From bf07a1251615629d4fc663b773ef1daf9aad77af Mon Sep 17 00:00:00 2001 From: Daniel Braunwarth Date: Sat, 30 Jul 2022 15:20:15 +0200 Subject: [PATCH] pid1: extend "ConditionFirmware=" for checking SMBIOS system identification information --- NEWS | 6 ++ man/systemd.unit.xml | 22 ++++-- src/shared/condition.c | 107 ++++++++++++++++++++++++---- src/test/test-condition.c | 146 +++++++++++++++++++++++++++++++++++++- 4 files changed, 262 insertions(+), 19 deletions(-) diff --git a/NEWS b/NEWS index 685a894d3a0..f6f49cb9020 100644 --- a/NEWS +++ b/NEWS @@ -44,6 +44,12 @@ CHANGES WITH 252 in spe: * C.UTF-8 is used as the default locale if nothing else has been configured. + * Extend [Condition|Assert]Firmware= to conditionalize on certain SMBIOS + fields. For example + ConditionFirmware=smbios-field(board_name = "Custom Board") will + conditionalize a unit so that it is only run when + /sys/class/dmi/id/board_name contains "Custom Board" (without quotes). + Changes in sd-boot, bootctl, and the Boot Loader Specification: * The Boot Loader Specification has been cleaned up and clarified. diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 95f1b98cbd1..a9114fb353f 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -1235,10 +1235,24 @@ ConditionFirmware= - Check whether the system's firmware is of a certain type. Possible values are: - uefi (for systems with EFI), - device-tree (for systems with a device tree) and - device-tree-compatible(xyz) (for systems with a device tree that is compatible to xyz). + Check whether the system's firmware is of a certain type. Multiple values are possible. + + uefi for systems with EFI. + + device-tree for systems with a device tree. + + device-tree-compatible(value) for systems with a device tree that is compatible to + value. + + smbios-field(field operator value) + for systems with a SMBIOS field containing a certain value. + field is the name of the SMBIOS field exposed as sysfs attribute file + below /sys/class/dmi/id/. + operator is one of <, <=, + >=, >, =, != for version + comparison, or =$, !=$ for string comparison. + value is the expected value of the SMBIOS field (shell-style globs are possible if + =$ or!=$ is used). diff --git a/src/shared/condition.c b/src/shared/condition.c index 7a983edfd7a..3a09b493fc3 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include #include #include #include @@ -184,6 +185,10 @@ static int condition_test_credential(Condition *c, char **env) { typedef enum { /* Listed in order of checking. Note that some comparators are prefixes of others, hence the longest * should be listed first. */ + _ORDER_FNMATCH_FIRST, + ORDER_FNMATCH_EQUAL = _ORDER_FNMATCH_FIRST, + ORDER_FNMATCH_UNEQUAL, + _ORDER_FNMATCH_LAST = ORDER_FNMATCH_UNEQUAL, ORDER_LOWER_OR_EQUAL, ORDER_GREATER_OR_EQUAL, ORDER_LOWER, @@ -194,8 +199,10 @@ typedef enum { _ORDER_INVALID = -EINVAL, } OrderOperator; -static OrderOperator parse_order(const char **s) { +static OrderOperator parse_order(const char **s, bool allow_fnmatch) { static const char *const prefix[_ORDER_MAX] = { + [ORDER_FNMATCH_EQUAL] = "=$", + [ORDER_FNMATCH_UNEQUAL] = "!=$", [ORDER_LOWER_OR_EQUAL] = "<=", [ORDER_GREATER_OR_EQUAL] = ">=", [ORDER_LOWER] = "<", @@ -209,6 +216,8 @@ static OrderOperator parse_order(const char **s) { e = startswith(*s, prefix[i]); if (e) { + if (!allow_fnmatch && (i >= _ORDER_FNMATCH_FIRST && i <= _ORDER_FNMATCH_LAST)) + break; *s = e; return i; } @@ -268,7 +277,7 @@ static int condition_test_kernel_version(Condition *c, char **env) { break; s = strstrip(word); - order = parse_order(&s); + order = parse_order(&s, /* allow_fnmatch= */ false); if (order >= 0) { s += strspn(s, WHITESPACE); if (isempty(s)) { @@ -329,7 +338,7 @@ static int condition_test_osrelease(Condition *c, char **env) { "Failed to parse parameter, key/value format expected: %m"); /* Do not allow whitespace after the separator, as that's not a valid os-release format */ - order = parse_order(&word); + order = parse_order(&word, /* allow_fnmatch= */ false); if (order < 0 || isempty(word) || strchr(WHITESPACE, *word) != NULL) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse parameter, key/value format expected: %m"); @@ -366,7 +375,7 @@ static int condition_test_memory(Condition *c, char **env) { m = physical_memory(); p = c->parameter; - order = parse_order(&p); + order = parse_order(&p, /* allow_fnmatch= */ false); if (order < 0) order = ORDER_GREATER_OR_EQUAL; /* default to >= check, if nothing is specified. */ @@ -392,7 +401,7 @@ static int condition_test_cpus(Condition *c, char **env) { return log_debug_errno(n, "Failed to determine CPUs in affinity mask: %m"); p = c->parameter; - order = parse_order(&p); + order = parse_order(&p, /* allow_fnmatch= */ false); if (order < 0) order = ORDER_GREATER_OR_EQUAL; /* default to >= check, if nothing is specified. */ @@ -578,8 +587,62 @@ static int condition_test_firmware_devicetree_compatible(const char *dtcarg) { return strv_contains(dtcompatlist, dtcarg); } +static int condition_test_firmware_smbios_field(const char *expression) { + _cleanup_free_ char *field = NULL, *expected_value = NULL, *actual_value = NULL; + OrderOperator operator; + int r; + + assert(expression); + + /* Parse SMBIOS field */ + r = extract_first_word(&expression, &field, "!<=>$", EXTRACT_RETAIN_SEPARATORS); + if (r < 0) + return r; + if (r == 0 || isempty(expression)) + return -EINVAL; + + /* Remove trailing spaces from SMBIOS field */ + delete_trailing_chars(field, WHITESPACE); + + /* Parse operator */ + operator = parse_order(&expression, /* allow_fnmatch= */ true); + if (operator < 0) + return operator; + + /* Parse expected value */ + r = extract_first_word(&expression, &expected_value, NULL, EXTRACT_UNQUOTE); + if (r < 0) + return r; + if (r == 0 || !isempty(expression)) + return -EINVAL; + + /* Read actual value from sysfs */ + if (!filename_is_valid(field)) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid SMBIOS field name"); + + const char *p = strjoina("/sys/class/dmi/id/", field); + r = read_virtual_file(p, SIZE_MAX, &actual_value, NULL); + if (r < 0) { + log_debug_errno(r, "Failed to read %s: %m", p); + if (r == -ENOENT) + return false; + return r; + } + + /* Remove trailing newline */ + delete_trailing_chars(actual_value, WHITESPACE); + + /* Finally compare actual and expected value */ + if (operator == ORDER_FNMATCH_EQUAL) + return fnmatch(expected_value, actual_value, FNM_EXTMATCH) != FNM_NOMATCH; + if (operator == ORDER_FNMATCH_UNEQUAL) + return fnmatch(expected_value, actual_value, FNM_EXTMATCH) == FNM_NOMATCH; + return test_order(strverscmp_improved(actual_value, expected_value), operator); +} + static int condition_test_firmware(Condition *c, char **env) { - sd_char *dtc; + sd_char *arg; + int r; assert(c); assert(c->parameter); @@ -592,24 +655,40 @@ static int condition_test_firmware(Condition *c, char **env) { return false; } else return true; - } else if ((dtc = startswith(c->parameter, "device-tree-compatible("))) { - _cleanup_free_ char *dtcarg = NULL; + } else if ((arg = startswith(c->parameter, "device-tree-compatible("))) { + _cleanup_free_ char *dtc_arg = NULL; char *end; - end = strchr(dtc, ')'); + end = strchr(arg, ')'); if (!end || *(end + 1) != '\0') { - log_debug("Malformed Firmware condition \"%s\"", c->parameter); + log_debug("Malformed ConditionFirmware=%s", c->parameter); return false; } - dtcarg = strndup(dtc, end - dtc); - if (!dtcarg) + dtc_arg = strndup(arg, end - arg); + if (!dtc_arg) return -ENOMEM; - return condition_test_firmware_devicetree_compatible(dtcarg); + return condition_test_firmware_devicetree_compatible(dtc_arg); } else if (streq(c->parameter, "uefi")) return is_efi_boot(); - else { + else if ((arg = startswith(c->parameter, "smbios-field("))) { + _cleanup_free_ char *smbios_arg = NULL; + char *end; + + end = strchr(arg, ')'); + if (!end || *(end + 1) != '\0') + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed ConditionFirmware=%s: %m", c->parameter); + + smbios_arg = strndup(arg, end - arg); + if (!smbios_arg) + return log_oom_debug(); + + r = condition_test_firmware_smbios_field(smbios_arg); + if (r < 0) + return log_debug_errno(r, "Malformed ConditionFirmware=%s: %m", c->parameter); + return r; + } else { log_debug("Unsupported Firmware condition \"%s\"", c->parameter); return false; } diff --git a/src/test/test-condition.c b/src/test/test-condition.c index 56b5ad88a25..6cb889c8d69 100644 --- a/src/test/test-condition.c +++ b/src/test/test-condition.c @@ -17,6 +17,7 @@ #include "efi-loader.h" #include "env-util.h" #include "errno-util.h" +#include "fileio.h" #include "fs-util.h" #include "hostname-util.h" #include "id128-util.h" @@ -305,6 +306,136 @@ TEST(condition_test_architecture) { condition_free(condition); } +TEST(condition_test_firmware_smbios_field) { + _cleanup_free_ char *bios_vendor = NULL, *bios_version = NULL; + const char *expression; + Condition *condition; + + /* Test some malformed smbios-field arguments */ + condition = condition_new(CONDITION_FIRMWARE, "smbios-field()", false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + + condition = condition_new(CONDITION_FIRMWARE, "smbios-field(malformed)", false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + + condition = condition_new(CONDITION_FIRMWARE, "smbios-field(malformed", false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + + condition = condition_new(CONDITION_FIRMWARE, "smbios-field(malformed=)", false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + + condition = condition_new(CONDITION_FIRMWARE, "smbios-field(malformed=)", false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + + condition = condition_new(CONDITION_FIRMWARE, "smbios-field(not_existing=nothing garbage)", false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + + /* Test not existing SMBIOS field */ + condition = condition_new(CONDITION_FIRMWARE, "smbios-field(not_existing=nothing)", false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == 0); + condition_free(condition); + + /* Test with bios_vendor, if available */ + if (read_virtual_file("/sys/class/dmi/id/bios_vendor", SIZE_MAX, &bios_vendor, NULL) <= 0) + return; + + /* remove trailing newline */ + strstrip(bios_vendor); + + /* Check if the bios_vendor contains any spaces we should quote */ + const char *quote = strchr(bios_vendor, ' ') ? "\"" : ""; + + /* Test equality / inequality using fnmatch() */ + expression = strjoina("smbios-field(bios_vendor =$ ", quote, bios_vendor, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ)); + condition_free(condition); + + expression = strjoina("smbios-field(bios_vendor=$", quote, bios_vendor, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ)); + condition_free(condition); + + expression = strjoina("smbios-field(bios_vendor !=$ ", quote, bios_vendor, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == 0); + condition_free(condition); + + expression = strjoina("smbios-field(bios_vendor!=$", quote, bios_vendor, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == 0); + condition_free(condition); + + expression = strjoina("smbios-field(bios_vendor =$ ", quote, bios_vendor, "*", quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ)); + condition_free(condition); + + /* Test version comparison with bios_version, if available */ + if (read_virtual_file("/sys/class/dmi/id/bios_version", SIZE_MAX, &bios_version, NULL) <= 0) + return; + + /* remove trailing newline */ + strstrip(bios_version); + + /* Check if the bios_version contains any spaces we should quote */ + quote = strchr(bios_version, ' ') ? "\"" : ""; + + expression = strjoina("smbios-field(bios_version = ", quote, bios_version, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ)); + condition_free(condition); + + expression = strjoina("smbios-field(bios_version != ", quote, bios_version, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == 0); + condition_free(condition); + + expression = strjoina("smbios-field(bios_version <= ", quote, bios_version, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ)); + condition_free(condition); + + expression = strjoina("smbios-field(bios_version >= ", quote, bios_version, quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ)); + condition_free(condition); + + expression = strjoina("smbios-field(bios_version < ", quote, bios_version, ".1", quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ)); + condition_free(condition); + + expression = strjoina("smbios-field(bios_version > ", quote, bios_version, ".1", quote, ")"); + condition = condition_new(CONDITION_FIRMWARE, expression, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == 0); + condition_free(condition); +} + TEST(condition_test_kernel_command_line) { Condition *condition; int r; @@ -427,7 +558,7 @@ TEST(condition_test_kernel_version) { assert_se(condition_test(condition, environ) == 0); condition_free(condition); - condition = condition_new(CONDITION_KERNEL_VERSION, ">= 4711.8.15", false, false); + condition = condition_new(CONDITION_KERNEL_VERSION, " >= 4711.8.15", false, false); assert_se(condition); assert_se(condition_test(condition, environ) == 0); condition_free(condition); @@ -1042,6 +1173,19 @@ TEST(condition_test_os_release) { assert_se(condition_test(condition, environ) == 0); condition_free(condition); + /* Test fnmatch() operators */ + key_value_pair = strjoina(os_release_pairs[0], "=$", quote, os_release_pairs[1], quote); + condition = condition_new(CONDITION_OS_RELEASE, key_value_pair, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + + key_value_pair = strjoina(os_release_pairs[0], "!=$", quote, os_release_pairs[1], quote); + condition = condition_new(CONDITION_OS_RELEASE, key_value_pair, false, false); + assert_se(condition); + assert_se(condition_test(condition, environ) == -EINVAL); + condition_free(condition); + /* Some distros (eg: Arch) do not set VERSION_ID */ if (parse_os_release(NULL, "VERSION_ID", &version_id) <= 0) return;