Just to confirm, when you replaced those files did you also restart the
fwupd process?
On Mon, Mar 28, 2016, 23:20 Seth Arnold <email address hidden> wrote:
> Richard, Mario, thanks for the feedback, it's been helpful.
>
> I'm not sure that everything's hooked up correctly though -- when I
> replace both these files with my own GPG key and run fwupdmgr refresh I
> get no errors:
>
> /etc/pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service
> /etc/pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service
>
> /var/cache/app-info/xmls/fwupd.xml
> is written and has a current timestamp.
>
> Removing those key files also doesn't appear to change anything.
>
> Removing the /usr/bin/gpg* executables didn't appear to change anything.
>
> I also tried to change the downloaded /tmp/firmware.xml.gz or
> /tmp/firmware.xml.gz.asc files to simulate corrupted or modified contents
> but had trouble getting the inotify magic to work. Testing this case will
> take more time than I've got at the moment but I suspect this error case
> is also not properly handled.
>
> Can these error conditions be properly handled before release? Is fwupd
> currently "released" enough to justify getting CVEs assigned for these
> unhandled error cases? Can they be programmatically tested to ensure they
> don't return?
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1536871
>
> Title:
> [MIR] fwupd
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1536871/+subscriptions
>
Seth,
Just to confirm, when you replaced those files did you also restart the
fwupd process?
On Mon, Mar 28, 2016, 23:20 Seth Arnold <email address hidden> wrote:
> Richard, Mario, thanks for the feedback, it's been helpful. fwupd-metadata/ GPG-KEY- Linux-Vendor- Firmware- Service fwupd/GPG- KEY-Linux- Vendor- Firmware- Service app-info/ xmls/fwupd. xml xml.gz or xml.gz. asc files to simulate corrupted or modified contents /bugs.launchpad .net/bugs/ 1536871 /bugs.launchpad .net/ubuntu/ +source/ fwupd/+ bug/1536871/ +subscriptions
>
> I'm not sure that everything's hooked up correctly though -- when I
> replace both these files with my own GPG key and run fwupdmgr refresh I
> get no errors:
>
> /etc/pki/
> /etc/pki/
>
> /var/cache/
> is written and has a current timestamp.
>
> Removing those key files also doesn't appear to change anything.
>
> Removing the /usr/bin/gpg* executables didn't appear to change anything.
>
> I also tried to change the downloaded /tmp/firmware.
> /tmp/firmware.
> but had trouble getting the inotify magic to work. Testing this case will
> take more time than I've got at the moment but I suspect this error case
> is also not properly handled.
>
> Can these error conditions be properly handled before release? Is fwupd
> currently "released" enough to justify getting CVEs assigned for these
> unhandled error cases? Can they be programmatically tested to ensure they
> don't return?
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> [MIR] fwupd
>
> To manage notifications about this bug go to:
> https:/
>