Commit Graph

1069 Commits

Author SHA1 Message Date
Richard Hughes
34486b90e2 trivial: Remove long-dead meson option 2022-09-23 16:39:21 +01:00
Mario Limonciello
5c284e911a trivial: debian: drop unused lintian override 2022-09-22 11:43:01 -05:00
Mario Limonciello
24a4b322fd trivial: debian: Don't invoke systemd directly for fwupd.postinst 2022-09-22 11:43:01 -05:00
Mario Limonciello
70d34a2fe2 trivial: debian/control: Add explicit depends on adduser
W: fwupd: maintainer-script-needs-depends-on-adduser adduser (does not satisfy adduser) [postinst:91]
2022-09-22 11:43:01 -05:00
Mario Limonciello
8586e25177 trivial: debian: Add symlinks for devhelp to work
Fixes https://www.mit.edu/afs.new/sipb/project/debathena/lintian/www/tags/package-contains-devhelp-file-without-symlink.html
2022-09-22 11:43:01 -05:00
Richard Hughes
c6fde9e085 trivial: Install the host-emulate.d tests in the test package
This fixes the ppc64 Fedora build, as tests are disabled on that arch.
2022-09-22 17:31:42 +01:00
Richard Hughes
5fbc21a535 trivial: Fix the example spec file on i686 2022-09-22 17:31:42 +01:00
Richard Hughes
c73a55faa1 Remove a potential foot-gun when saving config values
If a specific plugin calls fu_plugin_set_secure_config_value() and then
fu_plugin_set_config_value() then we'll save the file with the world-readable
permissions.

Set a plugin flag to say that 'this plugin is storing sensitive details' which
allows us to use the same entrypoint and also fix up any files at startup that
do not have the correct permissions.
2022-09-22 14:47:12 +01:00
Richard Hughes
ea676855f2 Never save the Redfish passwords to a file readable by users
When the redfish plugin automatically creates an OPERATOR user account on the
BMC we save the autogenerated password to /etc/fwupd/redfish.conf, ensuring it
is chmod'ed to 0660 before writing the file with g_key_file_save_to_file().

Under the covers, g_key_file_save_to_file() calls g_file_set_contents() with
the keyfile string data.
I was under the impression that G_FILE_CREATE_REPLACE_DESTINATION was being
used to copy permissions, but alas not.

GLib instead calls g_file_set_contents_full() with the mode hardcoded to 0666,
which undoes the previous chmod().

Use g_file_set_contents_full() with the correct mode for newer GLib versions,
and provide a fallback with the same semantics for older versions.
2022-09-22 14:46:44 +01:00
Richard Hughes
5d38e0aeea Move the getting the ESP to the context
We now have two plugins getting the ESP values, and we only allow hardcoding
the ESP in uefi_capsule.conf.

Make all this a lot simpler by moving the ESP+BDP code to `FuContext`, which
also means we can handle the override (via the config file) in the engine,
and the override (in the command line tools) using the same mechanism.

Also, automate the migration of the `OverrideESPMountPoint` -> `EspLocation`
when loading the engine.

Fixes https://github.com/fwupd/fwupd/issues/5042
2022-09-22 14:31:06 +01:00
Khem Raj
e9964a0f96 trivial: Fix compile when using python 3.7 or older
Signed-off-by: Richard Hughes <richard@hughsie.com>
2022-09-20 16:05:13 +01:00
Mario Limonciello
e8ca440bad Add new plugin to display SMU firmware version on AMD APU/CPU
This plugin is read-only, but can be used to tell what version of
SMU firmware is installed.
2022-09-19 06:51:27 -05:00
Richard Hughes
bfebede490 Add support for platform capability descriptors so devices can set quirks
This feature adds support for platform capability BOS descriptors which allows
the device itself to ship quirk data.

Use `sudo fwupdtool get-devices --save-backends=FILENAME` to save fake backend
devices to a file. This allows easy creation of self tests that do not require
physical hardware.
2022-09-13 12:07:35 +01:00
Mario Limonciello
f5d51d80eb trivial: fix container generation 2022-09-08 23:18:22 -05:00
Richard Hughes
5ebc3b6ad9 Move the generic Intel Goshen Ridge code out to a new plugin
The original code was written by Dell for the dell-dock plugin, but
it's exactly the same code and NVM format for Intel reference hardware.
2022-09-08 09:56:33 +01:00
Mario Limonciello
b0ccde5b27 trivial: add libumock-dev into debian/control 2022-09-07 08:33:02 -05:00
Mario Limonciello
eb8e527a6c trivial: debian: drop libglib2.0-doc package
We don't need a documentation package to build fwupd.
2022-09-07 08:33:02 -05:00
Mario Limonciello
c598f27eab trivial: make sure libfdt-dev is in debian/control 2022-09-07 08:33:02 -05:00
Mario Limonciello
e3979f5da6 trivial: debian: don't populate dependencies without <control>
clang-format isn't needed to build fwupd, but it is needed for
contributors to pass CI.
2022-09-07 08:33:02 -05:00
Mario Limonciello
cc8b4905ef trivial: only build thunderbolt for x86 architectures
It's true that the USB4 spec won't require x86, but a recent autopkgtest
failure on powerpc doesn't make sense to debug.  You won't ever see TBT
in a powerpc machine.

We can loosen this to any non-x86 architectures later that DO prove to
have support for USB4 add-in cards.
2022-09-07 08:05:08 -05:00
Richard Hughes
a904a7f2d6 trivial: Fix Debian CI harder 2022-09-06 18:46:14 +01:00
Dylan Van Assche
d0d4b17a7f plugins: android-boot: new plugin
Add a plugin for supporting Android bootloaders which are used on
all Qualcomm-based Android devices. These bootloaders are stored on
their own partitions and the partition table cannot be altered on
Qualcomm devices. This plugin supports any block device, but only
exposes the ones defined in the quirk file as updatable.
2022-09-05 17:59:11 +01:00
Mario Limonciello
4f3105369a trivial: debian: fix debian/control generator
In a previous move we lost the ability to populate the control file
with archicture specific information.  Restore this feature.
2022-09-05 07:09:05 -05:00
Mario Limonciello
62fd53d7ae trivial: debian: add fwupd-unsigned-dev to build deps 2022-09-05 07:09:05 -05:00
Mario Limonciello
f535bc4bd3 trivial: debian: conditionally install quirks.d 2022-09-05 07:09:05 -05:00
Mario Limonciello
20eb0ff32e trivial: debian: Add support for Build-Profile nodoc
Link: https://wiki.debian.org/BuildProfileSpec
2022-09-05 07:09:05 -05:00
Mario Limonciello
04573f46a3 trivial: loosen markdown dependency to 3.2
Link: https://gitlab.gnome.org/GNOME/gi-docgen/-/merge_requests/166
2022-09-02 06:10:53 -05:00
Mario Limonciello
284422a602 trivial: windows: Install windows service 2022-08-30 12:06:16 -05:00
Richard Hughes
16b463334e Export the generic Intel Thunderbolt firmware format
This is being used for other products, e.g. USB4 docks.

If non-Intel firmware is being used (e.g. ASMedia) then the explicit
calls to `fu_intel_thunderbolt_nvm_new()` can be changed to something
like `fu_firmware_new_from_gtypes()` with all the formats listed.
2022-08-30 14:20:14 +01:00
Mario Limonciello
72f19f2a12 trivial: fix documentation deployement 2022-08-29 18:20:46 -05:00
Mario Limonciello
03d1e22d74
trivial: add get-bios-setting command to simple-client (#4947) 2022-08-24 21:19:23 +00:00
Mario Limonciello
04c2186edc Add support for loading default BIOS settings policy
A user can place a JSON file in /etc/fwupd/bios-settings.d/ with
the default desired policy for the machine.

fwupd will load this policy on startup to ensure BIOS settings
are set as desired by the system administrator.
2022-08-24 12:59:42 -05:00
Mario Limonciello
b7b0ce533d trivial: Unify ambiguity between bios-attrs and bios-settings
These are currently used interchangeably since there was indecisiveness
which to use as the feature was being developed.

As outward facing it will be named with "settings", change all uses
in the code to match this.
2022-08-24 07:20:01 -05:00
Richard Hughes
1393a0bb8c trivial: Fix ppc64le Fedora RPM builds 2022-08-24 12:19:05 +01:00
Mario Limonciello
2705179117 Convert HSI into a meson tristate-feature
This allows us to disable it automatically on architectures that
aren't supported and OSes that aren't supported.

Link: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1987067
2022-08-22 06:03:38 -05:00
Mario Limonciello
5f0bb3dc8f Add support for translation for the sample Dell BIOS setting strings 2022-08-10 10:17:25 -05:00
Mario Limonciello
a0eb3bc73d trivial: fix a docs directory check inversion
Fixes: a19b6f23e ("trivial: ci: debian: Use helper script to install dependencies instead. (#4906)")
2022-08-05 11:45:19 -05:00
Mario Limonciello
a19b6f23e5
trivial: ci: debian: Use helper script to install dependencies instead. (#4906)
* trivial: ci: debian: Use helper script to install dependencies instead.

Should fix building Debian stable containers
Fixes: #4901

* trivial: debian: ci: only populate fwupd-doc if dependencies are met

* trivial: ci: debian: generate control file using fwupd_setup_helpers
2022-08-05 08:43:13 +01:00
Richard Hughes
699cd1225c trivial: Fix up building docs on Fedora CI 2022-08-01 13:40:31 +01:00
Richard Hughes
934002553a Allow loading BIOS attributes for host emulation 2022-08-01 13:32:12 +01:00
Richard Hughes
3b80e1f305 Check files are not missing from POTFILES.in during precommit 2022-07-29 17:17:55 +01:00
Richard Hughes
c611e9f37e Use -Db_sanitize=address,undefined in Fedora CI
This would have caught the recent memory corruption automatically.
2022-07-29 17:09:50 +01:00
Richard Hughes
47efacfe5d Remove the firmware builder functionality
We used the firmware builder functionality to either build or modify
firmware images on the end-user system, e.g. copying the MAC address
from the old system image to the new system image.

Unfortunately running fwupd on the command line (e.g. ./src/fwupd)
leaves the tty connected and thus bubblewrap doesn't protect us from
installing malicious signed firmware. The firmware would have to have
been uploaded to the LVFS by a trusted vendor and signed before being
installed, which further decreases the severity of this problem.

As there was only one vendor who asked for this functionality (who have
yet to upload a single firmware to the LVFS...) just rip out this
functionality to reduce our attack surface and completely fix the bug,
and any like it.

Many thanks to Aaron Janse <aaron@ajanse.me> for discovering and
disclosing this issue to us.
2022-07-29 16:52:38 +01:00
Mario Limonciello
98cd40e09a trivial: shuffle the order of contrib/setup
By pre-commit getting setup early we were installing markdown and
meson into the virtual environment.  This might not be a bad thing
if we encouraged virtual environments for development, but we don't.
2022-07-23 14:01:31 -05:00
Mario Limonciello
1addd4d045 trivial: fixup setup helpers to install right version of meson
if meson wasn't installed by pip it won't have a version string
2022-07-23 14:01:31 -05:00
Bruno Pagani
757b03998c contrib/ci: do not upgrade Arch continuously
`yu` was added in 014e5526ff to solve cache issues.

But since then several other invocations of pacman have been added and doing so constantly is pointless, as you are unlikely to see new upgrades while the CI is running (and it might not be desired either). It also breaks testing older versions of fwupd as seen in GH-4860. So upgrade only once at the beginning and keep installing from the same cache afterwards.
2022-07-23 09:49:55 -05:00
Richard Hughes
fd458cd0de Migrate away from the deprecated distutils 2022-07-19 13:34:02 +01:00
Richard Hughes
62fc515714 Allow loading in emulated host profiles for debugging
This allows us to load sets of different host security attributes
for testing the various front end tools we have now. e.g.

    sudo FWUPD_HOST_EMULATE=thinkpad-p1-iommu.json.gz fwupd

or, using a non-compressed absolute path:

    sudo FWUPD_HOST_EMULATE=/tmp/test/thinkpad-p1-iommu.json fwupd

Data can be created with `./contrib/generate-emulation.py file.json`
and then can be manually modified if required. Running the script on
a file that already exists will just strip out any unneeded data, as
well as piping content into it using stdin.

As a precaution, the org.fwupd.hsi.HostEmulation attribute is added
so we do not ask the user to upload the HSI report. It also allows
the LVFS to ignore any HSI reports with this attribute for clients
that upload HSI reports regardless.

See https://github.com/fwupd/fwupd/discussions/4832
2022-07-18 16:27:59 +01:00
Mario Limonciello
7a9fffe3a6 Enable protobuf-c (and relevant plugins) based on them in Ubuntu
an MIR has been completed in Ubuntu for this.

https://bugs.launchpad.net/ubuntu/+source/protobuf-c/+bug/1956617
2022-07-13 14:38:04 -05:00
Richard Hughes
34ff01fdf5 trivial: Continue to install the index page to fix the docs deployment 2022-07-11 16:44:12 +01:00