Source: gnome-firmware Severity: important Tags: patch Due to changes in the secure boot summarized in https://wiki.debian.org/SecureBoot/CAChanges) there needs to be an upgrade to a newer fwupd version in bookworm to allow updating the trust chain.
This work is tracked by release team in the bookworm-pu bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139252 Unfortunately; upgrading to the newer fwupd version requires an ABI bump which means some minor patches for the ABI change and rebuilding against the newer libfwupd. I've validated this works properly, and I would like permission to send up a NMU coordinating with the updated fwupd. The proposed debdiff is attached to the release team bug.
diff -Nru gnome-firmware-43.2/debian/changelog gnome-firmware-43.2/debian/changelog --- gnome-firmware-43.2/debian/changelog 2023-02-15 16:52:29.000000000 -0600 +++ gnome-firmware-43.2/debian/changelog 2026-06-27 11:06:53.000000000 -0500 @@ -1,3 +1,11 @@ +gnome-firmware (43.2-1+deb12u1) bookworm; urgency=medium + + * Backport patches from upstream for fwupd 2.x compat + * d/control: + - b/d on newer libfwupd + + -- Mario Limonciello <[email protected]> Sat, 27 Jun 2026 11:06:53 -0500 + gnome-firmware (43.2-1) unstable; urgency=medium * New upstream release diff -Nru gnome-firmware-43.2/debian/control gnome-firmware-43.2/debian/control --- gnome-firmware-43.2/debian/control 2023-02-15 16:52:29.000000000 -0600 +++ gnome-firmware-43.2/debian/control 2026-06-27 11:06:53.000000000 -0500 @@ -15,7 +15,7 @@ dh-sequence-gnome, help2man, libadwaita-1-dev (>= 1.0.0), - libfwupd-dev (>= 1.7.5), + libfwupd-dev (>= 2.0.20), libglib2.0-dev, libgtk-4-dev (>= 4.6), libxmlb-dev (>= 0.1.7), diff -Nru gnome-firmware-43.2/debian/control.in gnome-firmware-43.2/debian/control.in --- gnome-firmware-43.2/debian/control.in 2023-02-15 16:52:29.000000000 -0600 +++ gnome-firmware-43.2/debian/control.in 2026-06-27 11:06:53.000000000 -0500 @@ -11,7 +11,7 @@ dh-sequence-gnome, help2man, libadwaita-1-dev (>= 1.0.0), - libfwupd-dev (>= 1.7.5), + libfwupd-dev (>= 2.0.20), libglib2.0-dev, libgtk-4-dev (>= 4.6), libxmlb-dev (>= 0.1.7), diff -Nru gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch --- gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch 1969-12-31 18:00:00.000000000 -0600 +++ gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch 2026-06-27 11:04:26.000000000 -0500 @@ -0,0 +1,167 @@ +Description: Allow compiling with fwupd from the main branch + Many fwupd 2.0 API functions were removed or renamed, causing + compilation errors. Add #if FWUPD_CHECK_VERSION(2,0,0) conditional + compilation to support both fwupd 1.x and fwupd 2.x. +Author: Richard Hughes <[email protected]> +Origin: https://salsa.debian.org/gnome-team/gnome-firmware/-/commit/851182b25b8bd4f79d849337fa4b8cf11b47178d +Last-Update: 2026-06-27 + +--- +Index: gnome-firmware-43.2/src/gfu-common.c +=================================================================== +--- gnome-firmware-43.2.orig/src/gfu-common.c ++++ gnome-firmware-43.2/src/gfu-common.c +@@ -362,26 +362,14 @@ gfu_common_device_flags_to_string(guint6 + /* skip */ + return NULL; + } +- if (device_flag == FWUPD_DEVICE_FLAG_NO_AUTO_INSTANCE_IDS) { +- /* skip */ +- return NULL; +- } + if (device_flag == FWUPD_DEVICE_FLAG_NEEDS_ACTIVATION) { + /* TRANSLATORS: Device update needs to be separately activated */ + return _("Device update needs activation"); + } +- if (device_flag == FWUPD_DEVICE_FLAG_ENSURE_SEMVER) { +- /* skip */ +- return NULL; +- } + if (device_flag == FWUPD_DEVICE_FLAG_HISTORICAL) { + /* skip */ + return NULL; + } +- if (device_flag == FWUPD_DEVICE_FLAG_ONLY_SUPPORTED) { +- /* skip */ +- return NULL; +- } + if (device_flag == FWUPD_DEVICE_FLAG_WILL_DISAPPEAR) { + /* TRANSLATORS: Device will not return after update completes */ + return _("Device will not re-appear after update completes"); +@@ -523,12 +511,8 @@ gfu_common_device_icon_from_flag(FwupdDe + return "dialog-error-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_ANOTHER_WRITE_REQUIRED) + return "media-floppy-symbolic"; +- if (device_flag == FWUPD_DEVICE_FLAG_NO_AUTO_INSTANCE_IDS) +- return "dialog-error-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_NEEDS_ACTIVATION) + return "emblem-important-symbolic"; +- if (device_flag == FWUPD_DEVICE_FLAG_ENSURE_SEMVER) +- return "emblem-important-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_WILL_DISAPPEAR) + return "emblem-important-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_CAN_VERIFY) +Index: gnome-firmware-43.2/src/gfu-main.c +=================================================================== +--- gnome-firmware-43.2.orig/src/gfu-main.c ++++ gnome-firmware-43.2/src/gfu-main.c +@@ -549,11 +549,25 @@ gfu_main_update_remotes_cb(GObject *sour + } + for (guint i = 0; i < remotes->len; i++) { + FwupdRemote *remote = g_ptr_array_index(remotes, i); ++#if FWUPD_CHECK_VERSION(2, 0, 0) ++ /* if another repository is turned on providing metadata */ + g_debug("%s is %s", + fwupd_remote_get_id(remote), +- fwupd_remote_get_enabled(remote) ? "enabled" : "disabled"); +- ++ fwupd_remote_has_flag(remote, FWUPD_REMOTE_FLAG_ENABLED) ? "enabled" ++ : "disabled"); ++ if (fwupd_remote_has_flag(remote, FWUPD_REMOTE_FLAG_ENABLED)) { ++ if (fwupd_remote_get_kind(remote) == FWUPD_REMOTE_KIND_DOWNLOAD) ++ enabled_any_download_remote = TRUE; ++ /* lvfs is present and disabled */ ++ } else { ++ if (g_strcmp0(fwupd_remote_get_id(remote), "lvfs") == 0) ++ disabled_lvfs_remote = TRUE; ++ } ++#else + /* if another repository is turned on providing metadata */ ++ g_debug("%s is %s", ++ fwupd_remote_get_id(remote), ++ fwupd_remote_get_enabled(remote) ? "enabled" : "disabled"); + if (fwupd_remote_get_enabled(remote)) { + if (fwupd_remote_get_kind(remote) == FWUPD_REMOTE_KIND_DOWNLOAD) + enabled_any_download_remote = TRUE; +@@ -563,6 +577,7 @@ gfu_main_update_remotes_cb(GObject *sour + if (g_strcmp0(fwupd_remote_get_id(remote), "lvfs") == 0) + disabled_lvfs_remote = TRUE; + } ++#endif + } + + w = GTK_WIDGET(gtk_builder_get_object(self->builder, "infobar_enable_lvfs")); +@@ -785,11 +800,20 @@ gfu_main_get_lvfs_remote_cb(GObject *sou + gfu_main_error_dialog(self, _("Failed to find LVFS"), error->message); + return; + } ++#if FWUPD_CHECK_VERSION(2, 0, 0) ++ fwupd_client_refresh_remote_async(self->client, ++ remote, ++ FWUPD_CLIENT_DOWNLOAD_FLAG_NONE, ++ self->cancellable, ++ gfu_main_refresh_remote_cb, ++ self); ++#else + fwupd_client_refresh_remote_async(self->client, + remote, + self->cancellable, + gfu_main_refresh_remote_cb, + self); ++#endif + } + + static void +@@ -846,6 +870,19 @@ gfu_main_get_remotes_cb(GObject *source, + } + for (guint i = 0; i < remotes->len; i++) { + FwupdRemote *remote = g_ptr_array_index(remotes, i); ++#if FWUPD_CHECK_VERSION(2, 0, 0) ++ if (!fwupd_remote_has_flag(remote, FWUPD_REMOTE_FLAG_ENABLED)) ++ continue; ++ if (fwupd_remote_get_kind(remote) != FWUPD_REMOTE_KIND_DOWNLOAD) ++ continue; ++ /* should this be a single async action? */ ++ fwupd_client_refresh_remote_async(self->client, ++ remote, ++ FWUPD_CLIENT_DOWNLOAD_FLAG_NONE, ++ self->cancellable, ++ gfu_main_refresh_remote_cb, ++ self); ++#else + if (!fwupd_remote_get_enabled(remote)) + continue; + if (fwupd_remote_get_kind(remote) != FWUPD_REMOTE_KIND_DOWNLOAD) +@@ -856,6 +893,7 @@ gfu_main_get_remotes_cb(GObject *source, + self->cancellable, + gfu_main_refresh_remote_cb, + self); ++#endif + } + } + +@@ -1055,6 +1093,16 @@ static void + gfu_main_release_install(GfuMain *self) + { + /* begin installing, show loading animation */ ++#if FWUPD_CHECK_VERSION(2, 0, 0) ++ fwupd_client_install_release_async(self->client, ++ self->device, ++ self->release, ++ self->flags | FWUPD_INSTALL_FLAG_ALLOW_BRANCH_SWITCH, ++ FWUPD_CLIENT_DOWNLOAD_FLAG_NONE, ++ self->cancellable, ++ gfu_main_install_release_cb, ++ self); ++#else + fwupd_client_install_release2_async(self->client, + self->device, + self->release, +@@ -1063,6 +1111,7 @@ gfu_main_release_install(GfuMain *self) + self->cancellable, + gfu_main_install_release_cb, + self); ++#endif + } + + static GtkWidget * diff -Nru gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch --- gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch 1969-12-31 18:00:00.000000000 -0600 +++ gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch 2026-06-27 11:06:53.000000000 -0500 @@ -0,0 +1,98 @@ +From de34a84f56280b28c5b9f45682f7640588f9948b Mon Sep 17 00:00:00 2001 +From: Mario Limonciello <[email protected]> +Date: Thu, 12 Sep 2024 23:38:50 -0500 +Subject: [PATCH] drop device flags that were turned private in fwupd 2.0.0 + +These aren't useful to a user anyway on older versions, so don't +worry about showing them based on what version gnome-firmware +is compiled against. + +--- + src/gfu-common.c | 40 --------------------------------------- + 1 file changed, 40 deletions(-) + +--- a/src/gfu-common.c ++++ b/src/gfu-common.c +@@ -302,10 +302,6 @@ gfu_common_device_flags_to_string(guint64 device_flag) + /* TRANSLATORS: Device is updatable in this or any other mode */ + return _("Updatable"); + } +- if (device_flag == FWUPD_DEVICE_FLAG_ONLY_OFFLINE) { +- /* TRANSLATORS: Update can only be done from offline mode */ +- return _("Update requires a reboot"); +- } + if (device_flag == FWUPD_DEVICE_FLAG_REQUIRE_AC) { + /* TRANSLATORS: Must be plugged in to an outlet */ + return _("System requires external power source"); +@@ -338,14 +334,6 @@ gfu_common_device_flags_to_string(guint64 device_flag) + /* TRANSLATORS: User has been notified */ + return _("User has been notified"); + } +- if (device_flag == FWUPD_DEVICE_FLAG_USE_RUNTIME_VERSION) { +- /* skip */ +- return NULL; +- } +- if (device_flag == FWUPD_DEVICE_FLAG_INSTALL_PARENT_FIRST) { +- /* TRANSLATORS: Install composite firmware on the parent before the child */ +- return _("Install to parent device first"); +- } + if (device_flag == FWUPD_DEVICE_FLAG_IS_BOOTLOADER) { + /* TRANSLATORS: Is currently in bootloader mode */ + return _("Is in bootloader mode"); +@@ -354,10 +342,6 @@ gfu_common_device_flags_to_string(guint64 device_flag) + /* TRANSLATORS: The hardware is waiting to be replugged */ + return _("Hardware is waiting to be replugged"); + } +- if (device_flag == FWUPD_DEVICE_FLAG_IGNORE_VALIDATION) { +- /* TRANSLATORS: Ignore validation safety checks when flashing this device */ +- return _("Ignore validation safety checks"); +- } + if (device_flag == FWUPD_DEVICE_FLAG_ANOTHER_WRITE_REQUIRED) { + /* skip */ + return NULL; +@@ -398,10 +382,6 @@ gfu_common_device_flags_to_string(guint64 device_flag) + /* TRANSLATORS: Device does not jump directly to the newest */ + return _("Device installs all intermediate releases"); + } +- if (device_flag == FWUPD_DEVICE_FLAG_SKIPS_RESTART) { +- /* TRANSLATORS: Device does not restart and requires a manual action */ +- return _("Device skips restart"); +- } + if (device_flag == FWUPD_DEVICE_FLAG_HAS_MULTIPLE_BRANCHES) { + /* TRANSLATORS: the stream can be provided by different vendors */ + return _("Device supports switching to a different stream of firmware"); +@@ -481,8 +461,6 @@ gfu_common_device_icon_from_flag(FwupdDeviceFlags device_flag) + return "drive-harddisk-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_UPDATABLE) + return "software-update-available-symbolic"; +- if (device_flag == FWUPD_DEVICE_FLAG_ONLY_OFFLINE) +- return "network-offline-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_REQUIRE_AC) + return "battery-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_LOCKED) +@@ -499,16 +477,10 @@ gfu_common_device_icon_from_flag(FwupdDeviceFlags device_flag) + return "task-due-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_NOTIFIED) + return "task-due-symbolic"; +- if (device_flag == FWUPD_DEVICE_FLAG_USE_RUNTIME_VERSION) +- return "system-run-symbolic"; +- if (device_flag == FWUPD_DEVICE_FLAG_INSTALL_PARENT_FIRST) +- return "system-software-install-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_IS_BOOTLOADER) + return "computer-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_WAIT_FOR_REPLUG) + return "battery-low-symbolic"; +- if (device_flag == FWUPD_DEVICE_FLAG_IGNORE_VALIDATION) +- return "dialog-error-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_ANOTHER_WRITE_REQUIRED) + return "media-floppy-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_NEEDS_ACTIVATION) +@@ -525,8 +497,6 @@ gfu_common_device_icon_from_flag(FwupdDeviceFlags device_flag) + return "emblem-important-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_INSTALL_ALL_RELEASES) + return "media-skip-forward-symbolic"; +- if (device_flag == FWUPD_DEVICE_FLAG_SKIPS_RESTART) +- return "process-stop-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_HAS_MULTIPLE_BRANCHES) + return "emblem-shared-symbolic"; + if (device_flag == FWUPD_DEVICE_FLAG_BACKUP_BEFORE_INSTALL) diff -Nru gnome-firmware-43.2/debian/patches/series gnome-firmware-43.2/debian/patches/series --- gnome-firmware-43.2/debian/patches/series 2023-02-15 16:52:29.000000000 -0600 +++ gnome-firmware-43.2/debian/patches/series 2026-06-27 11:06:53.000000000 -0500 @@ -0,0 +1,2 @@ +allow-fwupd-main-branch.patch +drop-device-flags-private-in-fwupd-2.0.0.patch

