[SRU] support new cab and new docking firmware upgrade in fwupd 1.2.10

ref: https://launchpad.net/~aleksander-m/+archive/ubuntu/modemmanager-next

To SRU fwupd 1.2.5 to bionic the following actions are needed.

1) libxmlb needs to be backported (which you can see was done in that branch that was linked).

2) libxmlb needs to be patched to build on an older meson. Patch available here; https://github.com/hughsie/libxmlb/commit/378e1c3049ec94f344c2d8f336e84b5a1b0fdb31

3) fwupd needs to be patched to build on an older meson. Patch available here; https://github.com/hughsie/fwupd/commit/c622d927d97226e96ed0ab8842819c3d3c1de5a0

4) fwupd-signed needs to be introduced

5) fwupd-signed needs to replace/transition fwupdate-signed

libxmlb backport uploaded to the bionic SRU queue, thanks Mario for the "build with the old meson" patch

I didn't deal with fwupdate-signed but from past discussion I think we are going to want to remove this one to only have one signed binary in the archive. I don't think it's going to block the SRU to be accepted but would still be nice to handle it ... does anyone want to look at that one?

Unsure what's the deal with fwupdate then. Mario I guess you remember how upgrades were only in cosmic? Does fwupdate needs to get removed when fwupd is installed? Did you do anything to ensure the old one is not leftover on upgrade?

> 4) fwupd-signed needs to be introduced

> 5) fwupd-signed needs to replace/transition fwupdate-signed

Yes, this is going to be the part of this SRU that is going to need the most due diligence, because from an archive and key management point of view, we do not want to have both fwupd-signed and fwupdate-signed being updated in bionic, and we also do not want bionic users who have fwupdate-signed installed by default from main islanded where they cannot get fixes to this package.

So this needs to be treated as an exceptional SRU of fwupdate with a high standard of care.

an archive admin should review all of these at the same time, since libxmlb/fwupd-signed are in source NEW

per doing some investigation:

in bionic,

fwupdate-signed: /usr/lib/fwupdate/fwupx64.efi.signed
fwupdate: /usr/lib/fwupdate/fwupx64.efi

and there install script will install them to /boot/efi/EFI/ubuntu/

in disco, it becomes

fwupd-signed: /usr/lib/fwupd/efi/fwupdx64.efi.signed
fwupd: /usr/lib/fwupd/efi/fwupdx64.efi

for the machine I test, it does not install the file to any place under /boot/efi.

per check apt-cache show fwupd / fwupd-signed, I didn't find any conflict and break on fwupdate.

So maybe the transition is done by other methods per upgrade path from bionic to disco.

A firmware download from lvfs is in cab format.

We can use the command "fwupdmgr install [--allow-reinstall] file.cab", and a reboot to install it. [it could brick your computer, don't do it unless you have someone to save you.]

fwupd 1.0.9-0ubuntu2
libfwupd2:amd64 1.0.9-0ubuntu2

There is not libfwupd2-dev package.

We can also use gcab to extract firmware.bin from the cab file. You need to get guid from "fwupdate -l" and then command "fwupdate -a guid firmware.bin" and a reboot can install it. [it could brick your computer, don't do it unless you have someone to save you.]

fwupdate 12-3bionic2
fwupdate-signed 1.19bionic2+12-3bionic2
libfwup-dev:amd64 12-3bionic2
libfwup1:amd64 12-3bionic2

As replace fwupdate-signed by fwupd-signed, we also need to make sure the command "fwupdate -a guid firmware.bin" is compatiable with fwupd-signed per what I understand.

for #8, in disco, after using "fwupdmgr install xxx.cab", fwupdx64.efi does been installed in /boot/efi/EFI/ubuntu.

Per comment #8 and #9, #12

I would like to clarify that the way it works with newer fwupd is that the binary is installed into the EFI system partition dynamically as needed rather than at install time. This means that only people that are performing firmware upgrades would have the file installed.

A sample link to the code in question that accomplishes this:
https://github.com/hughsie/fwupd/blob/master/plugins/uefi/fu-uefi-bootmgr.c#L341

Where are we at in an terms of review on this SRU?

this sru will break fwupdate package in bionic/main. However fwupdate is in disco/universe.

Given that, maybe we shall go a clean break.

Per information from Mario, we need the new fwupd efi app from the new fwupd. However it's not compatiable with existing fwupdate. That's how fwupd break fwupdate.

new fwupd does provide compatiable command, which live in /usr/lib/fwupd/fwupdate.

Hello Yuan-Chen, or anyone else affected,

Accepted libxmlb into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libxmlb/0.1.8-1~ubuntu18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

libxmlb is accepted now into -proposed which is ok, and fwupd-signed has also been accepted into -proposed but is dep-wait because the corresponding fwupd has not yet been accepted, so this is also ok (though the accepting of fwupd-signed may have been an accident).

Accepting fwupd is BLOCKED until there is a clear plan for how we will migrate users from fwupdate to fwupd in SRU, with mitigation of any risk of regressions.

I'm unclear on the specifics goals required in terms of fwupdate compatibility during this transition.
1) 1 signed EFI binary in bionic?
2) Command line compatibility?
3) Other?

Steve, can you and/or Lukasz please clarify.

Currently in bionic:
1. fwupdate provides /usr/bin/fwupdate which is a command line debugging tool.
2. fwupdate provides an EFI application fwupx64.efi that gets installed into the ESP at deb install time
3. fwupdate-signed provides a signed version of <2>.
4. libfwup1 provides a library for applications to link with. In the archive the only consumer of this is fwupd.

So which aspects are important to keep?
1. new fwupd provides /usr/lib/fwupd/fwupdate and /usr/lib/fwupd/fwupdtool which collectively support all the same functions as /usr/bin/fwupdate, but not identical syntax.
As an example /usr/bin/fwupdate supported something like # fwupdate install -a GUID file.cap
For fwupd this is /usr/lib/fwupd/fwupdtool install-blob file.cap GUID
2. new fwupd provides the EFI application fwupdx64.efi and it gets installed to ESP at first use.
3. new fwupd-signed provides signed version of <2>
4. libfwup1 library is not needed anymore.

---

Is the requirement strict command line compatibility? Then to me I think the right answer is:
1) Rev fwupdate-signed as part of this SRU, make it a transition package.
2) In that transition package include a script in /usr/bin/fwupdate that either:
a) explains that this tool has been migrated and how to use the replacement tool
or
b) provides same syntax for a few common scenarios (such as install or debugging)
3) Make the fwupdate-signed package conflict/replace fwupdate package

This will accomplish not having two signed EFI binaries in the archive anymore and let the command line tool still work from the previous path.

PPA for fwupd 1.2.10.

https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd-1.2.10-1

Beware that it add an upstream patch debian/patches/disable-cert-time-check-in-self-test.patch. Without it, both 1.2.5 and 1.2.10 won't build today.

Yuan-Chen, I installed fwupd from your ppa. Logitech fw-update works, thanks.
unfortunately system firmware on my xps13 does not as fwupd complains about missing signed bootloader:
"UpdateError: missing signed bootloader for secure boot: /usr/lib/fwupd/efi/fwupdx64.efi.signed cannot be found"

I hope, once working correctly this ends up either in ubuntu bionic or at least in 'dell-support' (as 1.2.5-1~somerville1 there can't handle logitech :()

@Bearsh, Thank you for testing.

You also need to install fwupd-signed so it can work. Currently it only avaialbe to 1.2.5 ppa which is https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd-14

fwupdate has been dropped from eaon in bug #1841744.

It's also said discussed in debian to do so in debian.

https://salsa.debian.org/efi-team/fwupdate/commit/b4daba89c567d4cf52f5deaab1ea2ee13039d03f

Here's link for what's happening in Debian at 12-6.
https://tracker.debian.org/news/1061561/accepted-fwupdate-12-6-source-into-unstable/

FYI That did sync back to Ubuntu eoan as well. I think that as part of transitioning 18.04, it should come back to 18.04 with the updated SRU.

I've uploaded the transitional fwupdate to the queue, and rejected the old fwupd upload because it was based on 1.2.5 and AIUI the desire is to get 1.2.10 in bionic, ycheng promised to prepare that soon.

the updated the fwupd 1.2.10 ppa. It need the libxmlb that already in proposed channel.
https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd-1.2.10-2

Steve, could you have another look at this? Mario addressed the concerns in #19, and fwupdate backport in the queue should make the upgrade smooth.

I've also sponsored a new fwupd based on 1.2.10 from eoan.

Can we please follow up on this? This type of smooth upgrade stuff needs to happen before focal too so that people can jump from bionic->focal.

Hello, any updates on this? It would be good to get any review comments because the SRU will need to be modified again to include this as well: https://github.com/fwupd/fwupd/commit/004a0624d05211e8436060bb7af6b0c6f2d805a3

(See https://blogs.gnome.org/hughsie/2019/12/11/improving-the-security-model-of-the-lvfs/ for more details)

@Timo and Steve, for the patch in #30, I simply put the commit in debian/patch and modify series, then it can be perperly built.

The testing ppa build is in https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd-1.2.10-4 (without Timo's make up).

Per my reading of the blog article, we should include that patch for releases that's not EOL.

I have added an explicit test case for the packaging changes, since that is a large part of why this SRU has taken as long to sort out - we need to ensure that the package upgrades work correctly.

This test case uses update-manager, and NOT apt-get, because the behavior is different between the two regarding the removal of packages. I think the current upload will actually FAIL verification, because there is a Breaks: from the new fwupdate to fwupdate-signed, and fwupdate-signed is also installed by default. I expect update-manager to refuse to upgrade fwupdate in order to avoid removing fwupdate-signed.

There is also a bug in the packaging, which is that fwupdate has an unversioned Breaks: against fwupdate-signed; if this is required, it should be an unversioned Conflicts: instead. However, per the previous comment, I think we probably need to do something else here (such as making fwupdate-signed also be a dummy package built from fwupdate source which depends on fwupd-signed, or dropping the Breaks: entirely and ignoring the fact that fwupdate-signed is kept on disk, if that is appropriate).

Finally, I see that fwupd is introducing a Recommends: on bolt, tpm2-tools, and tpm2-abrmd in addition to fwupd-signed. This is not allowed; tpm2-abrmd and tpm2-tools are in universe in bionic. Also, while bolt is in main, in bionic it is only in the ubuntu-desktop task (via a Recommends: from gnome-shell), whereas fwupdate is a recommends of all of the desktop metapackages. We cannot promote bolt to be pulled into all of the desktop flavor images in SRU without discussion with the flavor teams.

I will reupload fwupd to drop these added Recommends.

Sorry, I was looking at a wrong path in the diff and it seems the tpm2-* Recommends: are only present in contrib/debian/control.in, not in debian/control.in. So that was done correctly and doesn't need changing. I'll still be dropping the Recommends: on bolt however.

An upload of fwupd to bionic-proposed has been rejected from the upload queue for the following reason: "reuploading without additional bolt recommends".

An upload of fwupd to bionic-proposed has been rejected from the upload queue for the following reason: "wtf g".

Hello Yuan-Chen, or anyone else affected,

Accepted fwupd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.2.10-1ubuntu2~ubuntu18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Additionally I notice that on my eoan system which has been continuously upgraded, I have both a /var/lib/fwupdate and a /var/cache/fwupdate directory left behind. Something should be taking care of cleaning these directories up on upgrade. Since the fwupdate transitional package in later releases did not do so, I think this needs to be done in the fwupd package now since the fwupdate package isn't guaranteed not to have already been removed (it is removed on my system).

I will not block the SRU on this.

$ ls -l /boot/efi/EFI/ubuntu/fwup*
-rwxr-xr-x 1 root root 71400 Mar 21 2018 /boot/efi/EFI/ubuntu/fwupx64.efi
$

Is this a bug that I don't have any newer EFI executable from fwupd copied to my ESP?

I think it *is* a bug that the binary from fwupdate has not been removed on upgrade.

Hello Yuan-Chen, or anyone else affected,

Accepted fwupdate into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate/12-7~ubuntu18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

#37: need to check.
#38: please check #13. Shall be fine. Will still test again.

@Steve, not sure what went wrong, the archive seems not properly update.

$ rmadison fwupd-signed | grep bionic
 fwupd-signed | 1.2~ubuntu18.04.1 | bionic-proposed | source

$ rmadison fwupd | grep bionic
 fwupd | 1.0.6-2 | bionic | source, amd64, arm64, armhf, i386, ppc64el, s390x
 fwupd | 1.0.9-0ubuntu2 | bionic-updates | source, amd64, arm64, armhf, i386, ppc64el, s390x
 fwupd | 1.2.10-1ubuntu2~ubuntu18.04.1 | bionic-proposed | source, ppc64el, s390x

Archive administrator needs to release UEFI archives.

On Mon, Dec 16, 2019 at 02:54:12AM -0000, Mario Limonciello wrote:
> Archive administrator needs to release UEFI archives.

Sorry, this was actually stuck in the NEW queue because of the
"signed-template" packages (which are unused in Ubuntu). I've accepted
these now.

The fwupd-signed package should build once fwupd has published to the
archive.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
<email address hidden> <email address hidden>

Just manage to do a quick test on case D and it does fail.

Need some work based on #32 to make it work.

per test again today with stock ubuntu image, it behaves differently from oem image.

On the update-manager, there will be two button 'Continue' and 'Partial Upgrade'
(check attached picture)

I click Continue first, it does not install any package that's related to fwupd.
After that, the windows with two button appears again.

I click "Partial Upgrade" again, it show me that it will

1. remove fwupdate-siged and libfwupd1
2. upgrade: fwupdate (the transitional package) and fwupd.
3. install: fwupd-signed.

with other packages in the proposed channel.

I click "Start Upgrade" to proceed, it ends up with.

1. fwupd, fwupd-signed, libfwupd2, fwupdate install.
2. fwupdate-signed remove (status: rc, which means config file need to be purged.)

The test result seems to be the one we want it to be.

Next: will confirm why oem image behaves differently.

I've tested an apt upgrade on a chroot, and I see that fwupx64.efi is indeed left behind in /boot/efi/EFI/ubuntu, just like on my laptop install (eoan).

So that'd need to be fixed in fwupdate preinst like the other cleanups? And in focal/eoan too..

> /boot/efi/EFI/ubuntu

'Yes, looks like that was missed in the conversion to a transition package.
It used to be cleaned up like this: https://salsa.debian.org/efi-team/fwupdate/commit/b4daba89c567d4cf52f5deaab1ea2ee13039d03f#d0f1e7a780c0b1a978596fc9585a70ce84d2602d

I think we can bring that exact same code into the fwupdate preinst for cleanup purposes.

> /var/lib/fwupdate, /var/cache/fwupdate

The files created by fwupdate (*/done) are supposed to be cleaned up by the preinst already: https://salsa.debian.org/efi-team/fwupdate/blob/debian/debian/preinst

The directories aren't owned by the package anymore (https://salsa.debian.org/efi-team/fwupdate/commit/b4daba89c567d4cf52f5deaab1ea2ee13039d03f#335341f84c0e86d9e8f700882e5d743e69a4820c) so is there something else that got created that needed to be cleaned up?

I guess we can just put rm -fr /var/lib/fwupdate /var/cache/fwupdate instead of just removing */done.

Here is the revised preinst that should cover the different problems outlined:
https://salsa.debian.org/efi-team/fwupdate/commit/85533b1f392399ee53f88e71091044a69dabbdc4

It hasn't yet been uploaded to unstable, would like to align the correct thing to do with breaks/conflicts first and do upload with both at same time.

> There is also a bug in the packaging, which is that fwupdate has an unversioned Breaks: against fwupdate-signed; if this is required, it should be an unversioned Conflicts: instead. However, per the previous comment, I think we probably need to do something else here (such as making fwupdate-signed also be a dummy package built from fwupdate source which depends on fwupd-signed, or dropping the Breaks: entirely and ignoring the fact that fwupdate-signed is kept on disk, if that is appropriate).

In Ubuntu fwupdate-signed has always been a real source package and real binary package. However in Debian fwupdate-signed has never existed, it has always been fwupdate-signed-$ARCH. So the Breaks that is there is entirely for the purpose of Ubuntu transitioning. In my opinion it would be better to avoid having to introduce a fwupdate-signed binary package in the fwupdate source package in Debian just for the purpose of Ubuntu transitioning.

I think that keeping fwupdate-signed on the disk is not an appropriate action, at least not without changes to fwupdate-signed. It calls in a postinstall script /usr/lib/fwupdate/install which is not longer provided by the fwupdate package.

I think that leaves two options then:
1) Remove unversioned Breaks: fwupdate-signed from fwupdate source package,
   convert fwupdate-signed into transition package in Ubuntu as part of this SRU.
2) Change unversioned Breaks: fwupdate-signed from fwupdate source package into unversioned Conflicts: fwupdate-signed.
From Steve's comment, I'm not sure this would work though. So I think my preference would be <1> above.

Steve, can you validate that <1> should likely work?

comment 30 is handle in another bug LP: #1856896. Per Robert, he upload another version to bionic queue.

The transitional fwupdate-signed is definitely needed, since all the desktop metapackages Recommend it and the image build fails due to the breaks. I've uploaded a new version with the preinst cleanup modified as on gitlab, it looks fine to me.

Hello Yuan-Chen, or anyone else affected,

Accepted fwupdate into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate/12-7~ubuntu18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Yuan-Chen, or anyone else affected,

Accepted fwupdate into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupdate/12-7~ubuntu18.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Not sure we need Steve or someone else can just help on the version issue below.

The new fwupdate work perfectly on stock ubuntu even use update-manager.

In oem image, we released packages with version

fwupd: 1.2.5-1~somerville1
fwupd-signed: 1.6+1.2.5-1~somerville1+1.2.5-1ubuntu1
libfwupd2:amd64: 1.2.5-1~somerville1

per compare version in bionic-proposed, both fwupd and libfwupd2 are fine. However the fwupd-signed in porposed channel is

1.2~ubuntu18.04.1+1.2.10-1ubuntu2~ubuntu18.04.1

My fault not to confirm whether it's a proper version in the first place.
Can we bump up the fwupd-signed in bionic-proposed something that can properly upgrade?

Thank you.

Hello Yuan-Chen, or anyone else affected,

Accepted fwupd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.2.10-1ubuntu2~ubuntu18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Yuan-Chen, or anyone else affected,

Accepted fwupd-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd-signed/1.10~ubuntu18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

per

fwupdate 12-7~ubuntu18.04.3
fwupd 1.2.10-1ubuntu2~ubuntu18.04.2
fwupd-signed 1.10~ubuntu18.04.2+1.2.10-1ubuntu2~ubuntu18.04.2

from the proposed channel, I can properly upgrade to it per stuck bionic and oem bionic image.

test case C also works perfectly.

TODO: test case A, B.
TODO: test case D-5.

for D-5 verification:

/var/cache/fwupdate is removed. Maybe that's because I install the machine from the iso image, and do the upgrade without using it.

/var/lib/fwupdate have a empty file 'done' still left behind.
/boot/efi/EFI/ubuntu does have the fwupx64.efi left behind.

On Tue, Dec 17, 2019 at 09:00:13PM -0000, Mario Limonciello wrote:
> I think that leaves two options then:
> 1) Remove unversioned Breaks: fwupdate-signed from fwupdate source package,
> convert fwupdate-signed into transition package in Ubuntu as part of this SRU.
> 2) Change unversioned Breaks: fwupdate-signed from fwupdate source package into unversioned Conflicts: fwupdate-signed.
> From Steve's comment, I'm not sure this would work though. So I think my preference would be <1> above.

> Steve, can you validate that <1> should likely work?

FAOD, yes, <1> should work (and seems to be working, per the SRU
verification results).

I verified following functions in fwupd 1.2.10 on Dell Latitude 5300:

`sudo fwupdmgr refresh`: Could connect to remote server and update metadata.
u@u-Latitude-5300:~$ sudo fwupdmgr refresh
[sudo] password for u:
Fetching metadata https://cdn.fwupd.org/downloads/firmware.xml.gz
Downloading… [***************************************]
Fetching signature https://cdn.fwupd.org/downloads/firmware.xml.gz.asc

`sudo fwupdmgr get-devices`: Could show device firmware correctly.
u@u-Latitude-5300:~$ sudo fwupdmgr get-devices
Latitude 5300 System Firmware
  DeviceId: b03588a447340830af90b63cd5830a54455504fb
  Guid: 93634829-10b8-4098-a617-d52d056a4dd8
  Plugin: uefi
  Flags: internal|updatable|require-ac|supported|registered|needs-reboot
  Version: 0.1.4.1
  VersionLowest: 0.1.4.1
  VersionFormat: quad
  Icon: computer
  Created: 2019-12-27
  UpdateState: success

PC401 NVMe SK hynix 512GB
  DeviceId: 3743975ad7f64f8d6575a9ae49fb3a8856fe186f
  Guid: 2260c743-963b-566e-93f1-8223c3e6b87b <- NVME\VEN_1C5C&DEV_1527
  Guid: c28fdadd-607d-578c-b6ed-60ac49682904 <- PC401 NVMe SK hynix 512GB
  Serial: MI88N047510608S6M
  Summary: NVM Express Solid State Drive
  Plugin: nvme
  Flags: internal|updatable|require-ac|registered|needs-reboot
  VendorId: NVME:0x1C5C
  Version: 80007E00
  VersionFormat: plain
  Icon: drive-harddisk
  Created: 2019-12-27

`sudo fwupdmgr get-updates`: Could get latest update of system firmware from remote server.
u@u-Latitude-5300:~$ sudo fwupdmgr get-updates
Latitude 5300 System Firmware has firmware updates:
Device ID: b03588a447340830af90b63cd5830a54455504fb
GUID: 93634829-10b8-4098-a617-d52d056a4dd8
ID: com.dell.uefi93634829.firmware
Update Version: 0.1.5.0
Update Name: Latitude 5X00 System Update Update
Update Summary: Firmware for the Dell Latitude 5X00
Update Remote ID: lvfs
Update Checksum: SHA1(51b9269d0dc93635610f86ce149a7103bc6e5b68)
Update Location: https://fwupd.org/downloads/ffbf931509f73fd26b410ff8358b51f3eaa20e7f-firmware.cab
Update Description: Fixes and Enhancements:- Enhances the security of the system. Important - Once the BIOS is upgraded, you cannot downgrade BIOS EXE/ Recovery (RCV) to the versions before 1.2.0 due to restrictions.

`sudo fwupdmgr update`: Could update system firmware successfully from remote server.
u@u-Latitude-5300:~$ sudo fwupdmgr update
BIOS got updated successfully.

`sudo fwupdmgr install ffbf931509f73fd26b410ff8358b51f3eaa20e7f-firmware.cab`: Could update system firmware with local capsule file.
Though if update the same version of system firmware currently running on system, fwupdmgr would not block firmware update even without `--allow-reinstall` option.

u@u-Latitude-5300:~/Downloads$ sudo fwupdmgr install ffbf931509f73fd26b410ff8358b51f3eaa20e7f-firmware.cab
Decompressing… [*...

regression: https://github.com/fwupd/fwupd/issues/1675

version 1.2.10-1ubuntu2~ubuntu18.04.3~oem1 in ppa https://launchpad.net/~ycheng-twn/+archive/ubuntu/fwupd-1.2.10-p3 fix the regression on #60.

The three patches is backported and merged in the upstream 1.2.X branch.

upload 1.2.10-1ubuntu2~ubuntu18.04.3~oem2 to the ppa in #61,

add patch: https://github.com/fwupd/fwupd/commit/a5df5b0e20726985cc971bfdb6f3872cf387f258

to clean up fwupdate files.

An upload of fwupd to bionic-proposed has been rejected from the upload queue for the following reason: "You need to use -v when building the source package if there's an upload in -proposed already, otherwise the other bug would not get notified of the new version or closed automatically.".

@Timo: Is that true even when the subsequent proposed upload merges all changes into the same package version?

Hello Yuan-Chen, or anyone else affected,

Accepted fwupd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.2.10-1ubuntu2~ubuntu18.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

right, my mistake.. I've recovered the upload from the rejected queue and accepted

Hello Yuan-Chen, or anyone else affected,

Accepted fwupd-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd-signed/1.10~ubuntu18.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Can we get this verified for bionic? 18.04.4 is nearing, so I'd like to move as many things from -proposed to -updates as possible.

@sil2100, Most of us still taking the Chinese New Year Holidays. I believe this can be verified in the first two days of next week. Let me know if you do need it earlier than that.

I installed fwupd and fwupd-signed from -proposed and removed fwupdate
as a update for my bios is available I would like to upgrade but:

$ fwupdmgr update
Downloading 0.2.13.0 for XPS 13 9360 System Firmware...
Decompressing… [***************************************]
Authenticating… [***************************************]
Updating XPS 13 9360 System Firmware… ]
Scheduling… [***************************************]
Secure boot is enabled, but shim isn't installed to the EFI system partition
$ efibootmgr
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000
Boot0000* ubuntu
Boot0006* UEFI: PC300 NVMe SK hynix 512GB, Partition 1

this used to work in the past (I think with fwupd in bionic which an the other hand started to fail because of other things). or do I have to install shim manually in some way?

sorry for the noise, it's a problem on my system which is a kde neonized ubuntu where the ID in /etc/os-release is set to neon. once switching back to ubuntu fwupd worked...

per test 1.2.10-1ubuntu2~ubuntu18.04.3, it fix the regression mentioned in #60.

Will to saninty check for other test cases very soon.

saninty check for 1.2.10-1ubuntu2~ubuntu18.04.3 passed.
1. downgrade to the previous bios via capsule file locally
2. upgrade to the latest bios version via online LVFS

per test 1.2.10-1ubuntu2~ubuntu18.04.3, with stock ubuntu and oem ubuntu image, fwupd upgrading with update-manager work perfetctly.

the version also can properly get thunderbolt docking information.

"fwupdmgr install XX.cab" also works fine here.

Given that, mark verified done.

This bug was fixed in the package fwupd-signed - 1.10~ubuntu18.04.3

---------------
fwupd-signed (1.10~ubuntu18.04.3) bionic; urgency=medium

  * Upload to bionic, Build-Depends on the current fwupd version
    (LP: #1820768)

 -- Łukasz 'sil2100' Zemczak <email address hidden> Tue, 21 Jan 2020 17:37:35 +0100

This bug was fixed in the package fwupdate - 12-7~ubuntu18.04.3

---------------
fwupdate (12-7~ubuntu18.04.3) bionic; urgency=medium

  * control: Drop Breaks on libfwup{1,-dev}. (LP: #1820768)

 -- Timo Aaltonen <email address hidden> Thu, 19 Dec 2019 19:33:29 +0200

This bug was fixed in the package libxmlb - 0.1.8-1~ubuntu18.04.1

---------------
libxmlb (0.1.8-1~ubuntu18.04.1) bionic; urgency=medium

  * Upload of libxmlb to bionic, it's needed to update fwupd to the
    current upstream version (lp: #1820768)
  * debian/patches/old_meson_build.patch:
    - don't require a newer-than-bionic meson version to build,
      thanks Mario Limonciello

 -- Sebastien Bacher <email address hidden> Thu, 09 May 2019 16:50:27 +0200

The verification of the Stable Release Update for fwupd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package fwupd - 1.2.10-1ubuntu2~ubuntu18.04.3

---------------
fwupd (1.2.10-1ubuntu2~ubuntu18.04.3) bionic; urgency=medium

  * d/p/0001-dont-semver-conversion.patch, d/p/0001-version-handling.patch
    d/p/0001-plain_support_in_version.patch:
    backport regression fix that we can install firmware with the same
    without --allow-reinstall in command line. the patch already merged
    in upstream 1.2.X branch. (LP: #1820768)

fwupd (1.2.10-1ubuntu2~ubuntu18.04.2) bionic; urgency=medium

  * d/p/0001-trivial-libfwupd-skip-tests-if-machine-id-is-empty-t.patch:
    - Only check the vendor ID if the device has one set (LP: #1856896)

fwupd (1.2.10-1ubuntu2~ubuntu18.04.1) bionic; urgency=medium

  * Backport to bionic (LP: #1820768)
    - meson-0.45-bc.patch: Fix build with meson 0.45

  [ Steve Langasek ]
  * Drop added Recommends: on bolt which is not in flavor seeds and adds a
    new service.

 -- Yuan-Chen Cheng <email address hidden> Thu, 09 Jan 2020 16:25:38 +0800