diff --git a/.fwupd.metadata b/.fwupd.metadata new file mode 100644 index 0000000..276828b --- /dev/null +++ b/.fwupd.metadata @@ -0,0 +1 @@ +f03b7bf8db3960da755bcec27cf82722c6a730ff SOURCES/fwupd-1.0.8.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4e02fcb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/fwupd-1.0.8.tar.xz diff --git a/SOURCES/0001-Allow-running-on-an-older-systemd.patch b/SOURCES/0001-Allow-running-on-an-older-systemd.patch new file mode 100644 index 0000000..a6dde20 --- /dev/null +++ b/SOURCES/0001-Allow-running-on-an-older-systemd.patch @@ -0,0 +1,130 @@ +From 246ba5fed9f67047179f11a85c5fa4c869b62840 Mon Sep 17 00:00:00 2001 +From: Mario Limonciello +Date: Mon, 9 Jul 2018 17:09:41 -0500 +Subject: [PATCH] Allow running on an older systemd + +Build the path list dynamically based on enabled plugins and use options +that are compatible with older systemd when appropriate +--- + data/fwupd.service.in | 6 +---- + data/meson.build | 61 ++++++++++++++++++++++++++++--------------- + meson.build | 2 +- + 3 files changed, 42 insertions(+), 27 deletions(-) + +diff --git a/data/fwupd.service.in b/data/fwupd.service.in +index 7785439f..996ff4cf 100644 +--- a/data/fwupd.service.in ++++ b/data/fwupd.service.in +@@ -8,13 +8,9 @@ Before=gdm.service + Type=dbus + BusName=org.freedesktop.fwupd + ExecStart=@libexecdir@/fwupd/fwupd +-MemoryDenyWriteExecute=yes + PrivateTmp=yes +-ProtectControlGroups=yes + ProtectHome=yes +-ProtectKernelModules=yes + ProtectSystem=full + RestrictAddressFamilies=AF_NETLINK AF_UNIX +-RestrictRealtime=yes +-ReadWritePaths=@localstatedir@/lib/fwupd @sysconfdir@/fwupd/remotes.d -@bootdir@ + SystemCallFilter=~@mount ++@dynamic_options@ +diff --git a/data/meson.build b/data/meson.build +index 7adc0c05..c40b132b 100644 +--- a/data/meson.build ++++ b/data/meson.build +@@ -30,26 +30,47 @@ if get_option('daemon') + ) + endif + +-con2 = configuration_data() +-con2.set('libexecdir', libexecdir) +-con2.set('bindir', bindir) +-con2.set('localstatedir', localstatedir) +-con2.set('datadir', datadir) +-con2.set('bootdir', get_option('bootdir')) +-con2.set('sysconfdir', default_sysconfdir) ++if get_option('systemd') ++ con2 = configuration_data() ++ con2.set('libexecdir', libexecdir) ++ con2.set('bindir', bindir) ++ con2.set('localstatedir', localstatedir) ++ con2.set('datadir', datadir) ++ con2.set('bootdir', get_option('bootdir')) ++ con2.set('sysconfdir', default_sysconfdir) + +-# replace @libexecdir@ +-configure_file( +- input : 'org.freedesktop.fwupd.service.in', +- output : 'org.freedesktop.fwupd.service', +- configuration : con2, +- install: true, +- install_dir: join_paths(datadir, +- 'dbus-1', +- 'system-services'), +-) ++ rw_directories = [] ++ rw_directories += join_paths (localstatedir, 'lib', 'fwupd') ++ rw_directories += join_paths (default_sysconfdir, 'fwupd', 'remotes.d') ++ rw_directories += ['-/boot/efi', '-/boot', '-/efi'] ++ ++ ++ ++ dynamic_options = [] ++ if systemd.version().version_compare('>= 232') ++ dynamic_options += 'ProtectControlGroups=yes' ++ dynamic_options += 'ProtectKernelModules=yes' ++ endif ++ if systemd.version().version_compare('>= 231') ++ dynamic_options += 'RestrictRealtime=yes' ++ dynamic_options += 'MemoryDenyWriteExecute=yes' ++ dynamic_options += ['ReadWritePaths=' + ' '.join(rw_directories)] ++ else ++ dynamic_options += ['ReadWriteDirectories=' + ' '.join(rw_directories)] ++ endif ++ con2.set('dynamic_options', '\n'.join(dynamic_options)) ++ ++ # replace @libexecdir@ ++ configure_file( ++ input : 'org.freedesktop.fwupd.service.in', ++ output : 'org.freedesktop.fwupd.service', ++ configuration : con2, ++ install: true, ++ install_dir: join_paths(datadir, ++ 'dbus-1', ++ 'system-services'), ++ ) + +-if get_option('systemd') + # replace @bindir@ + configure_file( + input : 'fwupd-offline-update.service.in', +@@ -58,10 +79,8 @@ if get_option('systemd') + install: true, + install_dir: systemdunitdir, + ) +-endif + +-if get_option('systemd') +- # replace @localstatedir@, @sysconfdir@ and @bootdir@ ++ # replace @dynamic_options@ + configure_file( + input : 'fwupd.service.in', + output : 'fwupd.service', +diff --git a/meson.build b/meson.build +index 2f2710c2..fecdfca5 100644 +--- a/meson.build ++++ b/meson.build +@@ -225,7 +225,7 @@ if get_option('plugin_thunderbolt') + endif + + if get_option('systemd') +- systemd = dependency('systemd', version : '>= 231') ++ systemd = dependency('systemd', version : '>= 211') + conf.set('HAVE_SYSTEMD' , '1') + endif + +-- +2.17.1 + diff --git a/SOURCES/0001-Do-not-use-the-LVFS.patch b/SOURCES/0001-Do-not-use-the-LVFS.patch new file mode 100644 index 0000000..3c7d404 --- /dev/null +++ b/SOURCES/0001-Do-not-use-the-LVFS.patch @@ -0,0 +1,25 @@ +From de735a8c23b96e91cc70dec8228fc5617d35ed65 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Wed, 6 Jun 2018 12:10:25 +0100 +Subject: [PATCH 1/4] Do not use the LVFS + +--- + data/remotes.d/lvfs.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/remotes.d/lvfs.conf b/data/remotes.d/lvfs.conf +index 4e971be6..1cbbfaeb 100644 +--- a/data/remotes.d/lvfs.conf ++++ b/data/remotes.d/lvfs.conf +@@ -1,7 +1,7 @@ + [fwupd Remote] + + # this remote provides metadata and firmware marked as 'stable' from the LVFS +-Enabled=true ++Enabled=false + Title=Linux Vendor Firmware Service + Keyring=gpg + MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz +-- +2.17.1 + diff --git a/SOURCES/0002-Do-not-use-Python-version-3.patch b/SOURCES/0002-Do-not-use-Python-version-3.patch new file mode 100644 index 0000000..dff4055 --- /dev/null +++ b/SOURCES/0002-Do-not-use-Python-version-3.patch @@ -0,0 +1,125 @@ +From ac19a179deba767a6edafc8477ae168652039f5e Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Wed, 6 Jun 2018 12:10:59 +0100 +Subject: [PATCH 2/4] Do not use Python version 3 + +--- + contrib/firmware-packager/firmware-packager | 2 +- + data/installed-tests/hardware.py | 2 +- + libfwupd/generate-version-script.py | 2 +- + po/make-images | 23 +++++++++++---------- + po/test-deps | 2 +- + 5 files changed, 16 insertions(+), 15 deletions(-) + +diff --git a/contrib/firmware-packager/firmware-packager b/contrib/firmware-packager/firmware-packager +index 23e543ce..23658e6c 100755 +--- a/contrib/firmware-packager/firmware-packager ++++ b/contrib/firmware-packager/firmware-packager +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/env python + # + # Copyright (C) 2017 Max Ehrlich max.ehr@gmail.com + # +diff --git a/data/installed-tests/hardware.py b/data/installed-tests/hardware.py +index 026b5086..d79529ce 100755 +--- a/data/installed-tests/hardware.py ++++ b/data/installed-tests/hardware.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/python3 ++#!/usr/bin/python + # pylint: disable=wrong-import-position,too-many-locals,unused-argument,wrong-import-order + # + # Copyright (C) 2017 Richard Hughes +diff --git a/libfwupd/generate-version-script.py b/libfwupd/generate-version-script.py +index a2dff9ba..e94c16c2 100755 +--- a/libfwupd/generate-version-script.py ++++ b/libfwupd/generate-version-script.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/env python + # pylint: disable=invalid-name,missing-docstring + # + # Copyright (C) 2017 Richard Hughes +diff --git a/po/make-images b/po/make-images +index 9f5bd4bc..de9254f7 100755 +--- a/po/make-images ++++ b/po/make-images +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/env python + """ This thing rasterizes text for use later """ + + # pylint: disable=wrong-import-position,too-many-locals,unused-argument +@@ -80,11 +80,11 @@ class Rasterizer: + PangoCairo.context_set_font_options(pctx, fo) + + attrs = Pango.AttrList() +- length = len(bytes(string, "utf8")) ++ length = len(string) + items = Pango.itemize(pctx, string, 0, length, attrs, None) + gs = Pango.GlyphString() + Pango.shape(string, length, items[0].analysis, gs) +- del img, cctx, pctx, layout ++ #del img, cctx, pctx, layout + + def find_size(fs, f, data): + """ find our size, I hope... """ +@@ -102,11 +102,11 @@ class Rasterizer: + log = data['log'] + ink = data['ink'] + +- height = math.ceil(max(ink.height, log.height) / Pango.SCALE) +- width = math.ceil(max(ink.width, log.width) / Pango.SCALE) ++ height = int(math.ceil(max(ink.height, log.height) / Pango.SCALE)) ++ width = int(math.ceil(max(ink.width, log.width) / Pango.SCALE)) + +- x = -math.ceil(log.x / Pango.SCALE) +- y = -math.ceil(log.y / Pango.SCALE) ++ x = int(-math.ceil(log.x / Pango.SCALE)) ++ y = int(-math.ceil(log.y / Pango.SCALE)) + + img = cairo.ImageSurface(cairo.FORMAT_RGB24, width, height) + cctx = cairo.Context(img) +@@ -129,7 +129,7 @@ class Rasterizer: + tmpname = filename[len(os.environ['DESTDIR']):] + except KeyError: + tmpname = filename[len(os.environ['MESON_BUILD_ROOT']):] +- print("Writing %s " % (tmpname,), end='\r') ++ print("Writing %s " % (tmpname,)) + def make_dir(d): + """ make our parent dir and then our own dir """ + if os.access(d, os.O_RDWR): +@@ -167,7 +167,9 @@ class Rasterizer: + nameinfo.update({'width': width, + 'height': height, + 'suffix': 'bmp'}) +- filename = self.pattern.format_map(nameinfo) ++ filename = self.pattern ++ for key in nameinfo: ++ filename = filename.replace('{' + key + '}', str(nameinfo[key])) + render_one(lang, string, width, height, filename) + print("") + +@@ -177,7 +179,6 @@ if __name__ == '__main__': + if len(sys.argv) != 4: + usage(1) + +- label = os.fsencode(sys.argv[1]).decode('utf-8') +- r = Rasterizer(label=label, modir=sys.argv[2], ++ r = Rasterizer(label=sys.argv[1], modir=sys.argv[2], + linguas=sys.argv[3]) + r.render() +diff --git a/po/test-deps b/po/test-deps +index cc8c9fd0..4d2be2da 100755 +--- a/po/test-deps ++++ b/po/test-deps +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/env python + """ Check dependencies needed for rasterization """ + + """ +-- +2.17.1 + diff --git a/SPECS/fwupd.spec b/SPECS/fwupd.spec new file mode 100644 index 0000000..bb8c6a1 --- /dev/null +++ b/SPECS/fwupd.spec @@ -0,0 +1,291 @@ +# Enable hardening in RHEL 7 +%global _hardened_build 1 + +%global glib2_version 2.45.8 +%global libappstream_version 0.7.4 +%global libgusb_version 0.2.9 +%global libsoup_version 2.51.92 +%global systemd_version 219 +%global json_glib_version 1.1.1 + +%global enable_tests 0 +%global enable_dummy 0 + +# fwupdate is only available on these arches +%ifarch x86_64 aarch64 +%global have_uefi 1 +%endif + +# libsmbios is only available on x86, and fwupdate is available on just x86_64 +%ifarch x86_64 +%global have_dell 1 +%endif + +# valgrind is not available on s390 +%ifarch x86_64 aarch64 +%global have_valgrind 1 +%endif + +Summary: Firmware update daemon +Name: fwupd +Version: 1.0.8 +Release: 5%{?dist} +License: LGPLv2+ +URL: https://github.com/hughsie/fwupd +Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz + +# neuter the LVFS +Patch2: 0001-Do-not-use-the-LVFS.patch +Patch3: 0002-Do-not-use-Python-version-3.patch + +# backport +Patch6: 0001-Allow-running-on-an-older-systemd.patch + +BuildRequires: gettext +BuildRequires: glib2-devel >= %{glib2_version} +BuildRequires: libappstream-glib-devel >= %{libappstream_version} +BuildRequires: libgudev1-devel +BuildRequires: libgusb-devel >= %{libgusb_version} +BuildRequires: libsoup-devel >= %{libsoup_version} +BuildRequires: polkit-devel >= 0.103 +BuildRequires: sqlite-devel +BuildRequires: gpgme-devel +BuildRequires: systemd >= %{systemd_version} +BuildRequires: libarchive-devel +BuildRequires: gobject-introspection-devel +BuildRequires: gcab +%if 0%{?have_valgrind} +BuildRequires: valgrind +BuildRequires: valgrind-devel +%endif +BuildRequires: elfutils-libelf-devel +BuildRequires: gtk-doc +BuildRequires: libuuid-devel +BuildRequires: meson +BuildRequires: help2man +BuildRequires: json-glib-devel >= %{json_glib_version} +BuildRequires: vala + +%if 0%{?have_dell} +BuildRequires: efivar-devel +BuildRequires: libsmbios-devel >= 2.3.0 +%endif + +%if 0%{?have_uefi} +BuildRequires: fwupdate-devel >= 10 +%endif + +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +Requires: glib2%{?_isa} >= %{glib2_version} +Requires: libappstream-glib%{?_isa} >= %{libappstream_version} +Requires: libgusb%{?_isa} >= %{libgusb_version} +Requires: libsoup%{?_isa} >= %{libsoup_version} + +Obsoletes: fwupd-sign < 0.1.6 +Obsoletes: libebitdo < 0.7.5-3 + +%description +fwupd is a daemon to allow session software to update device firmware. + +%package devel +Summary: Development package for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: libebitdo-devel < 0.7.5-3 +Obsoletes: libdfu-devel < 1.0.0 + +%description devel +Files for development with %{name}. + +%prep +%setup -q +%patch2 -p1 -b .no-lvfs +%patch3 -p1 -b .no-python3 +%patch6 -p1 -b .old-systemd + +%build + +%meson \ + -Dpkcs7=false \ + -Dgtkdoc=true \ +%if 0%{?enable_tests} + -Dtests=true \ +%else + -Dtests=false \ +%endif +%if 0%{?enable_dummy} + -Dplugin_dummy=true \ +%else + -Dplugin_dummy=false \ +%endif + -Dplugin_thunderbolt=true \ +%if 0%{?have_uefi} + -Dplugin_uefi=true \ + -Dplugin_uefi_labels=false \ +%else + -Dplugin_uefi=false \ + -Dplugin_uefi_labels=false \ +%endif +%if 0%{?have_dell} + -Dplugin_dell=true \ + -Dplugin_synaptics=true \ +%else + -Dplugin_dell=false \ + -Dplugin_synaptics=false \ +%endif + -Dman=true + +%meson_build + +%if 0%{?enable_tests} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg + +%find_lang %{name} + +%post +/sbin/ldconfig +%systemd_post fwupd.service + +%preun +%systemd_preun fwupd.service + +%postun +/sbin/ldconfig +%systemd_postun_with_restart fwupd.service + +%files -f %{name}.lang +%doc README.md AUTHORS NEWS +%license COPYING +%config(noreplace)%{_sysconfdir}/fwupd/daemon.conf +%if 0%{?have_uefi} +%config(noreplace)%{_sysconfdir}/fwupd/uefi.conf +%endif +%dir %{_libexecdir}/fwupd +%{_libexecdir}/fwupd/fwupd +%{_libexecdir}/fwupd/fwupdtool +%{_bindir}/dfu-tool +%{_bindir}/fwupdmgr +%dir %{_sysconfdir}/fwupd +%dir %{_sysconfdir}/fwupd/remotes.d +%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd.conf +%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/lvfs.conf +%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/lvfs-testing.conf +%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor.conf +%config(noreplace)%{_sysconfdir}/pki/fwupd +%{_sysconfdir}/pki/fwupd-metadata +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.fwupd.conf +%{_datadir}/fwupd/metainfo/org.freedesktop.fwupd*.metainfo.xml +%{_datadir}/fwupd/remotes.d/fwupd/metadata.xml +%{_datadir}/fwupd/remotes.d/vendor/firmware/README.md +%{_datadir}/dbus-1/interfaces/org.freedesktop.fwupd.xml +%{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy +%{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules +%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service +%{_datadir}/man/man1/dfu-tool.1.gz +%{_datadir}/man/man1/fwupdmgr.1.gz +%{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml +%{_datadir}/fwupd/firmware-packager +%{_unitdir}/fwupd-offline-update.service +%{_unitdir}/fwupd.service +%{_unitdir}/system-update.target.wants/ +%dir %{_localstatedir}/lib/fwupd +%dir %{_datadir}/fwupd/quirks.d +%{_datadir}/fwupd/quirks.d/*.quirk +%{_localstatedir}/lib/fwupd/builder/README.md +%{_libdir}/libfwupd*.so.* +%{_libdir}/girepository-1.0/Fwupd-2.0.typelib +/usr/lib/udev/rules.d/*.rules +%dir %{_libdir}/fwupd-plugins-3 +%{_libdir}/fwupd-plugins-3/libfu_plugin_altos.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_amt.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_colorhug.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_csr.so +%if 0%{?have_dell} +%{_libdir}/fwupd-plugins-3/libfu_plugin_dell.so +%endif +%{_libdir}/fwupd-plugins-3/libfu_plugin_dfu.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_ebitdo.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_nitrokey.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_steelseries.so +%if 0%{?have_dell} +%{_libdir}/fwupd-plugins-3/libfu_plugin_synapticsmst.so +%endif +%if 0%{?enable_dummy} +%{_libdir}/fwupd-plugins-3/libfu_plugin_test.so +%endif +%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt_power.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_udev.so +%if 0%{?have_uefi} +%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi.so +%endif +%{_libdir}/fwupd-plugins-3/libfu_plugin_unifying.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_upower.so +%{_libdir}/fwupd-plugins-3/libfu_plugin_wacomhid.so +%ghost %{_localstatedir}/lib/fwupd/gnupg + +%files devel +%{_datadir}/gir-1.0/Fwupd-2.0.gir +%{_datadir}/gtk-doc/html/libfwupd +%{_datadir}/vala/vapi +%{_includedir}/fwupd-1 +%{_libdir}/libfwupd*.so +%{_libdir}/pkgconfig/fwupd.pc + +%changelog +* Tue Aug 13 2019 Richard Hughes 1.0.8-5 +- Fix a multilib install issue. +- Resolves: #1623466 + +* Wed Sep 05 2018 Kalev Lember 1.0.8-4 +- Build with full hardening enabled +- Resolves: #1616185 + +* Mon Jul 16 2018 Richard Hughes 1.0.8-3 +- Backport a fix to allow properly running on older systemd versions. +- Resolves: #1601550 + +* Thu Jun 14 2018 Richard Hughes 1.0.8-2 +- Build against the new libfwupdate +- Resolves: #1570028 + +* Fri Jun 08 2018 Richard Hughes 1.0.8-1 +- New upstream release +- Resolves: #1570028 + +* Mon Jan 08 2018 Richard Hughes 1.0.1-4 +- Enable the libsmbios dependency to get the Dell plugin +- Resolves: #1420913 + +* Thu Nov 23 2017 Richard Hughes 1.0.1-3 +- Remove the runtime dep on bubblewrap. +- Resolves: #1512620 + +* Tue Nov 14 2017 Richard Hughes 1.0.1-2 +- Enable Synaptics MST hub updates. +- Resolves: #1420913 + +* Thu Nov 09 2017 Richard Hughes 1.0.1-1 +- Rebase to 1.0.1, specifically the wip/hughsie/rhel75 branch which adds + back the automake build system and lowers the required versions of deps. +- This also un-neuters fwupd so that most of the plugins are functional, + for instance allowing updates of Thunderbolt controllers and Logitech + Unifying devices. However, the LVFS is still disabled. +- Resolves: #1313086 + +* Mon May 08 2017 Richard Hughes 0.8.2-2 +- Do not use the LVFS by default. +- Resolves: #1380827 + +* Thu Apr 20 2017 Richard Hughes 0.8.2-1 +- Initial upload for RHEL. +- Resolves: #1380827