Closed LW-Ho closed 3 years ago
This doesn't have nearly enough information for us to help you. What error did you find? Has it worked in the past?
This doesn't have nearly enough information for us to help you. What error did you find? Has it worked in the past?
Hi , I upload screenshot to here.
I enable BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION and BMCWEB_INSECURE_DISABLE_XSS_PREVENTION, then use build_x86_docker.sh to build code.
Subproject exists but has no meson.build file Subproject boost is buildable: NO (disabling) Has header "boost/url/url_view.hpp" : NO Subproject exists but has no meson.build file Subproject boost-url is buildable: NO (disabling) Run-time dependency GTest found: YES 1.10.0 Run-time dependency GMock found: YES 1.10.0 Configuring config.h using configuration Configuring bmcweb.service using configuration Build targets in project: 6
bmcweb 1.0
Report Issues Issues: https://github.com/openbmc/bmcweb/issues/new
Build Info Build Type: debugoptimized Optimization: 2
Enabled Features insecure-disable-csrf: -DBMCWEB_INSECURE_DISABLE_CSRF_PREVENTION ssl: -DBMCWEB_ENABLE_SSL insecure-disable-xss: -DBMCWEB_INSECURE_DISABLE_XSS_PREVENTION host-serial-socket: -DBMCWEB_ENABLE_HOST_SERIAL_WEBSOCKET kvm: -DBMCWEB_ENABLE_KVM basic-auth: -DBMCWEB_ENABLE_BASIC_AUTHENTICATION session-auth: -DBMCWEB_ENABLE_SESSION_AUTHENTICATION xtoken-auth: -DBMCWEB_ENABLE_XTOKEN_AUTHENTICATION cookie-auth: -DBMCWEB_ENABLE_COOKIE_AUTHENTICATION mutual-tls-auth: -DBMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION pam: -DWEBSERVER_ENABLE_PAM redfish: -DBMCWEB_ENABLE_REDFISH rest: -DBMCWEB_ENABLE_DBUS_REST static-hosting: -DBMCWEB_ENABLE_STATIC_HOSTING vm-websocket: -DBMCWEB_ENABLE_VM_WEBSOCKET unittest: NA ibm-management-console: -DBMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE debug: -DBMCWEB_ENABLE_DEBUG logging: -DBMCWEB_ENABLE_LOGGING
Directories prefix: /usr/local bindir: /usr/local/bin systemd unit directory: /lib/systemd/system
Subprojects boost: NO Subproject exists but has no meson.build file boost-url: NO Subproject exists but has no meson.build file nlohmann: YES sdbusplus: YES
Found ninja-1.10.0 at /usr/bin/ninja
ninja: Entering directory `build'
[1/19] Compiling C++ object subprojects/sdbusplus/libsdbusplus.so.1.0.0.p/src_sdbus.cpp.o
[2/19] Compiling C++ object subprojects/sdbusplus/libsdbusplus.so.1.0.0.p/src_exception.cpp.o
[3/19] Compiling C++ object subprojects/sdbusplus/libsdbusplus.so.1.0.0.p/src_bus.cpp.o
[4/19] Compiling C++ object subprojects/sdbusplus/libsdbusplus.so.1.0.0.p/src_server_interface.cpp.o
[5/19] Compiling C++ object subprojects/sdbusplus/libsdbusplus.so.1.0.0.p/src_server_transaction.cpp.o
[6/19] Linking target subprojects/sdbusplus/libsdbusplus.so.1.0.0
[7/19] Generating symbol file subprojects/sdbusplus/libsdbusplus.so.1.0.0.p/libsdbusplus.so.1.0.0.symbols
[8/19] Compiling C++ object utility_test.p/http_ut_utility_test.cpp.o
[9/19] Linking target utility_test
[10/19] Compiling C++ object privileges_test.p/redfish-core_ut_privileges_test.cpp.o
[11/19] Compiling C++ object dbus_utility_test.p/include_ut_dbus_utility_test.cpp.o
[12/19] Linking target dbus_utility_test
[13/19] Compiling C++ object lock_test.p/redfish-core_ut_lock_test.cpp.o
[14/19] Compiling C++ object bmcweb.p/redfish-core_src_utils_json_utils.cpp.o
[15/19] Linking target privileges_test
[16/19] Compiling C++ object bmcweb.p/redfish-core_src_error_messages.cpp.o
[17/19] Linking target lock_test
[18/19] Compiling C++ object bmcweb.p/src_webserver_main.cpp.o
FAILED: bmcweb.p/src_webserver_main.cpp.o
c++ -Ibmcweb.p -I. -I.. -I../include -I../redfish-core/include -I../redfish-core/lib -I../http -I../subprojects/nlohmann/single_include -I../subprojects/nlohmann/single_include/nlohmann -flto -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wnon-virtual-dtor -Wextra -Wpedantic -Werror -std=c++17 -O2 -g -DBMCWEB_INSECURE_DISABLE_CSRF_PREVENTION -DBMCWEB_ENABLE_SSL -DBMCWEB_INSECURE_DISABLE_XSS_PREVENTION -DBMCWEB_ENABLE_HOST_SERIAL_WEBSOCKET -DBMCWEB_ENABLE_KVM -DBMCWEB_ENABLE_BASIC_AUTHENTICATION -DBMCWEB_ENABLE_SESSION_AUTHENTICATION -DBMCWEB_ENABLE_XTOKEN_AUTHENTICATION -DBMCWEB_ENABLE_COOKIE_AUTHENTICATION -DBMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION -DWEBSERVER_ENABLE_PAM -DBMCWEB_ENABLE_REDFISH -DBMCWEB_ENABLE_DBUS_REST -DBMCWEB_ENABLE_STATIC_HOSTING -DBMCWEB_ENABLE_VM_WEBSOCKET -DBMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE -Wold-style-cast -Wcast-align -Wunused -Woverloaded-virtual -Wconversion -Wsign-conversion -Wno-attributes -Wno-stringop-overflow -Wduplicated-cond -Wduplicated-branches -Wlogical-op -Wunused-parameter -Wnull-dereference -Wdouble-promotion -Wformat=2 -fno-fat-lto-objects -fvisibility=hidden -fvisibility-inlines-hidden -DBMCWEB_ENABLE_LOGGING -DBMCWEB_ENABLE_DEBUG -DBOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT -DBOOST_ASIO_DISABLE_THREADS -DBOOST_BEAST_USE_STD_STRING_VIEW -DBOOST_ERROR_CODE_HEADER_ONLY -DBOOST_SYSTEM_NO_DEPRECATED -DBOOST_ASIO_NO_DEPRECATED -DBOOST_ALL_NO_LIB -DBOOST_NO_RTTI -DBOOST_NO_TYPEID -DBOOST_COROUTINES_NO_DEPRECATION_WARNING -DBOOST_URL_STANDALONE -DBOOST_URL_HEADER_ONLY -DBOOST_ALLOW_DEPRECATED_HEADERS -isystem../subprojects/boost-url/include -isystem../subprojects/boost_1_73_0 -isystem../subprojects/sdbusplus/include -MD -MQ bmcweb.p/src_webserver_main.cpp.o -MF bmcweb.p/src_webserver_main.cpp.o.d -o bmcweb.p/src_webserver_main.cpp.o -c ../src/webserver_main.cpp
In file included from ../http/http_connection.hpp:20,
from ../http/http_server.hpp:3,
from ../http/app.hpp:4,
from ../src/webserver_main.cpp:3:
../include/security_headers.hpp: In function ‘void addSecurityHeaders(crow::Response&)’:
../include/security_headers.hpp:46:37: error: ‘req’ was not declared in this scope; did you mean ‘res’?
46 | const std::string_view origin = req.getHeaderValue("Origin");
| ^~~
| res
../src/webserver_main.cpp: In function ‘int main(int, char**)’:
../src/webserver_main.cpp:103:5: error: ‘cors_preflight’ has not been declared
103 | cors_preflight::requestRoutes(app);
| ^~~~~~
ninja: build stopped: subcommand failed.
Found runner: ['/usr/bin/ninja']
Removing intermediate container f7b1a6721c23
The command '/bin/sh -c cd source && meson setup build && meson compile -C build' returned a non-zero code: 1
Yep, this looks like a bug. We'll likely need to add back the req& to the function prototype with a [[maybe_unused]].
Feel free to push the patch to gerrit if you get this fixed before I do.
Yep, this looks like a bug. We'll likely need to add back the req& to the function prototype with a [[maybe_unused]].
Feel free to push the patch to gerrit if you get this fixed before I do.
Thanks your response.
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/40369 should be the fix. Please download and comment back if it resolves the issue for you.
Thanks a lot.
Sorry...
Because there is only one machine that can be tested, this token (BMCWEB_INSECURE_DISABLE_XSS_PREVENTION) needs to be enabled, but an error is found, can you help me fix it?
https://github.com/openbmc/bmcweb/blob/master/include/security_headers.hpp#L46
thanks a lot.