diff options
| author | Leah Rowe <leah@libreboot.org> | 2023-08-24 20:19:41 +0100 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2023-08-26 16:58:32 +0100 |
| commit | 1c8401be25e4749a2eee5ddc77ce7c6ac880c910 (patch) | |
| tree | 22789efec9b91ffddb21653a30b8591a8b63d3bf /resources/scripts/update/blobs/extract | |
| parent | 50c395df59564c19d3a24262810c8dd5ed115db5 (diff) | |
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'resources/scripts/update/blobs/extract')
| -rwxr-xr-x | resources/scripts/update/blobs/extract | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/resources/scripts/update/blobs/extract b/resources/scripts/update/blobs/extract index d7a68bf3..b6b3af3b 100755 --- a/resources/scripts/update/blobs/extract +++ b/resources/scripts/update/blobs/extract @@ -44,22 +44,27 @@ main() check_board() { - [ -f "${vendor_rom}" ] || \ - err "file does not exist: ${vendor_rom}" - [ -d "${boarddir}" ] || \ - err "build/roms ${board}: target not defined" - [ -f "${boarddir}/target.cfg" ] || \ - err "build/roms ${board}: missing target.cfg" + if [ ! -f "${vendor_rom}" ]; then + err "check_board: ${board}: file does not exist: ${vendor_rom}" + elif [ ! -d "${boarddir}" ]; then + err "check_board: ${board}: target not defined" + elif [ ! -f "${boarddir}/target.cfg" ]; then + err "check_board: ${board}: missing target.cfg" + fi } build_dependencies() { - [ -d me_cleaner ] || \ - ./fetch me_cleaner || err "can't fetch me_cleaner" - [ -d ${cbdir} ] || \ - ./fetch_trees coreboot default || err "can't fetch coreboot" - [ -f ${ifdtool} ] || \ - make -C "${ifdtool%/ifdtool}" || err "can't build ifdtool" + if [ ! -d me_cleaner ]; then + ./fetch me_cleaner || \ + err "build_dependencies: can't fetch me_cleaner" + elif [ ! -d "${cbdir}" ]; then + ./fetch_trees coreboot default || \ + err "build_dependencies: can't fetch coreboot" + elif [ ! -f "${ifdtool}" ]; then + make -C "${ifdtool%/ifdtool}" || \ + err "build_dependencies: can't build ifdtool" + fi } extract_blobs() @@ -67,11 +72,11 @@ extract_blobs() printf "extracting blobs for %s from %s\n" ${board} ${vendor_rom} set -- "${boarddir}/config/"* - . ${1} 2>/dev/null + . "${1}" . "${boarddir}/target.cfg" [ "$CONFIG_HAVE_MRC" != "y" ] || \ - ./update blobs mrc || err "could not download mrc" + ./update blobs mrc || err "extract_blobs: can't fetch mrc" _me_destination=${CONFIG_ME_BIN_PATH#../../} _gbe_destination=${CONFIG_GBE_BIN_PATH#../../} @@ -81,11 +86,11 @@ extract_blobs() extract_blob_intel_gbe_nvm # Cleans up other files extracted with ifdtool - rm -f flashregion*.bin 2> /dev/null + rm -f flashregion*.bin || err "extract_blobs: !rm -f flashregion*.bin" - [ -f ${_ifd_destination} ] || err "Could not extract IFD" + [ -f ${_ifd_destination} ] || err "extract_blobs: Could not extract IFD" printf "gbe, ifd, and me extracted to %s\n" \ - ${_me_destination%/*} + "${_me_destination%/*}" } extract_blob_intel_me() @@ -96,15 +101,16 @@ extract_blob_intel_me() -M ${_me_destination} ${vendor_rom} -t -r -S || \ ${me7updateparser} \ -O ${_me_destination} ${vendor_rom} || \ - err "me_cleaner failed to extract blobs from rom" + err "extract_blob_intel_me: cannot extract from vendor rom" } extract_blob_intel_gbe_nvm() { printf "extracting gigabit ethernet firmware" - ./${ifdtool} -x ${vendor_rom} + ./${ifdtool} -x ${vendor_rom} || \ + err "extract_blob_intel_gbe_nvm: cannot extract gbe.bin from rom" mv flashregion*gbe.bin ${_gbe_destination} || \ - err 'could not extract gbe' + err "extract_blob_intel_gbe_nvm: cannot move gbe.bin" } print_help() |