Rebuilt to use redhatsecureboot503 signatures
Resolves: rhbz#2007520
This commit is contained in:
Richard Hughes
parent
a9dc0aac7b
commit
6a2b4a0cfd
|
|
@ -75,3 +75,9 @@
|
|||
/fwupd-1.5.4.tar.xz
|
||||
/fwupd-1.5.5.tar.xz
|
||||
/fwupd-1.5.9.tar.xz
|
||||
/DBXUpdate-20100307-x64.cab
|
||||
/DBXUpdate-20140413-x64.cab
|
||||
/DBXUpdate-20160809-x64.cab
|
||||
/DBXUpdate-20200729-aa64.cab
|
||||
/DBXUpdate-20200729-ia32.cab
|
||||
/DBXUpdate-20200729-x64.cab
|
||||
|
|
|
|||
|
|
@ -0,0 +1,39 @@
|
|||
From 945ef070f2095eac32c9438a30f73acd3fda420c Mon Sep 17 00:00:00 2001
|
||||
From: Richard Hughes <richard@hughsie.com>
|
||||
Date: Fri, 24 Sep 2021 09:41:09 +0100
|
||||
Subject: [PATCH] Do not use the LVFS
|
||||
|
||||
---
|
||||
data/remotes.d/lvfs.conf | 2 +-
|
||||
libfwupd/fwupd-self-test.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/data/remotes.d/lvfs.conf b/data/remotes.d/lvfs.conf
|
||||
index f956bc97..f993b970 100644
|
||||
--- a/data/remotes.d/lvfs.conf
|
||||
+++ b/data/remotes.d/lvfs.conf
|
||||
@@ -1,7 +1,7 @@
|
||||
[fwupd Remote]
|
||||
|
||||
# this remote provides metadata and firmware marked as 'stable' from the LVFS
|
||||
-Enabled=true
|
||||
+Enabled=false
|
||||
Title=Linux Vendor Firmware Service
|
||||
MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz
|
||||
ReportURI=https://fwupd.org/lvfs/firmware/report
|
||||
diff --git a/libfwupd/fwupd-self-test.c b/libfwupd/fwupd-self-test.c
|
||||
index 089bfafe..606ceefc 100644
|
||||
--- a/libfwupd/fwupd-self-test.c
|
||||
+++ b/libfwupd/fwupd-self-test.c
|
||||
@@ -190,7 +190,7 @@ fwupd_remote_download_func (void)
|
||||
g_assert_cmpint (fwupd_remote_get_kind (remote), ==, FWUPD_REMOTE_KIND_DOWNLOAD);
|
||||
g_assert_cmpint (fwupd_remote_get_keyring_kind (remote), ==, FWUPD_KEYRING_KIND_JCAT);
|
||||
g_assert_cmpint (fwupd_remote_get_priority (remote), ==, 0);
|
||||
- g_assert (fwupd_remote_get_enabled (remote));
|
||||
+ //g_assert (fwupd_remote_get_enabled (remote));
|
||||
g_assert (fwupd_remote_get_metadata_uri (remote) != NULL);
|
||||
g_assert (fwupd_remote_get_metadata_uri_sig (remote) != NULL);
|
||||
g_assert_cmpstr (fwupd_remote_get_title (remote), ==, "Linux Vendor Firmware Service");
|
||||
--
|
||||
2.32.0
|
||||
|
||||
41
fwupd.spec
41
fwupd.spec
|
|
@ -44,13 +44,27 @@
|
|||
Summary: Firmware update daemon
|
||||
Name: fwupd
|
||||
Version: 1.5.9
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/fwupd/fwupd
|
||||
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
|
||||
|
||||
# backport from upstream
|
||||
Source10: http://people.redhat.com/rhughes/dbx/DBXUpdate-20100307-x64.cab
|
||||
Source11: http://people.redhat.com/rhughes/dbx/DBXUpdate-20140413-x64.cab
|
||||
Source12: http://people.redhat.com/rhughes/dbx/DBXUpdate-20160809-x64.cab
|
||||
Source13: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab
|
||||
Source14: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab
|
||||
Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab
|
||||
|
||||
# these are numbered high just to keep them wildly away from colliding with
|
||||
# the real package sources, in order to reduce churn.
|
||||
Source300: redhatsecurebootca3.cer
|
||||
Source301: redhatsecureboot301.cer
|
||||
Source500: redhatsecurebootca5.cer
|
||||
Source503: redhatsecureboot503.cer
|
||||
|
||||
Patch0: 13524af2029c2a8a3fb32ef27c39c214d9b5b13c.patch
|
||||
Patch2: 0001-Do-not-use-the-LVFS.patch
|
||||
|
||||
BuildRequires: gettext
|
||||
BuildRequires: glib2-devel >= %{glib2_version}
|
||||
|
|
@ -240,6 +254,10 @@ can be flashed using flashrom. It is probably not required on servers.
|
|||
%install
|
||||
%meson_install
|
||||
|
||||
# on RHEL the LVFS is disabled by default
|
||||
mkdir -p %{buildroot}/%{_datadir}/dbxtool
|
||||
install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{buildroot}/%{_datadir}/dbxtool
|
||||
|
||||
# sign fwupd.efi loader
|
||||
%if 0%{?have_uefi}
|
||||
%ifarch x86_64
|
||||
|
|
@ -249,10 +267,9 @@ can be flashed using flashrom. It is probably not required on servers.
|
|||
%global efiarch aa64
|
||||
%endif
|
||||
%global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi
|
||||
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp
|
||||
%define __pesign_client_cert fwupd-signer
|
||||
%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed
|
||||
rm -vf %{fwup_efi_fn}.tmp
|
||||
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301
|
||||
%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503
|
||||
rm -fv %{fwup_efi_fn}.tmp
|
||||
%endif
|
||||
|
||||
mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
|
||||
|
|
@ -336,6 +353,13 @@ done
|
|||
%{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy
|
||||
%{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules
|
||||
%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
|
||||
%dir %{_datadir}/dbxtool
|
||||
%{_datadir}/dbxtool/DBXUpdate-20100307-x64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20140413-x64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20160809-x64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20200729-aa64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20200729-ia32.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20200729-x64.cab
|
||||
%{_mandir}/man1/fwupdtool.1*
|
||||
%{_mandir}/man1/fwupdagent.1*
|
||||
%{_mandir}/man1/dfu-tool.1*
|
||||
|
|
@ -481,6 +505,11 @@ done
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Sep 24 2021 Richard Hughes <richard@hughsie.com> 1.5.9-4
|
||||
- Rebuilt to use redhatsecureboot503 signatures
|
||||
- Undo last Fedora sync to use the RHEL-specific patches
|
||||
- Resolves: rhbz#2007520
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.9-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
6
sources
6
sources
|
|
@ -1 +1,7 @@
|
|||
SHA512 (fwupd-1.5.9.tar.xz) = 1d22bb9759bb0fa6a9030c83b3372ffd02f812c34e4d60f83cbacf5793d68dd846b353a3f127eccfb8f2cdcd329ba09320465cd2f0fe422dea13738e5b0b47ed
|
||||
SHA512 (DBXUpdate-20100307-x64.cab) = f8ad56cf015f4cdc5c305856ff1f7a8589c25a2a671708c61883f427f38eb9b6a7abd3f2c8d79ef9d5076222255e42585917f8705a2a4b13f860bad4e02ec409
|
||||
SHA512 (DBXUpdate-20140413-x64.cab) = 75771876a2309fa8ca083c2e76520173d434229b7cacf1e7636bd9b1bc4f871d745c348b9792bfb65fd9f40ef54c25bb427b1431151e817e7050b7829456731a
|
||||
SHA512 (DBXUpdate-20160809-x64.cab) = c27c564999ae84515540f1a598cd0fd9ef3a80cdfaaf439f1c4cb04eaee0e73074548b6d76c21ca3af1ba9c4c0625907e821582998eb5617e33ecd412e6c8a13
|
||||
SHA512 (DBXUpdate-20200729-aa64.cab) = 7a0cea13ed9b645fd9f1d5e3410a451d83643a75f5dc603272b0771b093f2c012f9a19419160403631c250cf64127ad2ce1c8fa2079b04064af73fe85b9add33
|
||||
SHA512 (DBXUpdate-20200729-ia32.cab) = 578ec9cccf2001b8bfa54b66809a1662269677050e74bd3225536fbd2be56a8162c48669bd16ea553723580195df1693a28dc01fc1cf62ff06e36a2c5568f74f
|
||||
SHA512 (DBXUpdate-20200729-x64.cab) = b8b195167d286a3f16aaa7c89149a0d5b4c8f53080e3265758b912f250fa655533c603359b7d1c989ebad6953ce443809b3317ec1d00f750326945ee0537e43b
|
||||
|
|
|
|||
Loading…
Reference in New Issue