diff options
author | Leah Rowe <leah@libreboot.org> | 2025-01-04 19:24:53 +0000 |
---|---|---|
committer | Leah Rowe <leah@libreboot.org> | 2025-01-04 19:24:53 +0000 |
commit | fc4ee88e167c8a8a537a57e7d44f643ffff19385 (patch) | |
tree | 5648e6df5fae45bfb22ba126c62329d1f5d8cd3b | |
parent | 8819a93d89bbb2aa7136b22d1b71a04a2dc28cc8 (diff) |
vendor.sh: error out if nuking failed
We already have code to handle this, but it's possible
that I might break it in the future, due to the complex
logic of this script.
So, I've implemented this catch-all check at the end of
the process. It still relies on the actual setting of
the variables, upon which this check is based, to be set
correctly.
This condition will most certainly never be met, unless
I break some other part of the code in the future. That
is precisely what this overly pedantic check is for.
Example scenarios:
I forget to set xchanged=y, on a new modification.
I set has_hashes erroneously.
The variables are re-used between runs, and not properly
reset; at present, a given run of ./mk inject only
operates on a single target, but this latter fact could
change in the future.
need_files is set erroneously; vendorfiles detected as
being required, when they aren't.
These are just a few examples. As such, this is a preventative
bug fix, because it's preventing a bug.
The main reason I want this i n here is because I need to ensure
that vendor files are properly deleted, for a given release.
If I accidentally includes ones that I'm not supposed to,
inside ROM images, that could be a big problem.
Signed-off-by: Leah Rowe <leah@libreboot.org>
-rw-r--r-- | include/vendor.sh | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/vendor.sh b/include/vendor.sh index 93acf64d..cefed456 100644 --- a/include/vendor.sh +++ b/include/vendor.sh @@ -386,6 +386,23 @@ vendor_inject() printf "WARNING! Vendorfiles *removed*. DO NOT FLASH.\n" 1>&2 \ && printf "DO NOT flash images from '%s'\n" \ "$archive" 1>&2 + + # + # catch-all error handler, for libreboot release opsec: + # + # if vendor files defined, and a hash file was missing, that means + # a nuke must succeed, if specified. if no hashfile was present, + # that means vendorfiles had been injected, so a nuke must succeed. + # this check is here in case of future bugs in lbmk's handling + # of vendorfile deletions on release archives, which absolutely + # must always be 100% reliable, so paranoia is paramount: + # + if [ "$xchanged" != "y" ] && [ "$need_files" = "y" ] && \ + [ "$nukemode" = "nuke" ] && [ "$has_hashes" != "y" ]; then + printf "FAILED NUKE: tarball '$archive', board '$board'\n" 1>&2 + $err "Unhandled vendorfile deletion: DO NOT RELEASE TO RSYNC" + fi # of course, we assume that those variables are also set right + err="$_olderr" return 0 } |