clang-format: re-format for clang-19

clang-format-19 isn't compatible with the clang-format-18 output, so we
need to reformat the code with the latest version. A few parameters
in clang-tidy have b

clang-format: re-format for clang-19

clang-format-19 isn't compatible with the clang-format-18 output, so we
need to reformat the code with the latest version. A few parameters
in clang-tidy have been deprecated, so adjust the style file
accordingly.

See Ie2f6eb3b043f2d655c9df806815afd7971fd0947 for updated style.
See I88192b41ab7a95599a90915013579608af7bc56f for clang-19 enablement.

Change-Id: I98184a15016e3fb51136ee87e0213642c3f8da87
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

clang-tidy: Customize Configuration

The .clang-tidy file has been updated to align with the recommended
clang-tidy categories for C++ projects in OpenBMC. All recommended
categories are enabled, and

clang-tidy: Customize Configuration

The .clang-tidy file has been updated to align with the recommended
clang-tidy categories for C++ projects in OpenBMC. All recommended
categories are enabled, and failing checks are disabled by prefixing
them with a '-'.

This approach allows to improve coverage by enabling failing checks
and making necessary code changes to fix failures over time.

Tested: Build and unit tests verified.

Change-Id: I2b71e48baf4f7dd00c977996f93d6aebc41a35c3
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

Revert "Replace tempnam with mkstemp"

This reverts commit cd24c230981068b76bda041e6ab302ac2c8ddaad.

The change causes the warning to be removed but replaces it with an equally racy sequence.

Once

Revert "Replace tempnam with mkstemp"

This reverts commit cd24c230981068b76bda041e6ab302ac2c8ddaad.

The change causes the warning to be removed but replaces it with an equally racy sequence.

Once the file is removed another process or thread can race to create the file.

As the callers all call fs::create_directory the proper fix is to use mkdtemp in the callers then adjust the permissions as needed later.

Change-Id: Icc34ac1a58be3a226f82c6a5ddfe9da6df95a5ef
Signed-off-by: Milton Miller <mdmii@outlook.com>

show more ...

clang-tidy: Enable modernize-use-nullptr

Modified code to address issues flagged by this check.

Tested: Build and unit tests passed successfully.

Change-Id: Idd4daacdcb998d49b938b1d2a194084781d11e

clang-tidy: Enable modernize-use-nullptr

Modified code to address issues flagged by this check.

Tested: Build and unit tests passed successfully.

Change-Id: Idd4daacdcb998d49b938b1d2a194084781d11e96
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Add modernize checks

These changes improve code readability, maintainability, and
performance by leveraging modern C++ features and best practices.

Tested: Build and unit tests passed s

clang-tidy: Add modernize checks

These changes improve code readability, maintainability, and
performance by leveraging modern C++ features and best practices.

Tested: Build and unit tests passed successfully.

Change-Id: Ia87cc327ec421e1166d6dc6a7e6c2a456aefa20c
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Enable readability checks on repo

The readability-* checks in Clang-Tidy focus on improving code
readability by enforcing guidelines and suggesting improvements
that can enhance the clar

clang-tidy: Enable readability checks on repo

The readability-* checks in Clang-Tidy focus on improving code
readability by enforcing guidelines and suggesting improvements
that can enhance the clarity and maintainability of C++ code.

Tested: Build and unit tests passed successfully.

Change-Id: Iad54f281139883d9d535a6951571e4fdc978fd8b
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Add performance checks

The checks are valuable for improving the runtime efficiency and
resource utilization of your programs.

Tested: Build and unit tests passed successfully.

Change-

clang-tidy: Add performance checks

The checks are valuable for improving the runtime efficiency and
resource utilization of your programs.

Tested: Build and unit tests passed successfully.

Change-Id: I83a26416f2ce057ac5ae1d58bb5a8bdd989df4b1
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: clang-tidy: Add few misc checks

Checks that encompass various miscellaneous guidelines and rules
that don't fall into more specific categories like readability,
performance, or correctne

clang-tidy: clang-tidy: Add few misc checks

Checks that encompass various miscellaneous guidelines and rules
that don't fall into more specific categories like readability,
performance, or correctness. These checks often focus on code
quality, stylistic preferences, or potential pitfalls that are
not covered by other specific checks.

Tested: Build and unit tests passed successfully.

Change-Id: I62baa5723a550edf540a9b399f808a5e526f8058
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Add few cppcoreguidelines check

These checks cover a wide range of best practices and
recommendations aimed at improving the safety, readability,
maintainability, and performance of our

clang-tidy: Add few cppcoreguidelines check

These checks cover a wide range of best practices and
recommendations aimed at improving the safety, readability,
maintainability, and performance of our C++ codebase according
to the C++ Core Guidelines.

Tested: Build and unit tests passed successfully.

Change-Id: Ia815f391419ff4e5d80b3793c760dcbce689c734
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Add clang-analyzer checks

This checks primary purpose is to identify potential bugs,security
vulnerabilities, and adherence to coding standards by examining
the source code without execu

clang-tidy: Add clang-analyzer checks

This checks primary purpose is to identify potential bugs,security
vulnerabilities, and adherence to coding standards by examining
the source code without executing it.

Tested: Build and unit tests passed successfully.

Change-Id: If17acfe556e5fd98b6ac34df0f65991435e4ed0f
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Enable cert-env33-c

Modified code to address issues flagged by this check.

Tested: Build and unit tests completed successfully.

Change-Id: Ic84d34ce664870988054284ecba4903805037210
Sig

clang-tidy: Enable cert-env33-c

Modified code to address issues flagged by this check.

Tested: Build and unit tests completed successfully.

Change-Id: Ic84d34ce664870988054284ecba4903805037210
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Add cert checks

This update enhances code security by incorporating CERT guideline
checks using clang-tidy. These checks are designed to identify
potential security vulnerabilities and e

clang-tidy: Add cert checks

This update enhances code security by incorporating CERT guideline
checks using clang-tidy. These checks are designed to identify
potential security vulnerabilities and ensure compliance with
secure coding standards.

Tested: Build and unit tests passed successfully.

Change-Id: I303cd24bef6eb8a83eb6a320121db2ff8ab076d6
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Enable bugprone-unused-local-non-tri

Modified code to address issues flagged by
bugprone-unused-local-non-trivial-variable check.

Tested: Build and unit tests passed successfully.

Chan

clang-tidy: Enable bugprone-unused-local-non-tri

Modified code to address issues flagged by
bugprone-unused-local-non-trivial-variable check.

Tested: Build and unit tests passed successfully.

Change-Id: I21eca96e7582d24af398fb502540e0b51b0ca7fa
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Enable bugprone-implicit-widening-of

Modified code to address issues flagged by
bugprone-implicit-widening-of-multiplication-result check.

Tested: Build and unit tests passed successful

clang-tidy: Enable bugprone-implicit-widening-of

Modified code to address issues flagged by
bugprone-implicit-widening-of-multiplication-result check.

Tested: Build and unit tests passed successfully.

Change-Id: I68bae8863c9e2d57154588bfda8c1e235637dffe
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Enable bugprone-narrowing-conversions

Modified code to address issues flagged by this check.

Tested: Build and unit tests passed successfully.

Change-Id: I17111e3f00ad0dbf5d0d72d5ccd37

clang-tidy: Enable bugprone-narrowing-conversions

Modified code to address issues flagged by this check.

Tested: Build and unit tests passed successfully.

Change-Id: I17111e3f00ad0dbf5d0d72d5ccd374367e4cca36
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Enable bugprone-assignment-in-if

Modified code to address issues flagged by this check.

Tested: Build and unit tests passed successfully.

Change-Id: I3b5f7c29fa38fc39da06e27488d7086600

clang-tidy: Enable bugprone-assignment-in-if

Modified code to address issues flagged by this check.

Tested: Build and unit tests passed successfully.

Change-Id: I3b5f7c29fa38fc39da06e27488d70866006695c9
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

clang-tidy: Add bugprone checks

Enable bugprone checks to identify problematic patterns that could
lead to bugs or undefined behavior.

Tested: Build and unit tests passed successfully.

Change-Id:

clang-tidy: Add bugprone checks

Enable bugprone checks to identify problematic patterns that could
lead to bugs or undefined behavior.

Tested: Build and unit tests passed successfully.

Change-Id: I27ba4998b4ae86d8148b82f73917222debf96159
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

Replace tempnam with mkstemp

This change addresses the following build warning:
'''
warning: the use of `tempnam' is dangerous, better use `mkstemp'
'''
Tested: Build and unit tests passed successfu

Replace tempnam with mkstemp

This change addresses the following build warning:
'''
warning: the use of `tempnam' is dangerous, better use `mkstemp'
'''
Tested: Build and unit tests passed successfully.

Change-Id: I875e2d1d954e30a102b2b58a674c57410f7be684
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>

show more ...

Update copyCertificate function to preserve file metadata

Cert Manager currently creates a new file with the same content
during Certificate::copyCertificate function but doesn’t
preserve the file m

Update copyCertificate function to preserve file metadata

Cert Manager currently creates a new file with the same content
during Certificate::copyCertificate function but doesn’t
preserve the file metadata(uid,gid,rwx etc.) from the original
file. It's a nice to have feature if both content and file
metadata are preserved during the copy. This would be useful for
security software running later on to validate the file's
integrity and authenticity.

This is achievable by utilizing the cp command. PCM will issue a
std::system call to ask the underlying host environment's command
processor to execute the cp -fp call.

This PR doesn't change any current business logic to any existing
code that depends on PCM.

Change-Id: I53907253857b04629914290a77b140c338344d05
Signed-off-by: Zac Tang <zactang1024@gmail.com>

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: Ic1ad64722b2368169dfb0e62c37f7f3c1ff20fe8
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix spelling mistakes using codespell

This commit corrects various spelling mistakes throughout the
repository. The corrections were made automatically using `codespell`[1]
tool.

[1]: https://githu

Fix spelling mistakes using codespell

This commit corrects various spelling mistakes throughout the
repository. The corrections were made automatically using `codespell`[1]
tool.

[1]: https://github.com/codespell-project/codespell

Change-Id: I49a1a13821bbc966768d4db048886e78e8e77d9f
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>

show more ...

Test: Fix CI failure

Currently CI fails with --wrapper 'valgrind --error-exitcode=1'

This commit fixes few variables initialization in test code and increase
timeout to generate certs to 500 second

Test: Fix CI failure

Currently CI fails with --wrapper 'valgrind --error-exitcode=1'

This commit fixes few variables initialization in test code and increase
timeout to generate certs to 500 seconds considering valgrind enabled.

Tested by:
CI passed with --wrapper 'valgrind --error-exitcode=1'

Change-Id: I1bf26fb2fafbf68bcb128eb77083a99867dd21c8
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

GenerateCSR: Avoid setting CSR version

Latest openssl displays as unknown version while parsing BMC generated
CSRs over openssl command line

As per openssl discussion in this issue, by default CSR

GenerateCSR: Avoid setting CSR version

Latest openssl displays as unknown version while parsing BMC generated
CSRs over openssl command line

As per openssl discussion in this issue, by default CSR version set to 1
https://github.com/openssl/openssl/issues/20663
The only defined CSR version is X509_REQ_VERSION_1, so there is no need
to call X509_REQ_set_version() to set version explicitly

This commit avoids calling X509_REQ_set_version() to set CSR version

Tested By:
1.Generate CSR using redfish interface
2.Parse csr using openssl and check version
openssl req -in csr.txt -noout -text
Certificate Request:
Data:
Version: 1 (0x0)

Change-Id: I29dfc50e661d39fe7930d65079abfee924745d21
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

certs_manager: log all OpenSSL errors on failure

I've been hitting intermittent fails in this code running simulation
with my system1 machine.

```
Sep 20 11:23:29 system1 phosphor-certificate-manag

certs_manager: log all OpenSSL errors on failure

I've been hitting intermittent fails in this code running simulation
with my system1 machine.

```
Sep 20 11:23:29 system1 phosphor-certificate-manager[237]: Error occurred during generate EC key
Sep 20 11:23:29 system1 phosphor-certificate-manager[237]: The operation failed internally.
Sep 20 11:23:29 system1 phosphor-certificate-manager[237]: The operation failed internally.
```

This code path logs an InternalError, which causes a BMC dump to get
generated. That dump causes the automated CI tests to fail.

The fail only occurs 1 out of every 10 runs and there's not currently
enough info to debug the cause of the fail. I think it may have to do
with the network or time being reconfigured during the same time the
certificate code is running but I have no evidence.

Doing some internet searching, it seems this ERR_print_errors_fp() call
is the recommended way to collect any debug info from OpenSSL libraries.
https://www.openssl.org/docs/man1.1.1/man3/ERR_print_errors_fp.html

Tested:
- Unfortunately I can not recreate this issue manually so all I've been
able to test is that this builds and does not affect the good path.

Change-Id: I373b8f481f393b3e783c1a0270c8f6f729c426a5
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...

owners: updated Jayanth email

Change-Id: I0b4303591cf2dd95aaf02de578b9ffc8faedbdbe
Signed-off-by: Jayanth Othayoth <ojayanth@gmail.com>