Commit Graph

13 Commits

Author SHA1 Message Date
Richard Hughes
d5aab65f30 Use Jcat files in firmware archives and for metadata
A Jcat file can be used to store GPG, PKCS-7 and SHA-256 checksums for multiple
files. This allows us to sign a firmware or metadata multiple times (perhaps
by the OEM and also then the LVFS) which further decentralizes the trust model
of the LVFS.

The Jcat format was chosen as the Microsoft catalog format is nonfree and not
documented. We also don't want to modify an existing .cat file created from WU
as this may make it unsuitable to use on Windows.

More information can be found here: https://github.com/hughsie/libjcat
2020-03-23 19:55:12 +00:00
Richard Hughes
8b04e4d16d Add the Linux Foundation public GPG keys for firmware and metadata
In the future the Linux Foundation will be running the LVFS server.

To make this possible, include the Linux Foundation public keys by default as
we already trust them. Obviously the keys need to be available long before
vendors move, so nobody should get too worried at this point.
2018-05-21 20:23:00 +01:00
Richard Hughes
d0cff7caec Remove autoconf-isms from the meson configure options
See https://wiki.gnome.org/Initiatives/GnomeGoals/MesonPorting
2017-11-27 18:07:53 +00:00
Jan Tojnar
cc9f934787 build: Refactor directory selection
Previously, the various install paths were obtained using get_option
as needed.

This patch unifies the directory selection inside the top-level meson
file as requested in https://github.com/hughsie/colord/pull/62.
2017-11-17 17:11:51 +00:00
Richard Hughes
07a91a4366 trivial: Use the new LVFS CA certificate
According to the crypto experts, path_len=1 makes things more secure for a CA
to prevent the Sub-CAs from issuing further Sub-Sub-CAs. I'll stick to code.
2017-08-23 15:36:22 +01:00
Richard Hughes
38c1685c92 Do not install the PKCS7 certificate if installed with -Denable-pkcs7=false 2017-08-21 14:48:58 +01:00
Richard Hughes
7ce6c93bf5 Install the LVFS PKCS7 certificate
This allows LVFS instances signed by the master key to distribute metadata and
firmware without using GPG and instead using PKCS7 certificates.
2017-08-18 11:10:15 +01:00
Richard Hughes
14047d7d24 trivial: Split up the keyring setup and public key adding 2017-08-18 11:10:03 +01:00
Richard Hughes
1fdb335025 Remove the automake build system 2017-04-13 18:42:08 +01:00
Richard Hughes
57746cb839 Add the Meson build system as an alternate to autotools
Automake and autoconf are impossible to fully understand and Meson now provides
everything we need for a much smaller, faster, and more understandable build.

See http://mesonbuild.com/ for more information.
2017-04-12 16:35:18 +01:00
Richard Hughes
0bdd5cbcb8 Use the actual LVFS GPG key 2015-07-21 13:24:26 +01:00
Richard Hughes
ae0efdc5a7 Provide a way for clients to add new firmware metadata to the system cache
This is only possible if the metadata has been signed by a key that we trust.
2015-06-25 09:59:53 +01:00
Richard Hughes
36a889034c Add helper code to validate public key signatures
We'll use this in the future for checking device firmware.
2015-04-14 13:53:19 +01:00