rpms/fwupd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c8-beta/fwupd-1.1.4-2.el8
Branches Tags
rpms:c8
rpms:c9s
rpms:c10s
rpms:a9-beta
rpms:c9-beta
rpms:c10-beta
rpms:a9
rpms:c9s-uprev_1.9.10
rpms:a8-beta
rpms:c8-beta
rpms:c8s
rpms:c9
rpms:a9_new_sb
rpms:a8_new_sb
rpms:a8
rpms:c9s-uprev
rpms:imports/c10s/fwupd-1.9.29-1.el10
rpms:changed/a9-beta/fwupd-1.9.26-1.el9.alma.1
rpms:imports/c9-beta/fwupd-1.9.26-1.el9
rpms:imports/c10s/fwupd-1.9.26-3.el10
rpms:imports/c10-beta/fwupd-1.9.19-1.el10
rpms:imports/c10s/fwupd-1.9.26-2.el10
rpms:imports/c10s/fwupd-1.9.26-1
rpms:imports/c10s/fwupd-1.9.19-1.el10
rpms:imports/c10s/fwupd-1.9.19-3.el10
rpms:imports/c8/fwupd-1.7.8-2.el8.alma
rpms:imports/a9/fwupd-1.9.13-2.el9.alma.1
rpms:changed/a9/fwupd-1.8.16-1.el9.alma.2
rpms:changed/a9-beta/fwupd-1.8.16-1.el9.alma.1
rpms:changed/a8-beta/fwupd-1.7.8-2.el8.alma
rpms:imports/c8-beta/fwupd-1.7.8-2.el8
rpms:changed/a9/fwupd-1.8.10-2.el9.alma
rpms:imports/c9/fwupd-1.8.10-2.el9
rpms:changed/a9-beta/fwupd-1.8.10-2.el9.alma
rpms:changed/a8-beta/fwupd-1.7.8-1.el8.alma.1
rpms:imports/c9-beta/fwupd-1.8.10-2.el9
rpms:changed/a9/fwupd-1.7.9-1.el9.alma.1
rpms:changed/a9/fwupd-1.7.9-1.el9.alma
rpms:imports/c9/fwupd-1.7.9-1.el9
rpms:changed/a8/fwupd-1.7.8-1.el8.alma
rpms:imports/c8/fwupd-1.7.8-1.el8
rpms:changed/a9-beta/fwupd-1.7.9-1.el9.alma
rpms:changed/a8-beta/fwupd-1.7.8-1.el8.alma
rpms:imports/c9-beta/fwupd-1.7.9-1.el9
rpms:imports/c8-beta/fwupd-1.7.8-1.el8
rpms:imports/c8s/fwupd-1.7.8-1.el8
rpms:changed/a9/fwupd-1.7.4-2.el9_0.alma
rpms:imports/c9/fwupd-1.7.4-2.el9_0
rpms:changed/a8/fwupd-1.7.4-2.el8.alma
rpms:imports/c8/fwupd-1.7.4-2.el8
rpms:changed/a8-beta/fwupd-1.7.1-1.el8.alma
rpms:imports/c8s/fwupd-1.7.4-2.el8
rpms:imports/c8-beta/fwupd-1.7.1-1.el8
rpms:changed/a9-beta/fwupd-1.5.9-3.el9.alma
rpms:imports/c9-beta/fwupd-1.5.9-3.el9
rpms:imports/c8s/fwupd-1.7.1-1.el8
rpms:imports/c8-beta/fwupd-1.5.9-1.el8
rpms:imports/c8-beta/fwupd-1.5.5-3.el8
rpms:imports/c8-beta/fwupd-1.4.1-1.el8
rpms:imports/c8-beta/fwupd-1.1.4-2.el8
rpms:imports/c8-beta/fwupd-1.1.4-1.el8
rpms:changed/a8/fwupd-1.5.9-1.el8_4.alma
rpms:imports/c8s/fwupd-1.5.9-1.el8
rpms:imports/c8s/fwupd-1.5.5-3.el8
rpms:imports/c8s/fwupd-1.5.5-1.el8
rpms:imports/c8s/fwupd-1.4.2-4.el8
rpms:imports/c8s/fwupd-1.4.2-2.el8
rpms:imports/c8/fwupd-1.5.9-1.el8
rpms:imports/c8/fwupd-1.5.9-1.el8_4
rpms:imports/c8/fwupd-1.5.5-3.el8
rpms:imports/c8/fwupd-1.4.2-4.el8
rpms:imports/c8/fwupd-1.1.4-7.el8_2
rpms:imports/c8/fwupd-1.1.4-6.el8
...
compare: rpms:c8
Branches Tags
rpms:c9s
rpms:c10s
rpms:a9-beta
rpms:c9-beta
rpms:c10-beta
rpms:c8
rpms:a9
rpms:c9s-uprev_1.9.10
rpms:a8-beta
rpms:c8-beta
rpms:c8s
rpms:c9
rpms:a9_new_sb
rpms:a8_new_sb
rpms:a8
rpms:c9s-uprev
rpms:imports/c10s/fwupd-1.9.29-1.el10
rpms:changed/a9-beta/fwupd-1.9.26-1.el9.alma.1
rpms:imports/c9-beta/fwupd-1.9.26-1.el9
rpms:imports/c10s/fwupd-1.9.26-3.el10
rpms:imports/c10-beta/fwupd-1.9.19-1.el10
rpms:imports/c10s/fwupd-1.9.26-2.el10
rpms:imports/c10s/fwupd-1.9.26-1
rpms:imports/c10s/fwupd-1.9.19-1.el10
rpms:imports/c10s/fwupd-1.9.19-3.el10
rpms:imports/c8/fwupd-1.7.8-2.el8.alma
rpms:imports/a9/fwupd-1.9.13-2.el9.alma.1
rpms:changed/a9/fwupd-1.8.16-1.el9.alma.2
rpms:changed/a9-beta/fwupd-1.8.16-1.el9.alma.1
rpms:changed/a8-beta/fwupd-1.7.8-2.el8.alma
rpms:imports/c8-beta/fwupd-1.7.8-2.el8
rpms:changed/a9/fwupd-1.8.10-2.el9.alma
rpms:imports/c9/fwupd-1.8.10-2.el9
rpms:changed/a9-beta/fwupd-1.8.10-2.el9.alma
rpms:changed/a8-beta/fwupd-1.7.8-1.el8.alma.1
rpms:imports/c9-beta/fwupd-1.8.10-2.el9
rpms:changed/a9/fwupd-1.7.9-1.el9.alma.1
rpms:changed/a9/fwupd-1.7.9-1.el9.alma
rpms:imports/c9/fwupd-1.7.9-1.el9
rpms:changed/a8/fwupd-1.7.8-1.el8.alma
rpms:imports/c8/fwupd-1.7.8-1.el8
rpms:changed/a9-beta/fwupd-1.7.9-1.el9.alma
rpms:changed/a8-beta/fwupd-1.7.8-1.el8.alma
rpms:imports/c9-beta/fwupd-1.7.9-1.el9
rpms:imports/c8-beta/fwupd-1.7.8-1.el8
rpms:imports/c8s/fwupd-1.7.8-1.el8
rpms:changed/a9/fwupd-1.7.4-2.el9_0.alma
rpms:imports/c9/fwupd-1.7.4-2.el9_0
rpms:changed/a8/fwupd-1.7.4-2.el8.alma
rpms:imports/c8/fwupd-1.7.4-2.el8
rpms:changed/a8-beta/fwupd-1.7.1-1.el8.alma
rpms:imports/c8s/fwupd-1.7.4-2.el8
rpms:imports/c8-beta/fwupd-1.7.1-1.el8
rpms:changed/a9-beta/fwupd-1.5.9-3.el9.alma
rpms:imports/c9-beta/fwupd-1.5.9-3.el9
rpms:imports/c8s/fwupd-1.7.1-1.el8
rpms:imports/c8-beta/fwupd-1.5.9-1.el8
rpms:imports/c8-beta/fwupd-1.5.5-3.el8
rpms:imports/c8-beta/fwupd-1.4.1-1.el8
rpms:imports/c8-beta/fwupd-1.1.4-2.el8
rpms:imports/c8-beta/fwupd-1.1.4-1.el8
rpms:changed/a8/fwupd-1.5.9-1.el8_4.alma
rpms:imports/c8s/fwupd-1.5.9-1.el8
rpms:imports/c8s/fwupd-1.5.5-3.el8
rpms:imports/c8s/fwupd-1.5.5-1.el8
rpms:imports/c8s/fwupd-1.4.2-4.el8
rpms:imports/c8s/fwupd-1.4.2-2.el8
rpms:imports/c8/fwupd-1.5.9-1.el8
rpms:imports/c8/fwupd-1.5.9-1.el8_4
rpms:imports/c8/fwupd-1.5.5-3.el8
rpms:imports/c8/fwupd-1.4.2-4.el8
rpms:imports/c8/fwupd-1.1.4-7.el8_2
rpms:imports/c8/fwupd-1.1.4-6.el8

No commits in common. "imports/c8-beta/fwupd-1.1.4-2.el8" and "c8" have entirely different histories.
imports/c8 ... c8

11 changed files with 656 additions and 355 deletions
Show Stats Expand all files Collapse all files

1
.fwupd.metadata
View File

@ -1 +0,0 @@
9777016b6b861676e3e88153f7b310e4d985871a SOURCES/fwupd-1.1.4.tar.xz

11
.gitignore vendored
View File

@ -1 +1,10 @@
SOURCES/fwupd-1.1.4.tar.xz
SOURCES/DBXUpdate-20100307-x64.cab
SOURCES/DBXUpdate-20140413-x64.cab
SOURCES/DBXUpdate-20160809-x64.cab
SOURCES/DBXUpdate-20200729-aa64.cab
SOURCES/DBXUpdate-20200729-ia32.cab
SOURCES/DBXUpdate-20200729-x64.cab
SOURCES/almalinuxsecurebootca0.cer
SOURCES/fwupd-1.7.8.tar.xz
SOURCES/fwupd-efi-1.3.tar.xz
SOURCES/libjcat-0.1.9.tar.xz

220
SOURCES/0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
View File

@ -1,220 +0,0 @@
commit 58f79c3d235290c4cecccc1d55cbcc2da8e988a6
Author: Richard Hughes <richard@hughsie.com>
Date: Thu Aug 1 09:45:25 2019 +0100
Relax the certificate time checks in the self tests for the legacy certificate
One test verifies a firmware with a signature from the old LVFS which was
hosted on secure-lvfs.rhcloud.com and used the original PKCS-7 key. This key
had a two year validity (expiring today, ohh the naivety...) rather than the
newer fwupd.org key which expires in the year 2058.
For this specific test only, disable the certificate time checks to fix CI.
Fixes https://github.com/hughsie/fwupd/issues/1264
diff --git a/src/fu-engine.c b/src/fu-engine.c
index ac102cfa..1a57b0af 100644
--- a/src/fu-engine.c
+++ b/src/fu-engine.c
@@ -1908,7 +1908,8 @@ fu_engine_get_existing_keyring_result (FuEngine *self,
blob_sig = fu_common_get_contents_bytes (fwupd_remote_get_filename_cache_sig (remote), error);
if (blob_sig == NULL)
return NULL;
- return fu_keyring_verify_data (kr, blob, blob_sig, error);
+ return fu_keyring_verify_data (kr, blob, blob_sig,
+ FU_KEYRING_VERIFY_FLAG_NONE, error);
}
/**
@@ -1991,7 +1992,9 @@ fu_engine_update_metadata (FuEngine *self, const gchar *remote_id,
pki_dir = g_build_filename (sysconfdir, "pki", "fwupd-metadata", NULL);
if (!fu_keyring_add_public_keys (kr, pki_dir, error))
return FALSE;
- kr_result = fu_keyring_verify_data (kr, bytes_raw, bytes_sig, error);
+ kr_result = fu_keyring_verify_data (kr, bytes_raw, bytes_sig,
+ FU_KEYRING_VERIFY_FLAG_NONE,
+ error);
if (kr_result == NULL)
return FALSE;
diff --git a/src/fu-keyring-gpg.c b/src/fu-keyring-gpg.c
index af0bfbe0..a51ab7a4 100644
--- a/src/fu-keyring-gpg.c
+++ b/src/fu-keyring-gpg.c
@@ -231,6 +231,7 @@ static FuKeyringResult *
fu_keyring_gpg_verify_data (FuKeyring *keyring,
GBytes *blob,
GBytes *blob_signature,
+ FuKeyringVerifyFlags flags,
GError **error)
{
FuKeyringGpg *self = FU_KEYRING_GPG (keyring);
diff --git a/src/fu-keyring-pkcs7.c b/src/fu-keyring-pkcs7.c
index d48dc5d0..dc310d37 100644
--- a/src/fu-keyring-pkcs7.c
+++ b/src/fu-keyring-pkcs7.c
@@ -182,6 +182,7 @@ static FuKeyringResult *
fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
GBytes *blob,
GBytes *blob_signature,
+ FuKeyringVerifyFlags flags,
GError **error)
{
FuKeyringPkcs7 *self = FU_KEYRING_PKCS7 (keyring);
@@ -231,6 +232,14 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
for (gint i = 0; i < count; i++) {
gnutls_pkcs7_signature_info_st info;
gint64 signing_time = 0;
+ gnutls_certificate_verify_flags verify_flags = 0;
+
+ /* use with care */
+ if (flags & FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS) {
+ g_debug ("WARNING: disabling time checks");
+ verify_flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+ verify_flags |= GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS;
+ }
/* verify the data against the detached signature */
rc = gnutls_pkcs7_verify (pkcs7, self->tl,
@@ -238,7 +247,7 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
0, /* vdata_size */
i, /* index */
&datum, /* data */
- 0); /* flags */
+ verify_flags);
if (rc < 0) {
g_set_error (error,
FWUPD_ERROR,
diff --git a/src/fu-keyring-utils.c b/src/fu-keyring-utils.c
index 0c5a7f04..465b4a02 100644
--- a/src/fu-keyring-utils.c
+++ b/src/fu-keyring-utils.c
@@ -167,7 +167,9 @@ fu_keyring_get_release_trust_flags (AsRelease *release,
fu_keyring_get_name (kr));
return FALSE;
}
- kr_result = fu_keyring_verify_data (kr, blob_payload, blob_signature, &error_local);
+ kr_result = fu_keyring_verify_data (kr, blob_payload, blob_signature,
+ FU_KEYRING_VERIFY_FLAG_NONE,
+ &error_local);
if (kr_result == NULL) {
g_warning ("untrusted as failed to verify from %s keyring: %s",
fu_keyring_get_name (kr),
diff --git a/src/fu-keyring.c b/src/fu-keyring.c
index d8a88e8c..9b582563 100644
--- a/src/fu-keyring.c
+++ b/src/fu-keyring.c
@@ -40,13 +40,14 @@ FuKeyringResult *
fu_keyring_verify_data (FuKeyring *keyring,
GBytes *blob,
GBytes *blob_signature,
+ FuKeyringVerifyFlags flags,
GError **error)
{
FuKeyringClass *klass = FU_KEYRING_GET_CLASS (keyring);
g_return_val_if_fail (FU_IS_KEYRING (keyring), NULL);
g_return_val_if_fail (blob != NULL, NULL);
g_return_val_if_fail (blob_signature != NULL, NULL);
- return klass->verify_data (keyring, blob, blob_signature, error);
+ return klass->verify_data (keyring, blob, blob_signature, flags, error);
}
const gchar *
diff --git a/src/fu-keyring.h b/src/fu-keyring.h
index 6e03694c..f097305d 100644
--- a/src/fu-keyring.h
+++ b/src/fu-keyring.h
@@ -17,6 +17,20 @@ G_BEGIN_DECLS
#define FU_TYPE_KEYRING (fu_keyring_get_type ())
G_DECLARE_DERIVABLE_TYPE (FuKeyring, fu_keyring, FU, KEYRING, GObject)
+/**
+ * FuKeyringVerifyFlags:
+ * @FU_KEYRING_VERIFY_FLAG_NONE: No flags set
+ * @FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS: Disable checking of validity periods
+ *
+ * The flags to use when interacting with a keyring
+ **/
+typedef enum {
+ FU_KEYRING_VERIFY_FLAG_NONE = 0,
+ FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS = 1 << 2,
+ /*< private >*/
+ FU_KEYRING_VERIFY_FLAG_LAST
+} FuKeyringVerifyFlags;
+
struct _FuKeyringClass
{
GObjectClass parent_class;
@@ -28,6 +42,7 @@ struct _FuKeyringClass
FuKeyringResult *(*verify_data) (FuKeyring *keyring,
GBytes *payload,
GBytes *payload_signature,
+ FuKeyringVerifyFlags flags,
GError **error);
};
@@ -39,6 +54,7 @@ gboolean fu_keyring_add_public_keys (FuKeyring *keyring,
FuKeyringResult *fu_keyring_verify_data (FuKeyring *keyring,
GBytes *blob,
GBytes *blob_signature,
+ FuKeyringVerifyFlags flags,
GError **error);
const gchar *fu_keyring_get_name (FuKeyring *self);
void fu_keyring_set_name (FuKeyring *self,
diff --git a/src/fu-self-test.c b/src/fu-self-test.c
index 4f359614..98fac714 100644
--- a/src/fu-self-test.c
+++ b/src/fu-self-test.c
@@ -1947,7 +1947,9 @@ fu_keyring_gpg_func (void)
g_assert_no_error (error);
g_assert_nonnull (blob_pass);
blob_sig = g_bytes_new_static (sig_gpgme, strlen (sig_gpgme));
- result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig, &error);
+ result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
+ FU_KEYRING_VERIFY_FLAG_NONE,
+ &error);
g_assert_no_error (error);
g_assert_nonnull (result_pass);
g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), == , 1438072952);
@@ -1960,7 +1962,8 @@ fu_keyring_gpg_func (void)
blob_fail = fu_common_get_contents_bytes (fw_fail, &error);
g_assert_no_error (error);
g_assert_nonnull (blob_fail);
- result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig, &error);
+ result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig,
+ FU_KEYRING_VERIFY_FLAG_NONE, &error);
g_assert_error (error, FWUPD_ERROR, FWUPD_ERROR_SIGNATURE_INVALID);
g_assert_null (result_fail);
g_clear_error (&error);
@@ -2010,7 +2013,9 @@ fu_keyring_pkcs7_func (void)
blob_sig = fu_common_get_contents_bytes (sig_fn, &error);
g_assert_no_error (error);
g_assert_nonnull (blob_sig);
- result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig, &error);
+ result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
+ FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS,
+ &error);
g_assert_no_error (error);
g_assert_nonnull (result_pass);
g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), >= , 1502871248);
@@ -2022,7 +2027,8 @@ fu_keyring_pkcs7_func (void)
blob_sig2 = fu_common_get_contents_bytes (sig_fn2, &error);
g_assert_no_error (error);
g_assert_nonnull (blob_sig2);
- result_fail = fu_keyring_verify_data (keyring, blob_pass, blob_sig2, &error);
+ result_fail = fu_keyring_verify_data (keyring, blob_pass, blob_sig2,
+ FU_KEYRING_VERIFY_FLAG_NONE, &error);
g_assert_error (error, FWUPD_ERROR, FWUPD_ERROR_SIGNATURE_INVALID);
g_assert_null (result_fail);
g_clear_error (&error);
@@ -2033,7 +2039,8 @@ fu_keyring_pkcs7_func (void)
blob_fail = fu_common_get_contents_bytes (fw_fail, &error);
g_assert_no_error (error);
g_assert_nonnull (blob_fail);
- result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig, &error);
+ result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig,
+ FU_KEYRING_VERIFY_FLAG_NONE, &error);
g_assert_error (error, FWUPD_ERROR, FWUPD_ERROR_SIGNATURE_INVALID);
g_assert_null (result_fail);
g_clear_error (&error);

29
SOURCES/0001-Use-usr-libexec-platform-python-for-RHEL.patch Normal file
View File

@ -0,0 +1,29 @@
From 1fc24adecbb62b3cd77ef965c5daf1b72f6c7aa8 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Tue, 22 Aug 2023 10:05:27 +0100
Subject: [PATCH] Use /usr/libexec/platform-python for RHEL
---
meson.build | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/meson.build b/meson.build
index bb406d616..ac90c8ee6 100644
--- a/meson.build
+++ b/meson.build
@@ -261,11 +261,7 @@ if libgcab.type_name() == 'pkgconfig' and cc.has_function('gcab_file_set_bytes',
endif
bashcomp = dependency('bash-completion', required: false)
-if host_machine.system() != 'freebsd'
- python3 = find_program('python3')
-else
- python3 = find_program('python3.8', 'python3', 'python3.9')
-endif
+python3 = find_program('/usr/libexec/platform-python')
if get_option('gnutls')
gnutls = dependency('gnutls', version : '>= 3.6.0')
--
2.41.0

28
SOURCES/0001-redfish-Set-the-permissions-of-redfish.conf-at-insta.patch Normal file
View File

@ -0,0 +1,28 @@
From 442f7f9200fbf6ec509dd0ee40eae2e37b2fb73e Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Tue, 20 Sep 2022 08:06:12 +0100
Subject: [PATCH 1/3] redfish: Set the permissions of redfish.conf at install
time
Although typically we set the password using fu_plugin_set_secure_config_value()
or something like Ansible or Puppet -- the user could just edit the file with
vim and we still want the permissions set correctly.
---
plugins/redfish/meson.build | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/redfish/meson.build b/plugins/redfish/meson.build
index 34ba4b7f6..7b19574de 100644
--- a/plugins/redfish/meson.build
+++ b/plugins/redfish/meson.build
@@ -48,6 +48,7 @@ shared_module('fu_plugin_redfish',
install_data(['redfish.conf'],
install_dir: join_paths(sysconfdir, 'fwupd'),
+ install_mode: 'rw-r-----',
)
if get_option('tests')
--
2.39.1

29
SOURCES/0001-trivial-Relax-the-timing-requirements-on-the-FuDevic.patch
View File

@ -1,29 +0,0 @@
From 48cea11bd5d3d8c7f7423ad9807b1e537bc051c8 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Thu, 8 Nov 2018 20:05:12 +0000
Subject: [PATCH] trivial: Relax the timing requirements on the FuDevice poll
test
If the poll source is scheduled just at the right time, we might only get 8x
'10ms ticks' in a 100ms window. This fixes an occasional build failure on
slower hardware and in CI.
---
src/fu-self-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/fu-self-test.c b/src/fu-self-test.c
index 3c774b55..edc0088d 100644
--- a/src/fu-self-test.c
+++ b/src/fu-self-test.c
@@ -2806,7 +2806,7 @@ fu_device_poll_func (void)
fu_test_loop_run_with_timeout (100);
fu_test_loop_quit ();
cnt = fu_device_get_metadata_integer (device, "cnt");
- g_assert_cmpint (cnt, >=, 9);
+ g_assert_cmpint (cnt, >=, 8);
/* disable the poll */
fu_device_set_poll_interval (device, 0);
--
2.19.1

47
SOURCES/0002-redfish-Only-create-users-using-IPMI-when-we-know-it.patch Normal file
View File

@ -0,0 +1,47 @@
From 4f39b747a6d860e32a3000451dd2635366c81776 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Tue, 20 Sep 2022 09:13:52 +0100
Subject: [PATCH 2/3] redfish: Only create users using IPMI when we know it's
going to work
Make the IPMI auto-account feature allow-listed on specific vendors as some IPMI
implementations are not specification compliant and do entirely the wrong thing.
---
plugins/redfish/fu-plugin-redfish.c | 8 ++++++++
plugins/redfish/redfish.quirk | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/plugins/redfish/fu-plugin-redfish.c b/plugins/redfish/fu-plugin-redfish.c
index deb0fe742..3972d4b4b 100644
--- a/plugins/redfish/fu-plugin-redfish.c
+++ b/plugins/redfish/fu-plugin-redfish.c
@@ -422,6 +422,14 @@ fu_plugin_redfish_startup(FuPlugin *plugin, GError **error)
#ifdef HAVE_LINUX_IPMI_H
/* we got neither a type 42 entry or config value, lets try IPMI */
if (fu_redfish_backend_get_username(data->backend) == NULL) {
+ if (!fu_context_has_hwid_flag(fu_plugin_get_context(plugin), "ipmi-create-user")) {
+ g_set_error_literal(error,
+ FWUPD_ERROR,
+ FWUPD_ERROR_NOT_SUPPORTED,
+ "no username and password specified, "
+ "and no vendor quirk for 'ipmi-create-user'");
+ return FALSE;
+ }
if (!fu_plugin_get_config_value_boolean(plugin, "IpmiDisableCreateUser")) {
g_debug("attempting to create user using IPMI");
if (!fu_redfish_plugin_ipmi_create_user(plugin, error))
diff --git a/plugins/redfish/redfish.quirk b/plugins/redfish/redfish.quirk
index b12439926..5e9722fda 100644
--- a/plugins/redfish/redfish.quirk
+++ b/plugins/redfish/redfish.quirk
@@ -1,6 +1,6 @@
# Lenovo ThinkSystem
[42f00735-c9ab-5374-bd63-a5deee5881e0]
-Flags = wildcard-targets,reset-required
+Flags = wildcard-targets,reset-required,ipmi-create-user
[REDFISH\VENDOR_Lenovo&ID_BMC-Backup]
ParentGuid = REDFISH\VENDOR_Lenovo&ID_BMC-Primary
--
2.39.1

141
SOURCES/0003-Never-save-the-Redfish-passwords-to-a-file-readable-.patch Normal file
View File

@ -0,0 +1,141 @@
From 41575afd93ca0e68bced78ca43a4488f124906a1 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 21 Sep 2022 14:56:10 +0100
Subject: [PATCH 3/3] Never save the Redfish passwords to a file readable by
users
When the redfish plugin automatically creates an OPERATOR user account on the
BMC we save the autogenerated password to /etc/fwupd/redfish.conf, ensuring it
is chmod'ed to 0660 before writing the file with g_key_file_save_to_file().
Under the covers, g_key_file_save_to_file() calls g_file_set_contents() with
the keyfile string data.
I was under the impression that G_FILE_CREATE_REPLACE_DESTINATION was being
used to copy permissions, but alas not.
GLib instead calls g_file_set_contents_full() with the mode hardcoded to 0666,
which undoes the previous chmod().
Use g_file_set_contents_full() with the correct mode for newer GLib versions,
and provide a fallback with the same semantics for older versions.
---
contrib/fwupd.spec.in | 3 ++
libfwupdplugin/fu-plugin.c | 65 +++++++++++++++++++++++++++++------
libfwupdplugin/fu-self-test.c | 57 ++++++++++++++++++++++++++++++
3 files changed, 114 insertions(+), 11 deletions(-)
diff --git a/contrib/fwupd.spec.in b/contrib/fwupd.spec.in
index a50e30a9c..0854fcf4f 100644
--- a/contrib/fwupd.spec.in
+++ b/contrib/fwupd.spec.in
@@ -313,6 +313,9 @@ for fn in /etc/fwupd/remotes.d/*.conf; do
fi
done
+# ensure this is private
+chmod 0660 /etc/fwupd/redfish.conf
+
%preun
%systemd_preun fwupd.service
diff --git a/libfwupdplugin/fu-plugin.c b/libfwupdplugin/fu-plugin.c
index 18042a028..04951de85 100644
--- a/libfwupdplugin/fu-plugin.c
+++ b/libfwupdplugin/fu-plugin.c
@@ -9,6 +9,7 @@
#include "config.h"
#include <errno.h>
+#include <fcntl.h>
#include <fwupd.h>
#include <glib/gstdio.h>
#include <gmodule.h>
@@ -2256,6 +2257,46 @@ fu_plugin_set_config_value(FuPlugin *self, const gchar *key, const gchar *value,
return g_key_file_save_to_file(keyfile, conf_path, error);
}
+#if !GLIB_CHECK_VERSION(2, 66, 0)
+
+#define G_FILE_SET_CONTENTS_CONSISTENT 0
+typedef guint GFileSetContentsFlags;
+static gboolean
+g_file_set_contents_full(const gchar *filename,
+ const gchar *contents,
+ gssize length,
+ GFileSetContentsFlags flags,
+ int mode,
+ GError **error)
+{
+ gint fd;
+ gssize wrote;
+
+ if (length < 0)
+ length = strlen(contents);
+ fd = g_open(filename, O_CREAT, mode);
+ if (fd <= 0) {
+ g_set_error(error,
+ G_IO_ERROR,
+ G_IO_ERROR_FAILED,
+ "could not open %s file",
+ filename);
+ return FALSE;
+ }
+ wrote = write(fd, contents, length);
+ if (wrote != length) {
+ g_set_error(error,
+ G_IO_ERROR,
+ G_IO_ERROR_FAILED,
+ "did not write %s file",
+ filename);
+ g_close(fd, NULL);
+ return FALSE;
+ }
+ return g_close(fd, error);
+}
+#endif
+
/**
* fu_plugin_set_secure_config_value:
* @self: a #FuPlugin
@@ -2277,7 +2318,8 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
GError **error)
{
g_autofree gchar *conf_path = fu_plugin_get_config_filename(self);
- gint ret;
+ g_autofree gchar *data = NULL;
+ g_autoptr(GKeyFile) keyfile = g_key_file_new();
g_return_val_if_fail(FU_IS_PLUGIN(self), FALSE);
g_return_val_if_fail(error == NULL || *error == NULL, FALSE);
@@ -2286,17 +2328,18 @@ fu_plugin_set_secure_config_value(FuPlugin *self,
g_set_error(error, FWUPD_ERROR, FWUPD_ERROR_NOT_FOUND, "%s is missing", conf_path);
return FALSE;
}
- ret = g_chmod(conf_path, 0660);
- if (ret == -1) {
- g_set_error(error,
- FWUPD_ERROR,
- FWUPD_ERROR_INTERNAL,
- "failed to set permissions on %s",
- conf_path);
+ if (!g_key_file_load_from_file(keyfile, conf_path, G_KEY_FILE_KEEP_COMMENTS, error))
return FALSE;
- }
-
- return fu_plugin_set_config_value(self, key, value, error);
+ g_key_file_set_string(keyfile, fu_plugin_get_name(self), key, value);
+ data = g_key_file_to_data(keyfile, NULL, error);
+ if (data == NULL)
+ return FALSE;
+ return g_file_set_contents_full(conf_path,
+ data,
+ -1,
+ G_FILE_SET_CONTENTS_CONSISTENT,
+ 0660,
+ error);
}
/**
--
2.39.1

BIN
SOURCES/secureboot.cer
View File

Binary file not shown.

BIN
SOURCES/securebootca.cer
View File

Binary file not shown.

505
SPECS/fwupd.spec
View File

@ -1,21 +1,34 @@
%global efi_vendor almalinux
%global efidir almalinux
%global efi_esp_dir /boot/efi/EFI/%{efidir}
%global glib2_version 2.45.8
%global libappstream_version 0.7.4
%global libxmlb_version 0.1.3
%global libgusb_version 0.2.11
%global libsoup_version 2.51.92
%global libcurl_version 7.61.0
%global systemd_version 231
%global json_glib_version 1.1.1
%global fwupdplugin_version 5
# although we ship a few tiny python files these are utilities that 99.99%
# of users do not need -- use this to avoid dragging python onto CoreOS
%global __requires_exclude ^%{python3}$
# PPC64 is too slow to complete the tests under 3 minutes...
%ifnarch ppc64le
%global enable_tests 1
%endif
%global enable_dummy 1
%global __meson_wrap_mode default
# fwupd.efi is only available on these arches
%ifarch x86_64 aarch64
%global have_uefi 1
%endif
# redfish is only available on this arch
%ifarch x86_64
%global have_redfish 1
%ifarch i686 x86_64
%global have_msr 1
%endif
# libsmbios is only available on x86
@ -23,31 +36,50 @@
%global have_dell 1
%endif
# only available recently
%if 0%{?fedora} >= 34 || 0%{?rhel} >= 9
%global have_modem_manager 1
%endif
Summary: Firmware update daemon
Name: fwupd
Version: 1.1.4
Release: 2%{?dist}
Version: 1.7.8
Release: 2%{?dist}.alma
License: LGPLv2+
URL: https://github.com/hughsie/fwupd
URL: https://github.com/fwupd/fwupd
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
Source1: securebootca.cer
Source2: secureboot.cer
Source1: http://people.freedesktop.org/~hughsient/releases/libjcat-0.1.9.tar.xz
Source2: http://people.freedesktop.org/~hughsient/releases/fwupd-efi-1.3.tar.xz
# backport from upstream
Patch0: 0001-trivial-Relax-the-timing-requirements-on-the-FuDevic.patch
Patch1: 0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
Source10: http://people.redhat.com/rhughes/dbx/DBXUpdate-20100307-x64.cab
Source11: http://people.redhat.com/rhughes/dbx/DBXUpdate-20140413-x64.cab
Source12: http://people.redhat.com/rhughes/dbx/DBXUpdate-20160809-x64.cab
Source13: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab
Source14: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab
Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab
# these are numbered high just to keep them wildly away from colliding with
# the real package sources, in order to reduce churn.
Source300: almalinuxsecurebootca0.cer
Patch1: 0001-redfish-Set-the-permissions-of-redfish.conf-at-insta.patch
Patch2: 0002-redfish-Only-create-users-using-IPMI-when-we-know-it.patch
Patch3: 0003-Never-save-the-Redfish-passwords-to-a-file-readable-.patch
Patch4: 0001-Use-usr-libexec-platform-python-for-RHEL.patch
BuildRequires: efi-srpm-macros
BuildRequires: gettext
BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: libappstream-glib-devel >= %{libappstream_version}
BuildRequires: libxmlb-devel >= %{libxmlb_version}
BuildRequires: libgcab1-devel
BuildRequires: libgudev1-devel
BuildRequires: libgusb-devel >= %{libgusb_version}
BuildRequires: libsoup-devel >= %{libsoup_version}
BuildRequires: libcurl-devel >= %{libcurl_version}
BuildRequires: polkit-devel >= 0.103
BuildRequires: sqlite-devel
BuildRequires: gpgme-devel
BuildRequires: systemd >= %{systemd_version}
BuildRequires: systemd-devel
BuildRequires: libarchive-devel
BuildRequires: gobject-introspection-devel
BuildRequires: gcab
@ -55,28 +87,25 @@ BuildRequires: gcab
BuildRequires: valgrind
BuildRequires: valgrind-devel
%endif
BuildRequires: elfutils-libelf-devel
BuildRequires: gtk-doc
BuildRequires: libuuid-devel
BuildRequires: gnutls-devel
BuildRequires: gnutls-utils
BuildRequires: meson
BuildRequires: help2man
BuildRequires: json-glib-devel >= %{json_glib_version}
BuildRequires: vala
BuildRequires: python3-devel
BuildRequires: bash-completion
BuildRequires: git-core
# until rh-signing-tools is fixed
BuildRequires: nss-tools
%if 0%{?have_redfish}
BuildRequires: efivar-devel >= 33
%if 0%{?have_modem_manager}
BuildRequires: ModemManager-glib-devel >= 1.10.0
BuildRequires: libqmi-devel >= 1.22.0
BuildRequires: libmbim-devel
%endif
%if 0%{?have_uefi}
BuildRequires: efivar-devel >= 33
BuildRequires: python3 python3-cairo python3-gobject python3-pillow
BuildRequires: python3 python3-cairo python3-gobject
BuildRequires: pango-devel
BuildRequires: cairo-devel cairo-gobject-devel
BuildRequires: freetype
@ -96,16 +125,30 @@ Requires(preun): systemd
Requires(postun): systemd
Requires: glib2%{?_isa} >= %{glib2_version}
Requires: libappstream-glib%{?_isa} >= %{libappstream_version}
Requires: libxmlb%{?_isa} >= %{libxmlb_version}
Requires: libgusb%{?_isa} >= %{libgusb_version}
Requires: libsoup%{?_isa} >= %{libsoup_version}
Requires: bubblewrap
Requires: shared-mime-info
Obsoletes: fwupd-sign < 0.1.6
Obsoletes: libebitdo < 0.7.5-3
Obsoletes: libdfu < 1.0.0
Obsoletes: fwupd-labels < 1.1.0-1
Obsoletes: dbxtool < 9
Provides: dbxtool
%if 0%{?rhel} > 7
Obsoletes: fwupdate < 13
Obsoletes: fwupdate-efi < 13
Provides: fwupdate
Provides: fwupdate-efi
%endif
# optional, but a really good idea
Recommends: udisks2
%description
fwupd is a daemon to allow session software to update device firmware.
@ -120,8 +163,7 @@ Files for development with %{name}.
%package tests
Summary: Data files for installed tests
BuildArch: noarch
Recommends: python3
Requires: %{name}%{?_isa} = %{version}-%{release}
%description tests
Data files for installed tests.
@ -129,15 +171,22 @@ Data files for installed tests.
%prep
%autosetup -p1
mkdir -p subprojects/libjcat
tar xfvs %{SOURCE1} -C subprojects/libjcat --strip-components=1
mkdir -p subprojects/fwupd-efi
tar xfvs %{SOURCE2} -C subprojects/fwupd-efi --strip-components=1
sed -ri '1s=^#!/usr/bin/(env )?python3=#!%{__python3}=' \
libfwupd/generate-version-script.py \
data/installed-tests/hardware.py \
po/test-deps \
po/make-images \
contrib/ci/generate_debian.py \
contrib/ci/generate_docker.py \
contrib/firmware-packager/firmware-packager \
plugins/dfu/contrib/parse-avrdude-conf.py
contrib/ci/*.py \
contrib/firmware_packager/*.py \
contrib/*.py \
contrib/standalone-installer/assets/*.py \
contrib/standalone-installer/*.py \
libfwupdplugin/*.py \
plugins/dfu/contrib/*.py \
plugins/uefi-capsule/make-images.py \
po/test-deps
%build
@ -145,7 +194,12 @@ sed -ri '1s=^#!/usr/bin/(env )?python3=#!%{__python3}=' \
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%meson \
-Dgtkdoc=true \
-Ddocs=gtkdoc \
-Dlvfs=disabled \
-Defi_os_dir=%{efi_vendor} \
-Dlibjcat:gtkdoc=false \
-Dlibjcat:introspection=false \
-Dlibjcat:tests=false \
%if 0%{?enable_tests}
-Dtests=true \
%else
@ -156,27 +210,50 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%else
-Dplugin_dummy=false \
%endif
-Dplugin_thunderbolt=true \
%if 0%{?have_redfish}
-Dplugin_redfish=true \
-Dplugin_flashrom=false \
%if 0%{?have_msr}
-Dplugin_msr=true \
%else
-Dplugin_redfish=false \
-Dplugin_msr=false \
%endif
-Dplugin_thunderbolt=true \
%if 0%{?have_uefi}
-Dplugin_uefi=true \
-Dplugin_nvme=true \
-Dplugin_uefi_capsule=true \
-Dplugin_uefi_pk=false \
%ifarch x86_64
-Dfwupd-efi:efi_sbat_distro_id="almalinux" \
-Dfwupd-efi:efi_sbat_distro_summary="AlmaLinux" \
-Dfwupd-efi:efi_sbat_distro_pkgname="%{name}" \
-Dfwupd-efi:efi_sbat_distro_version="%{version}" \
-Dfwupd-efi:efi_sbat_distro_url="mail:security@almalinux.org" \
-Dfwupd-efi:efi-libdir="/usr/lib64" \
%endif
-Dplugin_tpm=false \
%else
-Dplugin_uefi=false \
-Dplugin_nvme=false \
-Dplugin_uefi_capsule=false \
-Dplugin_uefi_pk=false \
-Dplugin_tpm=false \
%endif
%if 0%{?have_dell}
-Dplugin_dell=true \
-Dplugin_synaptics=true \
-Dplugin_synaptics_mst=true \
%else
-Dplugin_dell=false \
-Dplugin_synaptics=false \
-Dplugin_synaptics_mst=false \
%endif
-Dman=true
%if 0%{?have_modem_manager}
-Dplugin_modem_manager=true \
%else
-Dplugin_modem_manager=false \
%endif
-Dplugin_logitech_bulkcontroller=false \
-Dman=true \
-Dbluez=false \
-Dplugin_cfu=false \
-Dplugin_mtd=false \
-Dplugin_powerd=false \
-Dplugin_uf2=false \
-Dsupported_build=true
%meson_build
@ -188,148 +265,368 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%install
%meson_install
# on RHEL the LVFS is disabled by default
mkdir -p %{buildroot}/%{_datadir}/dbxtool
install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{buildroot}/%{_datadir}/dbxtool
# sign fwupd.efi loader
%if 0%{?have_uefi}
%ifarch x86_64
%global efiarch x64
%endif
%ifarch aarch64
%global efiarch aa64
%endif
%global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE1} -c %{SOURCE2} -n redhatsecureboot301
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE300} -c %{SOURCE301} -n clsecureboot001
%endif
mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
# workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1757948
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%find_lang %{name}
%post
/sbin/ldconfig
%systemd_post fwupd.service
# change vendor-installed remotes to use the default keyring type
for fn in /etc/fwupd/remotes.d/*.conf; do
if grep -q "Keyring=gpg" "$fn"; then
sed -i 's/Keyring=gpg/#Keyring=pkcs/g' "$fn";
fi
done
%preun
%systemd_preun fwupd.service
%postun
/sbin/ldconfig
%systemd_postun_with_restart fwupd.service
%systemd_postun_with_restart pesign.service
%files -f %{name}.lang
%doc README.md AUTHORS NEWS
%doc README.md AUTHORS
%license COPYING
%config(noreplace)%{_sysconfdir}/fwupd/daemon.conf
%if 0%{?have_uefi}
%config(noreplace)%{_sysconfdir}/fwupd/uefi.conf
%config(noreplace)%{_sysconfdir}/fwupd/uefi_capsule.conf
%endif
%if 0%{?have_redfish}
%config(noreplace)%{_sysconfdir}/fwupd/redfish.conf
%endif
%config(noreplace)%{_sysconfdir}/fwupd/thunderbolt.conf
%dir %{_libexecdir}/fwupd
%{_libexecdir}/fwupd/fwupd
%{_libexecdir}/fwupd/fwupdtool
%ifarch i686 x86_64
%{_libexecdir}/fwupd/fwupd-detect-cet
%endif
%{_libexecdir}/fwupd/fwupdoffline
%if 0%{?have_uefi}
%{_libexecdir}/fwupd/efi/*.efi
%ifarch x86_64
%{_libexecdir}/fwupd/efi/*.efi.signed
%{_libexecdir}/fwupd/fwupdate
%endif
%{_bindir}/fwupdate
%endif
%{_bindir}/dfu-tool
%if 0%{?have_uefi}
%{_bindir}/dbxtool
%endif
%{_bindir}/fwupdmgr
%{_bindir}/fwupdtool
%{_bindir}/fwupdagent
%{_bindir}/jcat-tool
%dir %{_sysconfdir}/fwupd
%dir %{_sysconfdir}/fwupd/remotes.d
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd.conf
%if 0%{?have_dell}
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/dell-esrt.conf
%endif
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/lvfs.conf
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/lvfs-testing.conf
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor.conf
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor-directory.conf
%config(noreplace)%{_sysconfdir}/pki/fwupd
%{_sysconfdir}/pki/fwupd-metadata
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.fwupd.conf
%if 0%{?have_msr}
/usr/lib/modules-load.d/fwupd-msr.conf
%config(noreplace)%{_sysconfdir}/fwupd/msr.conf
%endif
%{_datadir}/dbus-1/system.d/org.freedesktop.fwupd.conf
%{_datadir}/bash-completion/completions/fwupdmgr
%{_datadir}/bash-completion/completions/fwupdtool
%{_datadir}/bash-completion/completions/fwupdagent
%{_datadir}/fish/vendor_completions.d/fwupdmgr.fish
%{_datadir}/fwupd/metainfo/org.freedesktop.fwupd*.metainfo.xml
%{_datadir}/fwupd/remotes.d/fwupd/metadata.xml
%if 0%{?have_dell}
%{_datadir}/fwupd/remotes.d/dell-esrt/metadata.xml
%endif
%{_datadir}/fwupd/remotes.d/vendor/firmware/README.md
%{_datadir}/dbus-1/interfaces/org.freedesktop.fwupd.xml
%{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy
%{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules
%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
%{_datadir}/man/man1/dfu-tool.1.gz
%{_datadir}/man/man1/fwupdmgr.1.gz
%dir %{_datadir}/dbxtool
%{_datadir}/dbxtool/DBXUpdate-20100307-x64.cab
%{_datadir}/dbxtool/DBXUpdate-20140413-x64.cab
%{_datadir}/dbxtool/DBXUpdate-20160809-x64.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-aa64.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-ia32.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-x64.cab
%{_mandir}/man1/fwupdtool.1*
%{_mandir}/man1/fwupdagent.1*
%{_mandir}/man1/dfu-tool.1*
%if 0%{?have_uefi}
%{_mandir}/man1/dbxtool.*
%endif
%{_mandir}/man1/fwupdmgr.1*
%if 0%{?have_uefi}
%{_mandir}/man1/fwupdate.1*
%endif
%{_mandir}/man1/jcat-tool.1*
%{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml
%{_datadir}/fwupd/firmware-packager
%{_datadir}/icons/hicolor/scalable/apps/org.freedesktop.fwupd.svg
%{_datadir}/fwupd/firmware_packager.py
%{_datadir}/fwupd/simple_client.py
%{_datadir}/fwupd/add_capsule_header.py
%{_datadir}/fwupd/install_dell_bios_exe.py
%{_unitdir}/fwupd-offline-update.service
%{_unitdir}/fwupd.service
%{_unitdir}/fwupd-refresh.service
%{_unitdir}/fwupd-refresh.timer
%{_presetdir}/fwupd-refresh.preset
%{_unitdir}/system-update.target.wants/
%dir %{_localstatedir}/lib/fwupd
%dir %{_localstatedir}/cache/fwupd
%dir %{_datadir}/fwupd/quirks.d
%{_datadir}/fwupd/quirks.d/*.quirk
%{_localstatedir}/lib/fwupd/builder/README.md
%{_libdir}/libfwupd*.so.*
%{_datadir}/doc/fwupd/builder/README.md
%if 0%{?have_uefi}
%{_sysconfdir}/grub.d/35_fwupd
%endif
%{_libdir}/libfwupd.so.2*
%{_libdir}/libfwupdplugin.so.%{fwupdplugin_version}*
%{_libdir}/libjcat.so.*
%{_libdir}/girepository-1.0/Fwupd-2.0.typelib
%{_libdir}/girepository-1.0/FwupdPlugin-1.0.typelib
/usr/lib/udev/rules.d/*.rules
%dir %{_libdir}/fwupd-plugins-3
%{_libdir}/fwupd-plugins-3/libfu_plugin_altos.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_amt.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_colorhug.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_csr.so
/usr/lib/systemd/system-shutdown/fwupd.shutdown
%dir %{_libdir}/fwupd-plugins-%{fwupdplugin_version}
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_acpi_dmar.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_acpi_facp.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_acpi_phat.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_amt.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_analogix.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_ata.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_bcm57xx.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_ccgx.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_colorhug.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_cros_ec.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_cpu.so
%if 0%{?have_dell}
%{_libdir}/fwupd-plugins-3/libfu_plugin_dell.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_dell_esrt.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_dell.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_dell_esrt.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_dell_dock.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_dfu.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ebitdo.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_flashrom.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_nitrokey.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_dell_dock.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_dfu.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_dfu_csr.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_ebitdo.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_elantp.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_elanfp.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_emmc.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_ep963x.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_fastboot.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_fresco_pd.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_genesys.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_hailuck.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_iommu.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_jabra.so
%if 0%{?have_uefi}
%{_libdir}/fwupd-plugins-3/libfu_plugin_nvme.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_lenovo_thinklmi.so
%endif
%if 0%{?have_redfish}
%{_libdir}/fwupd-plugins-3/libfu_plugin_redfish.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_linux_lockdown.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_linux_sleep.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_linux_swap.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_linux_tainted.so
%if 0%{?have_msr}
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_msr.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hid.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hub.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_steelseries.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_superio.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_nitrokey.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_nordic_hid.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_nvme.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_optionrom.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_parade_lspcon.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_pci_bcr.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_pci_mei.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_pixart_rf.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_realtek_mst.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_redfish.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_rts54hid.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_rts54hub.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_scsi.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_steelseries.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_superio.so
%if 0%{?have_dell}
%{_libdir}/fwupd-plugins-3/libfu_plugin_synapticsmst.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_synaptics_mst.so
%endif
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_synaptics_cape.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_synaptics_cxaudio.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_synaptics_prometheus.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_synaptics_rmi.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_system76_launch.so
%if 0%{?enable_dummy}
%{_libdir}/fwupd-plugins-3/libfu_plugin_test.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_test.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_invalid.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt_power.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_udev.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_thelio_io.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_thunderbolt.so
%if 0%{?have_uefi}
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_bios.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_uefi_capsule.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_uefi_dbx.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_uefi_recovery.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_unifying.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_upower.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_wacomhid.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_usi_dock.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_logind.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_logitech_hidpp.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_upower.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_vli.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_wacom_raw.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_wacom_usb.so
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_goodixmoc.so
%ghost %{_localstatedir}/lib/fwupd/gnupg
%if 0%{?have_modem_manager}
%{_libdir}/fwupd-plugins-%{fwupdplugin_version}/libfu_plugin_modem_manager.so
%endif
%if 0%{?have_uefi}
%{_datadir}/locale/*/LC_IMAGES/fwupd*
%{_datadir}/fwupd/uefi-capsule-ux.tar.xz
%endif
%if 0%{?have_modem_manager}
%{_libdir}/fwupd-plugins-3/libfu_plugin_modem_manager.so
%endif
%files devel
%{_datadir}/gir-1.0/Fwupd-2.0.gir
%{_datadir}/gtk-doc/html/libfwupd
%{_datadir}/gir-1.0/FwupdPlugin-1.0.gir
%{_datadir}/gtk-doc/html/fwupd
%{_datadir}/vala/vapi
%{_includedir}/fwupd-1
%{_includedir}/libjcat-1
%{_libdir}/libfwupd*.so
%{_libdir}/libjcat.so
%{_libdir}/pkgconfig/fwupd.pc
%{_libdir}/pkgconfig/fwupdplugin.pc
%if 0%{?have_uefi}
%{_libdir}/pkgconfig/fwupd-efi.pc
%endif
%{_libdir}/pkgconfig/jcat.pc
%files tests
%if 0%{?enable_tests}
%dir %{_datadir}/installed-tests/fwupd
%{_datadir}/installed-tests/fwupd/firmware-example.xml.gz
%{_datadir}/installed-tests/fwupd/firmware-example.xml.gz.asc
%{_datadir}/installed-tests/fwupd/tests/*
%{_datadir}/installed-tests/fwupd/fwupd-tests.xml
%{_datadir}/installed-tests/fwupd/*.test
%{_datadir}/installed-tests/fwupd/*.cab
%{_datadir}/installed-tests/fwupd/*.sh
%{_datadir}/installed-tests/fwupd/*.py*
%if 0%{?have_uefi}
%{_datadir}/installed-tests/fwupd/efi
%endif
%{_datadir}/fwupd/device-tests/*.json
%{_libexecdir}/installed-tests/fwupd/*
%dir %{_sysconfdir}/fwupd/remotes.d
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd-tests.conf
%endif
%changelog
* Wed Sep 27 2023 Eduard Abdullin <eabdullin@almalinux.org> - 1.7.8-2.alma
- Use AlmaLinux cert
* Mon Feb 20 2023 Richard Hughes <richard@hughsie.com> 1.7.8-2
- Backport the Redfish security fixes which affect IDRAC.
- Resolves: rhbz#2170950
* Wed Jun 15 2022 Richard Hughes <richard@hughsie.com> 1.7.8-1
- New upstream release
- Resolves: rhbz#2095668
* Thu Jan 13 2022 Richard Hughes <richard@hughsie.com> 1.7.4-1
- Include support for Lenovo TBT4 Docking stations
- Do not cause systemd-modules-load failures
- Resolves: rhbz#2038258
- Resolves: rhbz#2037294
* Thu Dec 09 2021 Richard Hughes <richard@hughsie.com> 1.7.1-2
- Disable the Logitech bulkcontroller plugin to avoid adding a dep to protobuf-c
which lives in AppStream, not BaseOS.
- Resolves: rhbz#2029333
* Mon Nov 01 2021 Richard Hughes <richard@hughsie.com> 1.7.1-1
- New upstream release
- Backport upstream changes
- Include support for Dell TBT4 Docking stations
- Resolves: rhbz#1969472
- Resolves: rhbz#1976408
* Tue Apr 13 2021 Richard Hughes <richard@hughsie.com> 1.5.9-3
- Rebase to include the SBAT metadata section to allow fixing BootHole
- Resolves: rhbz#1933012
- Resolves: rhbz#1932953
- Resolves: rhbz#1932909
- Resolves: rhbz#1932882
- Resolves: rhbz#1932579
- Resolves: rhbz#1932553
- Resolves: rhbz#1932423
* Wed Feb 10 2021 Richard Hughes <richard@hughsie.com> 1.5.5-3
- Backport a fix from upstream to fix a crash in the Goodix MOC plugin.
- Resolves: #1927091
* Tue Feb 09 2021 Richard Hughes <richard@hughsie.com> 1.5.5-2
- Do not invalidate all remote timestamps during package install to fix rpm -V.
- Backport some important high priority fixes from upstream.
- Resolves: #1926382
* Mon Jan 11 2021 Richard Hughes <richard@hughsie.com> 1.5.5-1
- Rebase package to include support for latest OEM hardware and to
support deploying UEFI SecureBoot dbx updates.
- Resolves: #1870811
* Wed Dec 16 2020 Richard Hughes <richard@hughsie.com> 1.5.4-1
- Rebase package to include support for latest OEM hardware and to
support deploying UEFI SecureBoot dbx updates.
- Resolves: #1870811
* Fri Jul 24 2020 Peter Jones <pjones@redhat.com> - 1.4.2-4
- Add signing with redhatsecureboot503 cert
Related: CVE-2020-10713
* Thu Jul 23 2020 Richard Hughes <richard@hughsie.com> 1.4.2-3
- Obsolete the now-dead fwupdate package to prevent file conflicts
- Resolves: #1859202
* Fri Jun 05 2020 Richard Hughes <richard@hughsie.com> 1.4.2-2
- Security fix for CVE-2020-10759
- Resolves: #1844324
* Mon May 18 2020 Richard Hughes <richard@hughsie.com> 1.4.2-1
- New upstream release
- Backport a patch to fix the synaptics fingerprint reader update.
- Resolves: #1775277
* Mon Apr 27 2020 Richard Hughes <richard@hughsie.com> 1.4.1-1
- New upstream release
- Resolves: #1775277
* Wed Feb 19 2020 Richard Hughes <richard@hughsie.com> 1.1.4-6
- Rebuild to get the EFI executable signed with the Red Hat key
- Resolves: #1713033
* Thu Feb 13 2020 Richard Hughes <richard@hughsie.com> 1.1.4-5
- Backport a patch to specify the EFI os name
- Resolves: #1713033
* Fri Nov 29 2019 Richard Hughes <richard@hughsie.com> 1.1.4-4
- Rebuild to get the EFI executable signed with the Red Hat key
- Resolves: #1680154
* Fri Nov 29 2019 Richard Hughes <richard@hughsie.com> 1.1.4-3
- Disable wacomhid by default as probing the device stops the tablet working
- Resolves: #1680154
* Mon Nov 25 2019 Richard Hughes <richard@hughsie.com> 1.1.4-2
- Do not require python3 in the base package
- Resolves: #1724593
@ -373,7 +670,7 @@ mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
* Wed Aug 29 2018 Richard Hughes <richard@hughsie.com> 1.1.1-5
- Include the certificates for secure boot signing
* Tue Aug 23 2018 Richard Hughes <richard@hughsie.com> 1.1.1-4
* Thu Aug 23 2018 Richard Hughes <richard@hughsie.com> 1.1.1-4
- Rebuild to get the EFI executable signed with the Red Hat key
* Thu Aug 23 2018 Richard Hughes <richard@hughsie.com> 1.1.1-3