proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-05-18 21:45:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,476 Commits 1 Branch 0 Tags 24 MiB
a1c7716cdc
Commit Graph

130 Commits

Author SHA1 Message Date
Manuel Rüger
5445dd3b29 trivial: Use absolute-names in tar command for creating test data file 
Fixes:
[1/182] /bin/tar --xform 's,.*/,,' --create --file data/tests/builder/firmware.tar ../fwupd-1.0.0/data/tests/builder/source.bin ../fwupd-1.0.0/data/tests/builder/startup.sh
FAILED: data/tests/builder/firmware.tar
/bin/tar --xform 's,.*/,,' --create --file data/tests/builder/firmware.tar ../fwupd-1.0.0/data/tests/builder/source.bin ../fwupd-1.0.0/data/tests/builder/startup.sh
/bin/tar: ../fwupd-1.0.0/data/tests/builder/source.bin: Member name contains '..'
/bin/tar: ../fwupd-1.0.0/data/tests/builder/startup.sh: Member name contains '..'
/bin/tar: Exiting with failure status due to previous errors
 2017-10-10 14:15:25 +01:00
Richard Hughes
ba0ec85a44 trivial: Fix $fwupdmgr modify-remote lvfs-testing Enabled true 
Failed to create file “/etc/fwupd/remotes.d/lvfs-testing.conf.Q7K76Y”: Read-only file system
 2017-09-29 11:34:10 +01:00
Richard Hughes
94110f5983 Remove some deprecated #define names and bump the soname 
Also, bump soname as we're going to clean up a lot of things now.

Many thanks to Mario Limonciello for all the Debian-specific changes.
 2017-09-28 09:23:52 +01:00
Richard Hughes
53e04cf508 Prevent fwupd from mounting filesystems 
Fixes: https://github.com/hughsie/fwupd/issues/270
 2017-09-27 12:41:23 +01:00
Richard Hughes
d3e4e7dcec Revert "Drop CAP_SYS_ADMIN" 
This reverts commit 297ea34f1b.
 2017-09-27 12:40:28 +01:00
Richard Hughes
7ada7a8678 Add support for SMBIOSv3 
Fixes https://github.com/hughsie/fwupd/issues/262
 2017-09-20 22:08:21 +01:00
Richard Hughes
34e25a0cc5 trivial: Remove EnableTestSuite from daemon.conf 
The same thing can be done using BlacklistPlugins=test
 2017-09-19 20:06:44 +01:00
Richard Hughes
10bd8ecfb8 trivial: Remove EnableOptionROM from daemon.conf 
The exact same thing can be done using BlacklistPlugins=udev
 2017-09-19 20:06:44 +01:00
Richard Hughes
c2af1964b9 trivial: Move /etc/fwupd.conf to /etc/fwupd/daemon.conf 2017-09-19 20:06:44 +01:00
Richard Hughes
297ea34f1b Drop CAP_SYS_ADMIN 
Fixes: https://github.com/hughsie/fwupd/issues/98
 2017-09-19 12:01:45 +01:00
Richard Hughes
a0de807a61 trivial: Remove the long deprecated DownloadURI config key 2017-09-19 09:54:45 +01:00
Richard Hughes
7769fb8da7 trivial: Add some more FuEngine self tests 2017-09-18 11:12:52 +01:00
Richard Hughes
4f98fe89ba trivial: Use a different SYSCONFDIR for self tests 2017-09-17 08:38:43 +01:00
Richard Hughes
882ab6b4d0 trivial: Add a self tests for the broken metadata bug 2017-09-16 17:53:16 +01:00
Richard Hughes
48ad97fd61 Add a human-readable title for each remote 
This allows us to show something useful in a GUI.
 2017-09-10 09:08:32 +01:00
Mario Limonciello
c15b126b00 trivial: Don't enable tests in data/tests unless -Denable-tests is set 2017-09-08 09:24:54 +01:00
Richard Hughes
49e5e05aa8 Parse the SMBIOS DMI table directly 
The Linux DMI class still does not provide the information we need, and parsing
the blob directly also allows the Dell and Redfish plugins to get the raw data.
 2017-09-05 18:10:36 +01:00
Yehezkel Bernat
e6c00362ad thunderbolt: image validation implemented 
Fixes: https://github.com/hughsie/fwupd/issues/189

Signed-off-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
 2017-08-30 12:37:34 +01:00
Richard Hughes
07a91a4366 trivial: Use the new LVFS CA certificate 
According to the crypto experts, path_len=1 makes things more secure for a CA
to prevent the Sub-CAs from issuing further Sub-Sub-CAs. I'll stick to code.
 2017-08-23 15:36:22 +01:00
Richard Hughes
c6afb51e32 Add a FirmwareBaseURI parameter to the remote configs 
This allows somebody to mirror the CDN without resigning the metadata files.

Fixes: https://github.com/hughsie/fwupd/issues/186
 2017-08-23 14:22:12 +01:00
Richard Hughes
0dea1efb92 Use MetadataURI for both kinds of remote 
I think this is clearer having one key for both types of remote.
 2017-08-23 14:22:08 +01:00
Richard Hughes
d067ed675e Add a configure switch for the LVFS remotes 
On embedded devices these are not required.
 2017-08-22 10:37:26 +01:00
Richard Hughes
38c1685c92 Do not install the PKCS7 certificate if installed with -Denable-pkcs7=false 2017-08-21 14:48:58 +01:00
Richard Hughes
f03f386c68 trivial: Add a test for firmware signed with a derivative of the LVFS key 
This also switches around the test for the self signed key to now fail, as the
generated certificate is no longer loaded into the trust list. This is a more
useful test as it more accurately represents what the fwupd daemon is doing.

As a side-note the detached signature from the derivate cannot be generated
using `--no-p7-include-cert` as only the main LVFS-CA certificate is shipped
with fwupd.
 2017-08-18 12:11:59 +01:00
Richard Hughes
7ce6c93bf5 Install the LVFS PKCS7 certificate 
This allows LVFS instances signed by the master key to distribute metadata and
firmware without using GPG and instead using PKCS7 certificates.
 2017-08-18 11:10:15 +01:00
Richard Hughes
14047d7d24 trivial: Split up the keyring setup and public key adding 2017-08-18 11:10:03 +01:00
Richard Hughes
f69a4810fa Return the authority and timestamp as part of the signing validation 
This means we return an error when encountering a rollback attack. This can
currently be performed by providing the old metadata and old signature when
calling into UpdateMetadata.
 2017-08-17 16:15:47 +01:00
Mario Limonciello
38d7f13976 Allow configuring systemd and udev directories (Fixes: #176) 2017-08-16 17:02:32 -05:00
Richard Hughes
7403dc505f Optionally use GnuTLS to verify PKCS7 certificates 
We can use this as an alternative for GPG. No PKCS7 certificates are currently
installed by fwupd and it's expected that the LVFS will still only provide GPG
detached signatures.

If an OEM distributor wants to sign firmware with a PKCS7 and the corresponding
certificate is provided then the firmware will be marked as valid.

Only firmware shipping with a .p7b file will use the PKCS7 functionality,
similarly remote metadata validation will default to GPG unless Keyring=pkcs7
is specified in the config file.
 2017-08-14 09:42:48 +01:00
Richard Hughes
049ccc8f6c Add a helper function to spawn a subprocess 
This allows us to watch the output of a flashing tool and screen-scrape the
progress completion.
 2017-08-09 15:35:58 +01:00
Richard Hughes
41cbe2aab3 Add a firmware builder 
This runs a script inside the firmware archive to generate firmware specific to
the machine. This uses bubblewrap to protect the local machine.
 2017-08-09 10:33:39 +01:00
Richard Hughes
2d95a71a0c Support embedded devices with local firmware metadata 
In this mode, both the metadata and firmware is stored on the local filesystem
and distributed using a distribution system like OSTree.

Fixes https://github.com/hughsie/fwupd/issues/162
 2017-07-28 17:41:24 +01:00
Richard Hughes
3745e8e481 trivial: Fix spelling of delimiter 2017-07-18 10:20:59 +01:00
Mario Limonciello
ef2079b20a trivial: clarify delimitter in use for fwupd.conf is a semicolon 2017-07-17 14:50:17 -05:00
Mario Limonciello
5033d9c92e Add capability to enable test suite via /etc/fwupd.conf 2017-07-17 14:45:51 -05:00
Richard Hughes
55e0207b96 trivial: Add installed firmware tests for the K780 2017-07-03 20:17:43 +01:00
Richard Hughes
c4195b075d trivial: Add an installed test for the K780 2017-06-28 12:05:32 +01:00
Richard Hughes
433fbb4574 trivial: Do not cache junk if the LVFS returns 404 2017-06-28 12:05:32 +01:00
Mario Limonciello
cca4297153 trivial: Switch installedtests from python2 to python3 2017-06-22 13:42:59 -05:00
Richard Hughes
25f6a42f26 trivial: Fix the location of the hardware installed test cache 2017-06-22 19:03:52 +01:00
Richard Hughes
62e7393edf Add some installed tests which require specific hardware 2017-06-22 09:36:32 +01:00
Richard Hughes
71e73ca048 trivial: Fix the installed tests 
We ony want to replace the fake LVFS metadata with the real data after we've
downgraded the dummy device.
 2017-06-16 17:21:17 +01:00
Richard Hughes
0a87f6fb03 Store the metadata files rather than merging to one store 
Now we have multiple remotes that can be enabled or changed at runtime we need
to do several things better:

* Only load components from remotes that are enabled

* Only load a component if a higher priority remote has not already added it

Rather than just appending all recieved metadata into one big XML file, save
the original metadata .xml.gz files in /var/lib/fwupd/remotes.d and only load
them in the correct priority order if the remote is known and enabled.

Remove the old /var/cache/app-info/xmls/fwupd.xml file, also noting it wasn't
really a cache file at all but actually something quite important.
 2017-06-16 16:43:13 +01:00
Richard Hughes
f0bde3e4af Add a get-remotes command to fwupdmgr 
This allows the user to show the configured remotes.
 2017-06-16 14:31:20 +01:00
Richard Hughes
a71e0a71f6 Allow ordering the metadata remotes 
This allows us to load one metadata source file before or after another.
 2017-06-16 12:40:24 +01:00
Richard Hughes
bbde1df44f Fix downgrades when version_lowest is set 
Also, add some tests to test this with the dummy device.
 2017-06-16 12:40:15 +01:00
Richard Hughes
8a870d0399 trivial: Ensure there are no updates after the update is applied 2017-06-16 12:40:10 +01:00
Richard Hughes
b7bf715435 Add an installed test for device update 
This also moves the tests into one file as gnome-desktop-testing-runner
intentionally randomizes the order and runs them in parallel where allowed.
Since tests like get-updates have to be run after the metadata injection simply
put these into one test that calls a simple script.
 2017-06-15 20:19:03 +01:00
Richard Hughes
ae7e0d21b2 Add an installed test for verification 2017-06-15 16:23:52 +01:00
Richard Hughes
038ab7dcb2 Add an AppStream metainfo file 
This seems like the right thing to do, and also means we *could* move the NEWS
data in the future.
 2017-06-15 12:53:33 +01:00