Skip to content

feat(fwupd): Update fwupd to v2.0.20 and promote to SPECS#17817

Draft
corvus-callidus wants to merge 2 commits into
3.0-devfrom
lyrydber/fwupd
Draft

feat(fwupd): Update fwupd to v2.0.20 and promote to SPECS#17817
corvus-callidus wants to merge 2 commits into
3.0-devfrom
lyrydber/fwupd

Conversation

@corvus-callidus

@corvus-callidus corvus-callidus commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR promotes fwupd to SPECS and updates it to 2.0.20 (matching Fedora 43). This gives Azure Linux 3.0 a user-friendly way to install the 2023 UEFI CA and its associated KEK.

Changes

fwupd

Promoted to SPECS and updated to 2.0.20. The build is minimized to avoid pulling unneeded packages out of SPECS-EXTENDED; fwupd-efi is not required for DB/KEK updates and is not included.

Meson options:

  • Removed (no longer exist upstream, now auto-detected): plugin_uefi_capsule, plugin_uefi_pk, plugin_tpm, plugin_gpio, plugin_msr, plugin_powerd, launchd
  • Removed (redundant): efi_binary=false (already the upstream default)
  • Added: cbor=disabled — coSWID/uSWID metadata not needed for UEFI key updates; avoids libcbor
  • Disabled (dependency lives in SPECS-EXTENDED, not needed for our use case): plugin_flashrom, plugin_modem_manager, passim

Additional changes

  • Two upstream commits backported to fix fwupd#10507 ("Updates to KEK do not always work"), reported by @jejb (James Bottomley)
  • Test conditionals split: with_check gates %check, enable_tests gates the -tests subpackage (off by default).

Dependency promotions

Minimum set only:

  • libjcat 0.2.6 — required for fwupd metadata verification
  • libxmlb 0.3.25 — required for fwupd AppStream XML handling
  • libstemmer 3.0.1 — required by libxmlb

Testing

  • Verified online and offline updates of the 2023 UEFI CA and KEK on Azure VMs
  • Buddy build: 1151301

@microsoft-github-policy-service microsoft-github-policy-service Bot added Packaging specs-extended PR to fix SPECS-EXTENDED 3.0-dev PRs Destined for AzureLinux 3.0 labels Jun 26, 2026
Promote fwupd and its dependencies from SPECS-EXTENDED to SPECS:
- libjcat (hard dep for fwupd metadata verification)
- libxmlb (hard dep for fwupd AppStream XML handling)
- libstemmer (dep of libxmlb)

Meson options removed (no longer exist in 2.0.20):
- plugin_uefi_capsule, plugin_uefi_pk, plugin_tpm (auto-detected)
- plugin_gpio, plugin_msr (auto-detected)
- plugin_powerd (ChromeOS plugin dropped upstream)
- launchd (macOS support, auto-detected)

Meson options removed (upstream default is already correct):
- efi_binary (default is false; we don't build fwupd-efi from within fwupd)

Meson options added:
- cbor=disabled (coSWID/uSWID firmware supply-chain metadata not needed
  for UEFI capsule updates; avoids promoting libcbor)

Meson options changed to disabled:
- plugin_flashrom (SPI flash programming, not needed for UEFI capsule
  updates; avoids promoting flashrom, libftdi, libjaylink)
- passim (optional P2P firmware caching daemon, not needed for direct
  capsule delivery; avoids promoting passim)
- plugin_modem_manager (cellular modem firmware updates, not relevant for
  our server/cloud use case; avoids promoting ModemManager)

Other spec changes:
- Source changed to GitHub archive tarball
- Added BuildRequires: libmnl-devel
- Replaced %%{valgrind_arches} macro with explicit x86_64 aarch64
  (macro is provided by valgrind-devel and creates a chicken-and-egg
  dependency during initial builds)
- Backport upstream 964aa10: reprocess device metadata after coldplug to ensure <requires><firmware> tags resolve against the full device tree
- Backport upstream aadaf0b: defer ensure_device_supported until post-coldplug to avoid redundant metadata processing during startup
- Restructure test conditionals: use with_check for %check execution, enable_tests for -tests subpackage (disabled by default)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3.0-dev PRs Destined for AzureLinux 3.0 Packaging specs-extended PR to fix SPECS-EXTENDED

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant