Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 4028f33b111bb4e66493732d9c99f1f6a6fb1744
commit4028f33b111bb4e66493732d9c99f1f6a6fb1744[log] [tgz]
authorJoseph Reynolds <jrey@us.ibm.com>Thu Aug 30 21:39:37 2018 -0500
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Mon Sep 24 14:15:21 2018 -0400
tree661d70a90bc809b28d859bf35aae8a35d756ed51
parent42ed80522120acd4337f0ae7f33e9fe62e71ff02 [diff]
Nginx adds http security headers

Nginx now adds security-related headers to HTTP responses per
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project
and consistent with openbmc/bmcweb (see header file
include/security_headers_middleware.hpp).

Tested:
 curl -D headers http://${bmc}
   redirects to https
   No security headers apply, and none are sent
 curl https://${bmc}
   contains security headers and works properly
 curl https://${bmc}/xyz/openbmc_project/software
   contains Strict-Transport-Security header, and works
 curl ... -X POST -T ${image} https://${bmc}/upload/image"
   works
 firefox http redirects to https
 firefox https://${bmc}/ logs in and works

Resolves openbmc/openbmc#3195

(From meta-ibm rev: 8202b2639cba28a71640db48e38f6b7f1d3eaed0)

Change-Id: Ie20169abbca02471fa5dc89bebba8a6cdf722cd6
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
1 file changed
tree: 661d70a90bc809b28d859bf35aae8a35d756ed51
  1. meta-arm/
  2. meta-aspeed/
  3. meta-evb/
  4. meta-google/
  5. meta-ibm/
  6. meta-ingrasys/
  7. meta-intel/
  8. meta-inventec/
  9. meta-mellanox/
  10. meta-nuvoton/
  11. meta-openembedded/
  12. meta-openpower/
  13. meta-phosphor/
  14. meta-portwell/
  15. meta-qualcomm/
  16. meta-quanta/
  17. meta-raspberrypi/
  18. meta-security/
  19. meta-x86/
  20. poky/
  21. bitbakepoky/bitbake/
  22. LICENSEpoky/LICENSE
  23. metapoky/meta
  24. meta-pokypoky/meta-poky/
  25. oe-init-build-envpoky/oe-init-build-env
  26. scriptspoky/scripts/
  27. .gitignore
  28. .gitreview
  29. .templateconf
  30. MAINTAINERS
  31. openbmc-env
  32. README.md
  33. setup
README.md

OpenBMC

Build Status

The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.

Setting up your OpenBMC project

1) Prerequisite

  • Ubuntu 14.04
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
  • Fedora 23
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake
sudo dnf groupinstall "C Development Tools and Libraries"

2) Download the source

git clone git@github.com:openbmc/openbmc.git
cd openbmc

3) Target your hardware

Any build requires an environment variable known as TEMPLATECONF to be set to a hardware target. You can see all of the known targets with find meta-* -name local.conf.sample. Choose the hardware target and then move to the next step. Additional examples can be found in the OpenBMC Cheatsheet

MachineTEMPLATECONF
Palmettometa-ibm/meta-palmetto/conf
Zaiusmeta-ingrasys/meta-zaius/conf
Witherspoonmeta-ibm/meta-witherspoon/conf

As an example target Palmetto

export TEMPLATECONF=meta-ibm/meta-palmetto/conf

4) Build

. openbmc-env
bitbake obmc-phosphor-image

Additional details can be found in the docs repository.

Build Validation and Testing

Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.

Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.

Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.

Submitting Patches

Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.

Bug Reporting

Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.

Features of OpenBMC

Feature List

  • REST Management
  • IPMI
  • SSH based SOL
  • Power and Cooling Management
  • Event Logs
  • Zeroconf discoverable
  • Sensors
  • Inventory
  • LED Management
  • Host Watchdog
  • Simulation
  • Code Update Support for multiple BMC/BIOS images
  • POWER On Chip Controller (OCC) Support

Features In Progress

  • Full IPMI 2.0 Compliance with DCMI
  • Verified Boot
  • HTML5 Java Script Web User Interface
  • BMC RAS

Features Requested but need help

  • OpenCompute Redfish Compliance
  • OpenBMC performance monitoring
  • cgroup user management and policies
  • Remote KVM
  • Remote USB
  • OpenStack Ironic Integration
  • QEMU enhancements

Finding out more

Dive deeper in to OpenBMC by opening the docs repository.

Contact