This means we return an error when encountering a rollback attack. This can
currently be performed by providing the old metadata and old signature when
calling into UpdateMetadata.
By echoing the commands it is way easier to spot what the CI was doing
when a command failed. Setting fail-on-error mode explicitly makes sure
we always run with it, even if someone invokes the script with `bash
<scriptname>`
- Enable echoing in the CI script
- Use debuild
- Show info/experimental/pedantic lintian hints
- Use service instead of invoking an init script directly
This should hopefully fix the error:
../../checkout/fwupd/plugins/amt/fu-plugin-amt.c:238:1: error: initializer element is not constant
uuid_le MEI_IAMTHIF = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d, \
^
Signed-off-by: Philip Withnall <withnall@endlessm.com>
This reverts commit 1a5c7f6fe5.
The warning is obviously complaining that the value cannot be evaluated
at compile time, rather than that it’s being assigned to a const storage
location.
Unfortunately it seems that the definition of UUID_LE is not const (or
not evaluatable as const by the compiler) on a Debian Jessie machine,
which causes compilation to fail with:
../../checkout/fwupd/plugins/amt/fu-plugin-amt.c:238:1: error: initializer element is not constant
const uuid_le MEI_IAMTHIF = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d, \
^
Fix that by dropping the const. Sadness.
Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>
We need realpath(), syscall(), cfmakeraw() and a few other functions,
which need the _DEFAULT_SOURCE feature test macro to be defined. Define
it.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We use C99 features (fu-plugin-raspberrypi.c), so need to explicitly
enable them in meson.build, as some compilers will not enable them
automatically, and will instead error when they encounter usage of C99.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We can use this as an alternative for GPG. No PKCS7 certificates are currently
installed by fwupd and it's expected that the LVFS will still only provide GPG
detached signatures.
If an OEM distributor wants to sign firmware with a PKCS7 and the corresponding
certificate is provided then the firmware will be marked as valid.
Only firmware shipping with a .p7b file will use the PKCS7 functionality,
similarly remote metadata validation will default to GPG unless Keyring=pkcs7
is specified in the config file.
When my SNES30 controller was in bootloader mode, it wouldn't update,
and when it was in controller mode, it tried and failed. Now, it prints
out the instructions on how to reset the device if it's in controller
mode, and if it's in bootloader mode, it successfully installs the
firmware update from the .DAT file.
This allows us to binary patch firmware images.
The diff generation is implemented with a forwards-only algorithm; this allows
a vendor to remove non-free code without shipping a "reversed" version of the
non-redistributable code.
In this mode, both the metadata and firmware is stored on the local filesystem
and distributed using a distribution system like OSTree.
Fixes https://github.com/hughsie/fwupd/issues/162
Calling g-ir-scanner when cross-compiling with bitbake/OpenEmbedded
fails because it calls the wrong ld (the one from the host). More work
will be needed in meson.bbclass and/or gobject-introspection.bbclass
to make it work.
In the meantime, having an option to turn of introspection is useful
perhaps also in other cases where the extra work is not needed. For
example, fwupd works fine also when it is off.
The name of the new meson option matches the --disable-introspection
that is used by some autotools-based projects.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
