summaryrefslogtreecommitdiff
path: root/resources/scripts/update/blobs/extract
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-08-24 20:19:41 +0100
committerLeah Rowe <leah@libreboot.org>2023-08-26 16:58:32 +0100
commit1c8401be25e4749a2eee5ddc77ce7c6ac880c910 (patch)
tree22789efec9b91ffddb21653a30b8591a8b63d3bf /resources/scripts/update/blobs/extract
parent50c395df59564c19d3a24262810c8dd5ed115db5 (diff)
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'resources/scripts/update/blobs/extract')
-rwxr-xr-xresources/scripts/update/blobs/extract46
1 files changed, 26 insertions, 20 deletions
diff --git a/resources/scripts/update/blobs/extract b/resources/scripts/update/blobs/extract
index d7a68bf3..b6b3af3b 100755
--- a/resources/scripts/update/blobs/extract
+++ b/resources/scripts/update/blobs/extract
@@ -44,22 +44,27 @@ main()
check_board()
{
- [ -f "${vendor_rom}" ] || \
- err "file does not exist: ${vendor_rom}"
- [ -d "${boarddir}" ] || \
- err "build/roms ${board}: target not defined"
- [ -f "${boarddir}/target.cfg" ] || \
- err "build/roms ${board}: missing target.cfg"
+ if [ ! -f "${vendor_rom}" ]; then
+ err "check_board: ${board}: file does not exist: ${vendor_rom}"
+ elif [ ! -d "${boarddir}" ]; then
+ err "check_board: ${board}: target not defined"
+ elif [ ! -f "${boarddir}/target.cfg" ]; then
+ err "check_board: ${board}: missing target.cfg"
+ fi
}
build_dependencies()
{
- [ -d me_cleaner ] || \
- ./fetch me_cleaner || err "can't fetch me_cleaner"
- [ -d ${cbdir} ] || \
- ./fetch_trees coreboot default || err "can't fetch coreboot"
- [ -f ${ifdtool} ] || \
- make -C "${ifdtool%/ifdtool}" || err "can't build ifdtool"
+ if [ ! -d me_cleaner ]; then
+ ./fetch me_cleaner || \
+ err "build_dependencies: can't fetch me_cleaner"
+ elif [ ! -d "${cbdir}" ]; then
+ ./fetch_trees coreboot default || \
+ err "build_dependencies: can't fetch coreboot"
+ elif [ ! -f "${ifdtool}" ]; then
+ make -C "${ifdtool%/ifdtool}" || \
+ err "build_dependencies: can't build ifdtool"
+ fi
}
extract_blobs()
@@ -67,11 +72,11 @@ extract_blobs()
printf "extracting blobs for %s from %s\n" ${board} ${vendor_rom}
set -- "${boarddir}/config/"*
- . ${1} 2>/dev/null
+ . "${1}"
. "${boarddir}/target.cfg"
[ "$CONFIG_HAVE_MRC" != "y" ] || \
- ./update blobs mrc || err "could not download mrc"
+ ./update blobs mrc || err "extract_blobs: can't fetch mrc"
_me_destination=${CONFIG_ME_BIN_PATH#../../}
_gbe_destination=${CONFIG_GBE_BIN_PATH#../../}
@@ -81,11 +86,11 @@ extract_blobs()
extract_blob_intel_gbe_nvm
# Cleans up other files extracted with ifdtool
- rm -f flashregion*.bin 2> /dev/null
+ rm -f flashregion*.bin || err "extract_blobs: !rm -f flashregion*.bin"
- [ -f ${_ifd_destination} ] || err "Could not extract IFD"
+ [ -f ${_ifd_destination} ] || err "extract_blobs: Could not extract IFD"
printf "gbe, ifd, and me extracted to %s\n" \
- ${_me_destination%/*}
+ "${_me_destination%/*}"
}
extract_blob_intel_me()
@@ -96,15 +101,16 @@ extract_blob_intel_me()
-M ${_me_destination} ${vendor_rom} -t -r -S || \
${me7updateparser} \
-O ${_me_destination} ${vendor_rom} || \
- err "me_cleaner failed to extract blobs from rom"
+ err "extract_blob_intel_me: cannot extract from vendor rom"
}
extract_blob_intel_gbe_nvm()
{
printf "extracting gigabit ethernet firmware"
- ./${ifdtool} -x ${vendor_rom}
+ ./${ifdtool} -x ${vendor_rom} || \
+ err "extract_blob_intel_gbe_nvm: cannot extract gbe.bin from rom"
mv flashregion*gbe.bin ${_gbe_destination} || \
- err 'could not extract gbe'
+ err "extract_blob_intel_gbe_nvm: cannot move gbe.bin"
}
print_help()