1120: CI-only: create detect-secrets baseline file by spinler · Pull Request #1 · ibm-openbmc/sdbusplus

spinler · 2025-10-20T22:17:55Z

This creates a baseline file (and initial responses to any potential secrets found).

After this file is merged, all CI jobs after will run the detect-secrets tool against incoming commits to verify no potential secrets are being shared. If one is found, CI will fail until the .secrets.baseline is updated for the new issue.

See the following for more info: https://github.com/IBM/detect-secrets

Change-Id: I78eb8241e520cc410cfa34238bb7b3422df0383f

This creates a baseline file (and initial responses to any potential secrets found). After this file is merged, all CI jobs after will run the detect-secrets tool against incoming commits to verify no potential secrets are being shared. If one is found, CI will fail until the .secrets.baseline is updated for the new issue. See the following for more info: https://github.com/IBM/detect-secrets Change-Id: I78eb8241e520cc410cfa34238bb7b3422df0383f Signed-off-by: Matt Spinler <spinler@us.ibm.com>

spinler · 2025-10-21T13:40:05Z

Is this needed if CI isn't enabled?

geissonator · 2025-11-03T21:43:49Z

Good point, CI has been enabled. The agreement is anything we fork into ibm-openbmc has CI and this secrets check.

geissonator · 2025-11-03T21:49:46Z

Although now that you got https://gerrit.openbmc.org/c/openbmc/sdbusplus/+/84366 merged upstream can we just go back to using upstream?

spinler · 2025-11-03T22:49:52Z

Although now that you got https://gerrit.openbmc.org/c/openbmc/sdbusplus/+/84366 merged upstream can we just go back to using upstream?

When I tried to build an image with the latest sdbusplus master ipmi-host fails with:

| FAILED: ipmid
| arm-openbmc-linux-gnueabi-g++ -march=armv7-a -mfpu=vfpv4-d16 -mfloat-abi=hard -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64 --sysroot=/home/spinler/openbmc/openbmc-1120/build/skiboards/
tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot  -o ipmid ipmid.p/ipmid-new.cpp.o ipmid.p/host-cmd-manager.cpp.o ipmid.p/settings.cpp.o -Werror -flto -Wl,--as-needed -Wl,--no-undefined -Wl,-export-dynamic -Wl,-O1 -Wl,--hash-style=gnu -Wl
,--as-needed -fcanon-prefix-map -fmacro-prefix-map=/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/git=/usr/src/debug/phosphor-ipmi-host/1.0+git -fdebug-prefix-map=/home/spinler/openbmc/openbmc-1120/bu
ild/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/git=/usr/src/debug/phosphor-ipmi-host/1.0+git -fmacro-prefix-map=/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+gi
t/build=/usr/src/debug/phosphor-ipmi-host/1.0+git -fdebug-prefix-map=/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/build=/usr/src/debug/phosphor-ipmi-host/1.0+git -fdebug-prefix-map=/home/spinler/ope
nbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot= -fmacro-prefix-map=/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-s
ysroot= -fdebug-prefix-map=/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot-native= -fmacro-prefix-map=/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbm
c-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot-native= -Wl,-z,relro,-z,now '-Wl,-rpath,$ORIGIN/:$ORIGIN/libipmid:$ORIGIN/user_channel' -Wl,-rpath-link,/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host
/1.0+git/build/ -Wl,-rpath-link,/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/build/libipmid -Wl,-rpath-link,/home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linu
x-gnueabi/phosphor-ipmi-host/1.0+git/build/user_channel -Wl,--start-group libipmi20.so.0.1 libipmid/libipmid.so.0.1 user_channel/libchannellayer.so.0.1 /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/r
ecipe-sysroot/usr/lib/libsdbusplus.so /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib/libsystemd.so /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-
openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib/libstdplus.so /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib/libfmt.so /home/spinler/openbmc/openbmc-1120
/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib/libphosphor_logging.so /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot
/usr/lib/libphosphor_dbus.so /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib/libboost_coroutine.so.1.86.0 /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfp
v4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib/libcrypto.so -Wl,--end-group
| /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot-native/usr/bin/arm-openbmc-linux-gnueabi/../../libexec/arm-openbmc-linux-gnueabi/gcc/arm-openbmc-linux-gnueabi/14.2.0/ld: /tmp/ccQmXsVH.
ltrans1.ltrans.o: undefined reference to symbol '_ZN5boost7context12stack_traits12default_sizeEv'
| /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot-native/usr/bin/arm-openbmc-linux-gnueabi/../../libexec/arm-openbmc-linux-gnueabi/gcc/arm-openbmc-linux-gnueabi/14.2.0/ld: /home/spinler/
openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib//libboost_context.so.1.86.0: error adding symbols: DSO missing from command line

which has fails

ltrans1.ltrans.o: undefined reference to symbol '_ZN5boost7context12stack_traits12default_sizeEv'

/ld: /home/spinler/openbmc/openbmc-1120/build/skiboards/tmp/work/armv7ahf-vfpv4d16-openbmc-linux-gnueabi/phosphor-ipmi-host/1.0+git/recipe-sysroot/usr/lib//libboost_context.so.1.86.0: error adding symbols: DSO missing from command line

Also I see there are python3-sdbus++_git.bb changes

spinler requested a review from geissonator October 21, 2025 13:39

geissonator approved these changes Nov 10, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1120: CI-only: create detect-secrets baseline file#1

1120: CI-only: create detect-secrets baseline file#1
spinler wants to merge 1 commit intoibm-openbmc:1120from
spinler:1120_detect_secrets

spinler commented Oct 20, 2025

Uh oh!

spinler commented Oct 21, 2025

Uh oh!

geissonator commented Nov 3, 2025

Uh oh!

geissonator commented Nov 3, 2025

Uh oh!

spinler commented Nov 3, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

spinler commented Oct 20, 2025

Uh oh!

spinler commented Oct 21, 2025

Uh oh!

geissonator commented Nov 3, 2025

Uh oh!

geissonator commented Nov 3, 2025

Uh oh!

spinler commented Nov 3, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants