Merge branch 'machine-id-test' into 'master'

Validate D-Bus machine ID after loading

See merge request GNOME/glib!1962

.gitlab-ci.yml

@@ -10,7 +10,7 @@ cache:
     - _ccache/
 
 variables:
-  FEDORA_IMAGE: "registry.gitlab.gnome.org/gnome/glib/fedora:v9"
+  FEDORA_IMAGE: "registry.gitlab.gnome.org/gnome/glib/fedora:v10"
   COVERITY_IMAGE: "registry.gitlab.gnome.org/gnome/glib/coverity:v1"
   DEBIAN_IMAGE: "registry.gitlab.gnome.org/gnome/glib/debian-stable:v7"
   ANDROID_IMAGE: "registry.gitlab.gnome.org/gnome/glib/android-ndk:v3"
@@ -74,6 +74,7 @@ fedora-x86_64:
             --werror
             --default-library=both
             --prefix=$HOME/glib-installed
+            --localstatedir=/var
             --libdir=lib
             -Dsystemtap=true
             -Ddtrace=true
@@ -117,6 +118,7 @@ debian-stable-x86_64:
             --werror
             --default-library=both
             --prefix=$HOME/glib-installed
+            --localstatedir=/var
             --libdir=lib
             -Dsystemtap=true
             -Ddtrace=true
@@ -461,6 +463,7 @@ scan-build:
             --werror
             --default-library=both
             --prefix=$HOME/glib-installed
+            --localstatedir=/var
             --libdir=lib
             -Dsystemtap=true
             -Ddtrace=true
@@ -487,6 +490,7 @@ coverity:
             --werror
             --default-library=both
             --prefix=$HOME/glib-installed
+            --localstatedir=/var
             --libdir=lib
             -Dsystemtap=true
             -Ddtrace=true

.gitlab-ci/fedora.Dockerfile

@@ -1,5 +1,8 @@
 FROM fedora:31
 
+# Set /etc/machine-id as it’s needed for some D-Bus tests
+RUN systemd-machine-id-setup
+
 RUN dnf -y update \
  && dnf -y install \
     bindfs \

.gitlab-ci/show-execution-environment.sh

@@ -9,3 +9,5 @@ setpriv --dump || :
 ulimit -a || :
 cat /proc/self/status || :
 cat /proc/self/mountinfo || :
+stat /etc/machine-id || :
+stat /var/lib/dbus/machine-id || :

gio/gdbusprivate.c

@@ -2470,31 +2470,63 @@ _g_dbus_get_machine_id (GError **error)
 
   return res;
 #else
-  gchar *ret;
-  GError *first_error;
-  /* TODO: use PACKAGE_LOCALSTATEDIR ? */
-  ret = NULL;
-  first_error = NULL;
-  if (!g_file_get_contents ("/var/lib/dbus/machine-id",
+  gchar *ret = NULL;
+  GError *first_error = NULL;
+  gsize i;
+  gboolean non_zero = FALSE;
+
+  /* Copy what dbus.git does: allow the /var/lib path to be configurable at
+   * build time, but hard-code the system-wide machine ID path in /etc. */
+  const gchar *var_lib_path = LOCALSTATEDIR "/lib/dbus/machine-id";
+  const gchar *etc_path = "/etc/machine-id";
+
+  if (!g_file_get_contents (var_lib_path,
                             &ret,
                             NULL,
                             &first_error) &&
-      !g_file_get_contents ("/etc/machine-id",
+      !g_file_get_contents (etc_path,
                             &ret,
                             NULL,
                             NULL))
     {
-      g_propagate_prefixed_error (error, first_error,
-                                  _("Unable to load /var/lib/dbus/machine-id or /etc/machine-id: "));
+      g_propagate_prefixed_error (error, g_steal_pointer (&first_error),
+                                  /* Translators: Both placeholders are file paths */
+                                  _("Unable to load %s or %s: "),
+                                  var_lib_path, etc_path);
+      return NULL;
     }
-  else
+
+  /* ignore the error from the first try, if any */
+  g_clear_error (&first_error);
+
+  /* Validate the machine ID. From `man 5 machine-id`:
+   * > The machine ID is a single newline-terminated, hexadecimal, 32-character,
+   * > lowercase ID. When decoded from hexadecimal, this corresponds to a
+   * > 16-byte/128-bit value. This ID may not be all zeros.
+   */
+  for (i = 0; ret[i] != '\0' && ret[i] != '\n'; i++)
     {
-      /* ignore the error from the first try, if any */
-      g_clear_error (&first_error);
-      /* TODO: validate value */
-      g_strstrip (ret);
+      /* Break early if it’s invalid. */
+      if (!g_ascii_isxdigit (ret[i]) || g_ascii_isupper (ret[i]))
+        break;
+
+      if (ret[i] != '0')
+        non_zero = TRUE;
     }
-  return ret;
+
+  if (i != 32 || ret[i] != '\n' || ret[i + 1] != '\0' || !non_zero)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Invalid machine ID in %s or %s",
+                   var_lib_path, etc_path);
+      g_free (ret);
+      return NULL;
+    }
+
+  /* Strip trailing newline. */
+  ret[32] = '\0';
+
+  return g_steal_pointer (&ret);
 #endif
 }
 

gio/meson.build

@@ -2,6 +2,7 @@ gio_c_args = [
   '-DG_LOG_DOMAIN="GLib-GIO"',
   '-DGIO_COMPILATION',
   '-DGIO_MODULE_DIR="@0@"'.format(glib_giomodulesdir),
+  '-DLOCALSTATEDIR="@0@"'.format(glib_localstatedir),
 ]
 
 gio_c_args += glib_hidden_visibility_args

meson.build

@@ -87,6 +87,12 @@ else
   glib_charsetaliasdir = glib_libdir
 endif
 
+glib_localstatedir = get_option('localstatedir')
+if not glib_localstatedir.startswith('/')
+  # See https://mesonbuild.com/Builtin-options.html#directories
+  glib_localstatedir = join_paths(glib_prefix, glib_localstatedir)
+endif
+
 installed_tests_metadir = join_paths(glib_datadir, 'installed-tests', meson.project_name())
 installed_tests_execdir = join_paths(glib_libexecdir, 'installed-tests', meson.project_name())
 installed_tests_enabled = get_option('installed_tests')