summaryrefslogtreecommitdiff
path: root/fetch
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-08-24 20:19:41 +0100
committerLeah Rowe <leah@libreboot.org>2023-08-26 16:58:32 +0100
commit1c8401be25e4749a2eee5ddc77ce7c6ac880c910 (patch)
tree22789efec9b91ffddb21653a30b8591a8b63d3bf /fetch
parent50c395df59564c19d3a24262810c8dd5ed115db5 (diff)
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'fetch')
-rwxr-xr-xfetch48
1 files changed, 30 insertions, 18 deletions
diff --git a/fetch b/fetch
index a8ec96de..2aef4bec 100755
--- a/fetch
+++ b/fetch
@@ -17,23 +17,32 @@ depend=""
main()
{
- [ -z "${1+x}" ] && fail 'Error: name not set'
+ id -u 1>/dev/null 2>/dev/null || \
+ fail "cannot ascertain user id"
+ if [ "$(id -u)" = "0" ]; then
+ fail "running lbmk as root as not permitted"
+ fi
+
+ [ $# -gt 0 ] || fail "no argument given"
+
+ [ -z "${1+x}" ] && fail 'main(): name not set'
name=${1}
read_config
verify_config
clone_project
- [ "${depend}" = "" ] || ./fetch ${depend} || exit 1
+ [ "${depend}" = "" ] || ./fetch ${depend} || \
+ fail "Cannot fetch dependency, ${depend}, for project, ${name}"
- rm -Rf ${tmp_dir} >/dev/null 2>&1 || exit 1
+ rm -Rf ${tmp_dir} || fail "cannot remove tmpdir, ${tmp_dir}"
}
read_config()
{
awkstr=" /\{.*${name}.*}{/ {flag=1;next} /\}/{flag=0} flag { print }"
while read -r line ; do
- set ${line} >/dev/null 2>&1
+ set ${line} || fail "read_config: set line"
case ${line} in
rev:*)
revision=${2} ;;
@@ -53,9 +62,9 @@ EOF
verify_config()
{
- [ -z "${revision+x}" ] && fail 'Error: revision not set'
- [ -z "${location+x}" ] && fail 'Error: location not set'
- [ -z "${url+x}" ] && fail 'Error: url not set'
+ [ -z "${revision+x}" ] && fail 'verify_config: revision not set'
+ [ -z "${location+x}" ] && fail 'verify_config: location not set'
+ [ -z "${url+x}" ] && fail 'verify_config: url not set'
}
clone_project()
@@ -63,19 +72,19 @@ clone_project()
tmp_dir=$(mktemp -dt "${name}_XXXXX")
git clone ${url} ${tmp_dir} || git clone ${bkup_url} ${tmp_dir} || \
- fail "ERROR: could not download ${name}"
+ fail "clone_project: could not download ${name}"
(
- cd ${tmp_dir} || fail "tmpdir not created"
- git reset --hard ${revision} || fail "Cannot reset revision"
+ cd ${tmp_dir} || fail "clone_project: tmpdir not created"
+ git reset --hard ${revision} || \
+ fail "clone_project: Cannot reset revision"
)
patch_project
[ ! -d "${location}" ] || \
- rm -Rf ${location} || fail "Can't remove directory '${location}'"
- mv ${tmp_dir} ${location} && return 0
-
- printf "ERROR: Could not copy temp file to destination.\n"
- fail " ${tmp_dir} > ${location} check permissions"
+ rm -Rf ${location} || \
+ fail "clone_project: Can't remove directory '${location}'"
+ mv "${tmp_dir}" "${location}" || \
+ fail "clone_project: could not copy temp file to destination"
}
patch_project()
@@ -85,16 +94,19 @@ patch_project()
for patchfile in ${PWD}/${patchdir}/*.patch ; do
[ -f "${patchfile}" ] || continue
(
- cd ${tmp_dir} || fail "tmpdir not created"
- git am ${patchfile} || fail "Cannot patch project: $name"
+ cd "${tmp_dir}" || fail "patch_project: tmpdir unavailable"
+ git am "${patchfile}" || \
+ fail "patch_project: Cannot patch project: $name"
)
done
}
fail()
{
+ for x in "${location}" "${tmp_dir}"; do
+ [ -z "${x}" ] || [ ! -d "${x}" ] || rm -Rf "${location}" || :
+ done
usage
- rm -Rf "${tmp_dir}" > /dev/null 2>&1 | :
err "${1}"
}