Switch to downloading the signature first, which we can then load to get the
suffixed build-specific URL of the actual metadata file. You need to have
libjcat 0.1.1 installed and fwupd built against the new version for this to
work.
Fixes https://github.com/fwupd/fwupd/issues/391
This allows the daemon to set the base directory to store remotes.
This fixes issues with systemd where the installation prefix was set
to soemthing not writable such as `/usr/local` but systemd
`STATE_DIRECTORY` doesn't match up.
```
$ fwupdmgr refresh
Fetching metadata https://cdn.fwupd.org/downloads/firmware.xml.gz
Downloading… [***************************************] Less than one minute remaining…
Fetching signature https://cdn.fwupd.org/downloads/firmware.xml.gz.asc
Failed to update metadata for lvfs: Error creating directory /usr/local/var/lib/fwupd/remotes.d: Read-only file system
```
It should also hopefully help with immutable systems.
Rather than wrapping every sync D-Bus call with a GTask helper (hundreds of
additional lines of code and dozens of new entrypoints in libfwupd) I think it
is best for client software wanting async operation just uses the D-Bus
interface. I consider it part of the API as much as the shared library and
I don't see it changing in a non-compatible way any time soon.
Exposing these already-exported symbols allows client software to use the
demarshalling functionality and to operate on the GObjects directly from an
existing GDBus async return value.
We need to show this agreement text in every fwupd frontend and exporting a
helper function allows us to do two things:
* Share the semi-complicated code (and fallback) to avoid copy and pasting
* Easily change the code in the future, for instance allowing merging Metainfo
and AppStream metadata without updating all the front ends with new logic.
The data for these was just being generated internally based on the ID and the
basename of the original URI, and that's easy for the calling application to do
itself.
This does two things:
* Allows new users of the library to see only the supported symbols
* Allows us to ensure we're not using deprecated API internally
I can also use this in gnome-software in CI to make sure we're not using
deprecated API too. I don't think we're ready for a soname bump so we have to
hang on to the deprecated code for now.
We can use this as an alternative for GPG. No PKCS7 certificates are currently
installed by fwupd and it's expected that the LVFS will still only provide GPG
detached signatures.
If an OEM distributor wants to sign firmware with a PKCS7 and the corresponding
certificate is provided then the firmware will be marked as valid.
Only firmware shipping with a .p7b file will use the PKCS7 functionality,
similarly remote metadata validation will default to GPG unless Keyring=pkcs7
is specified in the config file.
In this mode, both the metadata and firmware is stored on the local filesystem
and distributed using a distribution system like OSTree.
Fixes https://github.com/hughsie/fwupd/issues/162
Note: we have to transfer the mtime (not the age) when creating the GVariant,
as we want calls to fwupd_remote_get_age() to update the value without getting
the remote from the daemon each time.
Add the concept of 'remotes' that can dropped into /etc and used as firmware
metadata sources. This may be desirable when firmware is only accessable with
a valid support contract or from behind a VPN.
