much, much stricter, more verbose error handling

lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.

also: in "fetch", remove the downloaded program
if fail() was called.

this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.

where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.

also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.

also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout

as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error

mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.

certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds

certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.

doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.

Signed-off-by: Leah Rowe <leah@libreboot.org>

1 files changed, 27 insertions, 8 deletions

diff --git a/lbmk b/lbmk
index e0933aa9..7cd69ed5 100755
--- a/lbmk
+++ b/lbmk
@@ -33,11 +33,18 @@ option=""
 
 main()
 {
+	id -u 1>/dev/null 2>/dev/null || \
+	    err "cannot ascertain user id"
+
 	[ "${0##*/}" = "lbmk" ] && err "Don't run this script directly."
 	[ $# -lt 1 ] && err "Too few arguments. Try: ${0} help"
 
-	buildpath="./resources/scripts/${0##*/}"
 	mode="${1}"
+	if [ "$(id -u)" = "0" ] && [ "${mode}" != "dependencies" ]; then
+		err "running lbmk as root as not permitted"
+	fi
+
+	buildpath="./resources/scripts/${0##*/}"
 
 	./.gitcheck || err "/.gitcheck call from main, in /lbmk"
 	[ "${mode}" = "help" ] && usage ${0} && exit 0
@@ -46,20 +53,22 @@ main()
 	if [ "${mode}" = "dependencies" ]; then
 		install_dependencies $@ || err "Could not install dependencies"
 		exit 0
-	else
-		./resources/scripts/misc/versioncheck
 	fi
 
 	option="${2}"
 	shift 2
 
+	./resources/scripts/misc/versioncheck || \
+	    err "Cannot check lbmk version"
+
 	case "${option}" in
 	list)
 		printf "Options for mode '%s':\n\n" ${mode}
 		listoptions "${mode}" ;;
 	all)
 		for option in $(listoptions "${mode}"); do
-			"${buildpath}/${mode}/${option}" $@
+			"${buildpath}/${mode}/${option}" $@ || \
+			    err "script fail: ${buildpath}/${mode}/${option} $@"
 		done
 		;;
 	*)
@@ -84,18 +93,23 @@ install_dependencies()
 	aur_notice=""
 	. "resources/dependencies/${2}"
 
-	${pkg_add} ${pkglist} || err "Error installing dependencies"
-	[ "${aur_notice}" != "" ] && \
-		printf "You must install these AUR packages: %s\n" \
-		    "${aur_notice}" 1>&2
+	${pkg_add} ${pkglist} || \
+	    err "install_dependencies: Error installing dependencies"
+	[ "${aur_notice}" = "" ] || \
+	    printf "You must install AUR packages: %s\n" "${aur_notice}" 1>&2
 }
 
 # Takes exactly one mode as parameter
 listoptions()
 {
+	options="n"
 	for option in "${buildpath}/${1}/"*; do
+		[ -f "${option}" ] || continue
 		printf '%s\n' ${option##*/}
+		options="y"
 	done
+	[ "${options}" = "y" ] || \
+	    err "listoptions: No scripts present in directory ${buildpath}/${1}"
 }
 
 usage()
@@ -118,9 +132,14 @@ usage()
 
 listmodes()
 {
+	modes="n"
 	for mode in "${buildpath}"/*; do
+		[ -d "${mode}" ] || continue
 		printf '%s\n' ${mode##*/}
+		modes="y"
 	done
+	[ "${modes}" = "y" ] || \
+	    err "listmodes: No directories present in directory ${buildpath}"
 }
 
 main $@