Use dmidecode crate to avoid hostbin (#91)

bleggett · web-flow · commit 88cc85e8d854 · 2026-04-17T14:23:58.000-04:00
https://docs.rs/dmidecode/latest/dmidecode/ This captures all of the bytes, but does not fully decode as many into human-readable format as the binary does. But it has the added benefit of working exactly the same way inside and outside of a container, and not requiring a host (or container) bin, or a custom impl, so on the whole I like it better as an option. I looked at possibly just slurping raw bytes from `/sys/firmware/dmi/tables/` in the the host namespace context, and then replaying the raw bytes from that against an OCI-local `dmidecode` binary - but `dmidecode` has some quirks that make that tricky, and that doesn't solve for running the naked `edera-check` binary outside of an OCI image - this does. Fixes part-of: #86
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -31,3 +31,4 @@ async-trait = "0.1"
 clap = { version = "4.6", features = ["derive"] }
 console = "0.16"
 bytesize = "2.3"
+dmidecode = "0.9"
diff --git a/src/recorders/postinstall/system.rs b/src/recorders/postinstall/system.rs
@@ -159,7 +159,52 @@ impl SystemRecorder {
     /// dmidecode
     /// ```
     pub async fn record_dmidecode(&self) -> CheckResult {
-        self.run_tool("dmidecode").await
+        const NAME: &str = "Captured dmidecode";
+
+        self.host_executor
+            .spawn_in_host_ns(async {
+                let ep_bytes = match std::fs::read("/sys/firmware/dmi/tables/smbios_entry_point") {
+                    Ok(b) => b,
+                    Err(e) => {
+                        return CheckResult::new(
+                            NAME,
+                            Skipped(format!("could not read smbios_entry_point: {e}")),
+                        );
+                    }
+                };
+
+                let entry_point = match dmidecode::EntryPoint::search(&ep_bytes) {
+                    Ok(ep) => ep,
+                    Err(e) => {
+                        return CheckResult::new(
+                            NAME,
+                            Skipped(format!("could not parse DMI entry point: {e:?}")),
+                        );
+                    }
+                };
+
+                let table_bytes = match std::fs::read("/sys/firmware/dmi/tables/DMI") {
+                    Ok(b) => b,
+                    Err(e) => {
+                        return CheckResult::new(
+                            NAME,
+                            Skipped(format!("could not read DMI table: {e}")),
+                        );
+                    }
+                };
+
+                let mut output = String::new();
+                for structure in entry_point.structures(&table_bytes) {
+                    match structure {
+                        Ok(s) => output.push_str(&format!("{s:#?}\n")),
+                        Err(e) => output.push_str(&format!("Error: {e:?}\n")),
+                    }
+                }
+
+                CheckResult::new_with_output(NAME, Passed, Some(output.trim().to_string()))
+            })
+            .await
+            .unwrap_or_else(|e| CheckResult::new(NAME, Skipped(e.to_string())))
     }
 
     /// Records the Xen hypervisor console log via the protect-ctl tool.
diff --git a/src/recorders/preinstall/system.rs b/src/recorders/preinstall/system.rs
@@ -149,7 +149,52 @@ impl SystemRecorder {
     /// dmidecode
     /// ```
     pub async fn record_dmidecode(&self) -> CheckResult {
-        self.run_tool("dmidecode").await
+        const NAME: &str = "Captured dmidecode";
+
+        self.host_executor
+            .spawn_in_host_ns(async {
+                let ep_bytes = match std::fs::read("/sys/firmware/dmi/tables/smbios_entry_point") {
+                    Ok(b) => b,
+                    Err(e) => {
+                        return CheckResult::new(
+                            NAME,
+                            Skipped(format!("could not read smbios_entry_point: {e}")),
+                        );
+                    }
+                };
+
+                let entry_point = match dmidecode::EntryPoint::search(&ep_bytes) {
+                    Ok(ep) => ep,
+                    Err(e) => {
+                        return CheckResult::new(
+                            NAME,
+                            Skipped(format!("could not parse DMI entry point: {e:?}")),
+                        );
+                    }
+                };
+
+                let table_bytes = match std::fs::read("/sys/firmware/dmi/tables/DMI") {
+                    Ok(b) => b,
+                    Err(e) => {
+                        return CheckResult::new(
+                            NAME,
+                            Skipped(format!("could not read DMI table: {e}")),
+                        );
+                    }
+                };
+
+                let mut output = String::new();
+                for structure in entry_point.structures(&table_bytes) {
+                    match structure {
+                        Ok(s) => output.push_str(&format!("{s:#?}\n")),
+                        Err(e) => output.push_str(&format!("Error: {e:?}\n")),
+                    }
+                }
+
+                CheckResult::new_with_output(NAME, Passed, Some(output.trim().to_string()))
+            })
+            .await
+            .unwrap_or_else(|e| CheckResult::new(NAME, Skipped(e.to_string())))
     }
 
     /// Records CPU hardware details and feature flags.
