commit | 4028f33b111bb4e66493732d9c99f1f6a6fb1744 | [log] [tgz] |
---|---|---|
author | Joseph Reynolds <jrey@us.ibm.com> | Thu Aug 30 21:39:37 2018 -0500 |
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | Mon Sep 24 14:15:21 2018 -0400 |
tree | 661d70a90bc809b28d859bf35aae8a35d756ed51 | |
parent | 42ed80522120acd4337f0ae7f33e9fe62e71ff02 [diff] |
Nginx adds http security headers Nginx now adds security-related headers to HTTP responses per https://www.owasp.org/index.php/OWASP_Secure_Headers_Project and consistent with openbmc/bmcweb (see header file include/security_headers_middleware.hpp). Tested: curl -D headers http://${bmc} redirects to https No security headers apply, and none are sent curl https://${bmc} contains security headers and works properly curl https://${bmc}/xyz/openbmc_project/software contains Strict-Transport-Security header, and works curl ... -X POST -T ${image} https://${bmc}/upload/image" works firefox http redirects to https firefox https://${bmc}/ logs in and works Resolves openbmc/openbmc#3195 (From meta-ibm rev: 8202b2639cba28a71640db48e38f6b7f1d3eaed0) Change-Id: Ie20169abbca02471fa5dc89bebba8a6cdf722cd6 Signed-off-by: Joseph Reynolds <jrey@us.ibm.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
The OpenBMC project can be described as a Linux distribution for embedded devices that have a BMC; typically, but not limited to, things like servers, top of rack switches or RAID appliances. The OpenBMC stack uses technologies such as Yocto, OpenEmbedded, systemd, and D-Bus to allow easy customization for your server platform.
sudo apt-get install -y git build-essential libsdl1.2-dev texinfo gawk chrpath diffstat
sudo dnf install -y git patch diffstat texinfo chrpath SDL-devel bitbake sudo dnf groupinstall "C Development Tools and Libraries"
git clone git@github.com:openbmc/openbmc.git cd openbmc
Any build requires an environment variable known as TEMPLATECONF
to be set to a hardware target. You can see all of the known targets with find meta-* -name local.conf.sample
. Choose the hardware target and then move to the next step. Additional examples can be found in the OpenBMC Cheatsheet
Machine | TEMPLATECONF |
---|---|
Palmetto | meta-ibm/meta-palmetto/conf |
Zaius | meta-ingrasys/meta-zaius/conf |
Witherspoon | meta-ibm/meta-witherspoon/conf |
As an example target Palmetto
export TEMPLATECONF=meta-ibm/meta-palmetto/conf
. openbmc-env bitbake obmc-phosphor-image
Additional details can be found in the docs repository.
Commits submitted by members of the OpenBMC GitHub community are compiled and tested via our Jenkins server. Commits are run through two levels of testing. At the repository level the makefile make check
directive is run. At the system level, the commit is built into a firmware image and run with an arm-softmmu QEMU model against a barrage of CI tests.
Commits submitted by non-members do not automatically proceed through CI testing. After visual inspection of the commit, a CI run can be manually performed by the reviewer.
Automated testing against the QEMU model along with supported systems are performed. The OpenBMC project uses the Robot Framework for all automation. Our complete test repository can be found here.
Support of additional hardware and software packages is always welcome. Please follow the contributing guidelines when making a submission. It is expected that contributions contain test cases.
Issues are managed on GitHub. It is recommended you search through the issues before opening a new one.
Feature List
Features In Progress
Features Requested but need help
Dive deeper in to OpenBMC by opening the docs repository.