Compare commits
No commits in common. "c8" and "c9s-uprev" have entirely different histories.
98
.gitignore
vendored
98
.gitignore
vendored
@ -1,10 +1,88 @@
|
||||
SOURCES/DBXUpdate-20100307-x64.cab
|
||||
SOURCES/DBXUpdate-20140413-x64.cab
|
||||
SOURCES/DBXUpdate-20160809-x64.cab
|
||||
SOURCES/DBXUpdate-20200729-aa64.cab
|
||||
SOURCES/DBXUpdate-20200729-ia32.cab
|
||||
SOURCES/DBXUpdate-20200729-x64.cab
|
||||
SOURCES/almalinuxsecurebootca0.cer
|
||||
SOURCES/fwupd-1.7.8.tar.xz
|
||||
SOURCES/fwupd-efi-1.3.tar.xz
|
||||
SOURCES/libjcat-0.1.9.tar.xz
|
||||
/fwupd-0.1.0.tar.xz
|
||||
/fwupd-0.1.1.tar.xz
|
||||
/fwupd-0.1.2.tar.xz
|
||||
/fwupd-0.1.3.tar.xz
|
||||
/fwupd-0.1.4.tar.xz
|
||||
/fwupd-0.1.5.tar.xz
|
||||
/fwupd-0.1.6.tar.xz
|
||||
/fwupd-0.5.0.tar.xz
|
||||
/fwupd-0.5.1.tar.xz
|
||||
/fwupd-0.5.2.tar.xz
|
||||
/fwupd-0.5.3.tar.xz
|
||||
/fwupd-0.5.4.tar.xz
|
||||
/fwupd-0.6.0.tar.xz
|
||||
/fwupd-0.6.1.tar.xz
|
||||
/fwupd-0.6.2.tar.xz
|
||||
/fwupd-0.6.3.tar.xz
|
||||
/fwupd-0.7.0.tar.xz
|
||||
/fwupd-0.7.1.tar.xz
|
||||
/fwupd-0.7.2.tar.xz
|
||||
/fwupd-0.7.3.tar.xz
|
||||
/fwupd-0.7.4.tar.xz
|
||||
/fwupd-0.7.5.tar.xz
|
||||
/fwupd-0.8.0.tar.xz
|
||||
/fwupd-0.8.1.tar.xz
|
||||
/fwupd-0.8.2.tar.xz
|
||||
/fwupd-0.9.2.tar.xz
|
||||
/fwupd-0.9.3.tar.xz
|
||||
/fwupd-0.9.4.tar.xz
|
||||
/fwupd-0.9.5.tar.xz
|
||||
/fwupd-0.9.6.tar.xz
|
||||
/fwupd-0.9.7.tar.xz
|
||||
/fwupd-1.0.0.tar.xz
|
||||
/fwupd-1.0.1.tar.xz
|
||||
/fwupd-1.0.2.tar.xz
|
||||
/fwupd-1.0.3.tar.xz
|
||||
/fwupd-1.0.4.tar.xz
|
||||
/fwupd-1.0.5.tar.xz
|
||||
/fwupd-1.0.6.tar.xz
|
||||
/fwupd-1.0.7.tar.xz
|
||||
/fwupd-1.0.8.tar.xz
|
||||
/fwupd-1.1.0.tar.xz
|
||||
/fwupd-1.1.1.tar.xz
|
||||
/fwupd-1.1.2.tar.xz
|
||||
/fwupd-1.1.3.tar.xz
|
||||
/fwupd-1.2.0.tar.xz
|
||||
/fwupd-1.2.1.tar.xz
|
||||
/fwupd-1.2.2.tar.xz
|
||||
/fwupd-1.2.3.tar.xz
|
||||
/fwupd-1.2.4.tar.xz
|
||||
/fwupd-1.2.5.tar.xz
|
||||
/fwupd-1.2.6.tar.xz
|
||||
/fwupd-1.2.7.tar.xz
|
||||
/fwupd-1.2.8.tar.xz
|
||||
/fwupd-1.2.9.tar.xz
|
||||
/fwupd-1.2.10.tar.xz
|
||||
/fwupd-1.3.2.tar.xz
|
||||
/fwupd-1.3.3.tar.xz
|
||||
/fwupd-1.3.4.tar.xz
|
||||
/fwupd-1.3.5.tar.xz
|
||||
/fwupd-1.3.6.tar.xz
|
||||
/fwupd-1.3.7.tar.xz
|
||||
/fwupd-1.3.8.tar.xz
|
||||
/fwupd-1.3.9.tar.xz
|
||||
/fwupd-1.4.0.tar.xz
|
||||
/fwupd-1.4.1.tar.xz
|
||||
/fwupd-1.4.2.tar.xz
|
||||
/fwupd-1.4.3.tar.xz
|
||||
/fwupd-1.4.4.tar.xz
|
||||
/fwupd-1.4.5.tar.xz
|
||||
/fwupd-1.4.6.tar.xz
|
||||
/fwupd-1.5.0.tar.xz
|
||||
/fwupd-1.5.1.tar.xz
|
||||
/fwupd-1.5.2.tar.xz
|
||||
/fwupd-1.5.3.tar.xz
|
||||
/fwupd-1.5.4.tar.xz
|
||||
/fwupd-1.5.5.tar.xz
|
||||
/fwupd-1.5.9.tar.xz
|
||||
/DBXUpdate-20100307-x64.cab
|
||||
/DBXUpdate-20140413-x64.cab
|
||||
/DBXUpdate-20160809-x64.cab
|
||||
/DBXUpdate-20200729-aa64.cab
|
||||
/DBXUpdate-20200729-ia32.cab
|
||||
/DBXUpdate-20200729-x64.cab
|
||||
/fwupd-1.7.1.tar.xz
|
||||
/fwupd-efi-1.1.tar.xz
|
||||
/fwupd-1.7.4.tar.xz
|
||||
/fwupd-1.8.3.tar.xz
|
||||
/fwupd-efi-1.3.tar.xz
|
||||
|
@ -1,29 +0,0 @@
|
||||
From 1fc24adecbb62b3cd77ef965c5daf1b72f6c7aa8 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Hughes <richard@hughsie.com>
|
||||
Date: Tue, 22 Aug 2023 10:05:27 +0100
|
||||
Subject: [PATCH] Use /usr/libexec/platform-python for RHEL
|
||||
|
||||
---
|
||||
meson.build | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index bb406d616..ac90c8ee6 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -261,11 +261,7 @@ if libgcab.type_name() == 'pkgconfig' and cc.has_function('gcab_file_set_bytes',
|
||||
endif
|
||||
|
||||
bashcomp = dependency('bash-completion', required: false)
|
||||
-if host_machine.system() != 'freebsd'
|
||||
- python3 = find_program('python3')
|
||||
-else
|
||||
- python3 = find_program('python3.8', 'python3', 'python3.9')
|
||||
-endif
|
||||
+python3 = find_program('/usr/libexec/platform-python')
|
||||
|
||||
if get_option('gnutls')
|
||||
gnutls = dependency('gnutls', version : '>= 3.6.0')
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,28 +0,0 @@
|
||||
From 442f7f9200fbf6ec509dd0ee40eae2e37b2fb73e Mon Sep 17 00:00:00 2001
|
||||
From: Richard Hughes <richard@hughsie.com>
|
||||
Date: Tue, 20 Sep 2022 08:06:12 +0100
|
||||
Subject: [PATCH 1/3] redfish: Set the permissions of redfish.conf at install
|
||||
time
|
||||
|
||||
Although typically we set the password using fu_plugin_set_secure_config_value()
|
||||
or something like Ansible or Puppet -- the user could just edit the file with
|
||||
vim and we still want the permissions set correctly.
|
||||
---
|
||||
plugins/redfish/meson.build | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/plugins/redfish/meson.build b/plugins/redfish/meson.build
|
||||
index 34ba4b7f6..7b19574de 100644
|
||||
--- a/plugins/redfish/meson.build
|
||||
+++ b/plugins/redfish/meson.build
|
||||
@@ -48,6 +48,7 @@ shared_module('fu_plugin_redfish',
|
||||
|
||||
install_data(['redfish.conf'],
|
||||
install_dir: join_paths(sysconfdir, 'fwupd'),
|
||||
+ install_mode: 'rw-r-----',
|
||||
)
|
||||
|
||||
if get_option('tests')
|
||||
--
|
||||
2.39.1
|
||||
|
@ -1,47 +0,0 @@
|
||||
From 4f39b747a6d860e32a3000451dd2635366c81776 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Hughes <richard@hughsie.com>
|
||||
Date: Tue, 20 Sep 2022 09:13:52 +0100
|
||||
Subject: [PATCH 2/3] redfish: Only create users using IPMI when we know it's
|
||||
going to work
|
||||
|
||||
Make the IPMI auto-account feature allow-listed on specific vendors as some IPMI
|
||||
implementations are not specification compliant and do entirely the wrong thing.
|
||||
---
|
||||
plugins/redfish/fu-plugin-redfish.c | 8 ++++++++
|
||||
plugins/redfish/redfish.quirk | 2 +-
|
||||
2 files changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/plugins/redfish/fu-plugin-redfish.c b/plugins/redfish/fu-plugin-redfish.c
|
||||
index deb0fe742..3972d4b4b 100644
|
||||
--- a/plugins/redfish/fu-plugin-redfish.c
|
||||
+++ b/plugins/redfish/fu-plugin-redfish.c
|
||||
@@ -422,6 +422,14 @@ fu_plugin_redfish_startup(FuPlugin *plugin, GError **error)
|
||||
#ifdef HAVE_LINUX_IPMI_H
|
||||
/* we got neither a type 42 entry or config value, lets try IPMI */
|
||||
if (fu_redfish_backend_get_username(data->backend) == NULL) {
|
||||
+ if (!fu_context_has_hwid_flag(fu_plugin_get_context(plugin), "ipmi-create-user")) {
|
||||
+ g_set_error_literal(error,
|
||||
+ FWUPD_ERROR,
|
||||
+ FWUPD_ERROR_NOT_SUPPORTED,
|
||||
+ "no username and password specified, "
|
||||
+ "and no vendor quirk for 'ipmi-create-user'");
|
||||
+ return FALSE;
|
||||
+ }
|
||||
if (!fu_plugin_get_config_value_boolean(plugin, "IpmiDisableCreateUser")) {
|
||||
g_debug("attempting to create user using IPMI");
|
||||
if (!fu_redfish_plugin_ipmi_create_user(plugin, error))
|
||||
diff --git a/plugins/redfish/redfish.quirk b/plugins/redfish/redfish.quirk
|
||||
index b12439926..5e9722fda 100644
|
||||
--- a/plugins/redfish/redfish.quirk
|
||||
+++ b/plugins/redfish/redfish.quirk
|
||||
@@ -1,6 +1,6 @@
|
||||
# Lenovo ThinkSystem
|
||||
[42f00735-c9ab-5374-bd63-a5deee5881e0]
|
||||
-Flags = wildcard-targets,reset-required
|
||||
+Flags = wildcard-targets,reset-required,ipmi-create-user
|
||||
|
||||
[REDFISH\VENDOR_Lenovo&ID_BMC-Backup]
|
||||
ParentGuid = REDFISH\VENDOR_Lenovo&ID_BMC-Primary
|
||||
--
|
||||
2.39.1
|
||||
|
@ -1,141 +0,0 @@
|
||||
From 41575afd93ca0e68bced78ca43a4488f124906a1 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Hughes <richard@hughsie.com>
|
||||
Date: Wed, 21 Sep 2022 14:56:10 +0100
|
||||
Subject: [PATCH 3/3] Never save the Redfish passwords to a file readable by
|
||||
users
|
||||
|
||||
When the redfish plugin automatically creates an OPERATOR user account on the
|
||||
BMC we save the autogenerated password to /etc/fwupd/redfish.conf, ensuring it
|
||||
is chmod'ed to 0660 before writing the file with g_key_file_save_to_file().
|
||||
|
||||
Under the covers, g_key_file_save_to_file() calls g_file_set_contents() with
|
||||
the keyfile string data.
|
||||
I was under the impression that G_FILE_CREATE_REPLACE_DESTINATION was being
|
||||
used to copy permissions, but alas not.
|
||||
|
||||
GLib instead calls g_file_set_contents_full() with the mode hardcoded to 0666,
|
||||
which undoes the previous chmod().
|
||||
|
||||
Use g_file_set_contents_full() with the correct mode for newer GLib versions,
|
||||
and provide a fallback with the same semantics for older versions.
|
||||
---
|
||||
contrib/fwupd.spec.in | 3 ++
|
||||
libfwupdplugin/fu-plugin.c | 65 +++++++++++++++++++++++++++++------
|
||||
libfwupdplugin/fu-self-test.c | 57 ++++++++++++++++++++++++++++++
|
||||
3 files changed, 114 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/contrib/fwupd.spec.in b/contrib/fwupd.spec.in
|
||||
index a50e30a9c..0854fcf4f 100644
|
||||
--- a/contrib/fwupd.spec.in
|
||||
+++ b/contrib/fwupd.spec.in
|
||||
@@ -313,6 +313,9 @@ for fn in /etc/fwupd/remotes.d/*.conf; do
|
||||
fi
|
||||
done
|
||||
|
||||
+# ensure this is private
|
||||
+chmod 0660 /etc/fwupd/redfish.conf
|
||||
+
|
||||
%preun
|
||||
%systemd_preun fwupd.service
|
||||
|
||||
diff --git a/libfwupdplugin/fu-plugin.c b/libfwupdplugin/fu-plugin.c
|
||||
index 18042a028..04951de85 100644
|
||||
--- a/libfwupdplugin/fu-plugin.c
|
||||
+++ b/libfwupdplugin/fu-plugin.c
|
||||
@@ -9,6 +9,7 @@
|
||||
#include "config.h"
|
||||
|
||||
#include <errno.h>
|
||||
+#include <fcntl.h>
|
||||
#include <fwupd.h>
|
||||
#include <glib/gstdio.h>
|
||||
#include <gmodule.h>
|
||||
@@ -2256,6 +2257,46 @@ fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value,
|
||||
return g_key_file_save_to_file(keyfile, conf_path, error);
|
||||
}
|
||||
|
||||
+#if !GLIB_CHECK_VERSION(2, 66, 0)
|
||||
+
|
||||
+#define G_FILE_SET_CONTENTS_CONSISTENT 0
|
||||
+typedef guint GFileSetContentsFlags;
|
||||
+static gboolean
|
||||
+g_file_set_contents_full(const gchar *filename,
|
||||
+ const gchar *contents,
|
||||
+ gssize length,
|
||||
+ GFileSetContentsFlags flags,
|
||||
+ int mode,
|
||||
+ GError **error)
|
||||
+{
|
||||
+ gint fd;
|
||||
+ gssize wrote;
|
||||
+
|
||||
+ if (length < 0)
|
||||
+ length = strlen(contents);
|
||||
+ fd = g_open(filename, O_CREAT, mode);
|
||||
+ if (fd <= 0) {
|
||||
+ g_set_error(error,
|
||||
+ G_IO_ERROR,
|
||||
+ G_IO_ERROR_FAILED,
|
||||
+ "could not open %s file",
|
||||
+ filename);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+ wrote = write(fd, contents, length);
|
||||
+ if (wrote != length) {
|
||||
+ g_set_error(error,
|
||||
+ G_IO_ERROR,
|
||||
+ G_IO_ERROR_FAILED,
|
||||
+ "did not write %s file",
|
||||
+ filename);
|
||||
+ g_close(fd, NULL);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+ return g_close(fd, error);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/**
|
||||
* fu_plugin_set_secure_config_value:
|
||||
* @self: a #FuPlugin
|
||||
@@ -2277,7 +2318,8 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
|
||||
GError **error)
|
||||
{
|
||||
g_autofree gchar *conf_path = fu_plugin_get_config_filename(self);
|
||||
- gint ret;
|
||||
+ g_autofree gchar *data = NULL;
|
||||
+ g_autoptr(GKeyFile) keyfile = g_key_file_new();
|
||||
|
||||
g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE);
|
||||
g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
|
||||
@@ -2286,17 +2328,18 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
|
||||
g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "%s is missing", conf_path);
|
||||
return FALSE;
|
||||
}
|
||||
- ret = g_chmod(conf_path, 0660);
|
||||
- if (ret == -1) {
|
||||
- g_set_error(error,
|
||||
- FWUPD_ERROR,
|
||||
- FWUPD_ERROR_INTERNAL,
|
||||
- "failed to set permissions on %s",
|
||||
- conf_path);
|
||||
+ if (!g_key_file_load_from_file(keyfile, conf_path, G_KEY_FILE_KEEP_COMMENTS, error))
|
||||
return FALSE;
|
||||
- }
|
||||
-
|
||||
- return fu_plugin_set_config_value(self, key, value, error);
|
||||
+ g_key_file_set_string(keyfile, fu_plugin_get_name(self), key, value);
|
||||
+ data = g_key_file_to_data(keyfile, NULL, error);
|
||||
+ if (data == NULL)
|
||||
+ return FALSE;
|
||||
+ return g_file_set_contents_full(conf_path,
|
||||
+ data,
|
||||
+ -1,
|
||||
+ G_FILE_SET_CONTENTS_CONSISTENT,
|
||||
+ 0660,
|
||||
+ error);
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.39.1
|
||||
|
File diff suppressed because it is too large
Load Diff
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.hardware-fwupd.tier0.functional}
|
BIN
redhatsecureboot301.cer
Normal file
BIN
redhatsecureboot301.cer
Normal file
Binary file not shown.
BIN
redhatsecureboot503.cer
Normal file
BIN
redhatsecureboot503.cer
Normal file
Binary file not shown.
BIN
redhatsecurebootca3.cer
Normal file
BIN
redhatsecurebootca3.cer
Normal file
Binary file not shown.
BIN
redhatsecurebootca5.cer
Normal file
BIN
redhatsecurebootca5.cer
Normal file
Binary file not shown.
8
sources
Normal file
8
sources
Normal file
@ -0,0 +1,8 @@
|
||||
SHA512 (fwupd-1.8.3.tar.xz) = 1044eb59b9dfb0c477b858564cc09f7bbbf59042aac84d133f83fb902342618bc8ffeddf816c706aea3ad473d5a3ca38b194b65e1d396e83764854b1d562d1ae
|
||||
SHA512 (fwupd-efi-1.3.tar.xz) = 582bc0298f773b3017fab317a392b6fe95a9d1698bfe17e56370515f4563c8d45c12f28ae52d304866e4b077043bb0c9d5c1abf4b75ded5f70b6d8ccad495ea5
|
||||
SHA512 (DBXUpdate-20100307-x64.cab) = f8ad56cf015f4cdc5c305856ff1f7a8589c25a2a671708c61883f427f38eb9b6a7abd3f2c8d79ef9d5076222255e42585917f8705a2a4b13f860bad4e02ec409
|
||||
SHA512 (DBXUpdate-20140413-x64.cab) = 75771876a2309fa8ca083c2e76520173d434229b7cacf1e7636bd9b1bc4f871d745c348b9792bfb65fd9f40ef54c25bb427b1431151e817e7050b7829456731a
|
||||
SHA512 (DBXUpdate-20160809-x64.cab) = c27c564999ae84515540f1a598cd0fd9ef3a80cdfaaf439f1c4cb04eaee0e73074548b6d76c21ca3af1ba9c4c0625907e821582998eb5617e33ecd412e6c8a13
|
||||
SHA512 (DBXUpdate-20200729-aa64.cab) = 7a0cea13ed9b645fd9f1d5e3410a451d83643a75f5dc603272b0771b093f2c012f9a19419160403631c250cf64127ad2ce1c8fa2079b04064af73fe85b9add33
|
||||
SHA512 (DBXUpdate-20200729-ia32.cab) = 578ec9cccf2001b8bfa54b66809a1662269677050e74bd3225536fbd2be56a8162c48669bd16ea553723580195df1693a28dc01fc1cf62ff06e36a2c5568f74f
|
||||
SHA512 (DBXUpdate-20200729-x64.cab) = b8b195167d286a3f16aaa7c89149a0d5b4c8f53080e3265758b912f250fa655533c603359b7d1c989ebad6953ce443809b3317ec1d00f750326945ee0537e43b
|
Loading…
Reference in New Issue
Block a user