extra/fwupd to 1.9.18-2

2025-03-19 00:21:40 +00:00 · 2024-04-25 00:11:59 +00:00 · 2024-04-25 00:11:59 +00:00 · a24c03a018
commit a24c03a018
parent 04c3434208
3 changed files with 18 additions and 48 deletions
--- a/extra/fwupd/.SRCINFO
+++ b/extra/fwupd/.SRCINFO
@ -1,7 +1,7 @@
 pkgbase = fwupd
 	pkgdesc = Simple daemon to allow session software to update firmware
 	pkgver = 1.9.18
-	pkgrel = 1
+	pkgrel = 2
 	url = https://github.com/fwupd/fwupd
 	arch = x86_64
 	license = LGPL-2.1-or-later
@ -56,13 +56,16 @@ pkgbase = fwupd
 	source = https://github.com/fwupd/fwupd/releases/download/1.9.18/fwupd-1.9.18.tar.xz
 	source = https://github.com/fwupd/fwupd/releases/download/1.9.18/fwupd-1.9.18.tar.xz.asc
 	source = fwupd.sysusers
+	source = more-allow-syscall-fixes.patch::https://github.com/fwupd/fwupd/pull/7171.patch
 	validpgpkeys = 163EB50119225DB3DF8F49EA17ACBA8DFA970E17
 	sha512sums = d5e0f3a8c741240f389628e2ed81f1e6ec21689bdcd39f692222114a2d495925a0f0720b10fbb0087362c0b734f4f0abfd8e105eff4695e41e645395e5587a50
 	sha512sums = SKIP
 	sha512sums = 637203080b55eda74a659f58c853a9a723a2dad5da70915b2b0e036c6145a649468ebec700cc83975d9cb5378b9dced8b3a3b26bdbcc75ddc774837355e75deb
+	sha512sums = 2d7066874f93406f033da6ec0cff89ef15d4026892c501f22721ff6991fc338d6f7fdbdff648978f7e762b4f7375679a417f78911196060e5efeba973d700e32
 	b2sums = 7dd1691e2db600085a61a545961730a14d74e3f8b3a66fd90092658e19336a8e11861202db063d64c936cac9ab12ebf7dcdd3a8dcd7ff01b05f0a860d8b4ba68
 	b2sums = SKIP
 	b2sums = e65ca7da22a20a40882cfc1fe4479643f9a38c90a4f2c3e71e6e5e3de1d6db212a0f17d600097619fe3cdb0a9b860422f8b0b9a9d45441518e51a7eb12a918bb
+	b2sums = 57213d3142f0d04ce8243f0c9292fe3c139c06c3740059ff9d12fcba6964d58cf9a2b5fbcd226e117707ad101f69be80fccfc7de94d5a67e3b7d8e4c6a5b4909

 pkgname = fwupd
 	depends = bash
--- a/extra/fwupd/0001-Use-simple-allow-listing-for-the-syscall-filter.patch
+++ b/extra/fwupd/0001-Use-simple-allow-listing-for-the-syscall-filter.patch
@ -1,44 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Richard Hughes <richard@hughsie.com>
-Date: Fri, 19 Apr 2024 17:43:51 +0100
-Subject: [PATCH] Use simple allow-listing for the syscall filter
-
-Sometimes KISS is a good idea, especially for security.
---
- data/meson.build | 21 ++++++++++++++-------
- 1 file changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/data/meson.build b/data/meson.build
-index 712fc7fd22d2..3ca9afa5a1bf 100644
--- a/data/meson.build
-+++ b/data/meson.build
-@@ -104,15 +104,22 @@ if build_daemon
-       dynamic_options += 'RestrictAddressFamilies=AF_NETLINK AF_UNIX'
-     endif
- 
-    # the order of SystemCallFilter is important as the first encountered will take precedence and
-    # will dictate the default action
-    syscall_allow = ['@system-service']
-    syscall_deny = ['@resources']
-+    # allow-list, see `systemd-analyze syscall-filter` for what each group adds
-+    syscall_filter = [
-+      '@basic-io',
-+      '@file-system',
-+      '@io-event',
-+      '@ipc',
-+      '@network-io',
-+      '@process',
-+      '@sync',
-+      'ioctl',
-+      'uname',
-+    ]
-     if allow_flashrom
-      syscall_allow += ['@raw-io']
-+      syscall_filter += ['@raw-io']
-     endif
-    dynamic_options += ['SystemCallFilter=' + ' '.join(syscall_allow)]
-    dynamic_options += ['SystemCallFilter=~' + ' '.join(syscall_deny)] # tilde is not a typo
-+    dynamic_options += ['SystemCallFilter=' + ' '.join(syscall_filter)]
- 
-     con2.set('dynamic_options', '\n'.join(dynamic_options))
-     con2.set('motd_dir', motd_dir)
--- a/extra/fwupd/PKGBUILD
+++ b/extra/fwupd/PKGBUILD
@ -17,7 +17,7 @@ pkgname=(
  fwupd-docs
 )
 pkgver=1.9.18
-pkgrel=1
+pkgrel=2
 pkgdesc="Simple daemon to allow session software to update firmware"
 arch=(x86_64)
 url='https://github.com/fwupd/fwupd'
@ -70,15 +70,26 @@ checkdepends=(umockdev)
 source=(
  "https://github.com/fwupd/fwupd/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.xz"{,.asc}
  fwupd.sysusers
+  more-allow-syscall-fixes.patch::https://github.com/fwupd/fwupd/pull/7171.patch
 )
 sha512sums=('d5e0f3a8c741240f389628e2ed81f1e6ec21689bdcd39f692222114a2d495925a0f0720b10fbb0087362c0b734f4f0abfd8e105eff4695e41e645395e5587a50'
            'SKIP'
-            '637203080b55eda74a659f58c853a9a723a2dad5da70915b2b0e036c6145a649468ebec700cc83975d9cb5378b9dced8b3a3b26bdbcc75ddc774837355e75deb')
+            '637203080b55eda74a659f58c853a9a723a2dad5da70915b2b0e036c6145a649468ebec700cc83975d9cb5378b9dced8b3a3b26bdbcc75ddc774837355e75deb'
+            '2d7066874f93406f033da6ec0cff89ef15d4026892c501f22721ff6991fc338d6f7fdbdff648978f7e762b4f7375679a417f78911196060e5efeba973d700e32')
 b2sums=('7dd1691e2db600085a61a545961730a14d74e3f8b3a66fd90092658e19336a8e11861202db063d64c936cac9ab12ebf7dcdd3a8dcd7ff01b05f0a860d8b4ba68'
        'SKIP'
-        'e65ca7da22a20a40882cfc1fe4479643f9a38c90a4f2c3e71e6e5e3de1d6db212a0f17d600097619fe3cdb0a9b860422f8b0b9a9d45441518e51a7eb12a918bb')
+        'e65ca7da22a20a40882cfc1fe4479643f9a38c90a4f2c3e71e6e5e3de1d6db212a0f17d600097619fe3cdb0a9b860422f8b0b9a9d45441518e51a7eb12a918bb'
+        '57213d3142f0d04ce8243f0c9292fe3c139c06c3740059ff9d12fcba6964d58cf9a2b5fbcd226e117707ad101f69be80fccfc7de94d5a67e3b7d8e4c6a5b4909')
 validpgpkeys=(163EB50119225DB3DF8F49EA17ACBA8DFA970E17) # Richard Hughes <richard@hughsie.com>

+prepare() {
+  cd ${pkgname}-${pkgver}
+
+  # Unbreak syscall filtering check
+  # https://github.com/fwupd/fwupd/pull/7171
+  patch -Np1 -i ../more-allow-syscall-fixes.patch
+}
+
 build() {
  local meson_options=(
    -D docs=enabled