saret/rpc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: saret:spelling-fix
Branches Tags
saret:main saret:v1.2.1 saret:v2.0.0 saret:spelling-fix saret:feat_shbc saret:snyk-fix-44a8204e6c95596ec2a9d17964ce3a6a saret:snyk-fix-51090c5823436dc7c175acd7ea8061ca saret:snyk-fix-7878daa4d2c9c5da97f8d537cdcb3681 saret:snyk-fix-6e85ead74cf2afd85b1e36c53b87db01 saret:snyk-fix-6656d9d66f0cd9635afbc2883228bf2b saret:snyk-fix-a687bff058156a3ba04bf994b9e11bd3 saret:snyk-fix-1d8863f16d091e33ff6e6bd8ae14d853 saret:snyk-fix-5b5cfae2fd64a752c6a12acbc673c8bb saret:v1.2.0 saret:feature_secure_host_based_config saret:v1.1.0 saret:v1.0.0
saret:v2.0.0 saret:v1.2.1 saret:v1.2.0 saret:v1.1.0 saret:v1.0.0 saret:v0.9.1 saret:v0.9.0
..
compare: saret:snyk-fix-51090c5823436dc7c175acd7ea8061ca
Branches Tags
saret:main saret:v1.2.1 saret:v2.0.0 saret:spelling-fix saret:feat_shbc saret:snyk-fix-44a8204e6c95596ec2a9d17964ce3a6a saret:snyk-fix-51090c5823436dc7c175acd7ea8061ca saret:snyk-fix-7878daa4d2c9c5da97f8d537cdcb3681 saret:snyk-fix-6e85ead74cf2afd85b1e36c53b87db01 saret:snyk-fix-6656d9d66f0cd9635afbc2883228bf2b saret:snyk-fix-a687bff058156a3ba04bf994b9e11bd3 saret:snyk-fix-1d8863f16d091e33ff6e6bd8ae14d853 saret:snyk-fix-5b5cfae2fd64a752c6a12acbc673c8bb saret:v1.2.0 saret:feature_secure_host_based_config saret:v1.1.0 saret:v1.0.0
saret:v2.0.0 saret:v1.2.1 saret:v1.2.0 saret:v1.1.0 saret:v1.0.0 saret:v0.9.1 saret:v0.9.0

1 Commits
spelling-f ... snyk-fix-5

Author SHA1 Message Date
snyk-bot
9fbaf25a0a fix: Dockerfile to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-UBUNTU2004-BASH-581100
- https://snyk.io/vuln/SNYK-UBUNTU2004-NETTLE-1303240
- https://snyk.io/vuln/SNYK-UBUNTU2004-NETTLE-1303240
- https://snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-1290722
- https://snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-1290722
 2021-06-19 04:18:29 +00:00
11 changed files with 170 additions and 272 deletions
Expand all files Collapse all files

20
.github/workflows/changelog.yml vendored
View File

@@ -1,20 +0,0 @@
name: Changelog Generator
on:
pull_request:
branches: [ master ]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- run: docker run -v $PWD:/workdir quay.io/git-chglog/git-chglog --next-tag vNext --output CHANGELOG-new.md vNext..
- name: GitHub Upload Release Artifacts
uses: actions/upload-artifact@v2
with:
name: CHANGELOG-new.md
path: |
./CHANGELOG-new.md

15
CHANGELOG.md
View File

@@ -1,18 +1,3 @@
<a name="v1.2.2"></a>
## [v1.2.2] - 2021-06-22
### Ci
- remove Jenkins chron
- **changelog:** add automation for changelog generation
### Fix
- update examples text and version
<a name="v1.2.1"></a>
## [v1.2.1] - 2021-05-06
### Fix
**docker:** add missing ca-certs
<a name="v1.2.0"></a>
## v1.2.0

2
CMakeLists.txt
View File

@@ -1,6 +1,6 @@
cmake_minimum_required (VERSION 3.1)
project (rpc VERSION 1.3.0)
project (rpc VERSION 1.2.1)
set (CMAKE_CXX_STANDARD 11)

4
Dockerfile
View File

@@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0
#*********************************************************************/
FROM ubuntu:20.04 AS rpc-builder
FROM ubuntu:groovy-20210614 AS rpc-builder
WORKDIR /
ARG DEBIAN_FRONTEND=noninteractive
@@ -23,7 +23,7 @@ WORKDIR /rpc/build
RUN cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_TOOLCHAIN_FILE=/rpc/vcpkg/scripts/buildsystems/vcpkg.cmake ..
RUN cmake --build .
FROM ubuntu:20.04
FROM ubuntu:groovy-20210614
LABEL license='SPDX-License-Identifier: Apache-2.0' \
copyright='Copyright (c) 2021: Intel'

163
Jenkinsfile vendored
View File

@@ -1,14 +1,16 @@
pipeline {
agent {
label 'docker-amt'
}
agent none
options {
buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30'))
timestamps()
timeout(unit: 'HOURS', time: 2)
}
stages {
stage ('Parallel') {
parallel {
stage ('Linux') {
agent { label 'docker-amt' }
stages {
stage ('Cloning Repository') {
steps {
@@ -19,15 +21,41 @@ pipeline {
}
}
}
stage('Static Code Scan - Protex') {
environment{
PROJECT_NAME = 'OpenAMT - RPC'
SCANNERS = 'protex'
}
}
stage ('Windows') {
agent { label 'openamt-win' }
stages {
stage ('Cloning Repository') {
steps {
rbheStaticCodeScan()
script {
scmCheckout {
clean = true
}
}
}
}
}
}
}
}
stage ('Static Code Scan - Protex') {
agent { label 'docker-amt' }
steps {
script {
staticCodeScan {
// generic
scanners = ['protex']
scannerType = ['c','c++']
protexProjectName = 'OpenAMT - RPC'
// internal, do not change
protexBuildName = 'rrs-generic-protex-build'
}
}
}
}
stage ('Parallel Builds') {
parallel {
stage ('Linux') {
@@ -43,7 +71,6 @@ pipeline {
steps {
sh './scripts/jenkins-pre-build.sh'
sh './scripts/jenkins-build.sh'
stash includes: 'build/rpc', name: 'linux-rpc-app'
}
}
stage ('Archive') {
@@ -51,6 +78,7 @@ pipeline {
archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true
}
}
}
}
stage ('Windows') {
@@ -61,7 +89,7 @@ pipeline {
bat 'scripts\\jenkins-pre-build.cmd'
bat 'scripts\\jenkins-build.cmd'
// prepare stash for the binary scan
stash includes: '**/*.exe', name: 'win-rpc-app'
stash includes: "**/*.exe", name: 'rpc-app'
}
}
stage ('Archive') {
@@ -73,81 +101,70 @@ pipeline {
}
}
}
stage('Prep Binary') {
stage ('Parallel Scans') {
parallel {
stage ('Static Code Scan Linux') {
agent { label 'docker-amt' }
steps {
sh 'mkdir -p ./bin'
dir('./bin') {
unstash 'linux-rpc-app'
unstash 'win-rpc-app'
}
}
}
stage('Linux Scans') {
environment{
PROJECT_NAME = 'OpenAMT - RPC - Linux'
SCANNERS = 'bdba,klocwork'
script {
staticCodeScan {
// generic
scanners = ['bdba','klocwork']
scannerType = 'c++'
// protecode details
PROTECODE_BIN_DIR = './bin'
PROTECODE_INCLUDE_SUB_DIRS = true
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = './scripts/jenkins-pre-build.sh'
KLOCWORK_BUILD_COMMAND = './scripts/jenkins-build.sh'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
steps {
rbheStaticCodeScan()
dir('artifacts/Klockwork'){
sh 'cp kw_report.html kw_report_linux.html'
sh 'cp kw_report.csv kw_report_linux.csv'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv'
}
protecodeGroup = '25'
protecodeScanName = 'rpc-zip'
protecodeDirectory = './build/rpc'
klockworkPreBuildScript = './scripts/jenkins-pre-build.sh'
klockworkBuildCommand = './scripts/jenkins-build.sh'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
}
}
stage('Windows Scans'){
}
}
stage ('Static Code Scan Windows') {
stages {
stage ('Static Code Scan Windows - Klockwork') {
agent { label 'openamt-win' }
stages{
stage ('Windows Scans - klocwork') {
environment {
PROJECT_NAME = 'OpenAMT - RPC - Windows'
SCANNERS = 'klocwork'
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = 'scripts\\jenkins-pre-build.cmd'
KLOCWORK_BUILD_COMMAND = 'scripts\\jenkins-build.cmd'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
steps {
rbheStaticCodeScan()
dir('artifacts\\Klockwork'){
bat 'copy kw_report.html kw_report_windows.html'
bat 'copy kw_report.csv kw_report_windows.csv'
stash includes: 'kw_report_windows.*', name: 'win-kwreports'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv'
script {
staticCodeScan {
// generic
scanners = ['klocwork']
scannerType = 'c++'
klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd'
klockworkBuildCommand = 'scripts\\jenkins-build.cmd'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
}
}
}
}
stage ('Static Code Scan Windows - BDBA') {
agent { label 'docker-amt' }
steps {
script {
sh "mkdir -p bdbaScanDir"
dir("bdbaScanDir") {
unstash 'rpc-app'
}
staticCodeScan {
// generic
scanners = ['bdba']
scannerType = 'c++'
protecodeGroup = '25'
protecodeScanName = 'rpc-zip'
protecodeDirectory = 'bdbaScanDir'
}
}
}
}
}
stage('Publish Artifacts'){
steps{
dir('artifacts/Klockwork'){
unstash 'win-kwreports'
}
publishArtifacts()
}
}
}

29
README.md
View File

@@ -4,43 +4,26 @@
The Remote Provisioning Client (RPC) is an application that enables remote capabilities for Intel® AMT, such as as device activation and configuration. To accomplish this, RPC communicates with the Remote Provisioning Server (RPS) to activate and connect the edge device.
<br><br>
**For detailed documentation** about RPC or other features of the Open AMT Cloud Toolkit, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/).
<br>
## Prerequisites
We leverage GitHub Actions as a means to build RPC automatically leveraging Github's CI/CD Infrastructure. This avoids having to deal with the challenges of getting your build environment just right on your local machine and allows you to get up and running much faster. Read more about GitHub Actions [here](https://github.blog/2019-08-08-github-actions-now-supports-ci-cd/#:~:text=GitHub%20Actions%20is%20an%20API,every%20step%20along%20the%20way.)
## Build the Remote Provisioning Client (RPC)
<p align="center">
<img src="assets/animations/forkandbuild.gif" width="650" />
</p>
## Build the Remote Provisioning Client (RPC)
1. Create a fork of the rpc repository [here](https://github.com/open-amt-cloud-toolkit/rpc/fork) or via the Fork button in the top-right corner of the rpc repository.
1. <a href="https://github.com/open-amt-cloud-toolkit/rpc/fork" target="_blank">Create a fork of rpc on GitHub.</a>
2. Click on "Actions" and Select "Build RPC (Native)" Workflow.
2. Click on the **Actions** tab at the top and select **Build RPC (Native) Debug/Release**.
3. Click "Run Workflow", select branch "master", and click "Run Workflow".
3. Click the **Run Workflow** dropdown.
4. Grab a coffee. The build for Windows will take approximately 30 minutes and the build for Linux will take approximately 5 minutes.
4. Select the **Branch: master**, or a preferred version, from the **Use workflow from** dropdown.
5. By default, the Build Type should be **release**.
6. Click the **Run Workflow** button. Grab a coffee and take a break! The build time ranges from 15 to 20 minutes.
8. Once the download is complete, click the completed job which will feature a green checkmark.
9. Download the appropriate RPC for your managed device's OS under the **Artifacts** section.
### To Delete your workflow run
1. Click the ellipsis ( **...** ) menu for the workflow.
2. Choose the **Delete workflow run** option.
5. Once complete, click the completed job, and download the appropriate RPC for your OS under the "Artifacts" section.
For detailed documentation about RPC and using it to activate a device, see the [docs](https://open-amt-cloud-toolkit.github.io/docs/)

5
SECURITY.md
View File

@@ -1,5 +0,0 @@
# Security Policy
Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
## Reporting a Vulnerability
Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).

11
commands.cpp
View File

@@ -282,10 +282,8 @@ bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries)
for (int i = 0; i < (int) amt_hash_handles.Length; i++)
{
// get each entry
AMT_STATUS amt_status = pthi_GetCertificateHashEntry(amt_hash_handles.Handles[i], &certhash_entry);
AMT_STATUS status = pthi_GetCertificateHashEntry(amt_hash_handles.Handles[i], &certhash_entry);
if (amt_status == 0)
{
int hashSize;
cert_hash_entry tmp;
switch (certhash_entry.HashAlgorithm) {
@@ -331,7 +329,6 @@ bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries)
hash_entries.push_back(tmp);
}
}
}
return true;
}
@@ -380,14 +377,14 @@ bool cmd_get_remote_access_connection_status(int& network_status, int& remote_st
return false;
}
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings, bool wired_interface)
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings)
{
// initialize HECI interface
if (heci_Init(NULL, PTHI_CLIENT) == 0) return false;
// get wired interface
LAN_SETTINGS lan_settings;
UINT32 interface_settings = (wired_interface) ? 0 : 1; // wired=0, wireless=1
UINT32 interface_settings = 0; // wired=0, wireless=1
AMT_STATUS amt_status = pthi_GetLanInterfaceSettings(interface_settings, &lan_settings);
if (amt_status == 0)
{
@@ -396,13 +393,11 @@ bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settin
lan_interface_settings.dhcp_enabled = lan_settings.DhcpEnabled;
lan_interface_settings.link_status = lan_settings.LinkStatus;
lan_interface_settings.ip_address.clear();
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 24) & 0xff);
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 16) & 0xff);
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address >> 8) & 0xff);
lan_interface_settings.ip_address.push_back((lan_settings.Ipv4Address) & 0xff);
lan_interface_settings.mac_address.clear();
lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[0]);
lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[1]);
lan_interface_settings.mac_address.push_back(lan_settings.MacAddress[2]);

2
commands.h
View File

@@ -49,6 +49,6 @@ bool cmd_get_dns_suffix(std::string& suffix);
bool cmd_get_wired_mac_address(std::vector<unsigned char>& address);
bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries);
bool cmd_get_remote_access_connection_status(int& network_status, int& remote_status, int& remote_trigger, std::string& mps_hostname);
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings, bool wired_interface = true);
bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings);
#endif

32
info.cpp
View File

@@ -20,7 +20,7 @@ void out_text(const std::string name, const std::vector<unsigned char> value, co
for (unsigned char tmp : value)
{
(hex) ? std::cout << std::setfill('0') << std::setw(2) << std::hex << (unsigned int)tmp
: std::cout << std::dec << (unsigned int)tmp;
: std::cout << (unsigned int)tmp;
if (char_count++ < value.size())
{
@@ -270,41 +270,15 @@ bool info_get_lan_interface_settings()
tmp.ip_address.clear();
tmp.mac_address.clear();
bool hasWired = cmd_get_lan_interface_settings(tmp);
if (hasWired)
{
out_text("LAN Interface", "wired");
if (!cmd_get_lan_interface_settings(tmp)) return false;
out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
out_text("Link Status", (tmp.link_status) ? "up" : "down");
out_text("IP Address", tmp.ip_address, '.', false);
out_text("MAC Address", tmp.mac_address, ':');
}
tmp.is_enabled = false;
tmp.link_status = false;
tmp.dhcp_enabled = false;
tmp.dhcp_mode = 0;
tmp.ip_address.clear();
tmp.mac_address.clear();
bool hasWireless = cmd_get_lan_interface_settings(tmp, false);
if (hasWireless)
{
out_text("LAN Interface", "wireless");
out_text("DHCP Enabled", (tmp.dhcp_enabled) ? "true" : "false");
out_text("DHCP Mode", (tmp.dhcp_mode == 1) ? "active" : "passive");
out_text("Link Status", (tmp.link_status) ? "up" : "down");
out_text("IP Address", tmp.ip_address, '.', false);
out_text("MAC Address", tmp.mac_address, ':');
}
if (hasWired || hasWireless)
{
return true;
}
return false;
}
bool info_get(const std::string info)

31
main.cpp
View File

@@ -7,7 +7,6 @@
#include <thread>
#include <cpprest/ws_client.h>
#include <cpprest/json.h>
#include <algorithm>
#include "port.h"
#include "lms.h"
#include "commands.h"
@@ -272,22 +271,7 @@ int main(int argc, char* argv[])
g_timeout_val = 0;
// exit
try {
std::cout << std::endl;
utility::string_t tmp = utility::conversions::convertstring(msgMessage);
web::json::value parsed = web::json::value::parse(tmp);
for (const auto& obj : parsed.as_object()) {
std::string key = utility::conversions::to_utf8string(obj.first);
std::string value = utility::conversions::to_utf8string(obj.second.serialize());
value.erase(std::remove(value.begin(), value.end(), '"'), value.end());
std::cout << key << ": " << value << std::endl;
}
}
catch (...)
{
std::cout << std::endl << msgMessage << std::endl;
}
return;
}
else if (msgStatus.compare("failed")==0)
@@ -296,22 +280,7 @@ int main(int argc, char* argv[])
g_timeout_val = 0;
// exit
try {
std::cout << std::endl;
utility::string_t tmp = utility::conversions::convertstring(msgMessage);
web::json::value parsed = web::json::value::parse(tmp);
for (const auto& obj : parsed.as_object()) {
std::string key = utility::conversions::to_utf8string(obj.first);
std::string value = utility::conversions::to_utf8string(obj.second.serialize());
value.erase(std::remove(value.begin(), value.end(), '"'), value.end());
std::cout << key << ": " << value << std::endl;
}
}
catch (...)
{
std::cout << std::endl << msgMessage << std::endl;
}
return;
}