summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-01-05set up python in PATH, ensuring that it is python3Leah Rowe
we already check the python version, and set a variable for it, so that we can reliably use python3, even if python in PATH doesn't correspond to python3. for example if a system has python as python2 and python3 as python3 well, we use that when running deguard for example, but various upstream projects that we use may need python, and all of them use python3, not 2 so, re-use the python variable set up by lbmk, and set it up in PATH accordingly. this now makes the note about python3 obsolete, on docs/build.md in lbwww.git Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-05vendor.sh: Proper semantics on prefix file namesLeah Rowe
They may not actually always be binary blobs, at least not software. I started referring to these as "vendor files" some time ago, for this reason. With this terminology, it applies properly to any sort of file from the vendor. For example, it may be that in the future, we start inserting the MFS section of an an Intel ME image, into the Intel ME. We already do that with deguard for example (set MFS config), on MEv11 based setup. That is a vendor *file*, and though it may still actually be a binary blob, it's not software, but configuration. The term "blob" normally means compiled software, in most people's minds, but the term blob is technically accurate for any blob, not just software; however, we have to keep people's perception in mind. Whereas, "vendor file" is also understood by most people to include code supplied by the vendor. We haven't done any releases yet with this ROM image file name prefix, so it's perfectly OK to handle it now, without handling the old one for backwards compatibility. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-05vendor.sh: Confirm if need_files=nLeah Rowe
Users running setmac on an X200 tarball for example, will now see it being modified, if they didn't specify setmac keep, so they might think vendor files are being inserted, which they are not. Therefore, a confirmation is provided at the end of the output. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-05vendor.sh: Allow restoring the default GbE fileLeah Rowe
./mk inject libreboot-YYYYMMDD_board.tar.xz setmac restore This does the same thing as a normal setmac command, except that it does not alter the MAC address; it is also not the same as "keep", which skips *writing* the GbE region in-ROM. The *restore* argument writes the default, unmodified GbE file kept by lbmk, unmodified because nvmutil is skipped when the user specifies this argument. This option is useful for debugging purposes, because it can be used to verify whether anything else is being wrongly modified by the script; the "nuke" command can be executed afterward, and the hash file inspected versus release. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-05vendor.sh: set random MAC address *by default*Leah Rowe
MAC addresses are generic, inside Libreboot images where an Intel GbE region is specified. We commonly get users flashing multiple systems for their own use, and sometimes they complain that they networking broke, because they don't know that the MAC address is identical on each machine. This still doesn't work around the case where the same machine is used, e.g. multiple T440p thinkpads, but if they have one of each model, it can work nicely, because we do in fact change it for various platforms. This change will also reduce the number of people at conferences in the future, where there are multiple Libreboot users, having MAC address conflicts. Changing the MAC address is a good practise, so we enforce good practise. The user can still retain the old behaviour by using this command: ./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac keep The "keep" argument clears new_mac, which will then skip changing the MAC address. They can also still set an arbitrary MAC address as an argument for setmac, e.g.: ./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac 00:de:ad:c0:ff:ee This change will be covered in the documentation. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-05vendor.sh: add clarification to nogbe warningLeah Rowe
if the user ran this on an x60 tarball, the no-gbe warning seems confusing since that one has intel gbe, but pre-ifd, so no gbe region in the flash; on pre-ifd systems e.g. ich7 southbridge, the mac address was baked into a separate gbe nvm on mask rom, inaccessible to users Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: check that the vcfg file existsLeah Rowe
setcfg already checks it, but it's good to check anyway Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: error out if nuking failedLeah Rowe
We already have code to handle this, but it's possible that I might break it in the future, due to the complex logic of this script. So, I've implemented this catch-all check at the end of the process. It still relies on the actual setting of the variables, upon which this check is based, to be set correctly. This condition will most certainly never be met, unless I break some other part of the code in the future. That is precisely what this overly pedantic check is for. Example scenarios: I forget to set xchanged=y, on a new modification. I set has_hashes erroneously. The variables are re-used between runs, and not properly reset; at present, a given run of ./mk inject only operates on a single target, but this latter fact could change in the future. need_files is set erroneously; vendorfiles detected as being required, when they aren't. These are just a few examples. As such, this is a preventative bug fix, because it's preventing a bug. The main reason I want this i n here is because I need to ensure that vendor files are properly deleted, for a given release. If I accidentally includes ones that I'm not supposed to, inside ROM images, that could be a big problem. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add line break, part 3Leah Rowe
forgot a line break, three times in a rowe you got a problem with that? Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add line break, part 2Leah Rowe
because printf Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add line breakLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: prevent double-nukeLeah Rowe
where the nuke command is used, we need the files to be there; if they're not, it will try to nuke them, which will result in an error in most cases, but there may be some cases where that isn't true, for instance if only the Intel ME is needed; it'll be writing zeroes over zeroes. we want to only allow technically correct behaviour, because technically correct is the best kind of correct. it is theoretically possible that a double-nuke might affect certain behaviours unpredictably. for example, if vendor.sh later integrates another tool that works whereby the same command inserts or nukes depending on a certain condition, but with the same command, and where that command would return zero in both cases. this is a preventative bug fix, because it fixes an issue that does not yet actually occur in practise. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: much more verbose errors/confirmationLeah Rowe
the user must be well-informed as to the next step, which this script directly influences guide the user accordingly Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add libx86 to arch dependenciesLeah Rowe
needed to compile the "int" tool defined under config/git/ Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: Remove unnecessary returnLeah Rowe
The message at the end that states a file was not modified, is not currently printed when vendor files are not needed, and setmac is not used. This patch fixes that, so the user now sees a confirmation of such change, or lack thereof. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: Download utils even if vcfg unsetLeah Rowe
This is because the user may have specified setmac. I tried without this change, on a fresh lbmk, setting the MAC address on an X200 tarball, and it produced an error that ifdtool was unavailable. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04vendor.sh: Allow setmac if vendorfiles not neededLeah Rowe
Observe the following prior patch: commit 818f3d630c268742cf046523e24c7b000e06ec69 Author: Leah Rowe <leah@libreboot.org> Date: Fri Jan 3 17:06:14 2025 +0000 vendor.sh: Don't error if vcfg is unset Now: This patch made vendor inject more robust, and speeds up the processing of images where no vendor files are needed, but it broke setmac on such tar archives. This new patch works around it. For example, I was able to run ./mk inject on an X200 tarball to change the MAC address; no vendorfiles are inserted, because it's not needed. The further check for whether a board uses Intel GbE still protects against accidental modification. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-04add less to arch dependenciesLeah Rowe
probably not actually needed, but it annoys me that it doesn't come installed by default, and it's needed for certain git operations Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03lib.sh: Set python after dependenciesLeah Rowe
otherwise, the user can't install python, which is in the dependencies. an irony! Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03update my copyright years on modified scriptsLeah Rowe
there are some lbmk scripts that i modified, starting this year. update the headers. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03vendor.sh: Don't error if vcfg is unsetLeah Rowe
It should return 1 instead, in readcfg(), because this is not an error condition; vcfg not being set means that the board doesn't use vendor files, which is perfectly normal and should not yield an error. This fixes a build error under certain conditions, found during release-build testing. This bug was exposed when I fixed double quoting issues as per shellcheck tests. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03lib.sh: Fix unescaped quotes in chkvars()Leah Rowe
This should be the proper fix now Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03Revert "fix more unescaped quotes in eval"Leah Rowe
This reverts commit ec6bcc1fba5fbdf8b19b3d1cf9711f3d4c9c3741.
2025-01-03fix more unescaped quotes in evalLeah Rowe
it should fix more build errors that might have appeared in the aforementioned revision, mentioned in the previous commit message Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03fix ./mk dependencies build issueLeah Rowe
the bug was actually caused by chkvars add an escape for the quotes and bam. fixed. without this, i got the following e.g. For command: ./mk dependencies debian Output: ./mk: 1: [: apt-get: unexpected operator ERROR ./mk: pkg_add unset Someone reported a similar issue with the Arch one, which is also now fixed. This regression was caused by the previous commit: commit 0cf58c22734b19293f4cbef83add59b031ca1773 Author: Leah Rowe <leah@libreboot.org> Date: Thu Jan 2 23:52:45 2025 +0000 fix lbmk shellcheck errors I forgot to escape the double quotes in an eval. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03rom.sh: Remove errant GRUB modules checkLeah Rowe
This check is a good idea, but not viable here, because the modules naturally aren't set in all circumstances, so it just causes a build error. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03submodule/grub: use codeberg for 1st gnulib mirrorLeah Rowe
the gnu.org mirror is always slow for some reason, but only for gnulib. it may only be for me, because routing in other countries/networks may differ. when i'm freshly cloning lbmk modules, gnulib is always really slow, like 300KB/s (bytes, not bits) i have 1gbps internet and wish to not have 2005-era speeds, thank you kindly! Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Update AUTHORS and COPYING filesLeah Rowe
Mention Riku's copyright in the COPYING file, and update my years in that file. Add Riku to the AUTHORS file. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Describe nvmutil in help outputLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Remove the correct binary on uninstallLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/spkmodem-recv: More correct MakefileLeah Rowe
Set up the DESTDIR variable properly. Otherwise, this is just style changes. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Honour the INSTALL variableLeah Rowe
Don't assume "install" is the correct command. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Don't clean when doing uninstallLeah Rowe
The user might wish to uninstall, but not remove the build that they just did. The user can still do make clean if they wish. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Proper DESTDIR/PREFIX handlingLeah Rowe
DESTDIR is the root directory where it goes, which is normally an empty string; PREFIX is where the bin directory is located, relative to DESTDIR Default to /usr/local for PREFIX, not /usr, because /usr/bin is for system utilities. nvmutil is a local utility. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Set CC and CFLAGS only if unsetLeah Rowe
We don't want to clobber anything that the user set themselves. Instead, we should respect the user's choice. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Capitalise BABALeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Add uninstall to MakefileLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Add distclean to MakefileLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: Make the GbE checksum a defineLeah Rowe
This makes the code easier to understand. All 2-byte words, stored in little endian order within the 128-byte GbE NVM area, must add up to 0xBABA. If it doesn't, then software is supposed to reject that GbE config. The nvmutil software works on that basis. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: nicer hexdump displayLeah Rowe
make it look like hexdump -C, where individual bytes are spaced, and there is an additional space after 8 bytes, per row. i won't bother with a character display, since that is meaningless on gbe nvm words. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-03util/nvmutil: show the correct hexdump orderLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02lib.sh mktarball: cleaner if statementLeah Rowe
i also removed that printf, because the path it prints is actually wrong sometimes; in the recent re-write of vendor.sh, it prints the correct path instead Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02fix lbmk shellcheck errorsLeah Rowe
There was also a condition in run_make_command that is now an OR, where it was an AND, on script/trees, to fix the use of mixed (and erroneous) OR/AND operators. I'm planning a much more invasive audit than this. These are light fixes, intended for Libreboot 20241206 rev8. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02lib.sh and rom.sh: update my headerLeah Rowe
i made modifications to them in 2025, so update them to 2025 Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02vendor.sh inject: reset err upon returnLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-02vendor.sh: MUCH, MUCH, MUCH safer ./mk injectLeah Rowe
Don't extract to bin/release/ Modify the tarball instead. Previously, the tarball would not be modified, but a lot of users thought the tarball was being modified and ignored bin/release/, where the injected images were actually being saved to. Don't copy the tarball either. Just modify it in-place. Don't allow single-rom injection either; only allow the tarball-based method. The command syntax has changed, but: ./mk inject tarball.tar.xz This is the same. What has changed is nuke, and MAC address modification. Observe: ./mk inject tarball.tar.xz nuke ./mk inject tarball.tar.xz setmac ./mk inject tarball.tar.xz setmac ??:??:??:??:??:?? ./mk inject tarball.tar.xz setmac 00:1f:16:??:22:aa These are just a few examples. The MAC address syntax is the same as used for nvmutil, which means you can set it randomly. Also: ./mk inject tarball.tar.xz setmac You can use the *setmac* command *repeatedly*, even if you've already injected a given archive. It'll just update the archive, but skip injecting other files that were already injected. If you use setmac without a MAC address, it will randomise the MAC address. This is therefore very similar to the command structure used in nvmutil. The code for injection is generally more robust, with stronger error checks. This design change was done, so that the user doesn't accidentally brick their machine. The non-injected images have a prefix in the file name saying "DO_NOT_FLASH", and those non-injected images are padded by 1 byte. That way, the user knows not to flash it and if they try, flashprog will throw an error. The prefix and padding is removed on injection. Old images without the padding/prefix can still be injected, via tarballs; this new code is backwards-compatible with tarballs from older Libreboot releases. A common thing I see sometimes is a user will say they have a black screen or something, and I say: did you insert vendor files? And they say yes. And they did. But they extracted and flashed from the tarball, which wasn't injected, because they didn't release about bin/release/ No amount of RTFM is justified. The previous design flaw is a bug. We must always observe user safety first, no matter what, so that has now been done. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01util/nvmutil: Obey the 79-character per line limitLeah Rowe
Must not exceed 79 lines. Some variables and functions have been renamed, and there has been some minor re-factoring. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01util/nvmutil: Tidy up copyright headerLeah Rowe
I don't like using SPDX for actual copyright declarations. I only want it to be used for the license identifier. Also: I made a *single* change to nvmutil.c in 2024, which means that I have copyright in all years since and including 2022; the file said 2022, 2023, 2025, but it's actually 2022-2025. Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01vendor.sh: fix commentLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2025-01-01util/nvmutil: Fix another stragglerLeah Rowe
I don't like using strings this way, it looks unclean. Once again, use good old fashioned if/else. Signed-off-by: Leah Rowe <leah@libreboot.org>