Seth, Just to confirm, when you replaced those files did you also restart the fwupd process?
On Mon, Mar 28, 2016, 23:20 Seth Arnold <1536...@bugs.launchpad.net> wrote: > Richard, Mario, thanks for the feedback, it's been helpful. > > I'm not sure that everything's hooked up correctly though -- when I > replace both these files with my own GPG key and run fwupdmgr refresh I > get no errors: > > /etc/pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service > /etc/pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service > > /var/cache/app-info/xmls/fwupd.xml > is written and has a current timestamp. > > Removing those key files also doesn't appear to change anything. > > Removing the /usr/bin/gpg* executables didn't appear to change anything. > > I also tried to change the downloaded /tmp/firmware.xml.gz or > /tmp/firmware.xml.gz.asc files to simulate corrupted or modified contents > but had trouble getting the inotify magic to work. Testing this case will > take more time than I've got at the moment but I suspect this error case > is also not properly handled. > > Can these error conditions be properly handled before release? Is fwupd > currently "released" enough to justify getting CVEs assigned for these > unhandled error cases? Can they be programmatically tested to ensure they > don't return? > > Thanks > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1536871 > > Title: > [MIR] fwupd > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1536871/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1536871 Title: [MIR] fwupd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1536871/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs