Getting the version string from git means the commit version changes each time
we commit any patch, which means we need to use --force to install firmware
when building fwupd against a version that should be compatible.
It is also very inconvenient not bumping the release version for git snapshots
as firmware can no longer depend on the "planned" release triplet.
tl;dr: A good idea for Flashrom, not so awesome for me.
A Jcat file can be used to store GPG, PKCS-7 and SHA-256 checksums for multiple
files. This allows us to sign a firmware or metadata multiple times (perhaps
by the OEM and also then the LVFS) which further decentralizes the trust model
of the LVFS.
The Jcat format was chosen as the Microsoft catalog format is nonfree and not
documented. We also don't want to modify an existing .cat file created from WU
as this may make it unsuitable to use on Windows.
More information can be found here: https://github.com/hughsie/libjcat
These are visually similar to Intel hex files, but different enough to demand
their own parser. Multiple images can be stored in one firmware file, with the
`addr` set to the SiliconID and the `idx` set to the position in the file.
Instead of using RequiresMountsFor=/snap/fwupd/current, which will not
work since /snap/fwupd/current is a symlink [1].
This will work since the mount units generated by snapd all have
Before=snapd.service, so will be stopped after snapd.service during
shutdown.
With After=snapd.service, fwupd-activate.service will then stop before
snapd.service, at a point when all snap mount units are still running.
Fixes the issue where fwupd-activate.service hangs when stopped, causing
a stop job timeout during shutdown.
[1] See https://github.com/systemd/systemd/issues/8907Closes#1654
Some vendors want to ship updates for ATA hardware, but there are currently no
lock-down restrictions in place for these kind of devices.
There is the OUI from the WWN block which is supposed to identify the vendor,
but this is not always set and so we have to be a little creative. We can match
90% of hardware using the vendor name prefix, and the last 10% can be detected
with a heuristic that was the result of comparing over 900 drive models.
I'm not including very old drive models, media converters, raid controllers,
or external 'portable' drives as I don't think it is useful. Also, if the drive
contains a Dell vendor block just hardcode this as Dell rather than trying to
be clever.
Also ask the user to contribute OUI values if this data is found with no quirk
data as this is the only real sane way to manage this data long term.
The list of OUIs can be found here: http://standards-oui.ieee.org/oui.txt
Sometimes it is desirable to create a build environment
outside of docker.
Move dependencies parser to a standalone python script
and call it from generate_docker.py
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
This is similar to commit 1ff1164630 ("trivial: debian/control*: Update
for fwupdate transition") but to provide a fwupdate transition in RHEL 8
where the fwupdate{,efi} packages are still present.
There is no need to do this for Fedora, since the fwupdate packages have
already been retired.
Fedora doesn't distribute docker anymore, instead
it uses podman for the containers.
It is possible to alias podman to docker, but
it's less hassle if it will work just out of the box.
The fix here is simple the podman is a fallback if
docker is not found.
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
RPM doesn't allow '-' in the version number,
so this must be fixed if also when building from
an untagged git tree.
sanitize_for_ci() from get-version.py
fixes it only when build is CI environment.
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Calling 'rmdir --parents /var/cache/fwupdate' will cause it to attempt
to rmdir /var/cache and /var. Those directories are very unlikely to be
empty, so it should always quietly fail. However, there's not benefit
in attempting those removals, so let's quit doing it.
It's possible that someone has removed fwupdate package prior to the
fwupd transition meaning that they might have some artifacts left
behind from fwupdate packaging. Clean up these artifacts.
This commit can be reverted after both Debian bullseye and Ubuntu
focal have been released.
