Package init

2019-12-14 18:54:21 +08:00 · 2019-12-14 18:54:21 +08:00 · 04b292c8c9
commit 04b292c8c9
parent 568e401327
5 changed files with 267 additions and 75 deletions
--- a/0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
+++ b/0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
@ -0,0 +1,86 @@
+From b4627629cdaadd1a75d7c650b7c5973fcd18dfb0 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard@hughsie.com>
+Date: Thu, 1 Aug 2019 09:45:25 +0100
+Subject: [PATCH] Relax the certificate time checks in the self tests for the
+ legacy certificate
+
+One test verifies a firmware with a signature from the old LVFS which was
+hosted on secure-lvfs.rhcloud.com and used the original PKCS-7 key. This key
+had a two year validity (expiring today, ohh the naivety...) rather than the
+newer fwupd.org key which expires in the year 2058.
+
+For this specific test only, disable the certificate time checks to fix CI.
+
+Fixes https://github.com/hughsie/fwupd/issues/1264
+---
+ src/fu-keyring-pkcs7.c | 10 +++++++++-
+ src/fu-keyring.h       |  6 ++++--
+ src/fu-self-test.c     |  3 ++-
+ 3 files changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/src/fu-keyring-pkcs7.c b/src/fu-keyring-pkcs7.c
+index 6dc944ed..a42feaa7 100644
+--- a/src/fu-keyring-pkcs7.c
+++ b/src/fu-keyring-pkcs7.c
+@@ -642,6 +642,14 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
+ 	for (gint i = 0; i < count; i++) {
+ 		gnutls_pkcs7_signature_info_st info;
+ 		gint64 signing_time = 0;
+		gnutls_certificate_verify_flags verify_flags = 0;
+
+		/* use with care */
+		if (flags & FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS) {
+			g_debug ("WARNING: disabling time checks");
+			verify_flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+			verify_flags |= GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS;
+		}
+ 
+ 		/* verify the data against the detached signature */
+ 		if (flags & FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT) {
+@@ -652,7 +660,7 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
+ 						  0,    /* vdata_size */
+ 						  i,    /* index */
+ 						  &datum, /* data */
+-						  0);   /* flags */
+						  verify_flags);
+ 		}
+ 		if (rc < 0) {
+ 			g_set_error (error,
+diff --git a/src/fu-keyring.h b/src/fu-keyring.h
+index 39819ca4..2f20e35e 100644
+--- a/src/fu-keyring.h
+++ b/src/fu-keyring.h
+@@ -20,12 +20,14 @@ G_DECLARE_DERIVABLE_TYPE (FuKeyring, fu_keyring, FU, KEYRING, GObject)
+  * FuKeyringVerifyFlags:
+  * @FU_KEYRING_VERIFY_FLAG_NONE:		No flags set
+  * @FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT:	Use client certificate to verify
+ * @FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS:	Disable checking of validity periods
+  *
+  * The flags to use when interacting with a keyring
+  **/
+ typedef enum {
+-	FU_KEYRING_VERIFY_FLAG_NONE		= 0,
+-	FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT	= 1 << 1,
+	FU_KEYRING_VERIFY_FLAG_NONE			= 0,
+	FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT		= 1 << 1,
+	FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS	= 1 << 2,
+ 	/*< private >*/
+ 	FU_KEYRING_VERIFY_FLAG_LAST
+ } FuKeyringVerifyFlags;
+diff --git a/src/fu-self-test.c b/src/fu-self-test.c
+index 363f644e..24b12110 100644
+--- a/src/fu-self-test.c
+++ b/src/fu-self-test.c
+@@ -2628,7 +2628,8 @@ fu_keyring_pkcs7_func (void)
+ 	g_assert_no_error (error);
+ 	g_assert_nonnull (blob_sig);
+ 	result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
+-					      FU_KEYRING_VERIFY_FLAG_NONE, &error);
+					      FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS,
+					      &error);
+ 	g_assert_no_error (error);
+ 	g_assert_nonnull (result_pass);
+ 	g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), >= , 1502871248);
+-- 
+2.19.1
+
--- a/README.en.md
+++ b/README.en.md
@ -1,36 +0,0 @@
-# fwupd
-
-#### Description
-{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
-
-#### Software Architecture
-Software architecture description
-
-#### Installation
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Instructions
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### Contribution
-
-1.  Fork the repository
-2.  Create Feat_xxx branch
-3.  Commit your code
-4.  Create Pull Request
-
-
-#### Gitee Feature
-
-1.  You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
-2.  Gitee blog [blog.gitee.com](https://blog.gitee.com)
-3.  Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
-4.  The most valuable open source project [GVP](https://gitee.com/gvp)
-5.  The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
-6.  The most popular members  [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
--- a/README.md
+++ b/README.md
@ -1,39 +0,0 @@
-# fwupd
-
-#### 介绍
-{**以下是码云平台说明，您可以替换此简介**
-码云是 OSCHINA 推出的基于 Git 的代码托管平台（同时支持 SVN）。专为开发者提供稳定、高效、安全的云端软件开发协作平台
-无论是个人、团队、或是企业，都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
-
-#### 软件架构
-软件架构说明
-
-
-#### 安装教程
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 使用说明
-
-1.  xxxx
-2.  xxxx
-3.  xxxx
-
-#### 参与贡献
-
-1.  Fork 本仓库
-2.  新建 Feat_xxx 分支
-3.  提交代码
-4.  新建 Pull Request
-
-
-#### 码云特技
-
-1.  使用 Readme\_XXX.md 来支持不同的语言，例如 Readme\_en.md, Readme\_zh.md
-2.  码云官方博客 [blog.gitee.com](https://blog.gitee.com)
-3.  你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
-4.  [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目，是码云综合评定出的优秀开源项目
-5.  码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
-6.  码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
--- a/fwupd-1.2.9.tar.xz
+++ b/fwupd-1.2.9.tar.xz
--- a/fwupd.spec
+++ b/fwupd.spec
@ -0,0 +1,181 @@
+%ifarch x86_64
+%bcond_without redfish
+%bcond_without libsmbios
+%endif
+
+%ifarch x86_64 aarch64
+%bcond_without uefi
+%endif
+
+Name:           fwupd
+Version:        1.2.9
+Release:        2
+Summary:        Make updating firmware on Linux automatic, safe and reliable
+License:        LGPLv2+
+URL:            https://github.com/fwupd/fwupd/releases
+Source0:        http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
+
+#Self-tests are failing due to an expired cert #1264
+Patch1:         0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
+
+BuildRequires:	gettext glib2-devel libxmlb-devel valgrind valgrind-devel libgcab1-devel
+BuildRequires:  gpgme-devel libgudev1-devel libgusb-devel libsoup-devel polkit-devel sqlite-devel libxslt
+BuildRequires:  gobject-introspection-devel libarchive-devel systemd gcab elfutils-libelf-devel
+BuildRequires:  bash-completion json-glib-devel help2man vala meson gnutls-utils gnutls-devel gtk-doc
+
+%if %{with uefi}
+BuildRequires: python3 python3-cairo python3-gobject python3-pillow
+BuildRequires: freetype fontconfig google-noto-sans-cjk-ttc-fonts
+BuildRequires: gnu-efi-devel pesign efivar-devel pango-devel cairo-devel cairo-gobject-devel
+%endif
+
+%if %{with redfish}
+BuildRequires: efivar-devel
+%endif
+
+%if %{with libsmbios}
+BuildRequires: efivar-devel libsmbios-devel
+%endif
+
+Requires:      glib2 bubblewrap libsoup libgusb libxmlb shared-mime-info
+Requires(post):systemd
+Requires(preun):systemd
+Requires(postun):systemd
+
+Recommends:    python3
+
+%description
+%{name} aims to make updating firmware on Linux automatic, safe and reliable.
+
+%package devel
+Summary:       Development and installed test files for %{name}
+Requires:      %{name} = %{version}-%{release}
+Provides:      %{name}-tests = %{version}-%{release}
+Obsoletes:     %{name}-tests < %{version}-%{release}
+
+%description devel
+This package contains the development and installed test files for %{name}.
+
+%package_help
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+%build
+%meson -Dtests=true -Dgtkdoc=true -Dplugin_dummy=true \
+%if %{with uefi}
+       -Dplugin_uefi=true -Dplugin_nvme=true \
+%else
+       -Dplugin_uefi=false -Dplugin_nvme=false \
+%endif
+%if %{with redfish}
+       -Dplugin_redfish=true \
+%else
+       -Dplugin_redfish=false \
+%endif
+%if %{with libsmbios}
+       -Dplugin_dell=true -Dplugin_synaptics=true \
+%else
+       -Dplugin_dell=false -Dplugin_synaptics=false \
+%endif
+       -Dman=true
+
+%meson_build
+
+%install
+%meson_install
+
+%if %{with uefi}
+%ifarch x86_64
+%pesign -s -i %{buildroot}%{_libexecdir}/%{name}/efi/%{name}x64.efi -o %{buildroot}%{_libexecdir}/%{name}/efi/%{name}x64.efi.signed
+%endif
+%ifarch aarch64
+%pesign -s -i %{buildroot}%{_libexecdir}/%{name}/efi/%{name}aa64.efi -o %{buildroot}%{_libexecdir}/%{name}/efi/%{name}aa64.efi.signed
+%endif
+%endif
+
+mkdir -pm 0700 %{buildroot}%{_localstatedir}/lib/%{name}/gnupg
+
+%find_lang %{name}
+
+%check
+%meson_test
+
+%post
+/sbin/ldconfig
+%systemd_post %{name}.service
+
+%preun
+%systemd_preun %{name}.service
+
+%postun
+/sbin/ldconfig
+%systemd_postun_with_restart %{name}.service
+%systemd_postun_with_restart pesign.service
+
+%files -f %{name}.lang
+%doc README.md
+%license COPYING AUTHORS
+%{_bindir}/*
+%config(noreplace)%{_sysconfdir}/%{name}/remotes.d/*.conf
+%config(noreplace)%{_sysconfdir}/pki/%{name}
+%config(noreplace)%{_sysconfdir}/%{name}/daemon.conf
+%{_sysconfdir}/pki/fwupd-metadata
+%{_sysconfdir}/dbus-1/system.d/*.%{name}.conf
+%{_libexecdir}/%{name}/%{name}
+%{_libexecdir}/%{name}/%{name}tool
+%{_libexecdir}/%{name}/%{name}agent
+%{_libexecdir}/%{name}/%{name}offline
+%{_datadir}/bash-*/completions/*
+%{_datadir}/%{name}/metainfo/*.metainfo.xml
+%{_datadir}/%{name}/remotes.d/*/*/*.md
+%{_datadir}/metainfo/*.metainfo.xml
+%{_datadir}/%{name}/firmware-packager
+%{_datadir}/dbus-1/interfaces/*.fwupd.xml
+%{_datadir}/dbus-1/system-services/*.service
+%{_datadir}/polkit-1/*/org.freedesktop*
+%{_datadir}/%{name}/quirks.d/
+%{_datadir}/icons/hicolor/scalable/apps/*.%{name}.svg
+%{_localstatedir}/lib/%{name}/*/*.md
+%{_libdir}/lib%{name}*.so.*
+%{_libdir}/girepository-1.0/*.typelib
+%{_prefix}/lib/udev/rules.d/*.rules
+%{_prefix}/lib/systemd/system*/%{name}.shutdown
+%{_unitdir}/*.service
+%{_unitdir}/*.wants/
+%{_libdir}/fwupd-plugins-3/*.so
+%ghost %{_localstatedir}/lib/fwupd/gnupg
+%if %{with uefi}
+%config(noreplace)%{_sysconfdir}/%{name}/uefi.conf
+%{_libexecdir}/%{name}/efi/*.efi
+%{_libexecdir}/%{name}/efi/*.efi.signed
+%{_libexecdir}/%{name}/fwupdate
+%{_datadir}/*/*/LC_IMAGES/%{name}*
+%endif
+%if %{with redfish}
+%config(noreplace)%{_sysconfdir}/%{name}/redfish.conf
+%endif
+%if %{with libsmbios}
+%{_datadir}/%{name}/remotes.d/dell*/*
+%endif
+
+%files devel
+%{_libdir}/*.so
+%{_libdir}/*/*.pc
+%{_includedir}/*
+%{_datadir}/vala/*
+%{_datadir}/gtk-doc/*/lib%{name}
+%{_datadir}/*/*.gir
+%{_datadir}/installed-tests/%{name}
+%dir %{_sysconfdir}/%{name}/remotes.d
+%config(noreplace)%{_sysconfdir}/%{name}/remotes.d/%{name}-tests.conf
+
+%files help
+%{_datadir}/man/man1/*
+
+%changelog
+* Mon Dec 9 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.2.9-2
+- Solve build problem of x86
+
+* Wed Nov 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.2.9-1
+- Package init