Source: gnome-firmware
Severity: important
Tags: patch

Due to changes in the secure boot summarized in 
https://wiki.debian.org/SecureBoot/CAChanges)
there needs to be an upgrade to a newer fwupd version in bookworm to allow 
updating the trust
chain.

This work is tracked by release team in the bookworm-pu bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139252 

Unfortunately; upgrading to the newer fwupd version requires an ABI bump which 
means some minor
patches for the ABI change and rebuilding against the newer libfwupd.

I've validated this works properly, and I would like permission to send up a 
NMU coordinating
with the updated fwupd.  The proposed debdiff is attached to the release team 
bug.
diff -Nru gnome-firmware-43.2/debian/changelog 
gnome-firmware-43.2/debian/changelog
--- gnome-firmware-43.2/debian/changelog        2023-02-15 16:52:29.000000000 
-0600
+++ gnome-firmware-43.2/debian/changelog        2026-06-27 11:06:53.000000000 
-0500
@@ -1,3 +1,11 @@
+gnome-firmware (43.2-1+deb12u1) bookworm; urgency=medium
+
+  * Backport patches from upstream for fwupd 2.x compat
+  * d/control: 
+    - b/d on newer libfwupd
+
+ -- Mario Limonciello <[email protected]>  Sat, 27 Jun 2026 11:06:53 -0500
+
 gnome-firmware (43.2-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru gnome-firmware-43.2/debian/control gnome-firmware-43.2/debian/control
--- gnome-firmware-43.2/debian/control  2023-02-15 16:52:29.000000000 -0600
+++ gnome-firmware-43.2/debian/control  2026-06-27 11:06:53.000000000 -0500
@@ -15,7 +15,7 @@
                dh-sequence-gnome,
                help2man,
                libadwaita-1-dev (>= 1.0.0),
-               libfwupd-dev (>= 1.7.5),
+               libfwupd-dev (>= 2.0.20),
                libglib2.0-dev,
                libgtk-4-dev (>= 4.6),
                libxmlb-dev (>= 0.1.7),
diff -Nru gnome-firmware-43.2/debian/control.in 
gnome-firmware-43.2/debian/control.in
--- gnome-firmware-43.2/debian/control.in       2023-02-15 16:52:29.000000000 
-0600
+++ gnome-firmware-43.2/debian/control.in       2026-06-27 11:06:53.000000000 
-0500
@@ -11,7 +11,7 @@
                dh-sequence-gnome,
                help2man,
                libadwaita-1-dev (>= 1.0.0),
-               libfwupd-dev (>= 1.7.5),
+               libfwupd-dev (>= 2.0.20),
                libglib2.0-dev,
                libgtk-4-dev (>= 4.6),
                libxmlb-dev (>= 0.1.7),
diff -Nru gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch 
gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch
--- gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch    
1969-12-31 18:00:00.000000000 -0600
+++ gnome-firmware-43.2/debian/patches/allow-fwupd-main-branch.patch    
2026-06-27 11:04:26.000000000 -0500
@@ -0,0 +1,167 @@
+Description: Allow compiling with fwupd from the main branch
+ Many fwupd 2.0 API functions were removed or renamed, causing
+ compilation errors. Add #if FWUPD_CHECK_VERSION(2,0,0) conditional
+ compilation to support both fwupd 1.x and fwupd 2.x.
+Author: Richard Hughes <[email protected]>
+Origin: 
https://salsa.debian.org/gnome-team/gnome-firmware/-/commit/851182b25b8bd4f79d849337fa4b8cf11b47178d
+Last-Update: 2026-06-27
+
+---
+Index: gnome-firmware-43.2/src/gfu-common.c
+===================================================================
+--- gnome-firmware-43.2.orig/src/gfu-common.c
++++ gnome-firmware-43.2/src/gfu-common.c
+@@ -362,26 +362,14 @@ gfu_common_device_flags_to_string(guint6
+               /* skip */
+               return NULL;
+       }
+-      if (device_flag == FWUPD_DEVICE_FLAG_NO_AUTO_INSTANCE_IDS) {
+-              /* skip */
+-              return NULL;
+-      }
+       if (device_flag == FWUPD_DEVICE_FLAG_NEEDS_ACTIVATION) {
+               /* TRANSLATORS: Device update needs to be separately activated 
*/
+               return _("Device update needs activation");
+       }
+-      if (device_flag == FWUPD_DEVICE_FLAG_ENSURE_SEMVER) {
+-              /* skip */
+-              return NULL;
+-      }
+       if (device_flag == FWUPD_DEVICE_FLAG_HISTORICAL) {
+               /* skip */
+               return NULL;
+       }
+-      if (device_flag == FWUPD_DEVICE_FLAG_ONLY_SUPPORTED) {
+-              /* skip */
+-              return NULL;
+-      }
+       if (device_flag == FWUPD_DEVICE_FLAG_WILL_DISAPPEAR) {
+               /* TRANSLATORS: Device will not return after update completes */
+               return _("Device will not re-appear after update completes");
+@@ -523,12 +511,8 @@ gfu_common_device_icon_from_flag(FwupdDe
+               return "dialog-error-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_ANOTHER_WRITE_REQUIRED)
+               return "media-floppy-symbolic";
+-      if (device_flag == FWUPD_DEVICE_FLAG_NO_AUTO_INSTANCE_IDS)
+-              return "dialog-error-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_NEEDS_ACTIVATION)
+               return "emblem-important-symbolic";
+-      if (device_flag == FWUPD_DEVICE_FLAG_ENSURE_SEMVER)
+-              return "emblem-important-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_WILL_DISAPPEAR)
+               return "emblem-important-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_CAN_VERIFY)
+Index: gnome-firmware-43.2/src/gfu-main.c
+===================================================================
+--- gnome-firmware-43.2.orig/src/gfu-main.c
++++ gnome-firmware-43.2/src/gfu-main.c
+@@ -549,11 +549,25 @@ gfu_main_update_remotes_cb(GObject *sour
+       }
+       for (guint i = 0; i < remotes->len; i++) {
+               FwupdRemote *remote = g_ptr_array_index(remotes, i);
++#if FWUPD_CHECK_VERSION(2, 0, 0)
++              /* if another repository is turned on providing metadata */
+               g_debug("%s is %s",
+                       fwupd_remote_get_id(remote),
+-                      fwupd_remote_get_enabled(remote) ? "enabled" : 
"disabled");
+-
++                      fwupd_remote_has_flag(remote, 
FWUPD_REMOTE_FLAG_ENABLED) ? "enabled"
++                                                                       : 
"disabled");
++              if (fwupd_remote_has_flag(remote, FWUPD_REMOTE_FLAG_ENABLED)) {
++                      if (fwupd_remote_get_kind(remote) == 
FWUPD_REMOTE_KIND_DOWNLOAD)
++                              enabled_any_download_remote = TRUE;
++                      /* lvfs is present and disabled */
++              } else {
++                      if (g_strcmp0(fwupd_remote_get_id(remote), "lvfs") == 0)
++                              disabled_lvfs_remote = TRUE;
++              }
++#else
+               /* if another repository is turned on providing metadata */
++              g_debug("%s is %s",
++                      fwupd_remote_get_id(remote),
++                      fwupd_remote_get_enabled(remote) ? "enabled" : 
"disabled");
+               if (fwupd_remote_get_enabled(remote)) {
+                       if (fwupd_remote_get_kind(remote) == 
FWUPD_REMOTE_KIND_DOWNLOAD)
+                               enabled_any_download_remote = TRUE;
+@@ -563,6 +577,7 @@ gfu_main_update_remotes_cb(GObject *sour
+                       if (g_strcmp0(fwupd_remote_get_id(remote), "lvfs") == 0)
+                               disabled_lvfs_remote = TRUE;
+               }
++#endif
+       }
+ 
+       w = GTK_WIDGET(gtk_builder_get_object(self->builder, 
"infobar_enable_lvfs"));
+@@ -785,11 +800,20 @@ gfu_main_get_lvfs_remote_cb(GObject *sou
+               gfu_main_error_dialog(self, _("Failed to find LVFS"), 
error->message);
+               return;
+       }
++#if FWUPD_CHECK_VERSION(2, 0, 0)
++      fwupd_client_refresh_remote_async(self->client,
++                                        remote,
++                                        FWUPD_CLIENT_DOWNLOAD_FLAG_NONE,
++                                        self->cancellable,
++                                        gfu_main_refresh_remote_cb,
++                                        self);
++#else
+       fwupd_client_refresh_remote_async(self->client,
+                                         remote,
+                                         self->cancellable,
+                                         gfu_main_refresh_remote_cb,
+                                         self);
++#endif
+ }
+ 
+ static void
+@@ -846,6 +870,19 @@ gfu_main_get_remotes_cb(GObject *source,
+       }
+       for (guint i = 0; i < remotes->len; i++) {
+               FwupdRemote *remote = g_ptr_array_index(remotes, i);
++#if FWUPD_CHECK_VERSION(2, 0, 0)
++              if (!fwupd_remote_has_flag(remote, FWUPD_REMOTE_FLAG_ENABLED))
++                      continue;
++              if (fwupd_remote_get_kind(remote) != FWUPD_REMOTE_KIND_DOWNLOAD)
++                      continue;
++              /* should this be a single async action? */
++              fwupd_client_refresh_remote_async(self->client,
++                                                remote,
++                                                
FWUPD_CLIENT_DOWNLOAD_FLAG_NONE,
++                                                self->cancellable,
++                                                gfu_main_refresh_remote_cb,
++                                                self);
++#else
+               if (!fwupd_remote_get_enabled(remote))
+                       continue;
+               if (fwupd_remote_get_kind(remote) != FWUPD_REMOTE_KIND_DOWNLOAD)
+@@ -856,6 +893,7 @@ gfu_main_get_remotes_cb(GObject *source,
+                                                 self->cancellable,
+                                                 gfu_main_refresh_remote_cb,
+                                                 self);
++#endif
+       }
+ }
+ 
+@@ -1055,6 +1093,16 @@ static void
+ gfu_main_release_install(GfuMain *self)
+ {
+       /* begin installing, show loading animation */
++#if FWUPD_CHECK_VERSION(2, 0, 0)
++      fwupd_client_install_release_async(self->client,
++                                         self->device,
++                                         self->release,
++                                         self->flags | 
FWUPD_INSTALL_FLAG_ALLOW_BRANCH_SWITCH,
++                                         FWUPD_CLIENT_DOWNLOAD_FLAG_NONE,
++                                         self->cancellable,
++                                         gfu_main_install_release_cb,
++                                         self);
++#else
+       fwupd_client_install_release2_async(self->client,
+                                           self->device,
+                                           self->release,
+@@ -1063,6 +1111,7 @@ gfu_main_release_install(GfuMain *self)
+                                           self->cancellable,
+                                           gfu_main_install_release_cb,
+                                           self);
++#endif
+ }
+ 
+ static GtkWidget *
diff -Nru 
gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch
 
gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch
--- 
gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch
   1969-12-31 18:00:00.000000000 -0600
+++ 
gnome-firmware-43.2/debian/patches/drop-device-flags-private-in-fwupd-2.0.0.patch
   2026-06-27 11:06:53.000000000 -0500
@@ -0,0 +1,98 @@
+From de34a84f56280b28c5b9f45682f7640588f9948b Mon Sep 17 00:00:00 2001
+From: Mario Limonciello <[email protected]>
+Date: Thu, 12 Sep 2024 23:38:50 -0500
+Subject: [PATCH] drop device flags that were turned private in fwupd 2.0.0
+
+These aren't useful to a user anyway on older versions, so don't
+worry about showing them based on what version gnome-firmware
+is compiled against.
+
+---
+ src/gfu-common.c | 40 ---------------------------------------
+ 1 file changed, 40 deletions(-)
+
+--- a/src/gfu-common.c
++++ b/src/gfu-common.c
+@@ -302,10 +302,6 @@ gfu_common_device_flags_to_string(guint64 device_flag)
+               /* TRANSLATORS: Device is updatable in this or any other mode */
+               return _("Updatable");
+       }
+-      if (device_flag == FWUPD_DEVICE_FLAG_ONLY_OFFLINE) {
+-              /* TRANSLATORS: Update can only be done from offline mode */
+-              return _("Update requires a reboot");
+-      }
+       if (device_flag == FWUPD_DEVICE_FLAG_REQUIRE_AC) {
+               /* TRANSLATORS: Must be plugged in to an outlet */
+               return _("System requires external power source");
+@@ -338,14 +334,6 @@ gfu_common_device_flags_to_string(guint64 device_flag)
+               /* TRANSLATORS: User has been notified */
+               return _("User has been notified");
+       }
+-      if (device_flag == FWUPD_DEVICE_FLAG_USE_RUNTIME_VERSION) {
+-              /* skip */
+-              return NULL;
+-      }
+-      if (device_flag == FWUPD_DEVICE_FLAG_INSTALL_PARENT_FIRST) {
+-              /* TRANSLATORS: Install composite firmware on the parent before 
the child */
+-              return _("Install to parent device first");
+-      }
+       if (device_flag == FWUPD_DEVICE_FLAG_IS_BOOTLOADER) {
+               /* TRANSLATORS: Is currently in bootloader mode */
+               return _("Is in bootloader mode");
+@@ -354,10 +342,6 @@ gfu_common_device_flags_to_string(guint64 device_flag)
+               /* TRANSLATORS: The hardware is waiting to be replugged */
+               return _("Hardware is waiting to be replugged");
+       }
+-      if (device_flag == FWUPD_DEVICE_FLAG_IGNORE_VALIDATION) {
+-              /* TRANSLATORS: Ignore validation safety checks when flashing 
this device */
+-              return _("Ignore validation safety checks");
+-      }
+       if (device_flag == FWUPD_DEVICE_FLAG_ANOTHER_WRITE_REQUIRED) {
+               /* skip */
+               return NULL;
+@@ -398,10 +382,6 @@ gfu_common_device_flags_to_string(guint64 device_flag)
+               /* TRANSLATORS: Device does not jump directly to the newest */
+               return _("Device installs all intermediate releases");
+       }
+-      if (device_flag == FWUPD_DEVICE_FLAG_SKIPS_RESTART) {
+-              /* TRANSLATORS: Device does not restart and requires a manual 
action */
+-              return _("Device skips restart");
+-      }
+       if (device_flag == FWUPD_DEVICE_FLAG_HAS_MULTIPLE_BRANCHES) {
+               /* TRANSLATORS: the stream can be provided by different vendors 
*/
+               return _("Device supports switching to a different stream of 
firmware");
+@@ -481,8 +461,6 @@ gfu_common_device_icon_from_flag(FwupdDeviceFlags 
device_flag)
+               return "drive-harddisk-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_UPDATABLE)
+               return "software-update-available-symbolic";
+-      if (device_flag == FWUPD_DEVICE_FLAG_ONLY_OFFLINE)
+-              return "network-offline-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_REQUIRE_AC)
+               return "battery-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_LOCKED)
+@@ -499,16 +477,10 @@ gfu_common_device_icon_from_flag(FwupdDeviceFlags 
device_flag)
+               return "task-due-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_NOTIFIED)
+               return "task-due-symbolic";
+-      if (device_flag == FWUPD_DEVICE_FLAG_USE_RUNTIME_VERSION)
+-              return "system-run-symbolic";
+-      if (device_flag == FWUPD_DEVICE_FLAG_INSTALL_PARENT_FIRST)
+-              return "system-software-install-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_IS_BOOTLOADER)
+               return "computer-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_WAIT_FOR_REPLUG)
+               return "battery-low-symbolic";
+-      if (device_flag == FWUPD_DEVICE_FLAG_IGNORE_VALIDATION)
+-              return "dialog-error-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_ANOTHER_WRITE_REQUIRED)
+               return "media-floppy-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_NEEDS_ACTIVATION)
+@@ -525,8 +497,6 @@ gfu_common_device_icon_from_flag(FwupdDeviceFlags 
device_flag)
+               return "emblem-important-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_INSTALL_ALL_RELEASES)
+               return "media-skip-forward-symbolic";
+-      if (device_flag == FWUPD_DEVICE_FLAG_SKIPS_RESTART)
+-              return "process-stop-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_HAS_MULTIPLE_BRANCHES)
+               return "emblem-shared-symbolic";
+       if (device_flag == FWUPD_DEVICE_FLAG_BACKUP_BEFORE_INSTALL)
diff -Nru gnome-firmware-43.2/debian/patches/series 
gnome-firmware-43.2/debian/patches/series
--- gnome-firmware-43.2/debian/patches/series   2023-02-15 16:52:29.000000000 
-0600
+++ gnome-firmware-43.2/debian/patches/series   2026-06-27 11:06:53.000000000 
-0500
@@ -0,0 +1,2 @@
+allow-fwupd-main-branch.patch
+drop-device-flags-private-in-fwupd-2.0.0.patch

Reply via email to