packages/fwupd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
dogsheng 2019-12-14 18:54:21 +08:00
parent 568e401327
commit 04b292c8c9
5 changed files with 267 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch Normal file
View File

@ -0,0 +1,86 @@
From b4627629cdaadd1a75d7c650b7c5973fcd18dfb0 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Thu, 1 Aug 2019 09:45:25 +0100
Subject: [PATCH] Relax the certificate time checks in the self tests for the
legacy certificate
One test verifies a firmware with a signature from the old LVFS which was
hosted on secure-lvfs.rhcloud.com and used the original PKCS-7 key. This key
had a two year validity (expiring today, ohh the naivety...) rather than the
newer fwupd.org key which expires in the year 2058.
For this specific test only, disable the certificate time checks to fix CI.
Fixes https://github.com/hughsie/fwupd/issues/1264
---
src/fu-keyring-pkcs7.c | 10 +++++++++-
src/fu-keyring.h | 6 ++++--
src/fu-self-test.c | 3 ++-
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/fu-keyring-pkcs7.c b/src/fu-keyring-pkcs7.c
index 6dc944ed..a42feaa7 100644
--- a/src/fu-keyring-pkcs7.c
+++ b/src/fu-keyring-pkcs7.c
@@ -642,6 +642,14 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
for (gint i = 0; i < count; i++) {
gnutls_pkcs7_signature_info_st info;
gint64 signing_time = 0;
+ gnutls_certificate_verify_flags verify_flags = 0;
+
+ /* use with care */
+ if (flags & FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS) {
+ g_debug ("WARNING: disabling time checks");
+ verify_flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+ verify_flags |= GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS;
+ }
/* verify the data against the detached signature */
if (flags & FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT) {
@@ -652,7 +660,7 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
0, /* vdata_size */
i, /* index */
&datum, /* data */
- 0); /* flags */
+ verify_flags);
}
if (rc < 0) {
g_set_error (error,
diff --git a/src/fu-keyring.h b/src/fu-keyring.h
index 39819ca4..2f20e35e 100644
--- a/src/fu-keyring.h
+++ b/src/fu-keyring.h
@@ -20,12 +20,14 @@ G_DECLARE_DERIVABLE_TYPE (FuKeyring, fu_keyring, FU, KEYRING, GObject)
* FuKeyringVerifyFlags:
* @FU_KEYRING_VERIFY_FLAG_NONE: No flags set
* @FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT: Use client certificate to verify
+ * @FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS: Disable checking of validity periods
*
* The flags to use when interacting with a keyring
**/
typedef enum {
- FU_KEYRING_VERIFY_FLAG_NONE = 0,
- FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT = 1 << 1,
+ FU_KEYRING_VERIFY_FLAG_NONE = 0,
+ FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT = 1 << 1,
+ FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS = 1 << 2,
/*< private >*/
FU_KEYRING_VERIFY_FLAG_LAST
} FuKeyringVerifyFlags;
diff --git a/src/fu-self-test.c b/src/fu-self-test.c
index 363f644e..24b12110 100644
--- a/src/fu-self-test.c
+++ b/src/fu-self-test.c
@@ -2628,7 +2628,8 @@ fu_keyring_pkcs7_func (void)
g_assert_no_error (error);
g_assert_nonnull (blob_sig);
result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
- FU_KEYRING_VERIFY_FLAG_NONE, &error);
+ FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS,
+ &error);
g_assert_no_error (error);
g_assert_nonnull (result_pass);
g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), >= , 1502871248);
--
2.19.1

36
README.en.md
View File

@ -1,36 +0,0 @@
# fwupd
#### Description
{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

39
README.md
View File

@ -1,39 +0,0 @@
# fwupd
#### 介绍
{**以下是码云平台说明,您可以替换此简介**
码云是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN。专为开发者提供稳定、高效、安全的云端软件开发协作平台
无论是个人、团队、或是企业,都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
#### 软件架构
软件架构说明
#### 安装教程
1. xxxx
2. xxxx
3. xxxx
#### 使用说明
1. xxxx
2. xxxx
3. xxxx
#### 参与贡献
1. Fork 本仓库
2. 新建 Feat_xxx 分支
3. 提交代码
4. 新建 Pull Request
#### 码云特技
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com)
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目
5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

BIN
fwupd-1.2.9.tar.xz Normal file
View File

Binary file not shown.

181
fwupd.spec Normal file
View File

@ -0,0 +1,181 @@
%ifarch x86_64
%bcond_without redfish
%bcond_without libsmbios
%endif
%ifarch x86_64 aarch64
%bcond_without uefi
%endif
Name: fwupd
Version: 1.2.9
Release: 2
Summary: Make updating firmware on Linux automatic, safe and reliable
License: LGPLv2+
URL: https://github.com/fwupd/fwupd/releases
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
#Self-tests are failing due to an expired cert #1264
Patch1: 0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
BuildRequires: gettext glib2-devel libxmlb-devel valgrind valgrind-devel libgcab1-devel
BuildRequires: gpgme-devel libgudev1-devel libgusb-devel libsoup-devel polkit-devel sqlite-devel libxslt
BuildRequires: gobject-introspection-devel libarchive-devel systemd gcab elfutils-libelf-devel
BuildRequires: bash-completion json-glib-devel help2man vala meson gnutls-utils gnutls-devel gtk-doc
%if %{with uefi}
BuildRequires: python3 python3-cairo python3-gobject python3-pillow
BuildRequires: freetype fontconfig google-noto-sans-cjk-ttc-fonts
BuildRequires: gnu-efi-devel pesign efivar-devel pango-devel cairo-devel cairo-gobject-devel
%endif
%if %{with redfish}
BuildRequires: efivar-devel
%endif
%if %{with libsmbios}
BuildRequires: efivar-devel libsmbios-devel
%endif
Requires: glib2 bubblewrap libsoup libgusb libxmlb shared-mime-info
Requires(post):systemd
Requires(preun):systemd
Requires(postun):systemd
Recommends: python3
%description
%{name} aims to make updating firmware on Linux automatic, safe and reliable.
%package devel
Summary: Development and installed test files for %{name}
Requires: %{name} = %{version}-%{release}
Provides: %{name}-tests = %{version}-%{release}
Obsoletes: %{name}-tests < %{version}-%{release}
%description devel
This package contains the development and installed test files for %{name}.
%package_help
%prep
%autosetup -n %{name}-%{version} -p1
%build
%meson -Dtests=true -Dgtkdoc=true -Dplugin_dummy=true \
%if %{with uefi}
-Dplugin_uefi=true -Dplugin_nvme=true \
%else
-Dplugin_uefi=false -Dplugin_nvme=false \
%endif
%if %{with redfish}
-Dplugin_redfish=true \
%else
-Dplugin_redfish=false \
%endif
%if %{with libsmbios}
-Dplugin_dell=true -Dplugin_synaptics=true \
%else
-Dplugin_dell=false -Dplugin_synaptics=false \
%endif
-Dman=true
%meson_build
%install
%meson_install
%if %{with uefi}
%ifarch x86_64
%pesign -s -i %{buildroot}%{_libexecdir}/%{name}/efi/%{name}x64.efi -o %{buildroot}%{_libexecdir}/%{name}/efi/%{name}x64.efi.signed
%endif
%ifarch aarch64
%pesign -s -i %{buildroot}%{_libexecdir}/%{name}/efi/%{name}aa64.efi -o %{buildroot}%{_libexecdir}/%{name}/efi/%{name}aa64.efi.signed
%endif
%endif
mkdir -pm 0700 %{buildroot}%{_localstatedir}/lib/%{name}/gnupg
%find_lang %{name}
%check
%meson_test
%post
/sbin/ldconfig
%systemd_post %{name}.service
%preun
%systemd_preun %{name}.service
%postun
/sbin/ldconfig
%systemd_postun_with_restart %{name}.service
%systemd_postun_with_restart pesign.service
%files -f %{name}.lang
%doc README.md
%license COPYING AUTHORS
%{_bindir}/*
%config(noreplace)%{_sysconfdir}/%{name}/remotes.d/*.conf
%config(noreplace)%{_sysconfdir}/pki/%{name}
%config(noreplace)%{_sysconfdir}/%{name}/daemon.conf
%{_sysconfdir}/pki/fwupd-metadata
%{_sysconfdir}/dbus-1/system.d/*.%{name}.conf
%{_libexecdir}/%{name}/%{name}
%{_libexecdir}/%{name}/%{name}tool
%{_libexecdir}/%{name}/%{name}agent
%{_libexecdir}/%{name}/%{name}offline
%{_datadir}/bash-*/completions/*
%{_datadir}/%{name}/metainfo/*.metainfo.xml
%{_datadir}/%{name}/remotes.d/*/*/*.md
%{_datadir}/metainfo/*.metainfo.xml
%{_datadir}/%{name}/firmware-packager
%{_datadir}/dbus-1/interfaces/*.fwupd.xml
%{_datadir}/dbus-1/system-services/*.service
%{_datadir}/polkit-1/*/org.freedesktop*
%{_datadir}/%{name}/quirks.d/
%{_datadir}/icons/hicolor/scalable/apps/*.%{name}.svg
%{_localstatedir}/lib/%{name}/*/*.md
%{_libdir}/lib%{name}*.so.*
%{_libdir}/girepository-1.0/*.typelib
%{_prefix}/lib/udev/rules.d/*.rules
%{_prefix}/lib/systemd/system*/%{name}.shutdown
%{_unitdir}/*.service
%{_unitdir}/*.wants/
%{_libdir}/fwupd-plugins-3/*.so
%ghost %{_localstatedir}/lib/fwupd/gnupg
%if %{with uefi}
%config(noreplace)%{_sysconfdir}/%{name}/uefi.conf
%{_libexecdir}/%{name}/efi/*.efi
%{_libexecdir}/%{name}/efi/*.efi.signed
%{_libexecdir}/%{name}/fwupdate
%{_datadir}/*/*/LC_IMAGES/%{name}*
%endif
%if %{with redfish}
%config(noreplace)%{_sysconfdir}/%{name}/redfish.conf
%endif
%if %{with libsmbios}
%{_datadir}/%{name}/remotes.d/dell*/*
%endif
%files devel
%{_libdir}/*.so
%{_libdir}/*/*.pc
%{_includedir}/*
%{_datadir}/vala/*
%{_datadir}/gtk-doc/*/lib%{name}
%{_datadir}/*/*.gir
%{_datadir}/installed-tests/%{name}
%dir %{_sysconfdir}/%{name}/remotes.d
%config(noreplace)%{_sysconfdir}/%{name}/remotes.d/%{name}-tests.conf
%files help
%{_datadir}/man/man1/*
%changelog
* Mon Dec 9 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.2.9-2
- Solve build problem of x86
* Wed Nov 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.2.9-1
- Package init