debian/0000775000000000000000000000000012673574043007203 5ustar debian/rules0000775000000000000000000000320312673572550010262 0ustar #!/usr/bin/make -f # -*- makefile -*- DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) EFIDIR ?= $(shell dpkg-vendor --query vendor | awk '{ print tolower($$0) }') SB_PACKAGE := ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes)) SB_PACKAGE := 1 deb_version := $(shell dpkg-parsechangelog | sed -ne "s/^Version: \(.*\)/\1/p") tar_name := fwupdate_$(deb_version)_$(DEB_HOST_ARCH).tar.gz endif buildroot := debian/tmp %: dh $@ override_dh_auto_build: dh_auto_build -- libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ libexecdir=\$${prefix}lib/ \ datadir=/var/cache/ \ localedir=/usr/share/locale/ \ GNUEFIDIR=\$${prefix}/lib \ EFIDIR=$(EFIDIR) sed 's,#EFIDIR#,$(EFIDIR),' \ debian/fwupdate.postrm.in > debian/fwupdate.postrm override_dh_auto_install: dh_auto_install -- libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ libexecdir=\$${prefix}lib/ \ datadir=/var/cache/ \ localedir=/usr/share/locale/ \ GNUEFIDIR=\$${prefix}/lib \ EFIDIR=$(EFIDIR) chmod -x ${buildroot}/boot/efi/EFI/$(EFIDIR)/*.efi cp debian/scripts/install.in ${buildroot}/usr/lib/fwupdate/install sed -i 's,#EFIDIR#,$(EFIDIR),' ${buildroot}/usr/lib/fwupdate/install override_dh_clean: dh_clean ifneq (,$(SB_PACKAGE)) rm -rf debian/fwupdate-images endif override_dh_builddeb: dh_builddeb -- -Zxz ifneq (,$(SB_PACKAGE)) mkdir -p debian/fwupdate-images/$(deb_version) cp efi/fwup*.efi debian/fwupdate-images/$(deb_version) echo $(deb_version) \ > debian/fwupdate-images/$(deb_version)/version cd debian/fwupdate-images && tar czvf ../../../$(tar_name) . dpkg-distaddfile $(tar_name) raw-uefi - endif debian/control0000664000000000000000000000411112673567562010613 0ustar Source: fwupdate Priority: optional Maintainer: Debian EFI Uploaders: Daniel Jared Dominguez , Steve McIntyre <93sam@debian.org>, Mario Limonciello Build-Depends: debhelper (>= 9.0.0), pkg-config, libpopt-dev, libefivar-dev (>= 0.16), gnu-efi (>= 3.0.2), elfutils Standards-Version: 3.9.6.1 Section: libs Homepage: https://github.com/rhinstaller/fwupdate Vcs-Git: git://anonscm.debian.org/uefi/fwupdate.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=uefi/fwupdate.git Package: libfwup-dev Section: libdevel Architecture: amd64 i386 armhf arm64 armel Multi-Arch: same Depends: libfwup0 (= ${binary:Version}), ${misc:Depends}, libefivar-dev (>= 0.16) Description: Development headers for linfwup fwupdate provides functionality to update system firmware. It has been initially designed to update firmware using UEFI capsule updates, but it is designed to be extensible to other firmware update standards. . This package provides development headers required to use libfwup. Package: fwupdate Section: admin Architecture: amd64 i386 armhf arm64 armel Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, libfwup0 (= ${binary:Version}), efibootmgr Description: Tools to manage UEFI firmware updates fwupdate provides functionality to update system firmware. It has been initially designed to update firmware using UEFI capsule updates, but it is designed to be extensible to other firmware update standards. . This package provides a simple command line interface to perform UEFI firmware updates. Package: libfwup0 Architecture: amd64 i386 armhf arm64 armel Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: Library to manage UEFI firmware updates fwupdate provides functionality to update system firmware. It has been initially designed to update firmware using UEFI capsule updates, but it is designed to be extensible to other firmware update standards. . This library is to allow for the simple manipulation of UEFI firmware updates. debian/README.source0000664000000000000000000000042612673527115011362 0ustar fwupdate for Debian ------------------- To build from the git tree, run: git-buildpackage -us -uc -S Then, if using sbuild, you can use something like: sbuild -s -c sid-amd64 -d unstable -- Daniel Jared Dominguez Thu, 21 May 2015 13:44:16 -0500 debian/scripts/0000775000000000000000000000000012673567740010700 5ustar debian/scripts/install.in0000775000000000000000000000244512673570043012674 0ustar #!/bin/sh DISTRIBUTOR=#EFIDIR# efi_vars_dir=/sys/firmware/efi/vars EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c SB="$efi_vars_dir/SecureBoot-$EFI_GLOBAL_VARIABLE/data" #if we have SB enabled, don't bother to install the unsigned file if [ -e "$SB" ] && \ [ "$(( $(printf 0x%x \'"$(cat $SB | cut -b1)") & 1 ))" = 1 ]; then SECURE_BOOT="1" fi if [ ! -d "$efi_vars_dir" ]; then echo "System not running in EFI mode, not installing to EFI system partition." exit 0 fi for BINARY in $(find /usr/lib/fwupdate -name '*.efi' -printf "%f\n"); do ESP="/boot/efi/EFI/$DISTRIBUTOR" ESP_FILE="$ESP/$BINARY" SIGNED_FILE="/usr/lib/fwupdate/$BINARY.signed" UNSIGNED_FILE="/usr/lib/fwupdate/$BINARY" if [ -f "$ESP_FILE" ]; then ESP_MD5=$(md5sum $ESP_FILE | sed 's, .*,,') fi if [ -f "$SIGNED_FILE" ]; then COMPARE=$SIGNED_FILE elif [ -z "$SECURE_BOOT" ]; then COMPARE=$UNSIGNED_FILE fi mkdir -p $ESP/fw if [ -n "$COMPARE" ]; then COMPARE_MD5=$(md5sum $COMPARE | sed 's, .*,,') if [ "$COMPARE_MD5" != "$ESP_MD5" ]; then rm -f $ESP_FILE echo "Installing $BINARY to EFI system partition." cp $COMPARE $ESP_FILE fi else echo "Signed binary for $BINARY is not available, not installing binary to EFI system partition." fi done debian/gbp.conf0000664000000000000000000000552312673527115010625 0ustar [DEFAULT] # the default build command: #builder = debuild -i -I # the default clean command: #cleaner = debuild clean # the default branch for upstream sources: #upstream-branch = upstream # the default branch for the debian patch: debian-branch = debian # the default tag formats used: upstream-tag = %(version)s debian-tag = Debian/%(version)s # use pristine-tar: #pristine-tar = True # don't check if debian-branch == current branch: #ignore-branch = True # Use color when on a terminal, alternatives: on/true, off/false or auto #color = auto # Options only affecting gbp buildpackage [buildpackage] # Look for a tag matching the upstream version when creating a tarball #upstream-tree = tag # uncomment this to automatically GPG sign tags: sign-tags = True # keyid to GPG sign tags with: #keyid = 0xdeadbeef # push to a remote repository after a successful tag: #posttag = git-push git.example.com # call lintian after a successful build: #postbuild = lintian $GBP_CHANGES_FILE # let package generate upstream changelog before build: #prebuild = GIT_DIR=$GBP_GIT_DIR debian/autogen.sh # use this for more svn-buildpackage like behaviour: #export-dir = ../build-area/ #tarball-dir = ../tarballs/ #ignore-new = True #export = HEAD # compress with bzip2 #compression = bzip2 # use best compression #compression-level = best # Don't send notifications, alternatives: on/true, off/false or auto #notify = off # Transparently handle submodules # submodules = True # Wheter to use cowbuilder via git-pbuilder(1) #pbuilder = True # Which distribution to use with git-pbuilder dist = unstable # Options to pass to pbuilder when using git-pbuilder #git-pbuilder-options = '--hookdir /etc/pbuilder/hooks' # Options only affecting gbp dch [dch] # options passed to git-log: #git-log = --no-merges # next snapshot number: #snapshot-number = snapshot + 1 # include 7 digits of the commit id in the changelog enty: #id-length = 7 # don't include information from meta tags: #meta = False # what tags to look for to generate bug-closing changelog entries: #meta-closes = Closes|LP # include the full commit message in the changelog: #full = True # ignore Signed-off-by: lines: #ignore-regex=(Signed-off|Acked)-by: # use author name and email from git-config: #git-author = True # Options only affecting gbp pq [pq] #patch-numbers = False # Options only affecting gbp clone [clone] #pristine-tar = True # Options only affecting gbp pull [pull] #pristine-tar = True # Options only affecting gbp create remote repo [create-remote-repo] # disable remote branch tracking #track = False ## Sample config to create remote repositore using gbp create-remote-repo: #[remote-config pkg-libvirt] ## Location of the repository #remote-url-pattern = ssh://git.debian.org/git/pkg-libvirt/%(pkg)s ## Template dir to passed to git-init #template-dir = /srv/alioth.debian.org/chroot/home/groups/pkg-libvirt/git-template debian/fwupdate.dirs0000664000000000000000000000002312673527115011676 0ustar var/cache/fwupdate debian/fwupdate.postrm.in0000664000000000000000000000253012673572261012675 0ustar #!/bin/sh # postrm script for fwupdate # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge) EFIDIR=#EFIDIR# if [ "${DPKG_MAINTSCRIPT_ARCH}" = "amd64" ]; then EFI_NAME=x64 elif [ "${DPKG_MAINTSCRIPT_ARCH}" = "i386" ]; then EFI_NAME=ia32 elif [ "${DPKG_MAINTSCRIPT_ARCH}" = "arm64" ]; then EFI_NAME=aa64 elif [ "${DPKG_MAINTSCRIPT_ARCH}" = "armhf" ]; then EFI_NAME=arm fi rm -f /boot/efi/EFI/$EFIDIR/fwup$EFI_NAME.efi rm -f /var/cache/fwupdate/done rm -rf /boot/efi/EFI/$EFIDIR/fw ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/fwupdate.postinst0000664000000000000000000000277512673527115012640 0ustar #!/bin/sh # postinst script for fwupdate # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) # in between 0.4 and 0.5 release, upstream renamed #the binary that was installed to the ESP. if dpkg --compare-versions "$2" lt "0.4-6"; then ID=$(lsb_release -is | awk '{ print tolower($0) }') if [ -f /boot/efi/EFI/$ID/fwupdate.efi ]; then rm -f /boot/efi/EFI/$ID/fwupdate.efi fi fi #install binary to ESP /usr/lib/fwupdate/install #cleanup from other potential installs #this is actually a systemd static service. #I would have done it with dh-systemd, but deb-systemd-invoke #won't run static services in postinst. /usr/lib/fwupdate/cleanup || true ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/docs0000664000000000000000000000000512673527115010047 0ustar TODO debian/clean0000664000000000000000000000007312673571662010214 0ustar linux/cleanup linux/cleanup.service debian/fwupdate.postrm debian/watch0000664000000000000000000000070112673527115010230 0ustar # You can run the "uscan" command to check for upstream updates and more. # See uscan(1) for format # Compulsory line, this is a version 3 file version=3 #opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/fwupdate-$1\.tar\.gz/ \ #https://github.com/vathpela/fwupdate/tags .*/v?(\d\S*)\.tar\.gz https://github.com/rhinstaller/fwupdate/releases \ .*[^n]/(?:|v|version-|r|REL_|rel-|fwupdate(?:_|-))(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) debian/copyright0000664000000000000000000000212512673527115011134 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: fwupdate Source: https://github.com/rhinstaller/fwupdate Files: * Copyright: 2014-2015 Peter Jones License: GPL-2.0+ Files: debian/* Copyright: 2015 Daniel Jared Dominguez License: GPL-2.0+ License: GPL-2.0+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". debian/libfwup-dev.install0000775000000000000000000000036412673527115013023 0ustar #!/bin/sh bindir=usr/bin datadir=usr/share includedir=usr/include libdir=usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH) mandir=${datadir}/man #echo ${mandir}/man3/* echo ${includedir}/\* echo ${libdir}/\*.so echo ${libdir}/pkgconfig/\*.pc debian/patches/0000775000000000000000000000000012673574023010630 5ustar debian/patches/series0000664000000000000000000000017212673574023012045 0ustar 0001-Clear-immuatable-bit-on-efivar-before-trying-to-remo.patch 0001-Run-efibootmgr-q-before-running-cleanup-script.patch debian/patches/0001-Run-efibootmgr-q-before-running-cleanup-script.patch0000664000000000000000000000137112673527115023233 0ustar From 0b7f0c8e3bcad37df795fc112670ab0a41436aff Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Sun, 20 Mar 2016 02:52:26 -0500 Subject: [PATCH] Run efibootmgr -q before running cleanup script This will test if EFI variables are actually available and cause the script to fail if they're not. --- linux/cleanup.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux/cleanup.in b/linux/cleanup.in index 55c5cdd..702dd2b 100755 --- a/linux/cleanup.in +++ b/linux/cleanup.in @@ -4,6 +4,8 @@ if [ -e "@@DATADIR@@fwupdate/done" ]; then exit 0 fi +efibootmgr -q + BOOTNUM=$(efibootmgr | grep "Linux.Firmware.Updater" | sed "s/\ .*//; s/*//; s/Boot//") if [ -n "$BOOTNUM" ]; then for num in $BOOTNUM; do -- 1.9.1 debian/patches/0001-Clear-immuatable-bit-on-efivar-before-trying-to-remo.patch0000664000000000000000000000137312673527115024171 0ustar From 535d3a0f9c096d452cc7e2b5be79cf964e2d6d5b Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Thu, 17 Mar 2016 10:20:45 -0500 Subject: [PATCH] Clear immuatable bit on efivar before trying to remove it (Fixes: #49) --- linux/cleanup.in | 1 + 1 file changed, 1 insertion(+) diff --git a/linux/cleanup.in b/linux/cleanup.in index 38eb884..55c5cdd 100755 --- a/linux/cleanup.in +++ b/linux/cleanup.in @@ -19,6 +19,7 @@ for x in /boot/efi/EFI/@@EFIDIR@@/fw/fwupdate-* ; do done for x in /sys/firmware/efi/efivars/fwupdate-*-0abba7dc-e516-4167-bbf5-4d9d1c739416 ; do if [ "${x}" != "/sys/firmware/efi/efivars/fwupdate-*-0abba7dc-e516-4167-bbf5-4d9d1c739416" ]; then + chattr -i "${x}" rm -f "${x}" fi done -- 1.9.1 debian/fwupdate.install0000775000000000000000000000045112673570145012414 0ustar #!/bin/sh bindir=usr/bin datadir=usr/share mandir=${datadir}/man libdir=usr/lib echo ${bindir}/fwupdate echo boot/efi/EFI/*/fwup*.efi /usr/lib/fwupdate/ echo ${datadir}/locale/en/\*.po echo ${mandir}/man1/\* echo ${mandir}/man3/\* echo ${libdir}/fwupdate/* echo ${libdir}/systemd/* /lib/systemd debian/changelog0000664000000000000000000001106712673574503011063 0ustar fwupdate (0.5-2ubuntu4) xenial; urgency=medium * Build DISTRIBUTOR into /usr/lib/fwupdate/install at build using dpkg-vendor. * Modify postrm script: - hardcode EFIDIR at build time - use DPKG_MAINTSCRIPT_ARCH -- Mario Limonciello Sun, 20 Mar 2016 14:12:38 -0500 fwupdate (0.5-2ubuntu3) xenial; urgency=medium * If EFI variables aren't available when the postinst runs, don't mistakingly mark the cleanup script as done. This avoids the cleanup done flag being written in chroot situations such as building a livefs. * Purge EFI binaries from ESP for correct architecture * If system isn't running in EFI mode, don't install binary to ESP directory -- Mario Limonciello Sun, 20 Mar 2016 02:55:41 -0500 fwupdate (0.5-2ubuntu2) xenial; urgency=medium * Remove immutable attribute in cleanup script due to a kernel behavioral change in ed8b0de5. * Correct one more path related to signed script -- Mario Limonciello Thu, 17 Mar 2016 10:33:16 -0500 fwupdate (0.5-2ubuntu1) xenial; urgency=medium * Correct the location of the signed binaries -- Mario Limonciello Wed, 16 Mar 2016 00:52:15 -0500 fwupdate (0.5-2) unstable; urgency=medium * Remove unowned files that were created by fwupdate through purge. (Fixes: #810697) -- Mario Limonciello Mon, 11 Jan 2016 16:04:19 -0600 fwupdate (0.5-1) unstable; urgency=medium * New upstream version: 0.5. * Drop all patches merged upstream. * debian/rules: Adjust GNUEFIDIR to not include prefix. * Adjust name of binary that is installed to ESP * Adjust build arguments to changes in build system * Add clean file for systemd rules that aren't automatically cleaned on make clean * Install systemd clean service script to /usr/lib/fwupdate * Install new man pages and systemd service files * Add efibootmgr to fwupdate dependencies to allow cleanup from postinst * Cleanup Bootnum for old fwupdate.efi. It will be regenerated with fwupd64.efi * Place the done file for the cleanup service in /var/cache * Call fwupdate cleanup in postinst to avoid problems with OS reinstallation * Install EFI binaries for non-x64 arch as well * Remove multiple Linux Firmware Updater entries if they exist * Create cache directory in package * Don't cleanup extra NVRAM boot entries on postinst. * Build a raw-uefi archive for use with UEFI signing * Add a common script for instaling fwup*.efi binary to ESP * Remove empty postinst and postrm scripts for libfwup0. * Only build raw-uefi archive on Ubuntu -- Mario Limonciello Thu, 19 Nov 2015 11:48:01 -0600 fwupdate (0.4-5) unstable; urgency=medium [ Mathieu Trudel-Lapierre ] * debian/patches/do-not-pesign: don't self-sign EFI binaries. * debian/control: dropped Build-Depends on pesign. [ Mario Limonciello ] * Backport 1c7f78 and 1c1218 to avoid errors if SHIM_DEBUG is missing. * Add myself to uploaders. -- Mario Limonciello Mon, 05 Oct 2015 14:43:51 -0500 fwupdate (0.4-4) unstable; urgency=medium [ Daniel Jared Dominguez ] * Don't depend on efibootmgr since fwupdate uses efivar to set BootNext * update VCS info [ Mario Limonciello ] * Adjust maintainer to be team owned. * Backport 05d715f and 448aaab to fix arm* FTBFS. (Closes: #792904) -- Mario Limonciello Wed, 09 Sep 2015 10:21:38 -0500 fwupdate (0.4-3) unstable; urgency=medium * We need elfutils now. -- Daniel Jared Dominguez Mon, 13 Jul 2015 15:44:47 -0500 fwupdate (0.4-2) unstable; urgency=medium [ Mario Limonciello ] * For the distribution directory make sure that it's lowercase. This is what Debian and Ubuntu use for their EFI directories. * Import a patch from upstream to fix linking order when --as-needed. * Don't store EFI application in /boot/EFI in debian package. This causes upgrade issues for the package. Move it over to /usr/lib/fwupdate and install in the postinst. * Add some patches that fix the Boot entry creation GUID. [ Daniel Jared Dominguez ] * Fix a minor "make install" weirdness with our library symlinks. * Add UEFI debugging stuff to the fwupdate binaries. (from upstream) -- Daniel Jared Dominguez Mon, 13 Jul 2015 13:32:42 -0500 fwupdate (0.4-1) unstable; urgency=low * Initial release (Closes: #785137) -- Daniel Jared Dominguez Mon, 01 Jun 2015 22:30:51 -0500 debian/libfwup0.install0000775000000000000000000000025312673527115012324 0ustar #!/bin/sh bindir=usr/bin datadir=usr/share includedir=usr/include libdir=usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH) mandir=${datadir}/man echo ${libdir}/\*.so.\* debian/README.Debian0000664000000000000000000000040112673527115011235 0ustar fwupdate for Debian ------------------- fwupdate is still heavily in development. As of this date, the functionality it provides is not yet available on most systems. -- Daniel Jared Dominguez Wed, 20 May 2015 17:16:02 -0500 debian/source/0000775000000000000000000000000012673527115010501 5ustar debian/source/format0000664000000000000000000000001412673527115011707 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212673527115010377 0ustar 9