diff options
| author | Leah Rowe <leah@libreboot.org> | 2023-08-24 20:19:41 +0100 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2023-08-26 16:58:32 +0100 |
| commit | 1c8401be25e4749a2eee5ddc77ce7c6ac880c910 (patch) | |
| tree | 22789efec9b91ffddb21653a30b8591a8b63d3bf /fetch | |
| parent | 50c395df59564c19d3a24262810c8dd5ed115db5 (diff) | |
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'fetch')
| -rwxr-xr-x | fetch | 48 |
1 files changed, 30 insertions, 18 deletions
@@ -17,23 +17,32 @@ depend="" main() { - [ -z "${1+x}" ] && fail 'Error: name not set' + id -u 1>/dev/null 2>/dev/null || \ + fail "cannot ascertain user id" + if [ "$(id -u)" = "0" ]; then + fail "running lbmk as root as not permitted" + fi + + [ $# -gt 0 ] || fail "no argument given" + + [ -z "${1+x}" ] && fail 'main(): name not set' name=${1} read_config verify_config clone_project - [ "${depend}" = "" ] || ./fetch ${depend} || exit 1 + [ "${depend}" = "" ] || ./fetch ${depend} || \ + fail "Cannot fetch dependency, ${depend}, for project, ${name}" - rm -Rf ${tmp_dir} >/dev/null 2>&1 || exit 1 + rm -Rf ${tmp_dir} || fail "cannot remove tmpdir, ${tmp_dir}" } read_config() { awkstr=" /\{.*${name}.*}{/ {flag=1;next} /\}/{flag=0} flag { print }" while read -r line ; do - set ${line} >/dev/null 2>&1 + set ${line} || fail "read_config: set line" case ${line} in rev:*) revision=${2} ;; @@ -53,9 +62,9 @@ EOF verify_config() { - [ -z "${revision+x}" ] && fail 'Error: revision not set' - [ -z "${location+x}" ] && fail 'Error: location not set' - [ -z "${url+x}" ] && fail 'Error: url not set' + [ -z "${revision+x}" ] && fail 'verify_config: revision not set' + [ -z "${location+x}" ] && fail 'verify_config: location not set' + [ -z "${url+x}" ] && fail 'verify_config: url not set' } clone_project() @@ -63,19 +72,19 @@ clone_project() tmp_dir=$(mktemp -dt "${name}_XXXXX") git clone ${url} ${tmp_dir} || git clone ${bkup_url} ${tmp_dir} || \ - fail "ERROR: could not download ${name}" + fail "clone_project: could not download ${name}" ( - cd ${tmp_dir} || fail "tmpdir not created" - git reset --hard ${revision} || fail "Cannot reset revision" + cd ${tmp_dir} || fail "clone_project: tmpdir not created" + git reset --hard ${revision} || \ + fail "clone_project: Cannot reset revision" ) patch_project [ ! -d "${location}" ] || \ - rm -Rf ${location} || fail "Can't remove directory '${location}'" - mv ${tmp_dir} ${location} && return 0 - - printf "ERROR: Could not copy temp file to destination.\n" - fail " ${tmp_dir} > ${location} check permissions" + rm -Rf ${location} || \ + fail "clone_project: Can't remove directory '${location}'" + mv "${tmp_dir}" "${location}" || \ + fail "clone_project: could not copy temp file to destination" } patch_project() @@ -85,16 +94,19 @@ patch_project() for patchfile in ${PWD}/${patchdir}/*.patch ; do [ -f "${patchfile}" ] || continue ( - cd ${tmp_dir} || fail "tmpdir not created" - git am ${patchfile} || fail "Cannot patch project: $name" + cd "${tmp_dir}" || fail "patch_project: tmpdir unavailable" + git am "${patchfile}" || \ + fail "patch_project: Cannot patch project: $name" ) done } fail() { + for x in "${location}" "${tmp_dir}"; do + [ -z "${x}" ] || [ ! -d "${x}" ] || rm -Rf "${location}" || : + done usage - rm -Rf "${tmp_dir}" > /dev/null 2>&1 | : err "${1}" } |