commit | 0260d9d6b252d5fef81a51d4797e27a6893827f4 | [log] [tgz] |
---|---|---|
author | Ed Tanous <ed@tanous.net> | Sun Feb 07 19:31:07 2021 +0000 |
committer | Ed Tanous <ed@tanous.net> | Fri Feb 19 20:40:24 2021 +0000 |
tree | fbaaae47d3a1ad2997f26b52a6760e1dac5f2eef | |
parent | 71f52d96b51bda2a2f00374237f368e980396692 [diff] |
Fix compile issue on DISABLE_XSS_PREVENTION Fixes #178 Every few months, this option breaks because of some combination of compiler options. I'm hoping that this is a more permenant fix, and will keep it working forever. Functionally, this commit changes a couple things. 1. It fixes the regression that snuck into this option, by making the req variable optional using the c++17 [[maybe_unused]] syntax. 2. It promotes the BMCWEB_INSECURE_DISABLE_XSS_PREVENTION into the config.h file, and a constexpr variable rather than a #define. This has the benefit that both the code paths in question will compiled regardless of whether or not they're used, thus ensuring they stay buildable forever. The optimization path will still delete the code later, but we won't have so many one-off build options breaking. We should move all the other feature driven #ifdefs to this pattern in the future. 3. As a mechnaical change to #2, this adds a config.h.in, which delcares the various variables as their respective constexpr types. This allows the constants to be used in a cleaner way. As an aside, at some point, DISABLE_XSS_PREVENTION should really move to a non-persistent runtime option rather than a compile time option. Too many people get hung up on having to recompile their BMC, and moving it to runtime under admin credentials is no more a security risk. As another aside, we should move all the other #ifdef style options to this pattern. It seems like it would help with keeping all options buildable, and is definitely more modern than #ifdefs for features, especially if they don't require #include changes or linker changes. Tested: enabled meson option insecure-disable-xss, and verified code builds and works again. Change-Id: Id03faa17cffdbabaf4e5b0d46b24bb58b7f44669 Signed-off-by: Ed Tanous <edtanous@google.com>
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.