Commit Graph

20 Commits

Author SHA1 Message Date
Richard Hughes
99e621d388 Save the metadata signature in the local cache
This is useful if the admin wants to re-verify the metadata, or if a public
key is removed or expires.
2017-08-16 13:42:10 +01:00
Richard Hughes
b9ad09ca93 trivial: Correctly search for the .cab detached signature 2017-08-15 15:35:47 +01:00
Richard Hughes
7403dc505f Optionally use GnuTLS to verify PKCS7 certificates
We can use this as an alternative for GPG. No PKCS7 certificates are currently
installed by fwupd and it's expected that the LVFS will still only provide GPG
detached signatures.

If an OEM distributor wants to sign firmware with a PKCS7 and the corresponding
certificate is provided then the firmware will be marked as valid.

Only firmware shipping with a .p7b file will use the PKCS7 functionality,
similarly remote metadata validation will default to GPG unless Keyring=pkcs7
is specified in the config file.
2017-08-14 09:42:48 +01:00
Richard Hughes
0724d8bde0 trivial: Bump the appstream-glib requirement to 0.6.13 2017-08-09 17:21:48 +01:00
Richard Hughes
41cbe2aab3 Add a firmware builder
This runs a script inside the firmware archive to generate firmware specific to
the machine. This uses bubblewrap to protect the local machine.
2017-08-09 10:33:39 +01:00
Richard Hughes
d7704d4cc2 Allow plugins to get DMI data from the hardware in a safe way
The returned strings are converted to ASCII and have leading and trailing
spaces removed.
2017-08-09 10:19:13 +01:00
Richard Hughes
1ad45caeec Use new GUsb functionality to fix flashing Unifying devices
This avoids open()ing and close()ing multiple times on hotplug -- which in
itself isn't a huge problem as the requests are refcounted in libusb, but it
matters hugely when a plugin accidentally closes a device that was not opened.

As all the devices are going to be opened anyway (to read the vendor strings)
and the cost of keeping the device is open is tiny, just get libgusb to
auto-open *all* devices and keep them open for the duration.

Fixes: https://github.com/hughsie/fwupd/issues/155
2017-07-24 11:08:25 +01:00
Richard Hughes
535664cd1e Run the plugin coldplug methods in a predictable order
When reading with g_dir_read_name() the returned files do not have to be sorted
in any particular order and could even change between invokation. This patch
makes debugging the interactions between plugins much easier.
2017-07-24 10:32:06 +01:00
Mario Limonciello
c29b398ad0 trivial: fix various spelling errors 2017-07-17 13:07:05 -05:00
Mario Limonciello
5735fd67c1 trivial: set engine back to idle
A regression from 9945edbe74 causes
a missing newline for many actions because it doesn't go back to idle
2017-07-13 16:22:19 -05:00
Mario Limonciello
790701f32b trivial: adjust get-details and get-devices output Display Name output
This returns them back to the more readable 0.8.x behavior where
devices have the name first and then all the details indented.
2017-07-13 16:22:19 -05:00
Richard Hughes
32684f2344 Check all the device GUIDs against the blacklist when added
To the user it's not obvious which is the default GUID.

See https://github.com/hughsie/fwupd/issues/127
2017-07-13 09:32:26 +01:00
Mario Limonciello
dc8c985159 trivial: back the requirement on appstream-glib to 0.6.9
The items that 0.6.13 requires are now guarded by a version test.
This should allow running fwupd master on more distros that haven't
yet picked up appstream-glib 0.6.13.
2017-07-10 14:32:42 -05:00
Richard Hughes
ed34991bd8 Do not unlock devices when doing VerifyUpdate
We used to do this dance to avoid reading the Option ROM on hardware by default
(some faulty hardware would crash...) but now we're doing the verify update in
the daemon there's no need to split this into two steps.

Fixes: https://github.com/hughsie/fwupd/issues/149
2017-06-22 10:37:10 +01:00
Richard Hughes
b9bddfd7ac trivial: Ensure the verify component is replaced on veriy-update, not merged 2017-06-22 10:34:18 +01:00
Richard Hughes
08f12de44c trivial: Avoid warning when doing verify-update multiple times
Applications always need a valid source with newer appstream-glib versions;
even in this case where the source is the hardware itself.
2017-06-22 10:33:32 +01:00
Richard Hughes
22c88de8e4 trivial: Increase the warning level when a plugin adds a device twice 2017-06-22 09:36:32 +01:00
Richard Hughes
943d2c9bb5 trivial: Split out some common functionality from fu-engine.c 2017-06-21 09:04:39 +01:00
Richard Hughes
a5bb4d8428 trivial: Fix a missing signal causing a warning in the recent refactor 2017-06-19 20:22:25 +01:00
Richard Hughes
9945edbe74 Split up the daemon into the loader and an engine object
The idea here is that we move a lot of the 'meat' out of fu-main into the
engine. This also lets us simplify a lot of things and ensures the user
authentication is simple and easy to audit.
2017-06-19 13:50:38 +01:00