packages/fwupd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!8 升级master工程fwupd到1.2.14版本

Browse Source 
From: @xigaoxinyan 
Reviewed-by: @zhuchunyi 
Signed-off-by: @zhuchunyi
This commit is contained in:
openeuler-ci-bot 2022-06-15 07:30:59 +00:00 committed by Gitee
commit f999dc58df
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 6 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
View File

@ -1,86 +0,0 @@
From b4627629cdaadd1a75d7c650b7c5973fcd18dfb0 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Thu, 1 Aug 2019 09:45:25 +0100
Subject: [PATCH] Relax the certificate time checks in the self tests for the
legacy certificate
One test verifies a firmware with a signature from the old LVFS which was
hosted on secure-lvfs.rhcloud.com and used the original PKCS-7 key. This key
had a two year validity (expiring today, ohh the naivety...) rather than the
newer fwupd.org key which expires in the year 2058.
For this specific test only, disable the certificate time checks to fix CI.
Fixes https://github.com/hughsie/fwupd/issues/1264
---
src/fu-keyring-pkcs7.c | 10 +++++++++-
src/fu-keyring.h | 6 ++++--
src/fu-self-test.c | 3 ++-
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/fu-keyring-pkcs7.c b/src/fu-keyring-pkcs7.c
index 6dc944ed..a42feaa7 100644
--- a/src/fu-keyring-pkcs7.c
+++ b/src/fu-keyring-pkcs7.c
@@ -642,6 +642,14 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
for (gint i = 0; i < count; i++) {
gnutls_pkcs7_signature_info_st info;
gint64 signing_time = 0;
+ gnutls_certificate_verify_flags verify_flags = 0;
+
+ /* use with care */
+ if (flags & FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS) {
+ g_debug ("WARNING: disabling time checks");
+ verify_flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+ verify_flags |= GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS;
+ }
/* verify the data against the detached signature */
if (flags & FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT) {
@@ -652,7 +660,7 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
0, /* vdata_size */
i, /* index */
&datum, /* data */
- 0); /* flags */
+ verify_flags);
}
if (rc < 0) {
g_set_error (error,
diff --git a/src/fu-keyring.h b/src/fu-keyring.h
index 39819ca4..2f20e35e 100644
--- a/src/fu-keyring.h
+++ b/src/fu-keyring.h
@@ -20,12 +20,14 @@ G_DECLARE_DERIVABLE_TYPE (FuKeyring, fu_keyring, FU, KEYRING, GObject)
* FuKeyringVerifyFlags:
* @FU_KEYRING_VERIFY_FLAG_NONE: No flags set
* @FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT: Use client certificate to verify
+ * @FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS: Disable checking of validity periods
*
* The flags to use when interacting with a keyring
**/
typedef enum {
- FU_KEYRING_VERIFY_FLAG_NONE = 0,
- FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT = 1 << 1,
+ FU_KEYRING_VERIFY_FLAG_NONE = 0,
+ FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT = 1 << 1,
+ FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS = 1 << 2,
/*< private >*/
FU_KEYRING_VERIFY_FLAG_LAST
} FuKeyringVerifyFlags;
diff --git a/src/fu-self-test.c b/src/fu-self-test.c
index 363f644e..24b12110 100644
--- a/src/fu-self-test.c
+++ b/src/fu-self-test.c
@@ -2628,7 +2628,8 @@ fu_keyring_pkcs7_func (void)
g_assert_no_error (error);
g_assert_nonnull (blob_sig);
result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
- FU_KEYRING_VERIFY_FLAG_NONE, &error);
+ FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS,
+ &error);
g_assert_no_error (error);
g_assert_nonnull (result_pass);
g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), >= , 1502871248);
--
2.19.1

BIN
1.2.14.tar.gz Normal file
View File

Binary file not shown.

BIN
fwupd-1.2.9.tar.xz
View File

Binary file not shown.

10
fwupd.spec
View File

@ -8,15 +8,14 @@
%endif
Name: fwupd
Version: 1.2.9
Release: 3
Version: 1.2.14
Release: 1
Summary: Make updating firmware on Linux automatic, safe and reliable
License: LGPLv2+
URL: https://github.com/fwupd/fwupd/releases
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
Source0: https://github.com/fwupd/fwupd/archive/refs/tags/%{version}.tar.gz
#Self-tests are failing due to an expired cert #1264
Patch0000: 0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
Patch6000: Set-polling-self-tests-to-slow.patch
BuildRequires: gettext glib2-devel libxmlb-devel valgrind valgrind-devel libgcab1-devel
@ -175,6 +174,9 @@ mkdir -pm 0700 %{buildroot}%{_localstatedir}/lib/%{name}/gnupg
%{_datadir}/man/man1/*
%changelog
* Wed Jun 15 2022 xigaoxinyan <xigaoxinyan@h-partners.com> - 1.2.14-1
- Update to 1.2.14
* Sun Jun 28 2020 huanghaitao <huanghaitao@huawei.com> - 1.2.9-3
- Solve build problem with check