Compare commits
No commits in common. "c8" and "c9" have entirely different histories.
12
.fwupd.metadata
Normal file
12
.fwupd.metadata
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
b2620c36bd23ca699567fd4e4add039ee4375247 SOURCES/DBXUpdate-20100307-x64.cab
|
||||||
|
dfdb1d0d42c1563ca63bd45c7e2ddc48cbfc5023 SOURCES/DBXUpdate-20140413-x64.cab
|
||||||
|
a5f73c606abb93bf61625e4628d27a2cd460f162 SOURCES/DBXUpdate-20160809-x64.cab
|
||||||
|
b5b2dc87daca1d3f8081a323290432c141aa405d SOURCES/DBXUpdate-20200729-aa64.cab
|
||||||
|
3fb407561768a3a2f5fb49d7738b5e0650e70810 SOURCES/DBXUpdate-20200729-ia32.cab
|
||||||
|
89db93c9d9d20f81791a262e817b99d8882c8bb0 SOURCES/DBXUpdate-20200729-x64.cab
|
||||||
|
cd2bbe591438fe893b4042dc03d30659c1e31756 SOURCES/DBXUpdate-20210429-x64.cab
|
||||||
|
d3ae610f5b6e602feded54eae8d67ddb7c60e64f SOURCES/DBXUpdate-20220812-aa64.cab
|
||||||
|
0ac8508ef7a86959e6ab03deec256b19df29677f SOURCES/DBXUpdate-20220812-ia32.cab
|
||||||
|
60f9aa664cb7588e33ce56d621dafa9b5a71e072 SOURCES/DBXUpdate-20220812-x64.cab
|
||||||
|
5e77389b263dd463de85db965d478f7182a9ea0a SOURCES/fwupd-1.8.10.tar.xz
|
||||||
|
147b36f75fca288fd01d9ed4150866344d57df27 SOURCES/fwupd-efi-1.4.tar.xz
|
10
.gitignore
vendored
10
.gitignore
vendored
@ -4,7 +4,9 @@ SOURCES/DBXUpdate-20160809-x64.cab
|
|||||||
SOURCES/DBXUpdate-20200729-aa64.cab
|
SOURCES/DBXUpdate-20200729-aa64.cab
|
||||||
SOURCES/DBXUpdate-20200729-ia32.cab
|
SOURCES/DBXUpdate-20200729-ia32.cab
|
||||||
SOURCES/DBXUpdate-20200729-x64.cab
|
SOURCES/DBXUpdate-20200729-x64.cab
|
||||||
SOURCES/almalinuxsecurebootca0.cer
|
SOURCES/DBXUpdate-20210429-x64.cab
|
||||||
SOURCES/fwupd-1.7.8.tar.xz
|
SOURCES/DBXUpdate-20220812-aa64.cab
|
||||||
SOURCES/fwupd-efi-1.3.tar.xz
|
SOURCES/DBXUpdate-20220812-ia32.cab
|
||||||
SOURCES/libjcat-0.1.9.tar.xz
|
SOURCES/DBXUpdate-20220812-x64.cab
|
||||||
|
SOURCES/fwupd-1.8.10.tar.xz
|
||||||
|
SOURCES/fwupd-efi-1.4.tar.xz
|
||||||
|
@ -0,0 +1,110 @@
|
|||||||
|
From 90e5a58736645cdd37bf4c63f9a4056951dfb3f2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Richard Hughes <richard@hughsie.com>
|
||||||
|
Date: Tue, 24 Jan 2023 09:52:17 +0000
|
||||||
|
Subject: [PATCH] Do not make any of the HWIDs setup failures fatal
|
||||||
|
|
||||||
|
It's perfectly okay to have no HWIDs defined.
|
||||||
|
|
||||||
|
Should help with https://github.com/fwupd/fwupd/issues/5402
|
||||||
|
---
|
||||||
|
libfwupdplugin/fu-context.c | 73 +++++++++++--------------------------
|
||||||
|
1 file changed, 21 insertions(+), 52 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libfwupdplugin/fu-context.c b/libfwupdplugin/fu-context.c
|
||||||
|
index 08618b435..11b4b1b38 100644
|
||||||
|
--- a/libfwupdplugin/fu-context.c
|
||||||
|
+++ b/libfwupdplugin/fu-context.c
|
||||||
|
@@ -767,6 +767,8 @@ fu_context_security_changed(FuContext *self)
|
||||||
|
g_signal_emit(self, signals[SIGNAL_SECURITY_CHANGED], 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
+typedef gboolean (*FuContextHwidsSetupFunc)(FuContext *self, FuHwids *hwids, GError **error);
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* fu_context_load_hwinfo:
|
||||||
|
* @self: a #FuContext
|
||||||
|
@@ -786,62 +788,29 @@ fu_context_load_hwinfo(FuContext *self, FuContextHwidFlags flags, GError **error
|
||||||
|
GPtrArray *guids;
|
||||||
|
g_autoptr(GError) error_hwids = NULL;
|
||||||
|
g_autoptr(GError) error_bios_settings = NULL;
|
||||||
|
+ struct {
|
||||||
|
+ const gchar *name;
|
||||||
|
+ FuContextHwidFlags flag;
|
||||||
|
+ FuContextHwidsSetupFunc func;
|
||||||
|
+ } hwids_setup_map[] = {{"config", FU_CONTEXT_HWID_FLAG_LOAD_CONFIG, fu_hwids_config_setup},
|
||||||
|
+ {"smbios", FU_CONTEXT_HWID_FLAG_LOAD_SMBIOS, fu_hwids_smbios_setup},
|
||||||
|
+ {"fdt", FU_CONTEXT_HWID_FLAG_LOAD_FDT, fu_hwids_fdt_setup},
|
||||||
|
+ {"kenv", FU_CONTEXT_HWID_FLAG_LOAD_KENV, fu_hwids_kenv_setup},
|
||||||
|
+ {"dmi", FU_CONTEXT_HWID_FLAG_LOAD_DMI, fu_hwids_dmi_setup},
|
||||||
|
+ {NULL, FU_CONTEXT_HWID_FLAG_NONE, NULL}};
|
||||||
|
|
||||||
|
g_return_val_if_fail(FU_IS_CONTEXT(self), FALSE);
|
||||||
|
g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
|
||||||
|
|
||||||
|
- if ((flags & FU_CONTEXT_HWID_FLAG_LOAD_CONFIG) > 0) {
|
||||||
|
- g_autoptr(GError) error_local = NULL;
|
||||||
|
- if (!fu_hwids_config_setup(self, priv->hwids, &error_local)) {
|
||||||
|
- if (!g_error_matches(error_local, FWUPD_ERROR, FWUPD_ERROR_NOT_SUPPORTED)) {
|
||||||
|
- g_propagate_prefixed_error(error,
|
||||||
|
- g_steal_pointer(&error_local),
|
||||||
|
- "Failed to load HWIDs config: ");
|
||||||
|
- return FALSE;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if ((flags & FU_CONTEXT_HWID_FLAG_LOAD_DMI) > 0) {
|
||||||
|
- g_autoptr(GError) error_local = NULL;
|
||||||
|
- if (!fu_hwids_dmi_setup(self, priv->hwids, &error_local)) {
|
||||||
|
- if (!g_error_matches(error_local, FWUPD_ERROR, FWUPD_ERROR_NOT_SUPPORTED)) {
|
||||||
|
- g_propagate_prefixed_error(error,
|
||||||
|
- g_steal_pointer(&error_local),
|
||||||
|
- "Failed to load HWIDs DMI: ");
|
||||||
|
- return FALSE;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if ((flags & FU_CONTEXT_HWID_FLAG_LOAD_FDT) > 0) {
|
||||||
|
- g_autoptr(GError) error_local = NULL;
|
||||||
|
- if (!fu_hwids_fdt_setup(self, priv->hwids, &error_local)) {
|
||||||
|
- if (!g_error_matches(error_local, FWUPD_ERROR, FWUPD_ERROR_NOT_SUPPORTED)) {
|
||||||
|
- g_propagate_prefixed_error(error,
|
||||||
|
- g_steal_pointer(&error_local),
|
||||||
|
- "Failed to load HWIDs FDT: ");
|
||||||
|
- return FALSE;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if ((flags & FU_CONTEXT_HWID_FLAG_LOAD_KENV) > 0) {
|
||||||
|
- g_autoptr(GError) error_local = NULL;
|
||||||
|
- if (!fu_hwids_kenv_setup(self, priv->hwids, &error_local)) {
|
||||||
|
- if (!g_error_matches(error_local, FWUPD_ERROR, FWUPD_ERROR_NOT_SUPPORTED)) {
|
||||||
|
- g_propagate_prefixed_error(error,
|
||||||
|
- g_steal_pointer(&error_local),
|
||||||
|
- "Failed to load HWIDs kenv: ");
|
||||||
|
- return FALSE;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- if ((flags & FU_CONTEXT_HWID_FLAG_LOAD_SMBIOS) > 0) {
|
||||||
|
- g_autoptr(GError) error_local = NULL;
|
||||||
|
- if (!fu_hwids_smbios_setup(self, priv->hwids, &error_local)) {
|
||||||
|
- if (!g_error_matches(error_local, FWUPD_ERROR, FWUPD_ERROR_NOT_SUPPORTED)) {
|
||||||
|
- g_propagate_prefixed_error(error,
|
||||||
|
- g_steal_pointer(&error_local),
|
||||||
|
- "Failed to load SMBIOS: ");
|
||||||
|
- return FALSE;
|
||||||
|
+ /* run all the HWID setup funcs */
|
||||||
|
+ for (guint i = 0; hwids_setup_map[i].name != NULL; i++) {
|
||||||
|
+ if ((flags & hwids_setup_map[i].flag) > 0) {
|
||||||
|
+ g_autoptr(GError) error_local = NULL;
|
||||||
|
+ if (!hwids_setup_map[i].func(self, priv->hwids, &error_local)) {
|
||||||
|
+ g_debug("failed to load %s: %s",
|
||||||
|
+ hwids_setup_map[i].name,
|
||||||
|
+ error_local->message);
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -0,0 +1,60 @@
|
|||||||
|
From 19db23f9b8a64597564ce1b474eb6c384a57125f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Richard Hughes <richard@hughsie.com>
|
||||||
|
Date: Wed, 2 Nov 2022 09:31:53 +0000
|
||||||
|
Subject: [PATCH] Only include the 'attribute not exported' warning on debug
|
||||||
|
builds
|
||||||
|
|
||||||
|
End users are not really capable of fixing the root issue, and people seem
|
||||||
|
overly worried that something bad has gone wrong.
|
||||||
|
|
||||||
|
Fixes https://github.com/fwupd/fwupd/issues/5077
|
||||||
|
---
|
||||||
|
libfwupdplugin/fu-bios-settings.c | 2 +-
|
||||||
|
libfwupdplugin/fu-self-test.c | 2 ++
|
||||||
|
plugins/lenovo-thinklmi/fu-self-test.c | 2 ++
|
||||||
|
3 files changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libfwupdplugin/fu-bios-settings.c b/libfwupdplugin/fu-bios-settings.c
|
||||||
|
index 6151c8289..8ea1269d7 100644
|
||||||
|
--- a/libfwupdplugin/fu-bios-settings.c
|
||||||
|
+++ b/libfwupdplugin/fu-bios-settings.c
|
||||||
|
@@ -276,7 +276,7 @@ fu_bios_setting_set_type(FuBiosSettings *self, FwupdBiosSetting *attr, GError **
|
||||||
|
|
||||||
|
/* lenovo thinklmi seems to be missing it even though it's mandatory :/ */
|
||||||
|
if (!fu_bios_setting_get_key(attr, "type", &data, &error_key)) {
|
||||||
|
-#if GLIB_CHECK_VERSION(2, 64, 0)
|
||||||
|
+#if GLIB_CHECK_VERSION(2, 64, 0) && !defined(SUPPORTED_BUILD)
|
||||||
|
g_warning_once("KERNEL BUG: 'type' attribute not exported: (%s)",
|
||||||
|
error_key->message);
|
||||||
|
#else
|
||||||
|
diff --git a/libfwupdplugin/fu-self-test.c b/libfwupdplugin/fu-self-test.c
|
||||||
|
index c105fa271..c670b3a80 100644
|
||||||
|
--- a/libfwupdplugin/fu-self-test.c
|
||||||
|
+++ b/libfwupdplugin/fu-self-test.c
|
||||||
|
@@ -3117,7 +3117,9 @@ fu_bios_settings_load_func(void)
|
||||||
|
test_dir = g_test_build_filename(G_TEST_DIST, "tests", "bios-attrs", "lenovo-p620", NULL);
|
||||||
|
(void)g_setenv("FWUPD_SYSFSFWATTRIBDIR", test_dir, TRUE);
|
||||||
|
|
||||||
|
+#if GLIB_CHECK_VERSION(2, 64, 0) && !defined(SUPPORTED_BUILD)
|
||||||
|
g_test_expect_message("FuBiosSettings", G_LOG_LEVEL_WARNING, "*BUG*");
|
||||||
|
+#endif
|
||||||
|
ret = fu_context_reload_bios_settings(ctx, &error);
|
||||||
|
g_assert_no_error(error);
|
||||||
|
g_assert_true(ret);
|
||||||
|
diff --git a/plugins/lenovo-thinklmi/fu-self-test.c b/plugins/lenovo-thinklmi/fu-self-test.c
|
||||||
|
index 4777a2ae1..9e20a8cf5 100644
|
||||||
|
--- a/plugins/lenovo-thinklmi/fu-self-test.c
|
||||||
|
+++ b/plugins/lenovo-thinklmi/fu-self-test.c
|
||||||
|
@@ -39,7 +39,9 @@ fu_test_self_init(FuTest *self, GError **error_global)
|
||||||
|
g_autoptr(FuProgress) progress = fu_progress_new(G_STRLOC);
|
||||||
|
g_autoptr(GError) error = NULL;
|
||||||
|
|
||||||
|
+#if GLIB_CHECK_VERSION(2, 64, 0) && !defined(SUPPORTED_BUILD)
|
||||||
|
g_test_expect_message("FuBiosSettings", G_LOG_LEVEL_WARNING, "*KERNEL*BUG*");
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
ret = fu_context_load_quirks(ctx,
|
||||||
|
FU_QUIRKS_LOAD_FLAG_NO_CACHE | FU_QUIRKS_LOAD_FLAG_NO_VERIFY,
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From 1fc24adecbb62b3cd77ef965c5daf1b72f6c7aa8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Hughes <richard@hughsie.com>
|
|
||||||
Date: Tue, 22 Aug 2023 10:05:27 +0100
|
|
||||||
Subject: [PATCH] Use /usr/libexec/platform-python for RHEL
|
|
||||||
|
|
||||||
---
|
|
||||||
meson.build | 6 +-----
|
|
||||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/meson.build b/meson.build
|
|
||||||
index bb406d616..ac90c8ee6 100644
|
|
||||||
--- a/meson.build
|
|
||||||
+++ b/meson.build
|
|
||||||
@@ -261,11 +261,7 @@ if libgcab.type_name() == 'pkgconfig' and cc.has_function('gcab_file_set_bytes',
|
|
||||||
endif
|
|
||||||
|
|
||||||
bashcomp = dependency('bash-completion', required: false)
|
|
||||||
-if host_machine.system() != 'freebsd'
|
|
||||||
- python3 = find_program('python3')
|
|
||||||
-else
|
|
||||||
- python3 = find_program('python3.8', 'python3', 'python3.9')
|
|
||||||
-endif
|
|
||||||
+python3 = find_program('/usr/libexec/platform-python')
|
|
||||||
|
|
||||||
if get_option('gnutls')
|
|
||||||
gnutls = dependency('gnutls', version : '>= 3.6.0')
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -0,0 +1,91 @@
|
|||||||
|
From cfd61f6958a46d5e9687f87caf04c94680382a9f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Nicolas Frayer <nfrayer@redhat.com>
|
||||||
|
Date: Wed, 1 Feb 2023 12:13:45 +0100
|
||||||
|
Subject: [PATCH] generate_binary: Add NX COMPAT flag manually when genpeimg
|
||||||
|
missing
|
||||||
|
|
||||||
|
When genpeimg or python3-pefile is missing, add the NX COMPAT flag
|
||||||
|
manually by setting bit8 of the DllCharacteristics in the optional
|
||||||
|
header, clear the TimeDateStamp and update the checksum.
|
||||||
|
---
|
||||||
|
efi/generate_binary.py | 50 ++++++++++++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 48 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/efi/generate_binary.py b/efi/generate_binary.py
|
||||||
|
index 7b802e7..10ab0b3 100755
|
||||||
|
--- a/efi/generate_binary.py
|
||||||
|
+++ b/efi/generate_binary.py
|
||||||
|
@@ -10,6 +10,13 @@
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
import argparse
|
||||||
|
+import os
|
||||||
|
+import struct
|
||||||
|
+
|
||||||
|
+COFF_HDR_OFFSET = 0x80
|
||||||
|
+OPTIONALHDR_CHECKSUM = COFF_HDR_OFFSET + 0x58
|
||||||
|
+OPTIONALHDR_DLLCHARACTERISTICS = COFF_HDR_OFFSET + 0x5E
|
||||||
|
+PEHEADER_TIMEDATASTAMP = COFF_HDR_OFFSET + 0x8
|
||||||
|
|
||||||
|
|
||||||
|
def _run_objcopy(args):
|
||||||
|
@@ -66,6 +73,27 @@ def _run_genpeimg(args):
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
|
+def generate_checksum(data):
|
||||||
|
+ checksum_offset: int = OPTIONALHDR_CHECKSUM
|
||||||
|
+ checksum: int = 0
|
||||||
|
+ remainder: int = len(data) % 4
|
||||||
|
+ data_len: int = len(data) + ((4 - remainder) * (remainder != 0))
|
||||||
|
+ for i in range(int(data_len / 4)):
|
||||||
|
+ if i == int(checksum_offset / 4):
|
||||||
|
+ continue
|
||||||
|
+ if i + 1 == (int(data_len / 4)) and remainder:
|
||||||
|
+ dword = struct.unpack("I", data[i * 4 :] + (b"\0" * (4 - remainder)))[0]
|
||||||
|
+ else:
|
||||||
|
+ dword = struct.unpack("I", data[i * 4 : i * 4 + 4])[0]
|
||||||
|
+ checksum += dword
|
||||||
|
+ if checksum >= 2**32:
|
||||||
|
+ checksum = (checksum & 0xFFFFFFFF) + (checksum >> 32)
|
||||||
|
+ checksum = (checksum & 0xFFFF) + (checksum >> 16)
|
||||||
|
+ checksum = checksum + (checksum >> 16)
|
||||||
|
+ checksum = checksum & 0xFFFF
|
||||||
|
+ return checksum + len(data)
|
||||||
|
+
|
||||||
|
+
|
||||||
|
def _add_nx_pefile(args):
|
||||||
|
# unnecessary if we have genpeimg
|
||||||
|
if args.genpeimg:
|
||||||
|
@@ -73,8 +101,26 @@ def _add_nx_pefile(args):
|
||||||
|
try:
|
||||||
|
import pefile
|
||||||
|
except ImportError:
|
||||||
|
- print("Unable to add NX support to binaries without genpeimg or python3-pefile")
|
||||||
|
- sys.exit(1)
|
||||||
|
+ print("Adding NX support manually to the binary")
|
||||||
|
+ with open(args.outfile, "r+b") as fh:
|
||||||
|
+ buf = bytearray(fh.read(os.path.getsize(args.outfile)))
|
||||||
|
+ fh.seek(0)
|
||||||
|
+ DllCharacteristics = struct.unpack_from(
|
||||||
|
+ "<H", buf, OPTIONALHDR_DLLCHARACTERISTICS
|
||||||
|
+ )[0]
|
||||||
|
+ DllCharacteristics |= 0x100
|
||||||
|
+ struct.pack_into(
|
||||||
|
+ "<H", buf, OPTIONALHDR_DLLCHARACTERISTICS, DllCharacteristics
|
||||||
|
+ )
|
||||||
|
+
|
||||||
|
+ # set the timestamp to 0
|
||||||
|
+ struct.pack_into("<I", buf, PEHEADER_TIMEDATASTAMP, 0x0)
|
||||||
|
+
|
||||||
|
+ # as we have set the NX COMPAT bit, regenerate the checksum
|
||||||
|
+ struct.pack_into("<I", buf, OPTIONALHDR_CHECKSUM, generate_checksum(buf))
|
||||||
|
+ fh.write(buf)
|
||||||
|
+
|
||||||
|
+ return
|
||||||
|
|
||||||
|
pe = pefile.PE(args.outfile)
|
||||||
|
pe.OPTIONAL_HEADER.DllCharacteristics |= pefile.DLL_CHARACTERISTICS[
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -0,0 +1,28 @@
|
|||||||
|
From af5fb429c8e726d1d7455b2d0e5d4263edbd4290 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ivan Mikhanchuk <ivanmikh@pm.me>
|
||||||
|
Date: Tue, 24 Jan 2023 17:06:09 -0800
|
||||||
|
Subject: [PATCH] modem-manager: remove improper use of assert
|
||||||
|
|
||||||
|
FuSaharaLoader being NULL is normal for devices that only
|
||||||
|
support Firehose and don't use Sahara QDL port.
|
||||||
|
---
|
||||||
|
plugins/modem-manager/fu-sahara-loader.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/plugins/modem-manager/fu-sahara-loader.c b/plugins/modem-manager/fu-sahara-loader.c
|
||||||
|
index 89c620fbe..78f24036f 100644
|
||||||
|
--- a/plugins/modem-manager/fu-sahara-loader.c
|
||||||
|
+++ b/plugins/modem-manager/fu-sahara-loader.c
|
||||||
|
@@ -206,7 +206,8 @@ fu_sahara_loader_close(FuSaharaLoader *self, GError **error)
|
||||||
|
gboolean
|
||||||
|
fu_sahara_loader_qdl_is_open(FuSaharaLoader *self)
|
||||||
|
{
|
||||||
|
- g_return_val_if_fail(self != NULL, FALSE);
|
||||||
|
+ if (self == NULL)
|
||||||
|
+ return FALSE;
|
||||||
|
|
||||||
|
return fu_usb_device_is_open(self->usb_device);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From 442f7f9200fbf6ec509dd0ee40eae2e37b2fb73e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Hughes <richard@hughsie.com>
|
|
||||||
Date: Tue, 20 Sep 2022 08:06:12 +0100
|
|
||||||
Subject: [PATCH 1/3] redfish: Set the permissions of redfish.conf at install
|
|
||||||
time
|
|
||||||
|
|
||||||
Although typically we set the password using fu_plugin_set_secure_config_value()
|
|
||||||
or something like Ansible or Puppet -- the user could just edit the file with
|
|
||||||
vim and we still want the permissions set correctly.
|
|
||||||
---
|
|
||||||
plugins/redfish/meson.build | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/plugins/redfish/meson.build b/plugins/redfish/meson.build
|
|
||||||
index 34ba4b7f6..7b19574de 100644
|
|
||||||
--- a/plugins/redfish/meson.build
|
|
||||||
+++ b/plugins/redfish/meson.build
|
|
||||||
@@ -48,6 +48,7 @@ shared_module('fu_plugin_redfish',
|
|
||||||
|
|
||||||
install_data(['redfish.conf'],
|
|
||||||
install_dir: join_paths(sysconfdir, 'fwupd'),
|
|
||||||
+ install_mode: 'rw-r-----',
|
|
||||||
)
|
|
||||||
|
|
||||||
if get_option('tests')
|
|
||||||
--
|
|
||||||
2.39.1
|
|
||||||
|
|
@ -0,0 +1,24 @@
|
|||||||
|
From 7f427d567d497048772bad59e098528605e563ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Richard Hughes <richard@hughsie.com>
|
||||||
|
Date: Mon, 23 Jan 2023 11:22:43 +0000
|
||||||
|
Subject: [PATCH] trivial: Fix build fix when using ppc64le system
|
||||||
|
|
||||||
|
---
|
||||||
|
src/meson.build | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/meson.build b/src/meson.build
|
||||||
|
index b9f6736f2..f3ca734ee 100644
|
||||||
|
--- a/src/meson.build
|
||||||
|
+++ b/src/meson.build
|
||||||
|
@@ -197,6 +197,7 @@ plugins_hdr = custom_target('fwupd-generate-plugins-header',
|
||||||
|
fwupdengine = library(
|
||||||
|
'fwupdengine',
|
||||||
|
resources_src,
|
||||||
|
+ plugins_hdr,
|
||||||
|
sources: fwupd_engine_src,
|
||||||
|
install: true,
|
||||||
|
install_rpath: libdir_pkg,
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
46
SOURCES/0001-wacom-usb-Retry-set_report-on-failure.patch
Normal file
46
SOURCES/0001-wacom-usb-Retry-set_report-on-failure.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From 8076090a000d4adde59fddeadb17a6f769993d1e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jason Gerecke <killertofu@gmail.com>
|
||||||
|
Date: Tue, 17 Jan 2023 14:24:14 -0800
|
||||||
|
Subject: [PATCH] wacom-usb: Retry set_report on failure
|
||||||
|
|
||||||
|
Sometimes the flash process will randomly hang and time-out when sending
|
||||||
|
data to the device. We currently do not use any retry logic, so if this
|
||||||
|
happens the flash attempt is treated as a failure. This can be a source
|
||||||
|
of worry or frustration, especially if subsequent manual retries fail
|
||||||
|
in a similar way.
|
||||||
|
|
||||||
|
Adding FU_HID_DEVICE_FLAG_RETRY_FAILURE to the list of flags used when
|
||||||
|
calling fu_hid_device_set_report allows fwupd to try sending a block
|
||||||
|
multiple times if such a time-out (or other error) occurs. This makes
|
||||||
|
the flash process less prone to failure.
|
||||||
|
|
||||||
|
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
|
||||||
|
---
|
||||||
|
plugins/wacom-usb/fu-wac-device.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/plugins/wacom-usb/fu-wac-device.c b/plugins/wacom-usb/fu-wac-device.c
|
||||||
|
index 9162d19a9..714761b1e 100644
|
||||||
|
--- a/plugins/wacom-usb/fu-wac-device.c
|
||||||
|
+++ b/plugins/wacom-usb/fu-wac-device.c
|
||||||
|
@@ -182,7 +182,8 @@ fu_wac_device_set_feature_report(FuWacDevice *self,
|
||||||
|
buf,
|
||||||
|
bufsz,
|
||||||
|
FU_WAC_DEVICE_TIMEOUT,
|
||||||
|
- flags | FU_HID_DEVICE_FLAG_IS_FEATURE,
|
||||||
|
+ flags | FU_HID_DEVICE_FLAG_IS_FEATURE |
|
||||||
|
+ FU_HID_DEVICE_FLAG_RETRY_FAILURE,
|
||||||
|
error);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -920,6 +921,7 @@ fu_wac_device_init(FuWacDevice *self)
|
||||||
|
fu_device_set_install_duration(FU_DEVICE(self), 10);
|
||||||
|
fu_device_set_remove_delay(FU_DEVICE(self), FU_DEVICE_REMOVE_DELAY_RE_ENUMERATE);
|
||||||
|
fu_device_set_firmware_gtype(FU_DEVICE(self), FU_TYPE_WAC_FIRMWARE);
|
||||||
|
+ fu_device_retry_set_delay(FU_DEVICE(self), 30); /* ms */
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 4f39b747a6d860e32a3000451dd2635366c81776 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Hughes <richard@hughsie.com>
|
|
||||||
Date: Tue, 20 Sep 2022 09:13:52 +0100
|
|
||||||
Subject: [PATCH 2/3] redfish: Only create users using IPMI when we know it's
|
|
||||||
going to work
|
|
||||||
|
|
||||||
Make the IPMI auto-account feature allow-listed on specific vendors as some IPMI
|
|
||||||
implementations are not specification compliant and do entirely the wrong thing.
|
|
||||||
---
|
|
||||||
plugins/redfish/fu-plugin-redfish.c | 8 ++++++++
|
|
||||||
plugins/redfish/redfish.quirk | 2 +-
|
|
||||||
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/plugins/redfish/fu-plugin-redfish.c b/plugins/redfish/fu-plugin-redfish.c
|
|
||||||
index deb0fe742..3972d4b4b 100644
|
|
||||||
--- a/plugins/redfish/fu-plugin-redfish.c
|
|
||||||
+++ b/plugins/redfish/fu-plugin-redfish.c
|
|
||||||
@@ -422,6 +422,14 @@ fu_plugin_redfish_startup(FuPlugin *plugin, GError **error)
|
|
||||||
#ifdef HAVE_LINUX_IPMI_H
|
|
||||||
/* we got neither a type 42 entry or config value, lets try IPMI */
|
|
||||||
if (fu_redfish_backend_get_username(data->backend) == NULL) {
|
|
||||||
+ if (!fu_context_has_hwid_flag(fu_plugin_get_context(plugin), "ipmi-create-user")) {
|
|
||||||
+ g_set_error_literal(error,
|
|
||||||
+ FWUPD_ERROR,
|
|
||||||
+ FWUPD_ERROR_NOT_SUPPORTED,
|
|
||||||
+ "no username and password specified, "
|
|
||||||
+ "and no vendor quirk for 'ipmi-create-user'");
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
if (!fu_plugin_get_config_value_boolean(plugin, "IpmiDisableCreateUser")) {
|
|
||||||
g_debug("attempting to create user using IPMI");
|
|
||||||
if (!fu_redfish_plugin_ipmi_create_user(plugin, error))
|
|
||||||
diff --git a/plugins/redfish/redfish.quirk b/plugins/redfish/redfish.quirk
|
|
||||||
index b12439926..5e9722fda 100644
|
|
||||||
--- a/plugins/redfish/redfish.quirk
|
|
||||||
+++ b/plugins/redfish/redfish.quirk
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
# Lenovo ThinkSystem
|
|
||||||
[42f00735-c9ab-5374-bd63-a5deee5881e0]
|
|
||||||
-Flags = wildcard-targets,reset-required
|
|
||||||
+Flags = wildcard-targets,reset-required,ipmi-create-user
|
|
||||||
|
|
||||||
[REDFISH\VENDOR_Lenovo&ID_BMC-Backup]
|
|
||||||
ParentGuid = REDFISH\VENDOR_Lenovo&ID_BMC-Primary
|
|
||||||
--
|
|
||||||
2.39.1
|
|
||||||
|
|
@ -1,141 +0,0 @@
|
|||||||
From 41575afd93ca0e68bced78ca43a4488f124906a1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Hughes <richard@hughsie.com>
|
|
||||||
Date: Wed, 21 Sep 2022 14:56:10 +0100
|
|
||||||
Subject: [PATCH 3/3] Never save the Redfish passwords to a file readable by
|
|
||||||
users
|
|
||||||
|
|
||||||
When the redfish plugin automatically creates an OPERATOR user account on the
|
|
||||||
BMC we save the autogenerated password to /etc/fwupd/redfish.conf, ensuring it
|
|
||||||
is chmod'ed to 0660 before writing the file with g_key_file_save_to_file().
|
|
||||||
|
|
||||||
Under the covers, g_key_file_save_to_file() calls g_file_set_contents() with
|
|
||||||
the keyfile string data.
|
|
||||||
I was under the impression that G_FILE_CREATE_REPLACE_DESTINATION was being
|
|
||||||
used to copy permissions, but alas not.
|
|
||||||
|
|
||||||
GLib instead calls g_file_set_contents_full() with the mode hardcoded to 0666,
|
|
||||||
which undoes the previous chmod().
|
|
||||||
|
|
||||||
Use g_file_set_contents_full() with the correct mode for newer GLib versions,
|
|
||||||
and provide a fallback with the same semantics for older versions.
|
|
||||||
---
|
|
||||||
contrib/fwupd.spec.in | 3 ++
|
|
||||||
libfwupdplugin/fu-plugin.c | 65 +++++++++++++++++++++++++++++------
|
|
||||||
libfwupdplugin/fu-self-test.c | 57 ++++++++++++++++++++++++++++++
|
|
||||||
3 files changed, 114 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/contrib/fwupd.spec.in b/contrib/fwupd.spec.in
|
|
||||||
index a50e30a9c..0854fcf4f 100644
|
|
||||||
--- a/contrib/fwupd.spec.in
|
|
||||||
+++ b/contrib/fwupd.spec.in
|
|
||||||
@@ -313,6 +313,9 @@ for fn in /etc/fwupd/remotes.d/*.conf; do
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
+# ensure this is private
|
|
||||||
+chmod 0660 /etc/fwupd/redfish.conf
|
|
||||||
+
|
|
||||||
%preun
|
|
||||||
%systemd_preun fwupd.service
|
|
||||||
|
|
||||||
diff --git a/libfwupdplugin/fu-plugin.c b/libfwupdplugin/fu-plugin.c
|
|
||||||
index 18042a028..04951de85 100644
|
|
||||||
--- a/libfwupdplugin/fu-plugin.c
|
|
||||||
+++ b/libfwupdplugin/fu-plugin.c
|
|
||||||
@@ -9,6 +9,7 @@
|
|
||||||
#include "config.h"
|
|
||||||
|
|
||||||
#include <errno.h>
|
|
||||||
+#include <fcntl.h>
|
|
||||||
#include <fwupd.h>
|
|
||||||
#include <glib/gstdio.h>
|
|
||||||
#include <gmodule.h>
|
|
||||||
@@ -2256,6 +2257,46 @@ fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value,
|
|
||||||
return g_key_file_save_to_file(keyfile, conf_path, error);
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if !GLIB_CHECK_VERSION(2, 66, 0)
|
|
||||||
+
|
|
||||||
+#define G_FILE_SET_CONTENTS_CONSISTENT 0
|
|
||||||
+typedef guint GFileSetContentsFlags;
|
|
||||||
+static gboolean
|
|
||||||
+g_file_set_contents_full(const gchar *filename,
|
|
||||||
+ const gchar *contents,
|
|
||||||
+ gssize length,
|
|
||||||
+ GFileSetContentsFlags flags,
|
|
||||||
+ int mode,
|
|
||||||
+ GError **error)
|
|
||||||
+{
|
|
||||||
+ gint fd;
|
|
||||||
+ gssize wrote;
|
|
||||||
+
|
|
||||||
+ if (length < 0)
|
|
||||||
+ length = strlen(contents);
|
|
||||||
+ fd = g_open(filename, O_CREAT, mode);
|
|
||||||
+ if (fd <= 0) {
|
|
||||||
+ g_set_error(error,
|
|
||||||
+ G_IO_ERROR,
|
|
||||||
+ G_IO_ERROR_FAILED,
|
|
||||||
+ "could not open %s file",
|
|
||||||
+ filename);
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
+ wrote = write(fd, contents, length);
|
|
||||||
+ if (wrote != length) {
|
|
||||||
+ g_set_error(error,
|
|
||||||
+ G_IO_ERROR,
|
|
||||||
+ G_IO_ERROR_FAILED,
|
|
||||||
+ "did not write %s file",
|
|
||||||
+ filename);
|
|
||||||
+ g_close(fd, NULL);
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
+ return g_close(fd, error);
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* fu_plugin_set_secure_config_value:
|
|
||||||
* @self: a #FuPlugin
|
|
||||||
@@ -2277,7 +2318,8 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
|
|
||||||
GError **error)
|
|
||||||
{
|
|
||||||
g_autofree gchar *conf_path = fu_plugin_get_config_filename(self);
|
|
||||||
- gint ret;
|
|
||||||
+ g_autofree gchar *data = NULL;
|
|
||||||
+ g_autoptr(GKeyFile) keyfile = g_key_file_new();
|
|
||||||
|
|
||||||
g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE);
|
|
||||||
g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
|
|
||||||
@@ -2286,17 +2328,18 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
|
|
||||||
g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "%s is missing", conf_path);
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
- ret = g_chmod(conf_path, 0660);
|
|
||||||
- if (ret == -1) {
|
|
||||||
- g_set_error(error,
|
|
||||||
- FWUPD_ERROR,
|
|
||||||
- FWUPD_ERROR_INTERNAL,
|
|
||||||
- "failed to set permissions on %s",
|
|
||||||
- conf_path);
|
|
||||||
+ if (!g_key_file_load_from_file(keyfile, conf_path, G_KEY_FILE_KEEP_COMMENTS, error))
|
|
||||||
return FALSE;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- return fu_plugin_set_config_value(self, key, value, error);
|
|
||||||
+ g_key_file_set_string(keyfile, fu_plugin_get_name(self), key, value);
|
|
||||||
+ data = g_key_file_to_data(keyfile, NULL, error);
|
|
||||||
+ if (data == NULL)
|
|
||||||
+ return FALSE;
|
|
||||||
+ return g_file_set_contents_full(conf_path,
|
|
||||||
+ data,
|
|
||||||
+ -1,
|
|
||||||
+ G_FILE_SET_CONTENTS_CONSISTENT,
|
|
||||||
+ 0660,
|
|
||||||
+ error);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
--
|
|
||||||
2.39.1
|
|
||||||
|
|
BIN
SOURCES/redhatsecureboot301.cer
Normal file
BIN
SOURCES/redhatsecureboot301.cer
Normal file
Binary file not shown.
BIN
SOURCES/redhatsecureboot503.cer
Normal file
BIN
SOURCES/redhatsecureboot503.cer
Normal file
Binary file not shown.
BIN
SOURCES/redhatsecurebootca3.cer
Normal file
BIN
SOURCES/redhatsecurebootca3.cer
Normal file
Binary file not shown.
BIN
SOURCES/redhatsecurebootca5.cer
Normal file
BIN
SOURCES/redhatsecurebootca5.cer
Normal file
Binary file not shown.
1057
SPECS/fwupd.spec
1057
SPECS/fwupd.spec
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user