| Age | Commit message (Collapse) | Author |
|---|
|
it's just two lines, and we want much more granular
control of where the lock is enforced. it should be
JUST after confirming that the instance is a parent.
it is at this moment that we should bail if a lock
file exists, because this signals that another instance
of xbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's called before set_pyver, so move it above that
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's related to this function, no point calling from main
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's just two lines, and they relate.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
once again, we are being stricter in child instances.
we must ensure that these variables are set by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we no longer rely on the .git version being
read by child instances, so we MUST ensure
that it is being read.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
don't update them on child instances, since it's a waste
of time; the lock file prevents further execution, so we
are just wasting time writing to disk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we don't need to read or write a file at all, in that case.
we only then need to generate one if running ./mk release.
the scenario in which no .git and no version files exist
is when someone grabs the build system from a snapshot
generated by e.g. forgejo instances. it's ill advised, so
we advise against it, but it is mitigated in code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
On child instances, we need only read.
Apply the principle of least privilege.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
That way, unnecessary work is avoided on child instances.
Of course, the current check assumes that TMPDIR wasn't
already set by a wily user before running lbmk, but then
those sorts of users probably know what they're doing.
If they don't know, they will soon find out. Therefore, I
have added additional checks on child instances, preventing
the build system from running if XBMK_CACHE is not set; if
it isn't, then that could very easy lead to certain system
files being overwritten.
The user must never know what happens if XBMK_CACHE is unset.
We simply will not allow it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
all this function does now is create the python symlink,
based on work that was already performed in set_pyver
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Do it after the creation of xbmkpath.
This avoids performing an unnecessary check, since
PATH will have already been corrected for child
instances; Python will already be correct there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we mkdir -p xbmklocal, only to remkdir it immediately
afterward, which is the intended behaviour; on parent
instances, xbmklocal is to be re-created fresh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this function now simply creates directories that lbmk
will use, rather than creating specific directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we must only set this in the parent instance, not
child instances. this prevents the variable from
being over-populated with repeated entries.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this way, initialisation will not be performed erroneously
while another parent instance of lbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This is earlier than the current check, thus preventing
the initialisation of a git repository and/or the recreation
of xbmktmp and xbmklocal by erroneous parent executions of lbmk
while another parent is running - the latter of which could have
caused a massively unpredictable build failure, so this is also
a pre-emptive bug fix, fixing all kinds of weird bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
just call it "nuke". this is what tells whether to remove
vendor files from an archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Also, provide more ample warning to the user
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i wasn't ok having that variable initialisation and
then the commands on the same line. it looks messy.
having the commands on a separate line makes the code nice
to read, so let's separate them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the user doesn't care where the temporary git repo is
git shows that information anyway, in the git clone command
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we really only need it there, because the context is
for release archives. normal use of the git repository
doesn't matter in the context of deletions, because that
will not be distributed. only the result of ./mk release
will be distributed.
the builds produced will not change as a result of this,
for people using the normal git repository, because the
files in question are never used anyway, in our configs.
this is being done to make working on local repos easier.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, ./mk -b (without argument) will fail, on release
archives. also, perhaps i should add an mkhelper to build it?
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is getting almost comical now
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is the mkdir call that createsn the directory where
a cached git repository is moved to, during creation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
On release archives, I overlooked the previous change to
downloads, during the recent implementation of extra safety
checks. I previously checked there whether the variable named
CONFIG_KBC1126_FIRMWARE was defined, and grabbed both; now I
check CONFIG_KBC1126_FW1 and CONFIG_KBC1126_FW2 separately,
grabbing each file separately.
This patch replicates that change for insertions. Otherwise,
hash verification on ROM images will fail, when running the
inject script on release images.
Downloading was being done, reliably, and the extracted files
were correct, so there was no danger if the user was building
from source and flashing that way.
However, checksum verification on full images failed when
inserting into archives. This is not because the files were
wrong; they were *correct*. However, the EC firmware was not
being inserted *at all* on HP EliteBooks, because of this
oversight. The check is now based on whether the paths to
the files themselves are defined, not whether EC firmware
is enabled in the coreboot config; the latter is implied.
With this patch, vendor file insertion once again works
perfectly, without error, on every board. There was no real
danger for users, just a minor inconvenience. Sorry!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the exit from mkdst can also be non-zero if mv or cp
failed, but there's no way to handle that reliably.
therefore, the checksum verification should be done
one final time, to compensate.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
I currently check the downloaded files e.g. .exe file, but
then I don't check - or even define - sha512sums for the
files extracted from them e.g. me.bin
This patch fixes that. It also caches the hashed files, so
that extraction is faster on a re-run - this makes release
builds go faster, when running ./mk release
If a checksum is not defined, i.e. blank, then a warning is
given, telling you to check a specific directory. This way,
when adding new vendor files, you can add it first without
specifying the checksum, e.g. me.bin checksum. Then you can
manually inspect the files that were extracted, and define it,
then test again.
In a given pkg.cfg for config/vendor, the following variables
are now available for use:
FSPM_bin_hash for fsp m module
FSPS_bin_hash for fsp s module
EC_FW1_hash for KBC1126 EC firmware (1st file)
EC_FW2_hash for KBC1126 EC firmware (2nd file)
ME_bin_hash for me.bin
MRC_bin_hash for mrc.bin (broadwell boards)
REF_bin_hash for refcode (broadwell boards)
SCH5545EC_bin_hash for sch5545 firmware (Dell Precision T1650)
TBFW_bin_hash for Lenovo ThunderBolt firmware (e.g. T480/T480s)
E6400_VGA_bin_hash for Dell E6400 Nvidia VGA ROM
In practise, most people use release archives, and the
inject script, so I knew those were reliable, because the ROM
images were hashed prior to removing files. This patch benefits
people using lbmk.git directly, without using release files,
because now they know they have a valid file e.g. me.bin
Previously, only the download was checked, not the extracted
files, which meant that the only thing preventing a brick was
the code not being buggy. Any number of bugs could pop up in
the future, so this new level of integrity will protect against
such a scenario, and provide early warning prompting bug fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in a few places, we use the presence of a file found
by fx_ to cause an exit, but the command that runs
looks something like:
exit 1 "string"
this yields an error, and a non-zero exit, because of
too many arguments to "exit", but we wanted a non-zero
exit anyway.
nevertheless, this is incorrect.
to fix it, eval is used instead. if the never-going-to-exist
condition one day exists where exit 1 actually returns, not,
you know, exits, we will use err instead, with the string
as argument.
this should be fine. it's a bit hacky, but so is fx_, and
it works. fx_ is used in several places to keep the sloccount
down, providing a common way to perform while loops on the
output of a command; that is its only purpose..
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
more specifically, re-write it so that it can be called with fx_
this means that the single-tree check for nuke.list can be made
much simpler
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This way, we can use x_ which will then print the command
that failed, if we need to debug future errors.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
I overlooked this in a previous patch. It doesn't really
matter, since we're operating on a file anyway, but it's
not correct.
Files should have rm -f on them, not rm -Rf, for deletion.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We already do what the old code does in setcfg, by
virtue of the fact that the st variable is later
checked, after loading this config conditionally,
where the st variable is otherwise blank.
We can avoid the unnecessary work after loading
the config, by returning if the config is absent.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We are calling xbmkget in the same way, whether it's
a subfile or subrepo.
Rename these variables to subcurl and subgit, so that we
can call xbmkget unconditionally.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
they were always re-downloading every time.
i've basically re-written most of xbmkget.
there was some erroneous conditions under which
it wrongly deleted the cached file, resulting in
it being downloaded again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
The result of the printf statement is sorted, making
it do binaries first, which results in a lot of junk
files then being present inside the source archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
