We override the ESP mount point in the config file /etc/fwupd/uefi.conf
(available since version 1.0.6), as it is set to a path in the nix store
during build time.
Tests are disabled as it needs /etc/os-release, which is not available
when building with sandboxing enabled.
This was silently blocking the channels. Thanks amine* from IRC.
Maybe inheriting whole meta should be avoided and particular attributes
should be picked instead, as e.g. adding longDescription would have
unexpected consequences as well.
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
for unprivileged users to specify the allow_other option even when
this was forbidden in /etc/fuse.conf. The vulnerability is present
only on systems where SELinux is active (including in permissive
mode).
- libfuse no longer segfaults when fuse_interrupted() is called outside
the event loop.
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount
options must now match a hard-coded whitelist. It is expected that
this whitelist covers all regular use-cases.
- Fixed rename deadlock on FreeBSD.
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
for unprivileged users to specify the allow_other option even when
this was forbidden in /etc/fuse.conf. The vulnerability is present
only on systems where SELinux is active (including in permissive
mode).
- The fusermount binary has been hardened in several ways to reduce
potential attack surface. Most importantly, mountpoints and mount
options must now match a hard-coded whitelist. It is expected that
this whitelist covers all regular use-cases.
- Added a test of seekdir to test_syscalls.
- Fixed readdir bug when non-zero offsets are given to filler and the
filesystem client, after reading a whole directory, re-reads it from a
non-zero offset e. g. by calling seekdir followed by readdir.
Since commit f620b1b693, the build directory is located inside the
source directory. Thus, the `cp -dpR` copies gigabytes worth of .o files
only to be deleted later on when we trim all non-essential files from
`$dev/lib/modules/${modDirVersion}/source/` thus causing a significant
amount of wasted I/O and peak disk usage.
As `cp` doesn't come with a `--exclude` flag, use rsync. And throw out
the Documentation folder while at it.