WIP fwupd: 1.0.5 -> 1.1.0 #39792
WIP fwupd: 1.0.5 -> 1.1.0 #39792
Conversation
|
You are running into this problem regarding locales: #38991 |
|
cc @jtojnar |
| @@ -71,6 +71,13 @@ in { | |||
| BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins} | |||
| ''; | |||
| }; | |||
| "fwupd/uefi.conf" = { | |||
| source = pkgs.writeText "daemon.conf" '' | |||
There was a problem hiding this comment.
Why do the names of the files mismatch?
|
From the changelog, the only thing that caught my eye were bash completions, but they use an exact path so it works for us. Upstream should probably switch to something like the following, as per https://www.bassi.io/articles/2018/03/15/pkg-config-and-paths/. bash_completion_dep = dependency('bash_completion')
completionsdir = bash_completion_dep.get_pkgconfig_variable(
'completionsdir',
define_variable: [ 'prefix', prefix ],
)@Mic92 I do not think that is #38991, the packages are built in sandbox so there should be no conflict with system archive. I have always seen the warning when setting @Moredread Regarding Could you add a comment saying that @GrahamcOfBorg test fwupd |
|
No attempt on aarch64-linux (full log) The following builds were skipped because they don't evaluate on aarch64-linux: tests.fwupd Partial log (click to expand)
|
|
Success on x86_64-linux (full log) Attempted: tests.fwupd Partial log (click to expand)
|
|
@jtojnar I'll try to get to it later today but I'm on vacation the next week or so, so I am not sure when I have the time. |
Moredread
force-pushed
the
fwupd
branch
2 times, most recently
from
1551d4c
to
5ed6380
Compare
|
@jtojnar have added the comment and created an upstream issue for the failing test. But might it be a better idea to provide a os-release file in the sandbox, or should that be as minimal as possible? We have several packages that patch out os-release relevant code and tests after all. |
| "fwupd/uefi.conf" = { | ||
| source = pkgs.writeText "uefi.conf" '' | ||
| [uefi] | ||
| OverrideESPMountPoint=/boot |
There was a problem hiding this comment.
The mount point is configurable on nixos so instead of being statically set, it should be:
OverrideESPMountPoint=${config.boot.loader.efi.efiSysMountPoint}
|
@jtojnar the issue for the missing os-release file has been closed upstream as nofix |
Moredread
force-pushed
the
fwupd
branch
2 times, most recently
from
d1efe1a
to
9f394fb
Compare
|
Besides the test issue the PR seems to be working and could be merged IMHO. Edit: I forgot about the rights issue in issue #39386. In short I need to mount the /boot partition with fmask=0002,dmask=0002, i.e. the group needs write access. As this already likely an issue older fwupd version, I rather create a new PR than block this one, as this needs further investigating. I'm not even sure if the permission changes reliably fixes the issue. |
|
Could you use the fix from #40872? |
|
In principle that would work (although I'd prefere to add the /tmp/os-release path to the list). This would expose the os-release parser to a potential attacker with arbitrary rights on a misconfigured system without the file in the default location. I'm not sure how much that would be an issue. |
|
Sounds reasonable. By the way, 1.0.8 is out: NEWS |
|
@jtonar The patch we apply doesn't work there anymore. I'm not sure when I'll have time to look at the issue, but will leave a comment when I work on that. |
|
Looks like the patch needs to update the context of |
|
Looks like 1.1.0 is out, for what it's worth: https://github.com/hughsie/fwupd/blob/1.1.0/NEWS Anyone know the status re:NixOS+fwupd? Is it expected to work if /boot is writable to the right groups/users? |
|
I will try to update it. The 1.1.0 changes look interesting. Edit: Never mind. Apparently, it was just ESP location auto-detection, we are setting the path in module anyway. |
|
Pushed. It would be great if anyone with relevant hardware could test this. |
GrahamcOfBorg
added
the
6.topic: GNOME
We override the ESP mount point in the config file /etc/fwupd/uefi.conf (available since version 1.0.6), as it is set to a path in the nix store during build time. Tests are disabled as it needs /etc/os-release, which is not available when building with sandboxing enabled.
|
Since this is a huge improvement we should probably merge it even if the UEFI update is still broken. |
I have used it to successfully update the firmware on a logitech receiver but not the machine firmware. |
|
@peterhoeg I had a few problems with permission, sometimes it worked, sometimes it didn't. (See #39386) You also have to copy over the UEFI files for fwupd manually, and remove them after the update has finished. I did a successful FW upgrade on an older version on my Dell laptop a few months ago so it should work in principal. |
|
Thanks all! Gave this a go, generally looks good and UEFI situation same as @Moredread reports above-- best I could figure out was to just copy the things over (and remove after). Finally updated my laptop's BIOS xD. |
We override the ESP mount point in the config file /etc/fwupd/uefi.conf
(available since version 1.0.6), as it is set to a path in the nix store
during build time.
Current issues: See issue #39386
Also:
Tests are disabled as it needs /etc/os-release, which is not available
when building with sandboxing enabled.
I also get a lot of
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)during the build, but am not sure if this is an issue with my system configuration.Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)