Merge branch 'machine-id-test' into 'master'

Validate D-Bus machine ID after loading

See merge request GNOME/glib!1962
This commit is contained in:
Sebastian Dröge 2021-03-09 12:49:51 +00:00
commit 0dc86cded2
6 changed files with 64 additions and 16 deletions

View File

@ -10,7 +10,7 @@ cache:
- _ccache/ - _ccache/
variables: variables:
FEDORA_IMAGE: "registry.gitlab.gnome.org/gnome/glib/fedora:v9" FEDORA_IMAGE: "registry.gitlab.gnome.org/gnome/glib/fedora:v10"
COVERITY_IMAGE: "registry.gitlab.gnome.org/gnome/glib/coverity:v1" COVERITY_IMAGE: "registry.gitlab.gnome.org/gnome/glib/coverity:v1"
DEBIAN_IMAGE: "registry.gitlab.gnome.org/gnome/glib/debian-stable:v7" DEBIAN_IMAGE: "registry.gitlab.gnome.org/gnome/glib/debian-stable:v7"
ANDROID_IMAGE: "registry.gitlab.gnome.org/gnome/glib/android-ndk:v3" ANDROID_IMAGE: "registry.gitlab.gnome.org/gnome/glib/android-ndk:v3"
@ -74,6 +74,7 @@ fedora-x86_64:
--werror --werror
--default-library=both --default-library=both
--prefix=$HOME/glib-installed --prefix=$HOME/glib-installed
--localstatedir=/var
--libdir=lib --libdir=lib
-Dsystemtap=true -Dsystemtap=true
-Ddtrace=true -Ddtrace=true
@ -117,6 +118,7 @@ debian-stable-x86_64:
--werror --werror
--default-library=both --default-library=both
--prefix=$HOME/glib-installed --prefix=$HOME/glib-installed
--localstatedir=/var
--libdir=lib --libdir=lib
-Dsystemtap=true -Dsystemtap=true
-Ddtrace=true -Ddtrace=true
@ -461,6 +463,7 @@ scan-build:
--werror --werror
--default-library=both --default-library=both
--prefix=$HOME/glib-installed --prefix=$HOME/glib-installed
--localstatedir=/var
--libdir=lib --libdir=lib
-Dsystemtap=true -Dsystemtap=true
-Ddtrace=true -Ddtrace=true
@ -487,6 +490,7 @@ coverity:
--werror --werror
--default-library=both --default-library=both
--prefix=$HOME/glib-installed --prefix=$HOME/glib-installed
--localstatedir=/var
--libdir=lib --libdir=lib
-Dsystemtap=true -Dsystemtap=true
-Ddtrace=true -Ddtrace=true

View File

@ -1,5 +1,8 @@
FROM fedora:31 FROM fedora:31
# Set /etc/machine-id as its needed for some D-Bus tests
RUN systemd-machine-id-setup
RUN dnf -y update \ RUN dnf -y update \
&& dnf -y install \ && dnf -y install \
bindfs \ bindfs \

View File

@ -9,3 +9,5 @@ setpriv --dump || :
ulimit -a || : ulimit -a || :
cat /proc/self/status || : cat /proc/self/status || :
cat /proc/self/mountinfo || : cat /proc/self/mountinfo || :
stat /etc/machine-id || :
stat /var/lib/dbus/machine-id || :

View File

@ -2470,31 +2470,63 @@ _g_dbus_get_machine_id (GError **error)
return res; return res;
#else #else
gchar *ret; gchar *ret = NULL;
GError *first_error; GError *first_error = NULL;
/* TODO: use PACKAGE_LOCALSTATEDIR ? */ gsize i;
ret = NULL; gboolean non_zero = FALSE;
first_error = NULL;
if (!g_file_get_contents ("/var/lib/dbus/machine-id", /* Copy what dbus.git does: allow the /var/lib path to be configurable at
* build time, but hard-code the system-wide machine ID path in /etc. */
const gchar *var_lib_path = LOCALSTATEDIR "/lib/dbus/machine-id";
const gchar *etc_path = "/etc/machine-id";
if (!g_file_get_contents (var_lib_path,
&ret, &ret,
NULL, NULL,
&first_error) && &first_error) &&
!g_file_get_contents ("/etc/machine-id", !g_file_get_contents (etc_path,
&ret, &ret,
NULL, NULL,
NULL)) NULL))
{ {
g_propagate_prefixed_error (error, first_error, g_propagate_prefixed_error (error, g_steal_pointer (&first_error),
_("Unable to load /var/lib/dbus/machine-id or /etc/machine-id: ")); /* Translators: Both placeholders are file paths */
_("Unable to load %s or %s: "),
var_lib_path, etc_path);
return NULL;
} }
else
/* ignore the error from the first try, if any */
g_clear_error (&first_error);
/* Validate the machine ID. From `man 5 machine-id`:
* > The machine ID is a single newline-terminated, hexadecimal, 32-character,
* > lowercase ID. When decoded from hexadecimal, this corresponds to a
* > 16-byte/128-bit value. This ID may not be all zeros.
*/
for (i = 0; ret[i] != '\0' && ret[i] != '\n'; i++)
{ {
/* ignore the error from the first try, if any */ /* Break early if its invalid. */
g_clear_error (&first_error); if (!g_ascii_isxdigit (ret[i]) || g_ascii_isupper (ret[i]))
/* TODO: validate value */ break;
g_strstrip (ret);
if (ret[i] != '0')
non_zero = TRUE;
} }
return ret;
if (i != 32 || ret[i] != '\n' || ret[i + 1] != '\0' || !non_zero)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Invalid machine ID in %s or %s",
var_lib_path, etc_path);
g_free (ret);
return NULL;
}
/* Strip trailing newline. */
ret[32] = '\0';
return g_steal_pointer (&ret);
#endif #endif
} }

View File

@ -2,6 +2,7 @@ gio_c_args = [
'-DG_LOG_DOMAIN="GLib-GIO"', '-DG_LOG_DOMAIN="GLib-GIO"',
'-DGIO_COMPILATION', '-DGIO_COMPILATION',
'-DGIO_MODULE_DIR="@0@"'.format(glib_giomodulesdir), '-DGIO_MODULE_DIR="@0@"'.format(glib_giomodulesdir),
'-DLOCALSTATEDIR="@0@"'.format(glib_localstatedir),
] ]
gio_c_args += glib_hidden_visibility_args gio_c_args += glib_hidden_visibility_args

View File

@ -87,6 +87,12 @@ else
glib_charsetaliasdir = glib_libdir glib_charsetaliasdir = glib_libdir
endif endif
glib_localstatedir = get_option('localstatedir')
if not glib_localstatedir.startswith('/')
# See https://mesonbuild.com/Builtin-options.html#directories
glib_localstatedir = join_paths(glib_prefix, glib_localstatedir)
endif
installed_tests_metadir = join_paths(glib_datadir, 'installed-tests', meson.project_name()) installed_tests_metadir = join_paths(glib_datadir, 'installed-tests', meson.project_name())
installed_tests_execdir = join_paths(glib_libexecdir, 'installed-tests', meson.project_name()) installed_tests_execdir = join_paths(glib_libexecdir, 'installed-tests', meson.project_name())
installed_tests_enabled = get_option('installed_tests') installed_tests_enabled = get_option('installed_tests')