summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Joseph <tomjoseph@in.ibm.com>2017-02-20 12:01:43 +0530
committerPatrick Williams <patrick@stwcx.xyz>2017-02-21 14:21:01 +0000
commit1562bbcb50e2bf7b6130dc9f8d34494cd115c8d5 (patch)
tree3d272e4ec35ffcd0a541d7275ee46465e8bcd386
parentf7ef071db9da4fec6b43e683c1dae8b33c350479 (diff)
downloadtalos-openbmc-1562bbcb50e2bf7b6130dc9f8d34494cd115c8d5.tar.gz
talos-openbmc-1562bbcb50e2bf7b6130dc9f8d34494cd115c8d5.zip
IPMI Whitelisted commands for FRU and OEM repositories
The IPMI whitelisted commands for phosphor-ipmi-fru and openpower-ipmi-oem is added. Only the IPMI whitelisted listed commands are allowed in restricted mode. The IPMI whitelisted commands for phosphor-ipmi-fru and openpower-ipmi-oem are added as native packages and host-ipmid depends on those. Change-Id: Ic4184773656567eb0dffa30ef29f8bc3ced3aff4 Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
-rw-r--r--meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist-native.bb6
-rw-r--r--meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist/openpower-ipmi-oem-whitelist-native.conf2
-rw-r--r--meta-openbmc-machines/meta-openpower/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bbappend2
-rw-r--r--meta-phosphor/classes/obmc-phosphor-utils.bbclass8
-rw-r--r--meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass27
-rw-r--r--meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist-native.bb6
-rw-r--r--meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist/phosphor-ipmi-fru-whitelist-native.conf2
-rw-r--r--meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb10
-rw-r--r--meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb11
9 files changed, 70 insertions, 4 deletions
diff --git a/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist-native.bb b/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist-native.bb
new file mode 100644
index 000000000..425901894
--- /dev/null
+++ b/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist-native.bb
@@ -0,0 +1,6 @@
+SUMMARY = "Whitelisted OpenBMC IPMI OEM commands"
+DESCRIPTION = "Whitelisted OpenBMC IPMI OEM commands for OpenPOWER based systems"
+
+inherit obmc-phosphor-license
+inherit native
+inherit phosphor-ipmi-host-whitelist \ No newline at end of file
diff --git a/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist/openpower-ipmi-oem-whitelist-native.conf b/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist/openpower-ipmi-oem-whitelist-native.conf
new file mode 100644
index 000000000..e61073e89
--- /dev/null
+++ b/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/ipmi/openpower-ipmi-oem-whitelist/openpower-ipmi-oem-whitelist-native.conf
@@ -0,0 +1,2 @@
+#<NetFn>:<Command>
+0x32:0xF0 //<OpenPower OEM>:<Add Partial eSEL command>
diff --git a/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bbappend b/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bbappend
index 43bdf4b43..538c5b9ed 100644
--- a/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bbappend
+++ b/meta-openbmc-machines/meta-openpower/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bbappend
@@ -1 +1 @@
-RDEPENDS_${PN}-libs += "openpower-ipmi-oem"
+OBMC_IPMID_PROVIDERS_append=" openpower-ipmi-oem"
diff --git a/meta-phosphor/classes/obmc-phosphor-utils.bbclass b/meta-phosphor/classes/obmc-phosphor-utils.bbclass
index 713c892fb..baaa19d57 100644
--- a/meta-phosphor/classes/obmc-phosphor-utils.bbclass
+++ b/meta-phosphor/classes/obmc-phosphor-utils.bbclass
@@ -42,3 +42,11 @@ def compose_list_zip(d, fmtvar, *listvars, **kw):
lists = [listvar_to_list(d, x) for x in listvars]
lst = [fmt.format(*x) for x in zip(*lists)]
return (kw.get('sep') or ' ').join(lst)
+
+
+def append_suffix(val, suffix):
+ words = val.split(' ')
+ newval = []
+ for w in words:
+ newval.append(w + suffix)
+ return ' '.join(newval) \ No newline at end of file
diff --git a/meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass b/meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass
new file mode 100644
index 000000000..7db71d5c3
--- /dev/null
+++ b/meta-phosphor/classes/phosphor-ipmi-host-whitelist.bbclass
@@ -0,0 +1,27 @@
+# Common code for recipes that implement Phosphor IPMI Whitelist
+# packages
+
+WHITELIST ?= "${PN}.conf"
+INSTALLDIR = "${sysconfdir}/phosphor-ipmi-host/"
+
+python phosphor_ipmi_host_whitelist_postinstall() {
+ def install_whitelist(d):
+ # Create the install directory if needed
+ whitelist_file = d.getVar('WHITELIST', True)
+ install_dir = d.getVar('INSTALLDIR', True)
+ if not os.path.exists(install_dir):
+ os.makedirs(install_dir)
+ install_file = os.path.join(install_dir, whitelist_file)
+
+ # Search for conf file in FILESPATH
+ searchpaths = d.getVar('FILESPATH', True)
+ path = bb.utils.which(searchpaths, whitelist_file)
+ if not os.path.isfile(path):
+ bb.fatal('Did not find conf file "%s"' % whitelist_file)
+
+ # Copy the conf file into install directory
+ bb.utils.copyfile(path, install_file)
+
+ install_whitelist(d)
+}
+do_install[postfuncs] += "phosphor_ipmi_host_whitelist_postinstall" \ No newline at end of file
diff --git a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist-native.bb b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist-native.bb
new file mode 100644
index 000000000..30c2443c3
--- /dev/null
+++ b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist-native.bb
@@ -0,0 +1,6 @@
+SUMMARY = "Whitelisted IPMI FRU Parser commands"
+DESCRIPTION = "Whitelisted IPMI FRU Parser commands for OpenBMC"
+
+inherit obmc-phosphor-license
+inherit native
+inherit phosphor-ipmi-host-whitelist \ No newline at end of file
diff --git a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist/phosphor-ipmi-fru-whitelist-native.conf b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist/phosphor-ipmi-fru-whitelist-native.conf
new file mode 100644
index 000000000..365c3d952
--- /dev/null
+++ b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-fru-whitelist/phosphor-ipmi-fru-whitelist-native.conf
@@ -0,0 +1,2 @@
+#<NetFn>:<Command>
+0x0A:0x12 //<Storage>:<Write FRU Data> \ No newline at end of file
diff --git a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb
index 0b8b93d52..285df5e8d 100644
--- a/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb
+++ b/meta-phosphor/common/recipes-phosphor/ipmi/phosphor-ipmi-host.bb
@@ -13,6 +13,7 @@ inherit obmc-phosphor-ipmiprovider-symlink
DEPENDS += "phosphor-logging"
DEPENDS += "phosphor-mapper"
DEPENDS += "autoconf-archive-native"
+DEPENDS += "packagegroup-obmc-ipmid-providers"
RDEPENDS_${PN}-dev += "phosphor-logging"
RDEPENDS_${PN}-dev += "phosphor-mapper-dev"
RDEPENDS_${PN} += "clear-once"
@@ -24,6 +25,15 @@ SRC_URI += "git://github.com/openbmc/phosphor-host-ipmid"
SRCREV = "513d68e11cf6d392e847d39c743ce54ccaa0ebf7"
+# Setup IPMI Whitelist Conf files
+WHITELIST_CONF = " \
+ ${STAGING_ETCDIR_NATIVE}/phosphor-ipmi-host/*.conf \
+ ${S}/host-ipmid-whitelist.conf \
+ "
+EXTRA_OECONF = " \
+ WHITELIST_CONF="${WHITELIST_CONF}" \
+ "
+
S = "${WORKDIR}/git"
HOSTIPMI_PROVIDER_LIBRARY += "libapphandler.so"
diff --git a/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb b/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb
index 6f82cb32c..476ad5037 100644
--- a/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb
+++ b/meta-phosphor/common/recipes-phosphor/packagegroups/packagegroup-obmc-ipmid-providers.bb
@@ -7,7 +7,12 @@ inherit obmc-phosphor-license
PROVIDES = "${PACKAGES}"
PACKAGES = "${PN}-libs"
+OBMC_IPMID_PROVIDERS = "phosphor-ipmi-fru"
+
SUMMARY_${PN}-libs = "Extra providers for ipmid."
-RDEPENDS_${PN}-libs = " \
- phosphor-ipmi-fru \
- "
+RDEPENDS_${PN}-libs = "${OBMC_IPMID_PROVIDERS}"
+
+WHITELIST_FORMAT = "{0}-whitelist-native"
+OBMC_IPMID_WHITELISTS = "${@compose_list(d, 'WHITELIST_FORMAT', 'OBMC_IPMID_PROVIDERS')}"
+
+DEPENDS_append = "${OBMC_IPMID_WHITELISTS}" \ No newline at end of file
OpenPOWER on IntegriCloud