summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-08-26much, much stricter, more verbose error handlingLeah Rowe
lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24.gitcheck: continue if no .git (don't break)Leah Rowe
the user may have re-downloaded a coreboot tree, in a release. this is supported. therefore, some may have .git, and some will not Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24.gitcheck: must stricter error handlingLeah Rowe
we also run it in releases, so to compensate: it now checks for .git/, but only in project directories, not the main lbmk directory of the git repository or a release. this is because in a release, it's possible that the user may still delete coreboot/ directories and re-download coreboot trees this is not intended, but we must not assume that users use libreboot the way it's intended! "much stricter" because there was previously none, intentionally, due to the above fact. the checking of .git/ should mitigate this (the script will exit with zero status if it isn't there) Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24.gitcheck: only redirect stdout to /dev/nullLeah Rowe
do not redirect stderr this will help us for debugging purposes Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24use the new coding style in scriptsLeah Rowe
there were stragglers left over from the last audit, and these stragglers still exist even after all the major re-factoring as of late the new style is: bsd-like coding style and error handling. verbose yet simple error handling. we use an "err" function in a way reminiscent of most C programs that you see in openbsd base (err.h) this style is very clean, resulting in readable code Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-23scripts: never exit 1, always call err insteadLeah Rowe
this same change has been applied, selectively, to certain return statements. the general rule is this: the return statement should only be used to direct logic within a script, where certain non-errors states are used to skip certain actions; the exit command should *never* be used to return non-zero, except by err(). in so doing, we ensure easier debugging of the build system also: strip_rom_image in build/release/roms was running "continue" when a rom file didn't exist, despite not being a while/for loop. i make it return (non-error condition) instead it's ok for a script to exit 0, where appropriate, but perhaps a function could also be written for it Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-23blobs/download: copy dl_path, don't move itLeah Rowe
moving it defeats the purpose of the caching mechanism that's in place. this should avoid unnecessary downloads Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-23unify err functions across scriptsLeah Rowe
include/err.sh this new handling also does mundane things, such as tell you what script b0rked Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-22.gitignore: ignore *all* seen filesLeah Rowe
u-boot and seabios are now handled by the same logic as coreboot, in lbmk, and these files are used for recursive downloads in the build system Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-22Merge pull request 'hp8300usdt: enable mSATA' (#118) from Riku_V/lbmk:master ↵Leah Rowe
into master Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/118
2023-08-22hp8300usdt: enable mSATARiku Viitanen
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
2023-08-22Merge pull request 'memtest86+ v6.20' (#116) from Riku_V/lbmk:memtest into ↵Leah Rowe
master Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/116
2023-08-22memtest86+ v6.20Riku Viitanen
uses 32-bit variant for x86_32 arch. 64-bit for x86_64. resources/scripts/build/src/for: modified it a bit. when building e.g. "memtest86plus/build32" it correctly fetches "memtest86plus" instead. but builds memtest86plus/build32, which is inside that git repo Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
2023-08-22Merge pull request 'osbmk->lbmk' (#117) from Riku_V/lbmk:osbmk-lbmk into masterLeah Rowe
Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/117
2023-08-22also clean up the main scriptsLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-21general code cleanup on lbmk shell scriptsLeah Rowe
in update/blobs/download, i saw instances where appdir was being deleted with rm -r, but the more appropriate command would rm -Rf. this is now fixed. other than that, i've mostly just simplified a bunch of if statements and consolidated some duplicated logic (e.g. if/else block for dependencies in build_dependencies() of update/blobs/download one or two functions and/or variables have been renamed, for greater clarity in the code, also removed a few messages that were redundant used printf instead of echo, in a few places, also fixed up the indentation in a few places Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-21osbmk->lbmkRiku Viitanen
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
2023-08-21unify build/defconfig and modify/defconfigLeah Rowe
they fundamentally perform the same action: copy the .config file and run make, but build runs make-all, while modify runs make-oldconfig or make-menuconfig merge this functionality together also: ./handle config file ^ this is the new syntax, not: ./build defconfig for for example: ./handle config file -b coreboot x200_8mb <-- build x200 rom ./handle config file -m coreboot x200_8mb <-- modify configs ./handle config file -u coreboot x200_8mb <-- make-oldconfig ./handle config file -u seabios ./handle config file -b u-boot yes, 1 script and a sloccount reduction of 52. and the audit? it continues. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20main lbmk script: exit non-zero if argc is wrongLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20fix "./build help"Leah Rowe
thanks Riku Viitanen for pointing out the bug i b0rked it myself in an earlier revision, while auditing. it's funny because i made this exact same mistake during the last audit, and in the exact same way it's fixed once again Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20unify dependencies scriptsLeah Rowe
the unified logic is so small that i simply added it to the main "build" script commands are identical. example: ./build dependencies debian Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20unify build/clean into ./build release srcLeah Rowe
handle it all in the 1 script quite a few clean scripts are still present, so resources/scripts/build/clean/ still exists. 23 sloc reduction. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20unify most module build scriptsLeah Rowe
Some of them weren't even used at all, such as the flashrom build script. the bios_extract build script existed but was never used, because we only called (from blobutil) a python script from in there, without actually compiling anything! resources/script/build/src/for Usage, e.g.: ./build src for memtest86plus It also handles fetch. This script is intended largely for those codebases that are quite simple, requiring trivial or no intervention besides running "make". 37 sloc reduction. Not a lot, but the audit continues! These optimisations add up. I started at 3300 sloc in resources/scripts and me target is 2k (2000) sloc. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20unify grub scripts under one directoryLeah Rowe
new commands are thus, build grub payloads: ./build grub payload (formerly ./build payload grub) build grub utils: ./build grub utils (formerly ./build module grub) The scripts is build/module/ will mostly be deleted. I say mostly, because some of them are being moved instead. The deleted ones will be ones that basically just run "make" in the target directory. They will be unified, in a follow-up patch. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20grub/modules.list: add argon2Leah Rowe
the argon2 patches are now included in grub, but we need to add it in grub-mkstandalone Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20grub: import phc argon2 implementation (for luks2)Leah Rowe
Patches pulled from: https://git.nicholasjohnson.ch/grub This is the author of the rebased patches: https://nicholasjohnson.ch/ (Nicholas Johnson <nick@nicholasjohnson.ch>) However, this is a *rebase* performed by Nicholas, based on these patches: https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git ...at revision: 1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d The AUR patches were based on GRUB 2.06, whereas Nicholas's rebase is upon grub 2.12, which Libreboot currently uses. These patches import the PHC implementation of argon2i/id key derivation functions, seen here: https://github.com/P-H-C/phc-winner-argon2 GRUB (upstream) does not merge these patches and probably won't, because even though they're libre, they're not copylefted or otherwise under GPL terms that GRUB can accept. Therefore, we in Libreboot must maintain these from now on, for our version of GRUB. The upshot? LUKSv2 decryption should now work, perfectly, in GRUB! Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20bump grub revision a bitLeah Rowe
17 commits above 2.12-rc1, with some fixes. i'm about to merge luks2 argon2 patches in a follow-up commit, and they're based upon this revision of grub Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-20unify update/modify coreboot/u-boot/seabios scriptLeah Rowe
./update seabios configs? gone .modify coreboot configs? gone it's now all 1 script, called e.g. ./modify defconfig options -u coreboot <-- runs make oldconfig ./modify defconfig options -m seabios <-- runs make menuconfig ./modify defconfig options -u u-boot gru_bob <-- oldconfig, and only gru_bob ./modify defconfig options -u coreboot x60 x200_8mb etc. you get the idea. same behaviour as before with all the separate scripts, but now its one unified script. 184 sloc reduction in resources/scripts/ Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-19remove board: qemu_x86_12mb (not usable for now)Leah Rowe
x86 u-boot is a bit flaky and this board never builds. re-add it ot a later date. u-boot is only really used in arm machines, for our purposes at least. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-19consolidate u-boot/seabios/coreboot build scriptsLeah Rowe
See file: resources/scripts/build/defconfig/for It is based on: resources/scripts/build/payload/u-boot The u-boot payload script has been deleted, as has the seabios payload script; the build/boot/roms logic has been heavily simplified too, by removing the logic for building of elf files based on defconfig. SeaBIOS, U-Boot and coreboot all use defconfig-type infrastructure for their build systems, and they are fundamentally the *same* in how to compile each codebase, at least in an lbmk context, regardless of actual (and very huge) differences in these codebases. Several hundred sources-lines of code have been eliminated by this change, drastically simplifying everything; U-Boot payload compiling also now errors out when a single build fails, instead of continuing. Also: build/boot/roms no longer re-compiles a coreboot target that was already compiled, which is the same behaviour observed for payloads. (this means you must now manually delete a target, when you wish to re-build it; the build/boot/roms logic now more or less just runs cbfstool; blobutil is handled from build/defconfig/for) ALSO: Since crossgcc is now handled by build/defconfig/for, not build/boot/roms, standalone compiling of u-boot is now possible. This has been tested. You compile it like so: ./build defconfig for u-boot or specific trees, e.g. ./build defconfig for u-boot default One other consequence of this patch is that re-building the same ROM image is now much faster, because the same builds are re-used unless deleted. This could be useful when testing grub.cfg changes, for example, if that's all you change. With things like ccache used (not yet used robustly in lbmk), this could speed things up more, depending on the codebase. This patch demonstrates the raw power of lbmk; it is a very simple and highly efficient build system, and now much more so! Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-17coreboot/fam15h: fix for gcc/gnat buildingAdrien 'neox' Bourmault
With newer hostcc, trying to build GCC 8.3.0 will raise an error from ld: undefined reference to `__gnat_begin_handler_v1' This commit adds a patch for GCC found on coreboot [1] correcting this error by backporting the GNAT exception handler v1 to GCC 8.3.0 allowing GNAT to be built with newer hostcc like GCC 10+. [1]https://review.coreboot.org/c/coreboot/+/42158 Signed-off-by: Adrien 'neox' Bourmault <neox@gnu.org> Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2023-08-17don't call blobutil directly from lbmkLeah Rowe
it's bloat, and was only there for backwards compatibility with the old commands, but the new commands are e.g. ./update blobs inject instead of: ./blobutil inject this results in a slight code size reduction in lbmk Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-17remove download scripts, consolidate into scriptLeah Rowe
most of them were just calling the gitclone script, so remove them. the grub script was treating gnulib as a dependency. i've now added the ability to grab 1 dependency, in the gitclone script (it should be expanded later to support multiple dependencies) the gitclone script has been renamed to "fetch". the "fetch_trees" script does more or less the same thing, but calls "fetch" and handles multiple revisions if a project needs that this is more efficient, and slightly reduces the code size of lbmk! Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-17improve user feedback in blobutilLeah Rowe
make it output messages that tell the user important information. it's only subtle but it makes a difference to some people, who need confirmation. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-16merge coreboot/u-boot download logic to one scriptLeah Rowe
they are fundamentally the same, in an lbmk context. they are downloaded in the same way, and compiled in the same way! (Kconfig infrastructure, board-specific code, the way submodules are used in git, etc) ~200 sloc reduction in resources/scripts the audit begins Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-16gitclone: always clean up /tmpLeah Rowe
in certain conditions, the tmpdir was not being deleted Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-16fix permissions on arch dependencies scriptLeah Rowe
it wasn't +x Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-14NEW BOARD: HP EliteBook 8470p (Intel GPU)Leah Rowe
Intel GPU! The AMD ones will be tested, but assume Intel-only for now. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-14NEW BOARD: Dell Precision T1650Leah Rowe
Very nice ivybridge board that supports ECC RAM. NOTE: I couldn't get onboard graphics working yet, but this was confirmed working with a graphics card (in my case nvidia quadra k420) booted in text mode on the SeaBIOS payload. The GRUB payload also works, when loaded from SeaBIOS. Therefore, this is a SeaBIOS-only board (as far as first payload is concerned), but you can pick GRUB from the menu. You could make it "GRUB-only" in practise by setting SeaBIOS boot order to only load GRUB, and disable the SeaBIOS menu. We refer to this as "SeaGRUB". I've made lbmk use biosutilities and uefiextract, to get at the SMSC SCH5545 Environmental Control (EC) firmware. This firmware is needed for fan control. This is automatically downloaded and extracted, from Dell UEFI firmware updates. As with other blobs such as Intel ME, this firmware is then scrubbed by the release build scripts. The blobutil "inject" script can be used to re-insert it. Of note: there is no fixed offset, but no other blobs to be inserted in CBFS either, so the offset when re-inserting on release ROMs should still be the same, and thus the ROM checksums should match, when running blobutil inject. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-09NEW BOARD: HP EliteBook 2170pLeah Rowe
Another ivybridge platform, added in coreboot recently. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-06Merge pull request 'Update 'README.md'' (#89) from ewpr5kwu/lbmk:master into ↵Leah Rowe
master Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/89
2023-08-06bump seabios revision to 30 May 2023Leah Rowe
this revision: 1281e340ad1d90c0cc8e8d902bb34f1871eb48cf from 30 May 2023 It contains a few nice fixs, including an integer overflow fix, but not many changes have been made to seabios since the last revision. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-06bump grub revision to 2.12-rc1Leah Rowe
This is specifically the following Git revision: 7a994c87f571ac99745645be0bdde9827297321a from 10 July 2023 The keyboard fix for HP EliteBooks was merged upstream, so lbmk no longer needs this patch; it comes with GRUB. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-06coreboot/default: bump revision to 2 August 2023Leah Rowe
coreboot revision: d86260a134575b083f35103e1cd5c7c7ad883bce from 2 August 2023 The patches were updated. HP 8300 USDT has now been merged upstream, so that patch is no longer included in lbmk. SD card fix for E6400 merged upstream, so now it's removed in lbmk. The nvidia E6400 patch (devicetree.cb) has not yet merged upstream. The ifdtool --nuke option has been rebased. Patches as follow-ups to earlier patches removed; for example, patches that set VRAM to 352MB on GM45 have been removed, and replaced with patches that just set 256MB in the first place (this is more stable). This was mostly a clean rebase, of all the patches. It went smooth. I haven't updated cros/haswell yet; the 4.11_branch revision used on fam15h will also remain, for now. The coreboot configurations have been updated, for this new revision of coreboot. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-05blobs/download: save ME file to correct locationLeah Rowe
blobdir is incorrect, and it means that the directory will appear under blobs/, in this case. this was an oversight on my part. this behaviour did not break anything in practise, but this patch makes the behaviour more consistent with rules. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-05blobs/download: try backup if bad hash on mainLeah Rowe
At present, the logic only tries backup URLs when an actual download fails (bad internet connection or the server is down). If the main download succeeds, but it has a bad checksum, the backup download is not attempted. Since wrongly hashed files are to be assumed useless, we may aswell delete and try the next file. This will guard against the possibility of a vendor changing their file, without changing the file name (non-versioned files, for example, may be subject to such changes). Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-05blobs/download: support more formats on ME extractLeah Rowe
ME extraction didn't support unar (RAR format), for regular extraction, after downloading a vendor file. For bruteforce ME extraction, after extracting a vendor archive, unar(RAR) and inno(innoextract) was not supported. This patch fixes both issues. It should be noted that as of now, the unar method has only been tested with certain HP vendor updates, and it's currently not used on any of those. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-04add unar to dependencies scriptsLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-29blobs/download: declare full user agentLeah Rowe
I messed up the string, when I first did this. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-07-29blobs/download: properly handle backup/main urlLeah Rowe
Immediately after the last revision, which was a hacky workaround to the problem, I realised the actual problem, and the real solution: In the switch block, check *backup* first. Then it breaks, continuing on the iteration. If it's variable for a main URL, it'll reliably go to the next check in the block, whereas if it's backup, it'll default to the first one in each case. This bug has been annoying the sh*t out of me for ages, and I've finally nailed it. Signed-off-by: Leah Rowe <leah@libreboot.org>