Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / f875e0122210f847132c5fcca188323c24a2be21
commitf875e0122210f847132c5fcca188323c24a2be21[log] [tgz]
authorGunnar Mills <gmills@us.ibm.com>Tue Nov 27 13:39:27 2018 -0600
committerGunnar Mills <gmills@us.ibm.com>Tue Nov 27 15:24:19 2018 -0600
treef8c0665e18420005f88dab11099e9cb867eeebae
parent1c43b312769fcf9fe4e41bf6d7336402d06bed6e [diff]
Downgrade event-stream package to 3.3.4

From the phosphor-webui alert:
"The NPM package flatmap-stream is considered malicious.
A malicious actor added this package as a dependency to the NPM
event-stream package in versions 3.3.6 and later. Users of
event-stream are encouraged to downgrade to the last non-malicious
version, 3.3.4."

More information can be found at:
https://github.com/dominictarr/event-stream/issues/116
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/

Tested: Manually on a Witherspoon.
Change-Id: I2555ee04be69cc42f99cf3a5d18a99a4d5c26324
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
2 files changed
tree: f8c0665e18420005f88dab11099e9cb867eeebae
  1. app/
  2. .babelrc
  3. .clang-format
  4. .gitignore
  5. bower.json
  6. config.json
  7. format-code.sh
  8. karma.conf.js
  9. LICENSE
  10. MAINTAINERS
  11. package-lock.json
  12. package.json
  13. postcss.config.js
  14. README.md
  15. sonar-project.properties
  16. webpack.config.js
README.md

OpenBMC Web User Interface

The OpenBMC WebUI is a Web-based user interface for the OpenBMC firmware stack. The WebUI uses AngularJS. Features include:

  • View system overview data such as model information and serial number
  • View and manage event logs
  • View inventory data
  • View sensor data
  • Power On/Off server operations
  • Reboot BMC
  • Manage and update BMC and Host firmware
  • IPv4 network settings
  • SoL console

Requirements

nodejs (>= 4.2.6) npm (>= 5.6.0)

Note The default installation of your Linux distro may not come with the required versions above. See the following for more information on updating:

https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-node https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-npm

Installation

npm install

Note This must be run from within the phosphor-webui git repository.

Running locally

npm run-script server

This will start a server instance and begin listening for connections at http://localhost:8080. This development server provides live reloading on code changes. NOTE: Browsing to https://<BMC> and accepting the self-signed certificate might be required to prevent your browser from blocking traffic to the BMC.

Logging in

Enter the BMC Host or BMC IP address, username, and password. The default username and password are root/0penBmc.

Note that some OpenBMC implementations use bmcweb for its backend. For security reasons, bmcweb will need to be recompiled and loaded onto the target BMC Host before the above redirect command will work. The option to turn on within bmcweb is BMCWEB_INSECURE_DISABLE_XSS_PREVENTION.