The work for this landed in what will turn into efivar 33.
Later down the road when efivar 33 is in most the major distros
this can be removed and a requirement set for efivar 33.
Using old versions of gcab we could only do one thing: extract the files in the
cabinet archive to a new directory in /tmp, and then fwupd would have to read
them back in to memory to parse them. This was both inelegant and wasteful, and
probably not an awesome idea from a security or privacy point of view.
Using libgcab >= 1.0 we can decompress to a GBytes blob, and then verify the
firmware and metainfo file without anything being written to disk.
As this is a security sensitive operation, move the fwupd-specific helper code
out of libappstream-glib and also add a lot of internal self tests.
The gcab code will have to remain in libappstream-glib for a long time, but we
don't have to use it. Handling the cab file here also allows us to fix two
long-standing bugs:
* MetaInfo or firmware files in a subdirectory are handled correctly
* The archive can also be self-signed using PKCS7 instead of using GPG
Switching to build in -werror in 4016c839a8
was not working properly. Adjust the CI builds to use --werror instead.
Also while doing this, enable -werror in clang builds.
Previously, the various install paths were obtained using get_option
as needed.
This patch unifies the directory selection inside the top-level meson
file as requested in https://github.com/hughsie/colord/pull/62.
This does two things:
* Allows new users of the library to see only the supported symbols
* Allows us to ensure we're not using deprecated API internally
I can also use this in gnome-software in CI to make sure we're not using
deprecated API too. I don't think we're ready for a soname bump so we have to
hang on to the deprecated code for now.
This was a mistake originally for two reasons:
* The only device to use ELF as a deliverable is the altos devices
* ELF has nothing to do with the DFU specification
This moves the code to where it belongs.
Fixes the meson error:
Meson encountered an error in file meson.build, line 207, column 2:
Unknown variable "systemd".
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Thunderbolt has a new kernel interface starting from version 4.13,
which simplifies updating the host controller and devices: the
kernel now exposes a sysfs interface for the non-volatile memory
as a device node. This can be used to write the new firmware blob.
Updates are then triggered also via a simple write to a sysfs
file (nvm_authenticate), which in turn is also used for error
reporting.
The plugin should be functionally, but a few items are missing:
- image verification
- safe mode handling
We need realpath(), syscall(), cfmakeraw() and a few other functions,
which need the _DEFAULT_SOURCE feature test macro to be defined. Define
it.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We use C99 features (fu-plugin-raspberrypi.c), so need to explicitly
enable them in meson.build, as some compilers will not enable them
automatically, and will instead error when they encounter usage of C99.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
We can use this as an alternative for GPG. No PKCS7 certificates are currently
installed by fwupd and it's expected that the LVFS will still only provide GPG
detached signatures.
If an OEM distributor wants to sign firmware with a PKCS7 and the corresponding
certificate is provided then the firmware will be marked as valid.
Only firmware shipping with a .p7b file will use the PKCS7 functionality,
similarly remote metadata validation will default to GPG unless Keyring=pkcs7
is specified in the config file.
The items that 0.6.13 requires are now guarded by a version test.
This should allow running fwupd master on more distros that haven't
yet picked up appstream-glib 0.6.13.
In 0.41.0 meson introduced it's own 'dist' target and so we don't need to
define this ourselves anymore. Use a version compare to avoid depending on a
very new meson.
Add the concept of 'remotes' that can dropped into /etc and used as firmware
metadata sources. This may be desirable when firmware is only accessable with
a valid support contract or from behind a VPN.
Make systemd and ConsoleKit support an optional compile time flag
with both enabled by default. If both are used, the ifdef/elif will
ensure only the systemd calls are used so there's no conflict.
ld will prepend the lib prefix itself and will actually look for
liblibgpg-error and liblibm if called with -llibgpg-error and -llibm. Let's
get rid of the prefix.
systemd 231 renamed ReadWriteDirectories to ReadWritePaths.
FW updates will fail for difficult to debug reasons if using an older
and the current unit.
Automake and autoconf are impossible to fully understand and Meson now provides
everything we need for a much smaller, faster, and more understandable build.
See http://mesonbuild.com/ for more information.
