New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP fwupd: 1.0.5 -> 1.1.0 #39792
WIP fwupd: 1.0.5 -> 1.1.0 #39792
Conversation
You are running into this problem regarding locales: #38991 |
cc @jtojnar |
@@ -71,6 +71,13 @@ in { | |||
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins} | |||
''; | |||
}; | |||
"fwupd/uefi.conf" = { | |||
source = pkgs.writeText "daemon.conf" '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do the names of the files mismatch?
From the changelog, the only thing that caught my eye were bash completions, but they use an exact path so it works for us. Upstream should probably switch to something like the following, as per https://www.bassi.io/articles/2018/03/15/pkg-config-and-paths/. bash_completion_dep = dependency('bash_completion')
completionsdir = bash_completion_dep.get_pkgconfig_variable(
'completionsdir',
define_variable: [ 'prefix', prefix ],
) @Mic92 I do not think that is #38991, the packages are built in sandbox so there should be no conflict with system archive. I have always seen the warning when setting @Moredread Regarding Could you add a comment saying that @GrahamcOfBorg test fwupd |
No attempt on aarch64-linux (full log) The following builds were skipped because they don't evaluate on aarch64-linux: tests.fwupd Partial log (click to expand)
|
Success on x86_64-linux (full log) Attempted: tests.fwupd Partial log (click to expand)
|
@jtojnar I'll try to get to it later today but I'm on vacation the next week or so, so I am not sure when I have the time. |
1551d4c
to
5ed6380
Compare
@jtojnar have added the comment and created an upstream issue for the failing test. But might it be a better idea to provide a os-release file in the sandbox, or should that be as minimal as possible? We have several packages that patch out os-release relevant code and tests after all. |
"fwupd/uefi.conf" = { | ||
source = pkgs.writeText "uefi.conf" '' | ||
[uefi] | ||
OverrideESPMountPoint=/boot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The mount point is configurable on nixos so instead of being statically set, it should be:
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done :)
@jtojnar the issue for the missing os-release file has been closed upstream as nofix |
d1efe1a
to
9f394fb
Compare
Besides the test issue the PR seems to be working and could be merged IMHO. Edit: I forgot about the rights issue in issue #39386. In short I need to mount the /boot partition with fmask=0002,dmask=0002, i.e. the group needs write access. As this already likely an issue older fwupd version, I rather create a new PR than block this one, as this needs further investigating. I'm not even sure if the permission changes reliably fixes the issue. |
Could you use the fix from #40872? |
In principle that would work (although I'd prefere to add the /tmp/os-release path to the list). This would expose the os-release parser to a potential attacker with arbitrary rights on a misconfigured system without the file in the default location. I'm not sure how much that would be an issue. |
Sounds reasonable. By the way, 1.0.8 is out: NEWS |
@jtonar The patch we apply doesn't work there anymore. I'm not sure when I'll have time to look at the issue, but will leave a comment when I work on that. |
Looks like the patch needs to update the context of |
Looks like 1.1.0 is out, for what it's worth: https://github.com/hughsie/fwupd/blob/1.1.0/NEWS Anyone know the status re:NixOS+fwupd? Is it expected to work if /boot is writable to the right groups/users? |
I will try to update it. The 1.1.0 changes look interesting. Edit: Never mind. Apparently, it was just ESP location auto-detection, we are setting the path in module anyway. |
Pushed. It would be great if anyone with relevant hardware could test this. |
We override the ESP mount point in the config file /etc/fwupd/uefi.conf (available since version 1.0.6), as it is set to a path in the nix store during build time. Tests are disabled as it needs /etc/os-release, which is not available when building with sandboxing enabled.
Since this is a huge improvement we should probably merge it even if the UEFI update is still broken. |
I have used it to successfully update the firmware on a logitech receiver but not the machine firmware. |
@peterhoeg I had a few problems with permission, sometimes it worked, sometimes it didn't. (See #39386) You also have to copy over the UEFI files for fwupd manually, and remove them after the update has finished. I did a successful FW upgrade on an older version on my Dell laptop a few months ago so it should work in principal. |
Thanks all! Gave this a go, generally looks good and UEFI situation same as @Moredread reports above-- best I could figure out was to just copy the things over (and remove after). Finally updated my laptop's BIOS xD. |
We override the ESP mount point in the config file /etc/fwupd/uefi.conf
(available since version 1.0.6), as it is set to a path in the nix store
during build time.
Current issues: See issue #39386
Also:
Tests are disabled as it needs /etc/os-release, which is not available
when building with sandboxing enabled.
I also get a lot of
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
during the build, but am not sure if this is an issue with my system configuration.Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)