commit | 5344ab8e5bdb4fdced9041565fd745333a9a350e | [log] [tgz] |
---|---|---|
author | Abhishek Patel <Abhishek.Patel@ibm.com> | Sat Jul 31 17:42:09 2021 -0500 |
committer | Ed Tanous <edtanous@google.com> | Wed Apr 27 08:51:50 2022 -0700 |
tree | 58e3f29834621652e1991bdbc5330b9526bb2fa5 | |
parent | 02da7c5a626a747ce93aead08ee050678a16c79b [diff] |
Fix certificate_service privileges Post method: 1) /redfish/v1/CertificateService/Actions/ CertificateService.GenerateCSR/ ConfigureComponents-> ConfigureManager This change allows only Admin users to Generate CSR Certificate and restrict Operator user. Tested: Ran curl Post requests with Admin and Operator privileged users Get output as expected. Email sent to openbmc list: https://lists.ozlabs.org/pipermail/openbmc/2021-August/027232.html Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com> Change-Id: I46d505357cfc55a31911e75e8bd9948a0db90555
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Dbuildtype=debug ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja -C builddir test ninja -C builddir coverage
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.