Makes `fwupd-refresh.service` strictly opt-in.
Some distros are defaulting to all systemd services on and causing
more refreshes than desirable by default, especially when using
both `gnome-software` and `fwupd-refresh.service`
Detect and parse current coreboot version.
There's no need to depend on libflashrom for now.
An update mechanism isn't implemented as the kernel interface isn't
stable yet and will be implemented in a separate commit.
Tested on coreboot enabled machine.
Example output:
coreboot System Firmware
DeviceId: 81104bde9db7cb037936659ea727c739f47a5029
Guid: 230c8b18-8d9b-53ec-838b-6cfc0383493a <- main-system-firmware
Guid: de6fd40f-4ec9-5c0b-95e1-8fb13d1b030c <- LENOVO&ThinkPad T410&2537VG5
Guid: 978b0d18-bfe9-5279-9a9f-68dc247a705f <- LENOVO&ThinkPad T410&LENOVO&2537VG5
Summary: Open Source system boot firmware
Plugin: coreboot
Flags: internal|registered
Vendor: LENOVO
Version: 4.10.991
VersionFormat: triplet
Icon: computer
Created: 2019-10-14
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
The new plugin is called `optionrom` as this is the only type of image that it
parses for verification only. FuUdevDevice is also the generic parent already.
`fwupd-refresh.service` uses `DynamicUser=true` which causes systemd
to make `/var/cache/fwupd` a symlink to `/var/cache/private/fwupd`.
Individual units aren't allowed to access this directory, only the ones
with the directive. This means that `fwupd.service` stops working as
soon as a user tries to start `fwupd-refresh.service`.
The bug details are present in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941360
The factory-shipped MinnowBoardMAX board has firmware that does not include
the ESRT table. Create a 'fake' UEFI device with the lowest possible version
so that it can be updated to any version firmware.
All the HwId GUIDs are used for the fake UEFI device, and so should be used in
the firmware metadata for releases that should recover the system.
- Moved version discovery routine to PKGBUILD
- Set PKGEXT to .pkg.tar to avoid the package being compressed
- Added --needed to pacman arguments when installing the dependencies to
avoid reinstalling packages
Signed-off-by: Filipe Laíns <lains@archlinux.org>
There are commits to the Thunderbolt kernel driver that make sure
that the upgrade process goes smoothly. If these commits aren't
present then it will look like a fwupd problem, when it's actually
a kernel problem.
When this issue was reported it appeared that commit
e4be8c9b6a
was missing from the locally tested kernel, but it's impossible
to determine that from userspace.
Prevent running the thunderbolt plugin on older kernels than that
set in `$sysconfdir/fwupd/thunderbolt.conf`.
By default that is set to 4.13.0, but if a distribution vendor has
backported all the necessary support it can be decreased to a lower
version for distro packages.
The test is run if a physical TPM is available or if the environment
variable "TPM_SERVER_RUNNING" is set. In the latter case, the user is
expected to start a TPM simulator on their own, like we do in the Arch
Linux CI script here.
Using the library instead of the command line tools provides a more
stable interface. This implementation only fetches PCR 0 for all
available hash algorithms since this is the only PCR that is actually
used in fwupd.
Since https://fwupd.github.io is now a thing, people can be directed there
rather than relying upon locally built documentation by default.
Also this will mean one less dependency to install for people who build
from source.
Lastly this finally means that I can do this set of actions without failure:
```
meson build
ninja -C build
ninja -C build install (PK prompts for password)
rm -rf build
```
Previously gtkdoc stuff was built as root due to the PK prompt and removing
it would lead to stuff like this:
```
rm: cannot remove 'build/docs/libfwupd/html/libfwupd-FwupdClient.html': Permission denied
```
For now this is happening on every master build, but in the future
after it's working reliably it should be restricted to only tagged
builds.
To accomplish this, swap a build from circlei and travisci that
will save docs to publish.
Fixes Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921820
Introduce a new --log option to fwupdmgr that will log stdout to an argument.
If run under systemd, prefix that argument with $RUNTIME_DIRECTORY.
Add a new systemd unit and associated timer to regularly refresh metadata.
After the metadata refresh is complete, save the output to the motd location.
The timer and service are disabled by default and can be enabled by an admin.
This adds a script which can check for ABI breaks between two Git
revisions:
$ ./contrib/ci/check-abi.sh
The CI is set up to run it automatically between the tip of the branch
being tested and the last release tag.
Based on the work by Mathieu Bridon <bochecha@daitauha.fr>, many thanks.
On Fedora 30 x86_64 I got:
docker run --privileged -t -v `pwd`:/build fwupd-fedora
...
Complete!
+ cp /root/rpmbuild/RPMS/noarch/fwupd-tests-1.2.10-0.1alpha.fc29.noarch.rpm /root/rpmbuild/RPMS/x86_64/fwupd-1.2.10-0.1alpha.fc29.x86_64.rpm /root/rpmbuild/RPMS/x86_64/fwupd-debuginfo-1.2.10-0.1alpha.fc29.x86_64.rpm /root/rpmbuild/RPMS/x86_64/fwupd-debugsource-1.2.10-0.1alpha.fc29.x86_64.rpm /root/rpmbuild/RPMS/x86_64/fwupd-devel-1.2.10-0.1alpha.fc29.x86_64.rpm dist
cp: target 'dist' is not a directory
This also means we now include a flashrom subproject as no distro currently has
a flashrom new enough to build the plugin.
Signed-off-by: Richard Hughes <richard@hughsie.com>
Signed-off-by: Artur Raglis <artur.raglis@3mdeb.com>
Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
Allow setting a minimum fwupd version requirement using `--minimum`.
If running on a distro with apt, try to use this to detect an already
installed version and compare what was passed in to `--minimum`.
* If new enough version, use the built in version
* If too old of a version or not specified, require package removal.
The systemd shutdown script gets called after /snap/fwupd/* gets
unmounted meaning it can't be used to do the activation.
Explicitly check that the symlink for /snap/fwupd/current is mounted
when calling the script.
