Fixes the meson error:
Meson encountered an error in file meson.build, line 207, column 2:
Unknown variable "systemd".
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Thunderbolt has a new kernel interface starting from version 4.13,
which simplifies updating the host controller and devices: the
kernel now exposes a sysfs interface for the non-volatile memory
as a device node. This can be used to write the new firmware blob.
Updates are then triggered also via a simple write to a sysfs
file (nvm_authenticate), which in turn is also used for error
reporting.
The plugin should be functionally, but a few items are missing:
- image verification
- safe mode handling
According to some best practices this is a good idea, but in this specific case
the certificate will have been installed by the admin or package manager and
so is less important.
This also switches around the test for the self signed key to now fail, as the
generated certificate is no longer loaded into the trust list. This is a more
useful test as it more accurately represents what the fwupd daemon is doing.
As a side-note the detached signature from the derivate cannot be generated
using `--no-p7-include-cert` as only the main LVFS-CA certificate is shipped
with fwupd.
This means we return an error when encountering a rollback attack. This can
currently be performed by providing the old metadata and old signature when
calling into UpdateMetadata.
By echoing the commands it is way easier to spot what the CI was doing
when a command failed. Setting fail-on-error mode explicitly makes sure
we always run with it, even if someone invokes the script with `bash
<scriptname>`
- Enable echoing in the CI script
- Use debuild
- Show info/experimental/pedantic lintian hints
- Use service instead of invoking an init script directly
This should hopefully fix the error:
../../checkout/fwupd/plugins/amt/fu-plugin-amt.c:238:1: error: initializer element is not constant
uuid_le MEI_IAMTHIF = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d, \
^
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This reverts commit 1a5c7f6fe5.
The warning is obviously complaining that the value cannot be evaluated
at compile time, rather than that it’s being assigned to a const storage
location.
Unfortunately it seems that the definition of UUID_LE is not const (or
not evaluatable as const by the compiler) on a Debian Jessie machine,
which causes compilation to fail with:
../../checkout/fwupd/plugins/amt/fu-plugin-amt.c:238:1: error: initializer element is not constant
const uuid_le MEI_IAMTHIF = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d, \
^
Fix that by dropping the const. Sadness.
Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>
We need realpath(), syscall(), cfmakeraw() and a few other functions,
which need the _DEFAULT_SOURCE feature test macro to be defined. Define
it.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We use C99 features (fu-plugin-raspberrypi.c), so need to explicitly
enable them in meson.build, as some compilers will not enable them
automatically, and will instead error when they encounter usage of C99.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We can use this as an alternative for GPG. No PKCS7 certificates are currently
installed by fwupd and it's expected that the LVFS will still only provide GPG
detached signatures.
If an OEM distributor wants to sign firmware with a PKCS7 and the corresponding
certificate is provided then the firmware will be marked as valid.
Only firmware shipping with a .p7b file will use the PKCS7 functionality,
similarly remote metadata validation will default to GPG unless Keyring=pkcs7
is specified in the config file.
