Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / f000468d501d7e11aefb7e271bee8730cb4988cd
commitf000468d501d7e11aefb7e271bee8730cb4988cd[log] [tgz]
authorGunnar Mills <gmills@us.ibm.com>Tue Jul 23 17:38:32 2019 -0500
committerGunnar Mills <gmills@us.ibm.com>Wed Jul 31 15:25:19 2019 +0000
treec910566ed10a124287513e7400e051005fa9e2db
parentaf0df6fff3fce6cf88d608c44758e971718ec906 [diff]
Use npm-check-updates and npm audit fix

Upgraded npm to 6.10.2, which includes npm audit.
Installed npm-check-updates and then ran:
ncu -u;  npm audit fix

This is a npm 6 package-lock.json.
Recommend using npm 6 from here out to avoid churn in the
package-lock.json caused by npm 5 vs npm 6.

Before:
  found 24 high severity vulnerabilities in 12251 scanned packages
    run `npm audit fix` to fix 24 of them.

After:
  found 0 vulnerabilities
   in 12251 scanned packages

npm 6 was released a year and half ago and has "security is built in".

npm 6/5.10 moved package-lock.json from exact versions to loosly versions.
tilde and caret are now present in the package-lock.json

The previous commits helps a little by "specific version in
package.json guarantees the version only a the top level commit"

Even though package-lock.json has tilde and carets (scary!), the
package-lock.json still lock sub-dependencies according to npm.

https://github.com/npm/npm/issues/20434#issuecomment-395637874

OpenBMC uses nodejs_10.15.3 which has npm 6.4.1.
https://github.com/openbmc/openbmc/blob/master/meta-openembedded/meta-oe/recipes-devtools/nodejs/nodejs_10.15.3.bb
https://nodejs.org/en/download/releases/

Also see:
    https://github.com/npm/npm/issues/20891

Resolves openbmc/phosphor-webui#91

Tested: Built image and loaded on Witherspoon
Change-Id: I436be724ac4b27bb00a4b4c20077ddf981c43c9f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
2 files changed
tree: c910566ed10a124287513e7400e051005fa9e2db
  1. app/
  2. .babelrc
  3. .clang-format
  4. .gitignore
  5. config.json
  6. format-code.sh
  7. karma.conf.js
  8. LICENSE
  9. MAINTAINERS
  10. package-lock.json
  11. package.json
  12. postcss.config.js
  13. README.md
  14. sonar-project.properties
  15. webpack.config.js
README.md

OpenBMC Web User Interface

The OpenBMC WebUI is a Web-based user interface for the OpenBMC firmware stack. The WebUI uses AngularJS. Features include:

  • View system overview data such as model information and serial number
  • View and manage event logs
  • View inventory data
  • View sensor data
  • Power On/Off server operations
  • Reboot BMC
  • Manage and update BMC and Host firmware
  • IPv4 network settings
  • SoL console

Requirements

nodejs (>= 4.2.6) npm (>= 5.6.0)

Note The default installation of your Linux distro may not come with the required versions above. See the following for more information on updating:

https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-node https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-npm

Installation

npm install

Note This must be run from within the phosphor-webui git repository.

Running locally

npm run-script server

This will start a server instance and begin listening for connections at http://localhost:8080. This development server provides live reloading on code changes. NOTE: Browsing to https://<BMC> and accepting the self-signed certificate might be required to prevent your browser from blocking traffic to the BMC.

Logging in

Enter the BMC Host or BMC IP address, username, and password. The default username and password are root/0penBmc.

Note that some OpenBMC implementations use bmcweb for its backend. For security reasons, bmcweb will need to be recompiled and loaded onto the target BMC Host before the above redirect command will work. The option to turn on within bmcweb is BMCWEB_INSECURE_DISABLE_XSS_PREVENTION.