Source: gnome-software Severity: important Tags: patch Due to changes in the secure boot summarized in https://wiki.debian.org/SecureBoot/CAChanges) there needs to be an upgrade to a newer fwupd version in bookworm to allow updating the trust chain.
This work is tracked by release team in the bookworm-pu bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139252 Unfortunately; upgrading to the newer fwupd version requires an ABI bump which means some minor patches for the ABI change and rebuilding against the newer libfwupd. I've validated this works properly, and I would like permission to send up a NMU coordinating with the updated fwupd. The proposed debdiff is attached to the release team bug.
diff -Nru gnome-software-43.5/debian/changelog gnome-software-43.5/debian/changelog --- gnome-software-43.5/debian/changelog 2023-06-16 05:33:47.000000000 -0500 +++ gnome-software-43.5/debian/changelog 2026-06-27 13:02:08.000000000 -0500 @@ -1,3 +1,11 @@ +gnome-software (43.5-1~deb12u2) bookworm; urgency=medium + + * Add patch for fwupd 2.0 compat. + * d/control: + - b/d on newer libfwupd + + -- Mario Limonciello <[email protected]> Sat, 27 Jun 2026 13:02:08 -0500 + gnome-software (43.5-1~deb12u1) bookworm; urgency=medium * Team upload diff -Nru gnome-software-43.5/debian/control gnome-software-43.5/debian/control --- gnome-software-43.5/debian/control 2023-06-16 05:33:47.000000000 -0500 +++ gnome-software-43.5/debian/control 2026-06-27 13:02:08.000000000 -0500 @@ -16,7 +16,7 @@ libadwaita-1-dev (>= 1.0.1), libappstream-dev (>= 0.14.0), libflatpak-dev (>= 1.14.0) [amd64 arm64 armel armhf i386 mipsel mips64el ppc64el s390x hppa powerpc ppc64 riscv64 x32], - libfwupd-dev (>= 1.5.6) [linux-any], + libfwupd-dev (>= 2.0.20) [linux-any], libglib2.0-dev (>= 2.70.0), libglib-testing-0-dev, libgtk-4-dev (>= 4.6), diff -Nru gnome-software-43.5/debian/control.in gnome-software-43.5/debian/control.in --- gnome-software-43.5/debian/control.in 2023-06-16 05:33:47.000000000 -0500 +++ gnome-software-43.5/debian/control.in 2026-06-27 13:02:08.000000000 -0500 @@ -12,7 +12,7 @@ libadwaita-1-dev (>= 1.0.1), libappstream-dev (>= 0.14.0), libflatpak-dev (>= 1.14.0) [amd64 arm64 armel armhf i386 mipsel mips64el ppc64el s390x hppa powerpc ppc64 riscv64 x32], - libfwupd-dev (>= 1.5.6) [linux-any], + libfwupd-dev (>= 2.0.20) [linux-any], libglib2.0-dev (>= 2.70.0), libglib-testing-0-dev, libgtk-4-dev (>= 4.6), diff -Nru gnome-software-43.5/debian/patches/remove-old-api.patch gnome-software-43.5/debian/patches/remove-old-api.patch --- gnome-software-43.5/debian/patches/remove-old-api.patch 1969-12-31 18:00:00.000000000 -0600 +++ gnome-software-43.5/debian/patches/remove-old-api.patch 2026-06-27 13:02:08.000000000 -0500 @@ -0,0 +1,126 @@ +From: Mario Limonciello <[email protected]> +Date: Jun, 27 2026 18:08:22 -0500 +Subject: [PATCH] Remove old fwupd API + +Index: gnome-software-43.5/plugins/fwupd/gs-fwupd-app.c +=================================================================== +--- gnome-software-43.5.orig/plugins/fwupd/gs-fwupd-app.c ++++ gnome-software-43.5/plugins/fwupd/gs-fwupd-app.c +@@ -62,11 +62,6 @@ gs_fwupd_app_set_from_device (GsApp *app + if (fwupd_device_has_flag (dev, FWUPD_DEVICE_FLAG_UPDATABLE)) + gs_app_set_state (app, GS_APP_STATE_UPDATABLE_LIVE); + +- /* only can be applied in systemd-offline */ +- if (fwupd_device_has_flag (dev, FWUPD_DEVICE_FLAG_ONLY_OFFLINE)) +- gs_app_set_metadata (app, "fwupd::OnlyOffline", ""); +- +- + /* reboot required to apply update */ + if (fwupd_device_has_flag (dev, FWUPD_DEVICE_FLAG_NEEDS_REBOOT)) + gs_app_add_quirk (app, GS_APP_QUIRK_NEEDS_REBOOT); +@@ -106,9 +101,9 @@ gs_fwupd_app_set_from_device (GsApp *app + } + if (fwupd_device_get_created (dev) != 0) + gs_app_set_install_date (app, fwupd_device_get_created (dev)); +- if (fwupd_device_get_description (dev) != NULL) { ++ if (fwupd_device_get_summary (dev) != NULL) { + g_autofree gchar *tmp = NULL; +- tmp = as_markup_convert_simple (fwupd_device_get_description (dev), NULL); ++ tmp = as_markup_convert_simple (fwupd_device_get_summary (dev), NULL); + if (tmp != NULL) + gs_app_set_description (app, GS_APP_QUALITY_NORMAL, tmp); + } +Index: gnome-software-43.5/plugins/fwupd/gs-plugin-fwupd.c +=================================================================== +--- gnome-software-43.5.orig/plugins/fwupd/gs-plugin-fwupd.c ++++ gnome-software-43.5/plugins/fwupd/gs-plugin-fwupd.c +@@ -403,7 +403,7 @@ gs_plugin_fwupd_new_app_from_device_raw + gs_app_set_version (app, fwupd_device_get_version (device)); + gs_app_set_name (app, GS_APP_QUALITY_LOWEST, fwupd_device_get_name (device)); + gs_app_set_summary (app, GS_APP_QUALITY_LOWEST, fwupd_device_get_summary (device)); +- gs_app_set_description (app, GS_APP_QUALITY_LOWEST, fwupd_device_get_description (device)); ++ gs_app_set_description (app, GS_APP_QUALITY_LOWEST, fwupd_device_get_summary (device)); + gs_app_set_origin (app, fwupd_device_get_vendor (device)); + gs_fwupd_app_set_device_id (app, fwupd_device_get_id (device)); + gs_app_set_management_plugin (app, plugin); +@@ -790,7 +790,7 @@ get_remotes_cb (GObject *source_obj + for (guint i = 0; i < remotes->len; i++) { + FwupdRemote *remote = g_ptr_array_index (remotes, i); + +- if (!fwupd_remote_get_enabled (remote)) ++ if (!fwupd_remote_has_flag (remote, FWUPD_REMOTE_FLAG_ENABLED)) + continue; + if (fwupd_remote_get_kind (remote) != FWUPD_REMOTE_KIND_DOWNLOAD) + continue; +@@ -798,7 +798,8 @@ get_remotes_cb (GObject *source_obj + continue; + + data->n_operations_pending++; +- fwupd_client_refresh_remote_async (client, remote, cancellable, ++ fwupd_client_refresh_remote_async (client, remote, FWUPD_CLIENT_DOWNLOAD_FLAG_NONE, ++ cancellable, + refresh_remote_cb, g_object_ref (task)); + } + +@@ -901,10 +902,6 @@ gs_plugin_fwupd_install (GsPluginFwupd + /* set the last object */ + g_set_object (&self->app_current, app); + +- /* only offline supported */ +- if (gs_app_get_metadata_item (app, "fwupd::OnlyOffline") != NULL) +- install_flags |= FWUPD_INSTALL_FLAG_OFFLINE; +- + gs_app_set_state (app, GS_APP_STATE_INSTALLING); + if (!fwupd_client_install (self->client, device_id, + filename, install_flags, +@@ -931,20 +928,21 @@ gs_plugin_fwupd_install (GsPluginFwupd + * in a too-new-to-depend-on fwupd version */ + g_debug ("failed to find device after install: %s", error_local->message); + } else { +- if (fwupd_device_get_update_message (dev) != NULL) { ++ FwupdRelease *release = fwupd_device_get_release_default (dev); ++ if (release != NULL && fwupd_release_get_update_message (release) != NULL) { + g_autoptr(AsScreenshot) ss = as_screenshot_new (); + + /* image is optional */ +- if (fwupd_device_get_update_image (dev) != NULL) { ++ if (fwupd_release_get_update_image (release) != NULL) { + g_autoptr(AsImage) im = as_image_new (); + as_image_set_kind (im, AS_IMAGE_KIND_SOURCE); +- as_image_set_url (im, fwupd_device_get_update_image (dev)); ++ as_image_set_url (im, fwupd_release_get_update_image (release)); + as_screenshot_add_image (ss, im); + } + + /* caption is required */ + as_screenshot_set_kind (ss, AS_SCREENSHOT_KIND_DEFAULT); +- as_screenshot_set_caption (ss, fwupd_device_get_update_message (dev), NULL); ++ as_screenshot_set_caption (ss, fwupd_release_get_update_message (release), NULL); + gs_app_set_action_screenshot (app, ss); + + /* require the dialog */ +@@ -1224,7 +1222,7 @@ gs_plugin_add_sources (GsPlugin *plugin, + app = gs_app_new (id); + gs_app_set_kind (app, AS_COMPONENT_KIND_REPOSITORY); + gs_app_set_scope (app, AS_COMPONENT_SCOPE_SYSTEM); +- gs_app_set_state (app, fwupd_remote_get_enabled (remote) ? ++ gs_app_set_state (app, fwupd_remote_has_flag (remote, FWUPD_REMOTE_FLAG_ENABLED) ? + GS_APP_STATE_INSTALLED : GS_APP_STATE_AVAILABLE); + gs_app_add_quirk (app, GS_APP_QUIRK_NOT_LAUNCHABLE); + gs_app_set_name (app, GS_APP_QUALITY_LOWEST, +@@ -1285,11 +1283,13 @@ gs_plugin_fwupd_enable_repository_get_re + for (guint i = 0; i < remotes->len; i++) { + FwupdRemote *remote = g_ptr_array_index (remotes, i); + if (g_strcmp0 (remote_id, fwupd_remote_get_id (remote)) == 0) { +- if (fwupd_remote_get_enabled (remote) && ++ if (fwupd_remote_has_flag (remote, FWUPD_REMOTE_FLAG_ENABLED) && + fwupd_remote_get_kind (remote) != FWUPD_REMOTE_KIND_LOCAL && + !remote_cache_is_expired (remote, cache_age)) { + GCancellable *cancellable = g_task_get_cancellable (task); +- fwupd_client_refresh_remote_async (self->client, remote, cancellable, ++ fwupd_client_refresh_remote_async (self->client, remote, ++ FWUPD_CLIENT_DOWNLOAD_FLAG_NONE, ++ cancellable, + gs_plugin_fwupd_enable_repository_remote_refresh_ready_cb, + g_steal_pointer (&task)); + return; diff -Nru gnome-software-43.5/debian/patches/series gnome-software-43.5/debian/patches/series --- gnome-software-43.5/debian/patches/series 2023-06-16 05:33:47.000000000 -0500 +++ gnome-software-43.5/debian/patches/series 2026-06-27 13:02:08.000000000 -0500 @@ -1 +1,2 @@ 01_details-Use-custom-icon-for-verified-developers.patch +remove-old-api.patch

