diff options
Diffstat (limited to 'bitbake/bin/bitbake-hashserv')
-rwxr-xr-x | bitbake/bin/bitbake-hashserv | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/bitbake/bin/bitbake-hashserv b/bitbake/bin/bitbake-hashserv index 59b8b07f59..1085d0584e 100755 --- a/bitbake/bin/bitbake-hashserv +++ b/bitbake/bin/bitbake-hashserv | |||
@@ -17,6 +17,7 @@ warnings.simplefilter("default") | |||
17 | sys.path.insert(0, os.path.join(os.path.dirname(os.path.dirname(__file__)), "lib")) | 17 | sys.path.insert(0, os.path.join(os.path.dirname(os.path.dirname(__file__)), "lib")) |
18 | 18 | ||
19 | import hashserv | 19 | import hashserv |
20 | from hashserv.server import DEFAULT_ANON_PERMS | ||
20 | 21 | ||
21 | VERSION = "1.0.0" | 22 | VERSION = "1.0.0" |
22 | 23 | ||
@@ -36,6 +37,22 @@ The bind address may take one of the following formats: | |||
36 | To bind to all addresses, leave the ADDRESS empty, e.g. "--bind :8686" or | 37 | To bind to all addresses, leave the ADDRESS empty, e.g. "--bind :8686" or |
37 | "--bind ws://:8686". To bind to a specific IPv6 address, enclose the address in | 38 | "--bind ws://:8686". To bind to a specific IPv6 address, enclose the address in |
38 | "[]", e.g. "--bind [::1]:8686" or "--bind ws://[::1]:8686" | 39 | "[]", e.g. "--bind [::1]:8686" or "--bind ws://[::1]:8686" |
40 | |||
41 | Note that the default Anonymous permissions are designed to not break existing | ||
42 | server instances when upgrading, but are not particularly secure defaults. If | ||
43 | you want to use authentication, it is recommended that you use "--anon-perms | ||
44 | @read" to only give anonymous users read access, or "--anon-perms @none" to | ||
45 | give un-authenticated users no access at all. | ||
46 | |||
47 | Setting "--anon-perms @all" or "--anon-perms @user-admin" is not allowed, since | ||
48 | this would allow anonymous users to manage all users accounts, which is a bad | ||
49 | idea. | ||
50 | |||
51 | If you are using user authentication, you should run your server in websockets | ||
52 | mode with an SSL terminating load balancer in front of it (as this server does | ||
53 | not implement SSL). Otherwise all usernames and passwords will be transmitted | ||
54 | in the clear. When configured this way, clients can connect using a secure | ||
55 | websocket, as in "wss://SERVER:PORT" | ||
39 | """, | 56 | """, |
40 | ) | 57 | ) |
41 | 58 | ||
@@ -79,6 +96,22 @@ To bind to all addresses, leave the ADDRESS empty, e.g. "--bind :8686" or | |||
79 | default=os.environ.get("HASHSERVER_DB_PASSWORD", None), | 96 | default=os.environ.get("HASHSERVER_DB_PASSWORD", None), |
80 | help="Database password ($HASHSERVER_DB_PASSWORD)", | 97 | help="Database password ($HASHSERVER_DB_PASSWORD)", |
81 | ) | 98 | ) |
99 | parser.add_argument( | ||
100 | "--anon-perms", | ||
101 | metavar="PERM[,PERM[,...]]", | ||
102 | default=os.environ.get("HASHSERVER_ANON_PERMS", ",".join(DEFAULT_ANON_PERMS)), | ||
103 | help='Permissions to give anonymous users (default $HASHSERVER_ANON_PERMS, "%(default)s")', | ||
104 | ) | ||
105 | parser.add_argument( | ||
106 | "--admin-user", | ||
107 | default=os.environ.get("HASHSERVER_ADMIN_USER", None), | ||
108 | help="Create default admin user with name ADMIN_USER ($HASHSERVER_ADMIN_USER)", | ||
109 | ) | ||
110 | parser.add_argument( | ||
111 | "--admin-password", | ||
112 | default=os.environ.get("HASHSERVER_ADMIN_PASSWORD", None), | ||
113 | help="Create default admin user with password ADMIN_PASSWORD ($HASHSERVER_ADMIN_PASSWORD)", | ||
114 | ) | ||
82 | 115 | ||
83 | args = parser.parse_args() | 116 | args = parser.parse_args() |
84 | 117 | ||
@@ -94,6 +127,7 @@ To bind to all addresses, leave the ADDRESS empty, e.g. "--bind :8686" or | |||
94 | logger.addHandler(console) | 127 | logger.addHandler(console) |
95 | 128 | ||
96 | read_only = (os.environ.get("HASHSERVER_READ_ONLY", "0") == "1") or args.read_only | 129 | read_only = (os.environ.get("HASHSERVER_READ_ONLY", "0") == "1") or args.read_only |
130 | anon_perms = args.anon_perms.split(",") | ||
97 | 131 | ||
98 | server = hashserv.create_server( | 132 | server = hashserv.create_server( |
99 | args.bind, | 133 | args.bind, |
@@ -102,6 +136,9 @@ To bind to all addresses, leave the ADDRESS empty, e.g. "--bind :8686" or | |||
102 | read_only=read_only, | 136 | read_only=read_only, |
103 | db_username=args.db_username, | 137 | db_username=args.db_username, |
104 | db_password=args.db_password, | 138 | db_password=args.db_password, |
139 | anon_perms=anon_perms, | ||
140 | admin_username=args.admin_user, | ||
141 | admin_password=args.admin_password, | ||
105 | ) | 142 | ) |
106 | server.serve_forever() | 143 | server.serve_forever() |
107 | return 0 | 144 | return 0 |