From a97d1588a798543cc1d3c3589858825efe9b875c Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 6 Aug 2021 23:09:39 +0200 Subject: [PATCH] committing changes in /etc made by "/usr/bin/apt full-upgrade -y" Package changes: -caja-nextcloud 3.3.0-20210729.095450.acf3bf095-1.0~focal1 all +caja-nextcloud 3.3.0-20210804.143427.acf3bf095-1.0~focal1 all -docker.io 20.10.2-0ubuntu1~20.04.3 amd64 +docker.io 20.10.7-0ubuntu1~20.04.1 amd64 -fwupd 1.3.11-1~focal1 amd64 -fwupd-signed 1.27.1ubuntu2+1.3.11-1~focal1 amd64 +fwupd 1.5.11-0ubuntu1~20.04.2 amd64 +fwupd-signed 1.27.1ubuntu5+1.5.11-0ubuntu1~20.04.2 amd64 -gnome-settings-daemon 3.36.1-0ubuntu1 amd64 -gnome-settings-daemon-common 3.36.1-0ubuntu1 all +gnome-settings-daemon 3.36.1-0ubuntu1.1 amd64 +gnome-settings-daemon-common 3.36.1-0ubuntu1.1 all -google-chrome-stable 92.0.4515.107-1 amd64 +google-chrome-stable 92.0.4515.131-1 amd64 -libdbi-perl 1.643-1 amd64 +libdbi-perl 1.643-1ubuntu0.1 amd64 -libdrm-amdgpu1 2.4.102-1ubuntu1~20.04.1 amd64 -libdrm-amdgpu1 2.4.102-1ubuntu1~20.04.1 i386 -libdrm-common 2.4.102-1ubuntu1~20.04.1 all -libdrm-intel1 2.4.102-1ubuntu1~20.04.1 amd64 -libdrm-intel1 2.4.102-1ubuntu1~20.04.1 i386 -libdrm-nouveau2 2.4.102-1ubuntu1~20.04.1 amd64 -libdrm-nouveau2 2.4.102-1ubuntu1~20.04.1 i386 -libdrm-radeon1 2.4.102-1ubuntu1~20.04.1 amd64 -libdrm-radeon1 2.4.102-1ubuntu1~20.04.1 i386 -libdrm2 2.4.102-1ubuntu1~20.04.1 amd64 -libdrm2 2.4.102-1ubuntu1~20.04.1 i386 +libdrm-amdgpu1 2.4.105-3~20.04.1 amd64 +libdrm-amdgpu1 2.4.105-3~20.04.1 i386 +libdrm-common 2.4.105-3~20.04.1 all +libdrm-intel1 2.4.105-3~20.04.1 amd64 +libdrm-intel1 2.4.105-3~20.04.1 i386 +libdrm-nouveau2 2.4.105-3~20.04.1 amd64 +libdrm-nouveau2 2.4.105-3~20.04.1 i386 +libdrm-radeon1 2.4.105-3~20.04.1 amd64 +libdrm-radeon1 2.4.105-3~20.04.1 i386 +libdrm2 2.4.105-3~20.04.1 amd64 +libdrm2 2.4.105-3~20.04.1 i386 -libegl-mesa0 20.2.6-0ubuntu0.20.04.1 amd64 +libegl-mesa0 21.0.3-0ubuntu0.2~20.04.1 amd64 -libegl1-mesa 20.2.6-0ubuntu0.20.04.1 amd64 +libegl1-mesa 21.0.3-0ubuntu0.2~20.04.1 amd64 -libexiv2-27 0.27.2-8ubuntu2.4 amd64 +libexiv2-27 0.27.2-8ubuntu2.5 amd64 -libfwupd2 1.3.11-1~focal1 amd64 -libfwupdplugin1 1.3.11-1~focal1 amd64 +libfwupd2 1.5.11-0ubuntu1~20.04.2 amd64 +libfwupdplugin1 1.5.11-0ubuntu1~20.04.2 amd64 -libgbm1 20.2.6-0ubuntu0.20.04.1 amd64 +libgbm1 21.0.3-0ubuntu0.2~20.04.1 amd64 -libgl1-mesa-dev 20.2.6-0ubuntu0.20.04.1 amd64 -libgl1-mesa-dri 20.2.6-0ubuntu0.20.04.1 amd64 -libgl1-mesa-dri 20.2.6-0ubuntu0.20.04.1 i386 -libgl1-mesa-glx 20.2.6-0ubuntu0.20.04.1 amd64 -libgl1-mesa-glx 20.2.6-0ubuntu0.20.04.1 i386 +libgl1-mesa-dev 21.0.3-0ubuntu0.2~20.04.1 amd64 +libgl1-mesa-dri 21.0.3-0ubuntu0.2~20.04.1 amd64 +libgl1-mesa-dri 21.0.3-0ubuntu0.2~20.04.1 i386 +libgl1-mesa-glx 21.0.3-0ubuntu0.2~20.04.1 amd64 +libgl1-mesa-glx 21.0.3-0ubuntu0.2~20.04.1 i386 -libglapi-mesa 20.2.6-0ubuntu0.20.04.1 amd64 -libglapi-mesa 20.2.6-0ubuntu0.20.04.1 i386 +libglapi-mesa 21.0.3-0ubuntu0.2~20.04.1 amd64 +libglapi-mesa 21.0.3-0ubuntu0.2~20.04.1 i386 -libgles2-mesa 20.2.6-0ubuntu0.20.04.1 amd64 +libgles2-mesa 21.0.3-0ubuntu0.2~20.04.1 amd64 -libglx-mesa0 20.2.6-0ubuntu0.20.04.1 amd64 -libglx-mesa0 20.2.6-0ubuntu0.20.04.1 i386 +libglx-mesa0 21.0.3-0ubuntu0.2~20.04.1 amd64 +libglx-mesa0 21.0.3-0ubuntu0.2~20.04.1 i386 -libgnutls30 3.6.13-2ubuntu1.3 amd64 +libgnutls30 3.6.13-2ubuntu1.6 amd64 +libjcat1 0.1.3-2~ubuntu20.04.1 amd64 +libllvm12 1:12.0.0-3ubuntu1~20.04.3 amd64 +libllvm12 1:12.0.0-3ubuntu1~20.04.3 i386 -libnextcloudsync0 3.3.0-20210729.095450.acf3bf095-1.0~focal1 amd64 +libnextcloudsync0 3.3.0-20210804.143427.acf3bf095-1.0~focal1 amd64 -libnvpair1linux 0.8.3-1ubuntu12.11 amd64 +libnvpair1linux 0.8.3-1ubuntu12.12 amd64 -libuutil1linux 0.8.3-1ubuntu12.11 amd64 +libuutil1linux 0.8.3-1ubuntu12.12 amd64 -libwayland-egl1-mesa 20.2.6-0ubuntu0.20.04.1 amd64 +libwayland-egl1-mesa 21.0.3-0ubuntu0.2~20.04.1 amd64 -libxatracker2 20.2.6-0ubuntu0.20.04.1 amd64 +libxatracker2 21.0.3-0ubuntu0.2~20.04.1 amd64 +libxcb-shm0 1.14-2 i386 -libzfs2linux 0.8.3-1ubuntu12.11 amd64 +libzfs2linux 0.8.3-1ubuntu12.12 amd64 -libzpool2linux 0.8.3-1ubuntu12.11 amd64 +libzpool2linux 0.8.3-1ubuntu12.12 amd64 -login 1:4.8.1-1ubuntu5.20.04 amd64 +login 1:4.8.1-1ubuntu5.20.04.1 amd64 -mesa-va-drivers 20.2.6-0ubuntu0.20.04.1 amd64 -mesa-vdpau-drivers 20.2.6-0ubuntu0.20.04.1 amd64 -mesa-vulkan-drivers 20.2.6-0ubuntu0.20.04.1 amd64 +mesa-va-drivers 21.0.3-0ubuntu0.2~20.04.1 amd64 +mesa-vdpau-drivers 21.0.3-0ubuntu0.2~20.04.1 amd64 +mesa-vulkan-drivers 21.0.3-0ubuntu0.2~20.04.1 amd64 -nextcloud-client 3.3.0-20210729.095450.acf3bf095-1.0~focal1 amd64 -nextcloud-client-l10n 3.3.0-20210729.095450.acf3bf095-1.0~focal1 all -nextcloud-desktop 3.3.0-20210729.095450.acf3bf095-1.0~focal1 amd64 -nextcloud-desktop-cmd 3.3.0-20210729.095450.acf3bf095-1.0~focal1 amd64 -nextcloud-desktop-common 3.3.0-20210729.095450.acf3bf095-1.0~focal1 all -nextcloud-desktop-doc 3.3.0-20210729.095450.acf3bf095-1.0~focal1 all -nextcloud-desktop-l10n 3.3.0-20210729.095450.acf3bf095-1.0~focal1 all +nextcloud-client 3.3.0-20210804.143427.acf3bf095-1.0~focal1 amd64 +nextcloud-client-l10n 3.3.0-20210804.143427.acf3bf095-1.0~focal1 all +nextcloud-desktop 3.3.0-20210804.143427.acf3bf095-1.0~focal1 amd64 +nextcloud-desktop-cmd 3.3.0-20210804.143427.acf3bf095-1.0~focal1 amd64 +nextcloud-desktop-common 3.3.0-20210804.143427.acf3bf095-1.0~focal1 all +nextcloud-desktop-doc 3.3.0-20210804.143427.acf3bf095-1.0~focal1 all +nextcloud-desktop-l10n 3.3.0-20210804.143427.acf3bf095-1.0~focal1 all -openvpn 2.4.7-1ubuntu2.20.04.2 amd64 +openvpn 2.4.7-1ubuntu2.20.04.3 amd64 -passwd 1:4.8.1-1ubuntu5.20.04 amd64 +passwd 1:4.8.1-1ubuntu5.20.04.1 amd64 -vim-syntax-docker 20.10.2-0ubuntu1~20.04.3 all +vim-syntax-docker 20.10.7-0ubuntu1~20.04.1 all -wireless-regdb 2020.11.20-0ubuntu1~20.04.1 all +wireless-regdb 2021.07.14-0ubuntu1~20.04.1 all -xserver-common 2:1.20.9-2ubuntu1.2~20.04.2 all -xserver-xephyr 2:1.20.9-2ubuntu1.2~20.04.2 amd64 +xserver-common 2:1.20.11-1ubuntu1~20.04.2 all +xserver-xephyr 2:1.20.11-1ubuntu1~20.04.2 amd64 -xserver-xorg-core 2:1.20.9-2ubuntu1.2~20.04.2 amd64 +xserver-xorg-core 2:1.20.11-1ubuntu1~20.04.2 amd64 -xserver-xorg-legacy 2:1.20.9-2ubuntu1.2~20.04.2 amd64 +xserver-xorg-legacy 2:1.20.11-1ubuntu1~20.04.2 amd64 -xwayland 2:1.20.9-2ubuntu1.2~20.04.2 amd64 +xwayland 2:1.20.11-1ubuntu1~20.04.2 amd64 -zfs-zed 0.8.3-1ubuntu12.11 amd64 -zfsutils-linux 0.8.3-1ubuntu12.11 amd64 +zfs-zed 0.8.3-1ubuntu12.12 amd64 +zfsutils-linux 0.8.3-1ubuntu12.12 amd64 --- .etckeeper | 2 +- fwupd/daemon.conf | 25 +++++++++++++++++++++---- fwupd/remotes.d/lvfs-testing.conf | 1 - fwupd/remotes.d/lvfs.conf | 3 ++- fwupd/thunderbolt.conf | 3 +++ fwupd/{uefi.conf => uefi_capsule.conf} | 8 ++++++-- 6 files changed, 33 insertions(+), 9 deletions(-) rename fwupd/{uefi.conf => uefi_capsule.conf} (59%) diff --git a/.etckeeper b/.etckeeper index 234a25d..29409e7 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1625,7 +1625,7 @@ maybe chmod 0644 'fwupd/remotes.d/lvfs.conf' maybe chmod 0644 'fwupd/remotes.d/vendor-directory.conf' maybe chmod 0644 'fwupd/remotes.d/vendor.conf' maybe chmod 0644 'fwupd/thunderbolt.conf' -maybe chmod 0644 'fwupd/uefi.conf' +maybe chmod 0644 'fwupd/uefi_capsule.conf' maybe chmod 0644 'fwupd/upower.conf' maybe chmod 0644 'g15daemon.conf' maybe chmod 0755 'gadmin-samba' diff --git a/fwupd/daemon.conf b/fwupd/daemon.conf index 8b472b9..49e3797 100644 --- a/fwupd/daemon.conf +++ b/fwupd/daemon.conf @@ -1,12 +1,12 @@ [fwupd] -# Allow blacklisting specific devices by their GUID +# Allow blocking specific devices by their GUID # Uses semicolons as delimiter -BlacklistDevices= +DisabledDevices= -# Allow blacklisting specific plugins +# Allow blocking specific plugins # Uses semicolons as delimiter -BlacklistPlugins=test;invalid +DisabledPlugins=test;test_ble;invalid # Maximum archive size that can be loaded in Mb, with 0 for the default ArchiveSizeMax=0 @@ -25,3 +25,20 @@ VerboseDomains= # Update the message of the day (MOTD) on device and metadata changes UpdateMotd=true + +# For some plugins, enumerate only devices supported by metadata +EnumerateAllDevices=false + +# A list of firmware checksums that has been approved by the site admin +# If unset, all firmware is approved +ApprovedFirmware= + +# Allow blocking specific devices by their checksum, either SHA1 or SHA256 +# Uses semicolons as delimiter +BlockedFirmware= + +# Allowed URI schemes in the preference order; failed downloads from the first +# scheme will be retried with the next in order until no choices remain. +# +# If unset or no schemes are listed, the default will be: file,https,http,ipfs +UriSchemes= diff --git a/fwupd/remotes.d/lvfs-testing.conf b/fwupd/remotes.d/lvfs-testing.conf index bbd7473..740a793 100644 --- a/fwupd/remotes.d/lvfs-testing.conf +++ b/fwupd/remotes.d/lvfs-testing.conf @@ -3,7 +3,6 @@ # this remote provides metadata and firmware marked as 'testing' from the LVFS Enabled=false Title=Linux Vendor Firmware Service (testing) -Keyring=gpg MetadataURI=https://cdn.fwupd.org/downloads/firmware-testing.xml.gz ReportURI=https://fwupd.org/lvfs/firmware/report Username= diff --git a/fwupd/remotes.d/lvfs.conf b/fwupd/remotes.d/lvfs.conf index 047f942..f956bc9 100644 --- a/fwupd/remotes.d/lvfs.conf +++ b/fwupd/remotes.d/lvfs.conf @@ -3,9 +3,10 @@ # this remote provides metadata and firmware marked as 'stable' from the LVFS Enabled=true Title=Linux Vendor Firmware Service -Keyring=gpg MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz ReportURI=https://fwupd.org/lvfs/firmware/report +SecurityReportURI=https://fwupd.org/lvfs/hsireports/upload OrderBefore=fwupd AutomaticReports=false +AutomaticSecurityReports=false ApprovalRequired=false diff --git a/fwupd/thunderbolt.conf b/fwupd/thunderbolt.conf index 72dc0e4..d6a61d1 100644 --- a/fwupd/thunderbolt.conf +++ b/fwupd/thunderbolt.conf @@ -4,3 +4,6 @@ # It's important that all backports from this kernel have been # made if using an older kernel MinimumKernelVersion=4.13.0 + +# Forces delaying activation until shutdown/logout/reboot +DelayedActivation=false diff --git a/fwupd/uefi.conf b/fwupd/uefi_capsule.conf similarity index 59% rename from fwupd/uefi.conf rename to fwupd/uefi_capsule.conf index fd7d384..c543a7f 100644 --- a/fwupd/uefi.conf +++ b/fwupd/uefi_capsule.conf @@ -1,8 +1,8 @@ -[uefi] +[uefi_capsule] # the shim loader is required to chainload the fwupd EFI binary unless # the fwupd.efi file has been self-signed manually -RequireShimForSecureBoot=true +#DisableShimForSecureBoot=true # the EFI system partition path used # if this is is not /boot/efi, /boot, or /efi @@ -10,3 +10,7 @@ RequireShimForSecureBoot=true # amount of free space required on the ESP, for example using 0x2000000 for 32Mb #RequireESPFreeSpace= + +# with the UEFI removable path enabled, the default esp path is set to /EFI/boot +# the shim EFI binary and presumably this is $ESP/EFI/boot/bootx64.efi +#FallbacktoRemovablePath=false -- 2.39.5