A user can place a JSON file in /etc/fwupd/bios-settings.d/ with
the default desired policy for the machine.
fwupd will load this policy on startup to ensure BIOS settings
are set as desired by the system administrator.
These are currently used interchangeably since there was indecisiveness
which to use as the feature was being developed.
As outward facing it will be named with "settings", change all uses
in the code to match this.
We used the firmware builder functionality to either build or modify
firmware images on the end-user system, e.g. copying the MAC address
from the old system image to the new system image.
Unfortunately running fwupd on the command line (e.g. ./src/fwupd)
leaves the tty connected and thus bubblewrap doesn't protect us from
installing malicious signed firmware. The firmware would have to have
been uploaded to the LVFS by a trusted vendor and signed before being
installed, which further decreases the severity of this problem.
As there was only one vendor who asked for this functionality (who have
yet to upload a single firmware to the LVFS...) just rip out this
functionality to reduce our attack surface and completely fix the bug,
and any like it.
Many thanks to Aaron Janse <aaron@ajanse.me> for discovering and
disclosing this issue to us.
Some of URLs disappeared. Marked all versions from the
commit as persistent on LVFS to avoid CABs loss.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
The four commands `get-details`, `install`, `install-blob`, and
`firmware-plugin` use device-id as second command argument but the
fwupdtool bash completion script does not completed it yet.
This calls function `_show_device_ids` to add completion for device-id
if completion the second argument of the commands mention above.
The commands `attach`, `detach`, `activate`, `verify-update`,
`reinstall`, and `get-updates` calls `_show_device_ids` but that
function is not defined in the fwduptool bash-completion script.
This defines the function `_show_device_ids` by reusing the function
of the name in the fwupdmgr bash-completion script.
Fixes:
$ sudo fwupdtool attach
^-- tabulation
bash: _show_device_ids: command not found
In most cases 'fwupdtool firmware-dump' and 'fwupdtool firmware-read'
are going to be the same. This isn't true in all cases, especially when
dealing with composite firmware like archives.
See https://github.com/fwupd/fwupd/pull/4623#issuecomment-1129227133
This means we get a few bugs fixed:
* We appear in the Add/Remove Programs UI
* We have an uninstaller that works on Windows 10
* The installation is pretty, and scriptable
* We actually install the translations
Unfortunately you can't detect the meson option:
```
../data/pki/meson.build:4:4: ERROR: Having a colon in option name is forbidden, projects are not allowed to directly access options of other subprojects.
```
So hardcode in top level meson.build that Windows doesn't take GPG.
Until systemd fixes this issue we don't want the fwupd-refresh.timer
to be running unless a distro has disabled DynamicUser and made a
static user.
Fixes: https://github.com/fwupd/fwupd/issues/3037
This key is used to specify that a dedicated user runs the fwupd
client process and sensitive strings such as the serial number should
be shared with the calling process.
(Fixes: #4524)
This is a feature that seems useful, but one that no vendor has actually
asked for. It's also of limited use for peripheral devices.
Showing the instance IDs by default is also going to make it much easier
to explain to hardware vendors where the GUIDs come from.
Fixes https://github.com/fwupd/fwupd/issues/4445
tristate features will automatically disable if dependencies marked
as required are missing.
Packagers can manually override using `auto_features`.
Link: https://mesonbuild.com/Build-options.html#features
