Support to upgrade Synaptic fingerprint firmware from LVFS

As per currently agreed SRU policy exception for fwupd: https://wiki.ubuntu.com/firmware-updates focal launched with 1.3.x, so only the 1_3_X branch should be added into focal archive.

As mentioned there we track the stable branch in Ubuntu, so we shouldn't be backporting a plugin without associated other changes. This is very important as often daemon changes that are not obviously tied to the plugin may need to backport at the same time.

So the options are either:

1) Get the synaptics fingerprint plugin backported into 1_3_X branch upstream and a new upstream 1.3.x release tagged.

2) Discuss with technical board to request to modify the exception to allow moving to the 1.4.x or 1.5.x release stream. In "general" I'm supportive of this direction, there are certainly other devices that are supported in upstream that it would be nice to support in LTS as well.

Some other things I'd like to note about option <2>:
* It will require a MIR for libjcat in focal. libjcat had an MIR in Groovy already.
* Another case moving to 1.4.x or 1.5.x release is to allow CPU microcode updates via UEFI capsule.

Per discussion in https://bugs.launchpad.net/ubuntu/+source/fwupd-signed/+bug/1921544 I wanted to add more background into this. A request was submitted into the tech board to review this exception and examine if it should be modified for requests like this bug report.

https://lists.ubuntu.com/archives/technical-board/2021-January/002521.html

The tech board responding suggested to come back to SRU team to review it.
https://lists.ubuntu.com/archives/technical-board/2021-February/002540.html

So can SRU team please review https://lists.ubuntu.com/archives/technical-board/2021-January/002521.html?

@YC, please add any more possible context for Focal case.

For point 6:

fwupd has two sides:

1. HWE: Given our policy, we won't block version bump in SRU on HWE component.
2. User space interactivity: given the two paths of user interactivity
 I. via command line: the major interface is fwupdmgr. Per check it's arguments, the command-line interface in the v1.4.x is backward compatible with v1.3.x.
 II. via dbus to interact with ubuntu-software: Given focal and groovy currently both default using snap-store.ubuntu-software, that means they share the same dbus interface. Since fwupd v.1.4.x works well in groovy on the dbus side, then we know there is no issue.

 Given I and II, we are clear to go 1.4.x on focal.

@Mario or anyone, feel free to comment if any statements are not true.

The motivation to upgrade v1.4.x in on lp:1920723.

II is a great point. Part of the original reason for keeping fwupd major version locked in stable series was concerns to breaking other components in Ubuntu such as gnome-software (ubuntu-software). Since that has now transitioned to snap this is no longer a blocker. And as you pointed out the dbus interface is stable for it.

Brian, I think it's worth reconsidering the approach now for this reason.

Hello jeremyszu, or anyone else affected,

Accepted fwupd-signed into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd-signed/1.30.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Device: ZBook Studio G7
Bios: S91 Ver. 01.04.01
updating fwupd-signed to 1.30.1
Fingerprint device: 06cb:00df
fwupdmgr get-devices shows synaptics finger print device, but fwupdmgr get-updates cannot find any new firmware on LVFS. After checking https://fwupd.org/lvfs/search?value=synaptics, there is new firmware on website (918f7c3771c366d0f23e374-Synaptics-Prometheus-10.01.3273255-0xDF.cab).

I don't think it's out of testing channel - you will need to do

fwupdmgr enable-remote lvfs-testing
fwupdmgr refresh

First.

Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: <email address hidden> <email address hidden> on behalf of Andy Chi <email address hidden>
Sent: Friday, April 9, 2021 3:41:39 AM
To: <email address hidden> <email address hidden>
Subject: [Bug 1900935] Re: Support to upgrade Synaptic fingerprint firmware from LVFS

Device: ZBook Studio G7
Bios: S91 Ver. 01.04.01
updating fwupd-signed to 1.30.1
Fingerprint device: 06cb:00df
fwupdmgr get-devices shows synaptics finger print device, but fwupdmgr get-updates cannot find any new firmware on LVFS. After checking https://fwupd.org/lvfs/search?value=synaptics, there is new firmware on website (918f7c3771c366d0f23e374-Synaptics-Prometheus-10.01.3273255-0xDF.cab).

** Tags removed: verification-needed verification-needed-groovy
** Tags added: verification-failed-groovy

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1900935

Title:
  Support to upgrade Synaptic fingerprint firmware from LVFS

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1900935/+subscriptions

the fw is not available does not mean the deb does not have the capability to do so.

change the tag back to verification-needed.

Hi @yc, @mario,

After enabling lvfs-testing channel, fwupdmgr can update synaptic's fp device successfully.
If this is the testing steps we expected, then I'll change tag to verification-done-groovy.

This bug was fixed in the package fwupd-signed - 1.30.1

---------------
fwupd-signed (1.30.1) groovy; urgency=medium

  * Build depend on fwupd 1.4.7-0~20.10.1
    - LP: #1921544
    - LP: #1921539
    - LP: #1909734
    - LP: #1886912
    - LP: #1900935

 -- Mario Limonciello <email address hidden> Fri, 26 Mar 2021 14:04:01 -0500

The verification of the Stable Release Update for fwupd-signed has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Now fwupd 1.5.11 exists in focal-proposed.

It shall fix this issue automatically.

Please try to do the verification with it as you can.

Note please also install libjcat1 from the proposed channel, the fwupd 1.5.11 use it and the existing libjcat0 in focal have a CVE issue.

close this one unless anyone don't agree.