CMAKE_COMMAND} -G "${CMAKE_GENERATOR}" .
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/3rdparty)
execute_process (COMMAND ${CMAKE_COMMAND} --build .
WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/3rdparty)
set (CMAKE_PREFIX_PATH ${CMAKE_BINARY_DIR}/prefix ${CMAKE_PREFIX_PATH})
endif ()
find_package (Boost 1.71 REQUIRED)
include_directories (SYSTEM ${BOOST_SRC_DIR})
# add_definitions(-DBOOST_ASIO_ENABLE_HANDLER_TRACKING)
add_definitions (-DBOOST_ASIO_DISABLE_THREADS)
add_definitions (-DBOOST_BEAST_USE_STD_STRING_VIEW)
add_definitions (-DBOOST_ERROR_CODE_HEADER_ONLY)
add_definitions (-DBOOST_SYSTEM_NO_DEPRECATED)
message (BOOST_VERSION = ${Boost_VERSION})
if ("${Boost_VERSION}" STREQUAL "107100")
add_definitions (-DBOOST_ASIO_NO_DEPRECATED)
endif ()
add_definitions (-DBOOST_ALL_NO_LIB)
add_definitions (-DBOOST_NO_RTTI)
add_definitions (-DBOOST_NO_TYPEID)
add_definitions (-DBOOST_COROUTINES_NO_DEPRECATION_WARNING)
# sdbusplus
if (NOT ${YOCTO_DEPENDENCIES})
include_directories (SYSTEM ${CMAKE_BINARY_DIR}/sdbusplus-src)
link_directories (${CMAKE_BINARY_DIR}/sdbusplus-src/.libs)
endif ()
# Openssl
find_package (OpenSSL REQUIRED)
include_directories (SYSTEM ${OPENSSL_INCLUDE_DIR})
message ("OPENSSL_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR}")
# bmcweb
message ("CMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}")
if (CMAKE_BUILD_TYPE MATCHES Debug)
message ("Logging disabled")
add_definitions (-DBMCWEB_ENABLE_LOGGING)
add_definitions (-DBMCWEB_ENABLE_DEBUG)
endif (CMAKE_BUILD_TYPE MATCHES Debug)
if (NOT "${BMCWEB_INSECURE_DISABLE_SSL}")
add_definitions (-DBMCWEB_ENABLE_SSL)
endif (NOT "${BMCWEB_INSECURE_DISABLE_SSL}")
include_directories (${CMAKE_CURRENT_SOURCE_DIR}/http)
# Zlib
find_package (ZLIB REQUIRED)
include_directories (SYSTEM ${ZLIB_INCLUDE_DIRS})
# PAM
option (WEBSERVER_ENABLE_PAM "enable pam authentication" ON)
if ("${WEBSERVER_ENABLE_PAM}")
find_package (PAM REQUIRED)
else ()
add_definitions ("-DWEBSERVER_DISABLE_PAM")
endif ()
add_definitions ("-Wno-attributes")
# Copy pam-webserver to etc/pam.d
install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/pam-webserver DESTINATION /etc/pam.d/
RENAME webserver)
# tinyxml2
find_package (tinyxml2 REQUIRED)
set (WEBSERVER_MAIN src/webserver_main.cpp)
include_directories (${CMAKE_CURRENT_SOURCE_DIR}/include)
include_directories (${CMAKE_CURRENT_SOURCE_DIR}/redfish-core/include)
include_directories (${CMAKE_CURRENT_SOURCE_DIR}/redfish-core/lib)
file (MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/include/bmcweb)
include_directories (${CMAKE_BINARY_DIR}/include)
set (SRC_FILES redfish-core/src/error_messages.cpp
redfish-core/src/utils/json_utils.cpp ${GENERATED_SRC_FILES})
file (COPY src/test_resources DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
# Unit Tests
if (${BMCWEB_BUILD_UT})
set (UT_FILES src/crow_test.cpp src/gtest_main.cpp
src/token_authorization_middleware_test.cpp
src/security_headers_middleware_test.cpp src/webassets_test.cpp
src/crow_getroutes_test.cpp src/ast_jpeg_decoder_test.cpp
src/kvm_websocket_test.cpp src/msan_test.cpp
src/ast_video_puller_test.cpp src/openbmc_jtag_rest_test.cpp
redfish-core/ut/privileges_test.cpp
${CMAKE_BINARY_DIR}/include/bmcweb/blns.hpp) # big list of naughty
# strings
add_custom_command (OUTPUT ${CMAKE_BINARY_DIR}/include/bmcweb/blns.hpp
COMMAND
xxd -i
${CMAKE_CURRENT_SOURCE_DIR}/src/test_resources/blns
${CMAKE_BINARY_DIR}/include/bmcweb/blns.hpp)
set_source_files_properties (${CMAKE_BINARY_DIR}/include/bmcweb/blns.hpp
PROPERTIES GENERATED TRUE)
enable_testing ()
add_executable (webtest ${SRC_FILES} ${UT_FILES})
find_package (GTest REQUIRED)
find_package (GMock REQUIRED)
target_link_libraries (webtest ${GTEST_LIBRARIES})
target_link_libraries (webtest ${GMOCK_LIBRARIES})
target_link_libraries (webtest pthread)
target_link_libraries (webtest ${OPENSSL_LIBRARIES})
target_link_libraries (webtest ${ZLIB_LIBRARIES})
target_link_libraries (webtest pam)
target_link_libraries (webtest tinyxml2)
target_link_libraries (webtest sdbusplus)
target_link_libraries (webtest -lsystemd)
target_link_libraries (webtest -lstdc++fs)
add_test (webtest webtest "--gtest_output=xml:webtest.xml")
endif (${BMCWEB_BUILD_UT})
install (DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/static/ DESTINATION share/www)
# bmcweb
add_executable (bmcweb ${WEBSERVER_MAIN} ${HDR_FILES} ${SRC_FILES})
target_link_libraries (bmcweb ${OPENSSL_LIBRARIES})
target_link_libraries (bmcweb ${ZLIB_LIBRARIES})
target_link_libraries (bmcweb pam)
target_link_libraries (bmcweb -latomic)
target_link_libraries (bmcweb -lsystemd)
target_link_libraries (bmcweb -lstdc++fs)
target_link_libraries (bmcweb sdbusplus)
target_link_libraries (bmcweb tinyxml2)
install (TARGETS bmcweb DESTINATION bin)
target_compile_definitions (
bmcweb PRIVATE $<$<BOOL:${BMCWEB_ENABLE_KVM}>: -DBMCWEB_ENABLE_KVM>
$<$<BOOL:${BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION}>: -DBMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION>
$<$<BOOL:${BMCWEB_ENABLE_VM_WEBSOCKET}>: -DBMCWEB_ENABLE_VM_WEBSOCKET>
$<$<BOOL:${BMCWEB_ENABLE_VM_NBDPROXY}>: -DBMCWEB_ENABLE_VM_NBDPROXY>
$<$<BOOL:${BMCWEB_ENABLE_DBUS_REST}>: -DBMCWEB_ENABLE_DBUS_REST>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH}>: -DBMCWEB_ENABLE_REDFISH>
$<$<BOOL:${BMCWEB_ENABLE_STATIC_HOSTING}>: -DBMCWEB_ENABLE_STATIC_HOSTING>
$<$<BOOL:${BMCWEB_ENABLE_HOST_SERIAL_WEBSOCKET}>:
-DBMCWEB_ENABLE_HOST_SERIAL_WEBSOCKET>
$<$<BOOL:${BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION}>:
-DBMCWEB_INSECURE_DISABLE_CSRF_PREVENTION>
$<$<BOOL:${BMCWEB_INSECURE_DISABLE_SSL}>: -DBMCWEB_INSECURE_DISABLE_SSL>
$<$<BOOL:${BMCWEB_INSECURE_DISABLE_XSS_PREVENTION}>:
-DBMCWEB_INSECURE_DISABLE_XSS_PREVENTION>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH_RAW_PECI}>:
-DBMCWEB_ENABLE_REDFISH_RAW_PECI>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH_CPU_LOG}>:
-DBMCWEB_ENABLE_REDFISH_CPU_LOG>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH_SYSTEMDUMP_LOG}>:
-DBMCWEB_ENABLE_REDFISH_SYSTEMDUMP_LOG>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH_BMC_JOURNAL}>:
-DBMCWEB_ENABLE_REDFISH_BMC_JOURNAL>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES}>:
-DBMCWEB_ENABLE_REDFISH_DBUS_LOG_ENTRIES>
$<$<BOOL:${BMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE}>:
-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE>
$<$<BOOL:${BMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE}>:
-DBMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE>
$<$<BOOL:${BMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE}>:
-DBMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE>
$<$<BOOL:${BMCWEB_INSECURE_UNRESTRICTED_SENSOR_OVERRIDE}>:
-DBMCWEB_INSECURE_UNRESTRICTED_SENSOR_OVERRIDE>
$<$<BOOL:${BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE}>:
-DBMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE>
$<$<BOOL:${BMCWEB_INSECURE_ENABLE_HTTP_PUSH_STYLE_EVENTING}>:
-DBMCWEB_INSECURE_ENABLE_HTTP_PUSH_STYLE_EVENTING>
)
# configure and install systemd unit files
configure_file (bmcweb.socket bmcweb.socket COPYONLY)
configure_file (bmcweb.service.in bmcweb.service)
pkg_get_variable (SYSTEMD_SYSTEMUNITDIR systemd systemdsystemunitdir)
install (FILES ${PROJECT_BINARY_DIR}/bmcweb.socket DESTINATION
${SYSTEMD_SYSTEMUNITDIR})
install (FILES ${PROJECT_BINARY_DIR}/bmcweb.service DESTINATION
${SYSTEMD_SYSTEMUNITDIR})