Bug#961490: fwupd: version in stable too old, no updates possible
Hi, just wanted to let you know that I do *not* get the "Not compatible with org.freedesktop.fwupd version 1.2.5, requires >= 1.2.7" output/error here: % sudo fwupdmgr refresh Fetching metadata https://cdn.fwupd.org/downloads/firmware.xml.gz Downloading… [***] Fetching signature https://cdn.fwupd.org/downloads/firmware.xml.gz.asc % sudo fwupdmgr get-updates 2>/dev/null | grep -e "has firmware updates" -e "^ID" -e "^Update Version" UEFI Device Firmware has firmware updates: ID: com.lenovo.ThinkPadN20HT.firmware Update Version: 0.1.13 ID: com.lenovo.ThinkPadN20HT.firmware Update Version: 0.1.12 ID: com.lenovo.ThinkPadN20HT.firmware Update Version: 0.1.11 ID: com.lenovo.ThinkPadN20HT.firmware Update Version: 0.1.10 (Yes, I have a pending update). FYI: Package: fwupd Version: 1.2.5-2 and: % sudo fwupdmgr --version client version: 1.2.5 compile-time dependency versions gusb: 0.3.0 efivar: 37 daemon version: 1.2.5 20KF001GGE System Firmware (0.1.40) and UEFI Device Firmware (184.70.3626) have been updated recently. But my main reason for coming here is the fact that the (critical[1]) Firmware-Update for the Thunderbolt Controller[1][2] and the NVMe[2] is not detected: [1] https://pcsupport.lenovo.com/fi/en/solutions/ht508988 [2] https://fwupd.org/lvfs/devices/com.lenovo.ThinkPadN20TF.firmware [3] https://fwupd.org/lvfs/devices/com.lenovo.PM981.512GB_1TB.firmware % sudo fwupdmgr get-devices | grep -v Serial ThinkPad X280 Thunderbolt Controller DeviceId: a4ff56667c8863bbfec8c52b6aa02b51a98a8fb2 Guid: 4808eca4-fd4a-50e6-9e8d-bfd813f063da <- TBT-01091704-native Summary: Unmatched performance for high-speed I/O Plugin: thunderbolt Flags:internal|updatable|registered Vendor: Lenovo VendorId: TBT:0x0109 Version: 12.00 Icon: computer Created: 2020-06-29 20KF001GGE System Firmware DeviceId: 5a566863d357fb728a620cdf235632fb9bc99f5f Guid: 508f7539-1ad6-48b9-8680-38377535009d Plugin: uefi Flags: internal|updatable|require-ac|supported|registered|needs-reboot Version: 0.1.40 VersionLowest:0.0.1 Icon: computer Created: 2020-06-29 UEFI Device Firmware DeviceId: 093ef0be8328a2c4ed2fe55cd36aae3171b92ade Guid: 6d28cd9f-7bcd-4fb9-9f10-0372e2962fc4 Plugin: uefi Flags: internal|updatable|require-ac|supported|registered|needs-reboot Version: 184.70.3626 VersionLowest:0.0.1 Icon: audio-card Created: 2020-06-29 UEFI Device Firmware DeviceId: ca368aebcf7da847029e9f2520ec55fb7a036b31 Guid: 3f4a527b-6588-45b8-b2d3-dc61189b63cb Plugin: uefi Flags: internal|updatable|require-ac|supported|registered|needs-reboot Version: 0.1.4 VersionLowest:0.1.4 Icon: audio-card Created: 2020-06-29 SAMSUNG MZVLB512HAJQ-000L7 DeviceId: e11623b2caa18fee292058a5c09ca4e6152f7ecf Guid: 47335265-a509-51f7-841e-1c94911af66b <- NVME\VEN_144D_A808 Guid: 8fd4ca73-d0ae-52e8-8977-461435c6f4cf <- NVME\VEN_144D Guid: 79d6cfae-a5a2-5936-9248-5aebd23480f7 <- SAMSUNG MZVLB512HAJQ-000L7 Summary: NVM Express Solid State Drive Plugin: nvme Flags: internal|updatable|require-ac|supported|registered|needs-reboot Vendor: Samsung Electronics Co Ltd VendorId: NVME:0x144D Version: 3L2QEXA7 Icon: drive-harddisk Created: 2020-06-29 ST2000LM007-1R8174 DeviceId: 8b2e996216566cd71a3ec9c03bce8a9827a277e0 Guid: fe3873a5-8d96-5cd6-ae8e-aec49f11ed82 <- IDE\ST2000LM007-1R8174__EB01 Guid: a3cbe2af-31fd-5848-a7f9-44a95fa5f44d <- IDE\0ST2000LM007-1R8174__ Guid: 0f5e4f1e-1732-52a1-88d9-118952f0ffb3 <- ST2000LM007-1R8174 Summary: ATA Drive Plugin: ata Flags:updatable|require-ac|registered|needs-reboot Version: EB01 Icon: drive-harddisk Created: 2020-06-29 % sudo fwupdmgr get-updates 1>/dev/null No upgrades for 20KF001GGE System Firmware, current is 0.1.40: 0.1.30=older, 0.1.29=older, 0.1.28=older,
Bug#961490: fwupd: version in stable too old, no updates possible
On Wed, 2020-05-27 at 02:58 +0200, Matthias Klumpp wrote: > Am Di., 26. Mai 2020 um 20:24 Uhr schrieb : > > > -Original Message- > > > From: Ansgar > > > Sent: Tuesday, May 26, 2020 8:01 AM > > > To: Steffen Schreiber; 961...@bugs.debian.org > > > Subject: Bug#961490: fwupd: version in stable too old, no updates possible > > > > > > > > > [EXTERNAL EMAIL] > > > > > > Hi, > > > > > > On Tue, 2020-05-26 at 13:56 +0200, Steffen Schreiber wrote: > > > > So I see you marked this bug as fixed/resolved. > > > > > > Someone (not the maintainer) did so, but please note that the bug > > > remains open even when marked as fixed in a newer version. Debian's > > > stable release team prefers bugs to be fixed in unstable/testing before > > > they get fixed in (old)stable, so this is good. > > > > The particular circumstances of this issue are that the update in question > > requires > > a newer version of fwupd than is in stable. This is not a matter of just > > backporting > > a change or two and it works. There are daemon and plugin level changes > > that have to > > go together to guarantee a proper update. > > > > This seems incompatible with the documentation around uploading to stable. > > https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable > > > > What's the way going forward for users of stable? Installing packages > > > > from testing? Are you recommending to just forget about running Debian > > > > stable as is? > > > > > > The maintainer hasn't yet commented on how he wants to proceed. > > > Reasonable options seem to be to either update stable to the version > > > currently in testing (1.3.9) or to update to a later version of 1.2.X. > > > > > > Ansgar > > > > If a particular update requires a newer fwupd version I don't think it's > > reasonable > > to push that version to all Debian users who may not need the newer fwupd > > version > > and might not be willing to accept the risk of regressions in a newer > > version. > > > > "Fixes must be minimal and relevant" > > > > So in this circumstance if your device needs the newer version you should > > probably > > take the package from testing instead. > > Maybe talk to the release-team - they will probably not like adding a > change this big, but exceptions are always possible (e.g. firefox-esr > is exempt from this rule). > In any case though, you could provide a backport of the latest version > for easy installation by stable users as the next-best option :-) > > Cheers, > Matthias Hi, IMHO this qualifies for proposed-updates - not being able to update firmwares in this day and age exposes users to huge risks from the security point of view. Especially if, as it seems, upstream maintains stable branches. We already have a number of packages that get new LTS versions via proposed-updates - firefox being one, but not the only one. -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#961490: fwupd: version in stable too old, no updates possible
Am Di., 26. Mai 2020 um 20:24 Uhr schrieb : > > > -Original Message- > > From: Ansgar > > Sent: Tuesday, May 26, 2020 8:01 AM > > To: Steffen Schreiber; 961...@bugs.debian.org > > Subject: Bug#961490: fwupd: version in stable too old, no updates possible > > > > > > [EXTERNAL EMAIL] > > > > Hi, > > > > On Tue, 2020-05-26 at 13:56 +0200, Steffen Schreiber wrote: > > > So I see you marked this bug as fixed/resolved. > > > > Someone (not the maintainer) did so, but please note that the bug > > remains open even when marked as fixed in a newer version. Debian's > > stable release team prefers bugs to be fixed in unstable/testing before > > they get fixed in (old)stable, so this is good. > > The particular circumstances of this issue are that the update in question > requires > a newer version of fwupd than is in stable. This is not a matter of just > backporting > a change or two and it works. There are daemon and plugin level changes that > have to > go together to guarantee a proper update. > > This seems incompatible with the documentation around uploading to stable. > https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable > > > > > What's the way going forward for users of stable? Installing packages > > > from testing? Are you recommending to just forget about running Debian > > > stable as is? > > > > The maintainer hasn't yet commented on how he wants to proceed. > > Reasonable options seem to be to either update stable to the version > > currently in testing (1.3.9) or to update to a later version of 1.2.X. > > > > Ansgar > > If a particular update requires a newer fwupd version I don't think it's > reasonable > to push that version to all Debian users who may not need the newer fwupd > version > and might not be willing to accept the risk of regressions in a newer version. > > "Fixes must be minimal and relevant" > > So in this circumstance if your device needs the newer version you should > probably > take the package from testing instead. Maybe talk to the release-team - they will probably not like adding a change this big, but exceptions are always possible (e.g. firefox-esr is exempt from this rule). In any case though, you could provide a backport of the latest version for easy installation by stable users as the next-best option :-) Cheers, Matthias -- I welcome VSRE emails. See http://vsre.info/
Bug#961490: fwupd: version in stable too old, no updates possible
> -Original Message- > From: Ansgar > Sent: Tuesday, May 26, 2020 8:01 AM > To: Steffen Schreiber; 961...@bugs.debian.org > Subject: Bug#961490: fwupd: version in stable too old, no updates possible > > > [EXTERNAL EMAIL] > > Hi, > > On Tue, 2020-05-26 at 13:56 +0200, Steffen Schreiber wrote: > > So I see you marked this bug as fixed/resolved. > > Someone (not the maintainer) did so, but please note that the bug > remains open even when marked as fixed in a newer version. Debian's > stable release team prefers bugs to be fixed in unstable/testing before > they get fixed in (old)stable, so this is good. The particular circumstances of this issue are that the update in question requires a newer version of fwupd than is in stable. This is not a matter of just backporting a change or two and it works. There are daemon and plugin level changes that have to go together to guarantee a proper update. This seems incompatible with the documentation around uploading to stable. https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable > > > What's the way going forward for users of stable? Installing packages > > from testing? Are you recommending to just forget about running Debian > > stable as is? > > The maintainer hasn't yet commented on how he wants to proceed. > Reasonable options seem to be to either update stable to the version > currently in testing (1.3.9) or to update to a later version of 1.2.X. > > Ansgar If a particular update requires a newer fwupd version I don't think it's reasonable to push that version to all Debian users who may not need the newer fwupd version and might not be willing to accept the risk of regressions in a newer version. "Fixes must be minimal and relevant" So in this circumstance if your device needs the newer version you should probably take the package from testing instead.
Bug#961490: fwupd: version in stable too old, no updates possible
Hi, On Tue, 2020-05-26 at 13:56 +0200, Steffen Schreiber wrote: > So I see you marked this bug as fixed/resolved. Someone (not the maintainer) did so, but please note that the bug remains open even when marked as fixed in a newer version. Debian's stable release team prefers bugs to be fixed in unstable/testing before they get fixed in (old)stable, so this is good. > What's the way going forward for users of stable? Installing packages > from testing? Are you recommending to just forget about running Debian > stable as is? The maintainer hasn't yet commented on how he wants to proceed. Reasonable options seem to be to either update stable to the version currently in testing (1.3.9) or to update to a later version of 1.2.X. Ansgar
Bug#961490: fwupd: version in stable too old, no updates possible
Dear Maintainer So I see you marked this bug as fixed/resolved. I understand that the problem is solved with a newer version of fwupd, but to my understanding, the bug is still relevant for stable, and it renders fwupd useless for all users of stable. What's the way going forward for users of stable? Installing packages from testing? Are you recommending to just forget about running Debian stable as is? When current testing becomes the new stable, how can you be sure, that upstream will not break compatibility again, making the package in stable useless again one day after the release? I would have hoped for a little more communication when users take care to report bugs. Best Regards, Steffen
Bug#961490: fwupd: version in stable too old, no updates possible
Package: fwupd Version: 1.2.5-2 Severity: grave Justification: renders package unusable Dear Maintainer, The version 1.2.5 of fwupd currently in Debian stable is useless and not able to perform any firmware updates. Whem trying to update via command line: > fwupdmgr refresh && fwupdmgr get-updates I get the following output: Metadaten werden abgerufen https://cdn.fwupd.org/downloads/firmware.xml.gz Herunterladen … [***] Signatur wird abgerufen https://cdn.fwupd.org/downloads/firmware.xml.gz.asc Not compatible with org.freedesktop.fwupd version 1.2.5, requires >= 1.2.7 The "refresh" part still works, but the new firmware info requires a newer version of fwupd than available in stable, so the "get-update" part fails. I'm not sure how to best handle this situation. It's very unfortunate that fwupd obviously breaks compatibility with older clients here... Maybe a new version in backports would be possible? Regards, Steffen -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.5.0-0.bpo.2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fwupd depends on: ii libarchive13 3.3.3-4+deb10u1 ii libc6 2.28-10 ii libefiboot137-2 ii libefivar1 37-2 ii libelf10.176-1.1 ii libfwupd2 1.2.5-2 ii libgcab-1.0-0 1.2-3~deb10u1 ii libglib2.0-0 2.58.3-2+deb10u2 ii libgnutls303.6.7-4+deb10u3 ii libgpg-error0 1.35-1 ii libgpgme11 1.12.0-6 ii libgudev-1.0-0 232-2 ii libgusb2 0.3.0-1 ii libjson-glib-1.0-0 1.4.4-2 ii libpolkit-gobject-1-0 0.105-25 ii libsmbios-c2 2.4.1-1 ii libsoup2.4-1 2.64.2-2 ii libsqlite3-0 3.27.2-3 ii libxmlb1 0.1.6-2 ii shared-mime-info 1.10-1 Versions of packages fwupd recommends: ii bolt 0.7-2 ii fwupd-amd64-signed [fwupd-signed] 1.2.5+2 ii python33.7.3-1 ii tpm2-abrmd 2.1.0-1 ii tpm2-tools 3.1.3-2 fwupd suggests no packages. -- no debconf information
