From 4d361a6b5147e3f91573e9d3c8c540a233e7e142 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 1 Sep 2022 16:13:59 -0400 Subject: [PATCH] gnu: fwupd: Disable remotes by default. * gnu/packages/firmware.scm (fwupd) [configure-flags]: Add "-Dlvfs=disabled". [phases]{ensure-all-remotes-are-disabled}: New phase. --- gnu/packages/firmware.scm | 66 ++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 26 deletions(-) diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm index 3a5ade4b77..696814cc71 100644 --- a/gnu/packages/firmware.scm +++ b/gnu/packages/firmware.scm @@ -205,32 +205,46 @@ (define-public fwupd "02jf052qj1nl47ppqrgz3s9qapq4pajgkf6lbj5rxr5sshlrw44n")))) (build-system meson-build-system) (arguments - (list #:configure-flags #~(list "--wrap-mode=nofallback" - "-Dsystemd=false" - (string-append "-Defi_os_dir=" - #$gnu-efi "/lib") - "-Defi_binary=false" - (string-append "-Dudevdir=" - #$output "/lib/udev") - "--localstatedir=/var" - (string-append "--libexecdir=" - #$output "/libexec") - "-Dsupported_build=true") - #:glib-or-gtk? #t ;To wrap binaries and/or compile schemas - #:phases #~(modify-phases %standard-phases - (add-after 'unpack 'make-source-writable - (lambda _ - (for-each make-file-writable - (find-files ".")) - (substitute* "src/fu-self-test.c" - (("/bin/sh") - (which "sh"))))) - (add-before 'build 'setup-home - (lambda _ - (setenv "HOME" "/tmp"))) - (add-before 'install 'no-polkit-magic - (lambda _ - (setenv "PKEXEC_UID" "something")))))) + (list + #:configure-flags #~(list "--wrap-mode=nofallback" + "-Dsystemd=false" + (string-append "-Defi_os_dir=" + #$gnu-efi "/lib") + "-Defi_binary=false" + (string-append "-Dudevdir=" + #$output "/lib/udev") + "--localstatedir=/var" + (string-append "--libexecdir=" + #$output "/libexec") + "-Dsupported_build=true" + ;; Disable LVFS, because it contains + ;; nonfree firmwares. + "-Dlvfs=disabled") + #:glib-or-gtk? #t ;To wrap binaries and/or compile schemas + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'make-source-writable + (lambda _ + (for-each make-file-writable + (find-files ".")) + (substitute* "src/fu-self-test.c" + (("/bin/sh") + (which "sh"))))) + (add-before 'build 'setup-home + (lambda _ + (setenv "HOME" "/tmp"))) + (add-before 'install 'no-polkit-magic + (lambda _ + (setenv "PKEXEC_UID" "something"))) + (add-after 'install 'ensure-all-remotes-are-disabled + ;; Because no remote currently promises to offer only free + ;; software firmwares, disable them to prevent a user to + ;; unknowingly install proprietary firmware updates. + (lambda _ + (substitute* (find-files (string-append #$output "/etc") + "\\.conf$") + (("Enabled=true") + "Enabled=false"))))))) (native-inputs (list gobject-introspection python-pygobject python-pillow