custom x11 config feature (#123)

* move version string code to re-usable method

* remove unnecessary todo comment

* add possibility to use custom x11 config template, #114, #42

* add permission check for custom x11 template and print warning

* update github actions

Author: hertg

.github/workflows/aur-release.yml

@@ -22,7 +22,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Download binary
         uses: actions/[email protected]
@@ -37,13 +37,13 @@ jobs:
         run: ./.ci/generate-pkgbuild.sh ${{ inputs.version }} ${{ env.SHA256 }}
 
       - name: Upload egpu-switcher PKGBUILD
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: egpu-switcher-PKGBUILD
           path: ./.pkgbuild/egpu-switcher/*
 
       - name: Upload egpu-switcher-bin PKGBUILD
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: egpu-switcher-bin-PKGBUILD
           path: ./.pkgbuild/egpu-switcher-bin/*

.github/workflows/github-release.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - uses: actions/[email protected]
         with:

.github/workflows/go-build.yml

@@ -25,15 +25,15 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           # without that 'git describe --tags' may result
           # in 'fatal: No names found, cannot describe anything.'
           # see https://stackoverflow.com/a/71721059/2726733
           fetch-depth: 0
 
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
           cache: true
@@ -45,7 +45,7 @@ jobs:
         run: sha256sum ./bin/${{ env.BINARY_NAME }} > ./bin/sha256sum.txt || exit $?
 
       - name: Upload binary
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ env.BINARY_NAME }}
           path: ./bin/*

.github/workflows/go-test.yml

@@ -15,10 +15,10 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
           cache: true
@@ -32,10 +32,10 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ inputs.go-version }}
           cache: true

.github/workflows/new-issue.yml

@@ -28,7 +28,7 @@ var setupCommand = &cobra.Command{
 			return err
 		}
 
-		// todo: trigger config if no config exists (unless --no-prompt is used)
+		// trigger config if no config exists (unless --no-prompt is used)
 		egpuId := viper.GetInt("egpu.id")
 		if egpuId == 0 {
 			logger.Info("no eGPU has been configured yet")

cmd/enable.go

@@ -143,15 +143,22 @@ func switchEgpu(gpu *pci.GPU) error {
 	}
 
 	nomodesetting = nomodesetting || viper.GetBool("egpu.nomodesetting")
-	conf := xorg.RenderConf("Device0", driver, gpu.XorgPCIString(), !nomodesetting)
+
+	conf, _, err := xorg.RenderConf("Device0", driver, gpu.XorgPCIString(), !nomodesetting, verbose)
+	if err != nil {
+		return err
+	}
+
 	if err := xorg.CreateEgpuFile(x11ConfPath, conf, verbose); err != nil {
 		return err
 	}
+
 	if post := viper.GetString("hooks.egpu"); post != "" {
 		if err := runHook(post); err != nil {
 			logger.Error("egpu hook error: %s", err)
 		}
 	}
+
 	return nil
 }
 

cmd/switch.go

@@ -13,26 +13,7 @@ var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Print version information",
 	RunE: func(cmd *cobra.Command, args []string) error {
-
-		version := buildinfo.Version
-		if version == "" {
-			version = "unknown"
-		}
-
-		if full {
-			buildtime := buildinfo.BuildTime
-			if buildtime == "" {
-				buildtime = "unknown"
-			}
-			origin := buildinfo.Origin
-			if origin == "" {
-				origin = "unknown"
-			}
-			fmt.Printf("%s_%s_%s\n", version, buildtime, origin)
-			return nil
-		}
-
-		fmt.Println(version)
+		fmt.Println(buildinfo.VersionString(full))
 		return nil
 	},
 }

cmd/version.go

@@ -0,0 +1,24 @@
+package buildinfo
+
+import "fmt"
+
+func VersionString(full bool) string {
+	version := Version
+	if version == "" {
+		version = "unknown"
+	}
+
+	if full {
+		buildtime := BuildTime
+		if buildtime == "" {
+			buildtime = "unknown"
+		}
+		origin := Origin
+		if origin == "" {
+			origin = "unknown"
+		}
+		return fmt.Sprintf("%s_%s_%s", version, buildtime, origin)
+	}
+
+	return version
+}

internal/buildinfo/version.go

@@ -3,15 +3,19 @@ package xorg
 import (
 	"bytes"
 	_ "embed"
+	"errors"
 	"fmt"
-	"html/template"
+	"io"
 	"os"
+	"syscall"
+	"text/template"
 
 	"github.com/hertg/egpu-switcher/internal/logger"
 )
 
 //go:embed conf.template
-var confTemplate string
+var embeddedTemplate string
+var templatePath = "/usr/share/egpu-switcher/x11-template.conf"
 
 func RemoveEgpuFile(path string, verbose bool) error {
 	f, _ := os.Stat(path)
@@ -44,7 +48,7 @@ func CreateEgpuFile(path string, contents string, verbose bool) error {
 	return nil
 }
 
-func RenderConf(id string, driver string, busid string, modesetting bool) string {
+func RenderConf(id string, driver string, busid string, modesetting bool, verbose bool) (string, bool, error) {
 
 	type conf struct {
 		Id          string
@@ -60,12 +64,70 @@ func RenderConf(id string, driver string, busid string, modesetting bool) string
 		Modesetting: modesetting,
 	}
 
-	buf := bytes.NewBuffer(nil)
+	customTemplatePermissionCheck()
+
+	confTemplate, isCustom := templateString(verbose)
 	t := template.Must(template.New("conf").Parse(confTemplate))
+	buf := bytes.NewBuffer(nil)
 	err := t.Execute(buf, c)
 	if err != nil {
-		panic(err)
+		return "", isCustom, err
+	}
+
+	return buf.String(), isCustom, nil
+}
+
+func templateString(verbose bool) (string, bool) {
+	var confTemplate string
+	templateFile, err := os.OpenFile(templatePath, os.O_RDONLY, 0644)
+	isCustom := false
+	if err != nil {
+		if !errors.Is(err, os.ErrNotExist) {
+			// if we get an error, other than "not exists", print an error
+			// the "not exists" error is an expected outcome when the config file is not customized
+			logger.Error("unable to open custom x11 config template, using default template instead")
+		}
+		if verbose {
+			logger.Debug("using default template for x11 conf")
+		}
+		confTemplate = embeddedTemplate
+	} else {
+		if verbose {
+			logger.Debug("using custom template at '%s' for x11 conf", templatePath)
+		}
+		var buf bytes.Buffer
+		io.Copy(&buf, templateFile)
+		confTemplate = buf.String()
+		isCustom = true
+	}
+	return confTemplate, isCustom
+}
+
+func customTemplatePermissionCheck() {
+	logWarn := false
+	info, err := os.Stat(templatePath)
+	if err != nil {
+		logger.Error("%s", err)
+		return
 	}
+	if stat, ok := info.Sys().(*syscall.Stat_t); ok {
+		if stat.Uid != 0 {
+			logger.Warn("the custom x11 config template is not owned by root user")
+			logWarn = true
+		}
+		if stat.Gid != 0 {
+			logger.Warn("the custom x11 config template is not owned by root group")
+			logWarn = true
+		}
 
-	return buf.String()
+		otherPerm := info.Mode().Perm() & 0x007
+		if otherPerm&0x2 != 0 {
+			logger.Warn("the custom x11 config template is writable by other")
+			logWarn = true
+		}
+	}
+	if logWarn {
+		logger.Warn("ensure that the custom x11 config template at '%s' is not writable by unauthorized users."+
+			"this could pose a security risk. file should be owned by root:root and have a file permission of 644", templatePath)
+	}
 }