summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-27lib.sh: make elf/coreboot* a dot directoryLeah Rowe
we don't want the user to flash coreboot from elf/, because those images do not contain payloads. the user must flash from bin/ ample warning is given, at build time, but the warning is written in english. therefore, some people may not understand it, because they may not even speak english. hide the coreboot elf/ directory, to mitigate this possibility. in most cases, this will probably prevent the average user from flashing those images, since they likely won't see it. the "DO NOT FLASH" warning is still included in that directory name, while creating it. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27build: don't rm TMPDIR if it's /tmpLeah Rowe
we override TMPDIR, setting it to /tmp/xbmk*C if it's just set to tmp, that means we didn't set it properly, which is a bug. this patch protects against deletion of /tmp under such a fault condition, if it were ever to occur in the future. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27lib.sh: simplified TMPDIR handlingLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27lib.sh: condense setcfg() if/else logicLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27trees: remove redundant space in printfLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27trees: explicitly err if OPTARG is not setLeah Rowe
we currently rely on -e to make this happen Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27trees: only permit one single-tree projectLeah Rowe
the current logic for handling multiple single-tree projects is quite error-prone, and uses recursion. since we don't actually use it this way, remove that feature. the most correct way to do it is with a for loop. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27trees: call err if multiple flags are providedLeah Rowe
this script is designed to only run a single flag. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27trees: explicitly set mode for -bLeah Rowe
doing nothing means that if a flag is passed, and then another flag overriding it, the resulting action will not be correct; only one flag should be provided anyway, but some users may feel a bit more adventurous. mitigate it. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27roms: re-add compression of coreboot imagesLeah Rowe
i accidentally removed this feature, during prior cleanup. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25roms: build coreboot *after* checking variablesLeah Rowe
otherwise, release=n is ignored and an image is built in the elf/ directory, even if it's still skipped for bin/ avoid doing unnecessary work per-release by checking the variables before building coreboot via script/trees Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25lib.sh: introduce mandatory check of projectnameLeah Rowe
error out if it's not set. ditto projectsite. that way, if the files are accidentally deleted, or not added in a derivative of the build system, you'll know. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25lib.sh: condense setvars() a bitLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25simplified lock messageLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25lib.sh: simplify reading of version filesLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25lib.sh: simplify use of environment variablesLeah Rowe
don't have a separate variable for them. just export them directly and use them directly. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms main(): confirm what serprog images are builtLeah Rowe
just like we do for coreboot images, do it for serprog. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: remove unused variable nameLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: remove redundant printfLeah Rowe
we don't need this message here, because the final confirmation at the end of main() says which targets were built. saying what individual rom images were built is just needless bloat, especially with the new simplified lbmk design; we no longer provide lots of rom images with different keymaps, because we now expect the user to insert a gkb file themselves with cbfstool. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: optimise u-boot elf checkLeah Rowe
because we use crossgcc here, blindly running trees -f means needlessly re-running buildgcc, which then checks for gcc binaries, even though we already know that the u-boot binary exists. skip this check if u-boot exists. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: simplify build_roms()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: make the bin/elf message more politeLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: re-add final confirmation of targetsLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: rename functions for extra clarityLeah Rowe
the names of these functions do not match their true intent. fix that by renaming them appropriately. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24roms: build coreboot early to avoid duplicate workLeah Rowe
we're building it per coreboot configuration file, rather than per-target; the latter is more appropriate, and saves on compilation time. do it per-target.cfg, not per coreboot configuration. this works because the trees script compiles all images per target, for each given coreboot configuration within that target, e.g. libgfxinit _corebootfb and _txtmode. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24trees: try xgcc build twice if first attempt failsLeah Rowe
sometimes buildgcc just fails for like no reason. we had this the other day and another fix was made to the trees script, to mitigate; the user ran it again and buildgcc worked just fine. run it twice, and then call err only if the second one fails. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-23trees: don't check if xgcc is already builtLeah Rowe
just run the make crossgcc command anyway. coreboot's own build system checks itself, and much more reliably, but the check is more thorough and a bit slower. in rare cases, lbmk may come into build issues with xgcc, and if you run the build again, it will always fail every time because the checks is based on whether the xgcc directory exists, rather than checking each individual crossgcc binary. checking every binary is also possible, but as i said, the coreboot build system already does that, so let's defer to coreboot's own handling of it. remove the directory check. this will slow down the build process a little bit, but should improve reliability under fault conditions. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-23lib.sh: fix error running ./build dependenciesLeah Rowe
the e() and setvars() functions need to be declared before the dependencies function. also: after calling install_packages, it was doing a return when it should have done an exit. this is all fixed now. i apologise to anyone who previously ran into trouble with this! Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-23roms: general code cleanupLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22roms: only support SeaBIOS/SeaGRUB on x86Leah Rowe
Never, ever build images where GRUB is the primary payload. These options have been removed from target.cfg handling: * seabios_withgrub * grub_withseabios The "payload_grub" variable now does the same thing as the old "seabios_withgrub" variable, if set. The "grubonly" configuration is retained, and enabled by default when SeaGRUB is enabled (non-grubonly also available). Due to lbmk issue #216, it is no longer Libreboot policy to make GRUB the primary payload on any board. GRUB's sheer size and complexity, plus the large number of memory corruption issues similar to it that *have* been fixed over the years, tells me that GRUB is a liability when it is the primary payload. SeaBIOS is a much safer payload to run as primary, on x86, due to its smaller size and much more conservative development; it is simply far less likely to break. If GRUB breaks in the future, the user's machine is not bricked. This is because SeaBIOS is the default payload. Since I no longer wish to ever provide GRUB as a primary payload, supporting it in lbmk adds needless bloat that will later probably break anyway due to lack of testing, so let's just assume SeaGRUB in all cases where the user wants to use a GRUB payload. You can mitigate potential security issues with SeaBIOS by disabling option ROM execution, which can be done at runtime by inserting integers into CBFS. The SeaBIOS documentation says how to do this. Libreboot's GRUB hardening guide still says how to add a bootorder file in CBFS, making SeaBIOS only load GRUB from CBFS, and nothing else. This, combined with the disablement of option ROM execution (if using Intel graphics), pretty much provides the same security benefits as GRUB-as-primary, for example when setting a GRUB password and GPG checks, with encrypted /boot as in the hardening guide. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22roms: remove support for "grubonly" seabiosLeah Rowe
due to lbmk issue #216, it is now unwise to use grub as the primary payload on any machine; the sheer complexity of grub and the number of memory corruption bugs that have been fixed due to auditing over the years, means more such bugs exist. we now provide seabios as the primary payload on all x86 ports, but provide a "grubfirst" configuration where a bootorder file in seabios can be added via cbfs, which tells seabios to load grub from cbfs first, while still allowing use of the boot select menu by pressing esc in seabios. well, the "grubonly" option also disables the seabios esc menu, so that *only* grub runs. there is no point in using this unless you want to harden your setup, for example if you want to set up encrypted /boot and boot that from grub, and have a grub password disallowing unauthorised bootup of your machine. see grub hardening guide; https://libreboot.org/docs/linux/grub_hardening.html at least as of today, 22 June 2024, that page already says how to manually disable the seabios menu in the same way, if that is the setup you want. alternatively, a user may be wily enough to edit target.cfg for their board and compile a rom that only has the grub payload in it, if that is what the user wishes to do. regardless, the default configurations provided by lbmk must never be unsafe, norc should the build system support such unsafe settings; yes, grub as primary payload is technically still supported in lbmk. actually, at the time of this revision, i have half a mind to remove that functionality altogether, so that only seabios is allowed as primary payload, when compiling a rom image that also has grub, chainloading grub from the seabios menu instead. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22use backticks on eval commands, not subshellsLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22lib.sh: remove badcmd()Leah Rowe
it's bloat. telling the user to rtfm is something that we already do on irc; they will still ask how to do everything, and ignore the message from badcmd(), or they will automatically know to rtfm. i'm on a massive purge, removing bloat from lbmk as part of Libreboot Build System Audit 6. all bloat must go. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22lib.sh: more unified config handlingLeah Rowe
replace it with logic that simply uses "." to load files directly. for this, "vcfg" is added as a variable in coreboot target.cfg files, referring to a directory in config/vendor/ containing a file named pkg.cfg, and this file then contains the same variables as the erstwhile config/vendor/sources config/git files are now directories, also containing pkg.cfg files each with the same variables as before, such as repository link and commit hash this change results in a noticeable reduction in code complexity within the build system. unified reading of config files: new function setcfg() added to lib.sh setcfg checks if a config exists. if a 2nd argument is passed, it is used as a return value for eval, otherwise a string calling err is passed. setcfg output is passed through eval, to set strings based on config; eval must be used, so that the variables are set within the same scope, otherwise they'd be set within setcfg which could lead to some whacky results. there's still a bit more more to do, but this single change results in a substantial reduction in code complexity. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-21trees: more robust check to avoid "make fetch"Leah Rowe
do not use shorthand here. the test was failing to produce the desired result under some circumstances, for example when i did "./update release" i got this: make: Entering directory '/home/lbdev/lbmk/release/20240612-62-ga6b1a6bd/libreboot-20240612-62-ga6b1a6bd_src/src/stm32-vserprog' make: *** No rule to make target 'fetch'. Stop. make: Leaving directory '/home/lbdev/lbmk/release/20240612-62-ga6b1a6bd/libreboot-20240612-62-ga6b1a6bd_src/src/stm32-vserprog' ERROR script/trees: !mk src/stm32-vserprog fetch ERROR ./update: excmd: script/trees -f ERROR script/roms: Unhandled non-zero exit: ./update ERROR ./build: excmd: script/roms serprog ERROR ./update: build_release release/20240612-62-ga6b1a6bd: stm32 ERROR ./update: can't build rom images in the above circumstance, run_make_command was executed, which is not the desired behaviour; rather, fetch_project_trees or fetch_project_repo should be called, and then the script should immediately exit. it should also exit, without downloading anything, if a changelog file exists as in release archives. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20roms: fix lack of backslash on multi-line commandLeah Rowe
Signed-off-by: Leah Rowe <info@minifree.org>
2024-06-20vendor.sh: more cleanupLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20Revert "roms: remove build_payloads() and split it up"Leah Rowe
This reverts commit 3610667e3db08ff1db4f7784ff5a879d8aebce9d. The output of some functions in the roms script are used as an argument in cp and mv commands, also cbfstool. I overlooked this fact in a previous code optimisation. Revert it. The change only reduced sloccount by a few lines anyway.
2024-06-20vendor.sh: correction (s/scancfg/scan_config)Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20git.sh: revert modification to for loopLeah Rowe
i tried to be clever with this one, but it just made the script exit with an error. revert back to the old check (check whether one of either repo or repo backup is set) Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20vendor.sh: minor code cleanupLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20minor code cleanup in the build systemLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20git.sh: general code cleanup in fetch_submodule()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20git.sh: reduced indentation on repo/file checkLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20git.sh: simplified repo/backup checkLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-20roms: merge mkserprog() into main()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19roms: don't insert timeout.cfgLeah Rowe
this is bloat, because it's something the user can already do at runtime configuration anyway. set it to a reasonable default of 8 seconds instead of 5, and don't honour the timeout variable in target.cfg. this will be documented in the next release. Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19correctionLeah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19roms: reduce indentation in build_grub_roms()Leah Rowe
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-19roms: re-introduce accidentally disabled checkLeah Rowe
i disabled a check in the script, while testing a prior modification. re-introoduce the check, which is put there to yield an error condition if no targets were compiled. Signed-off-by: Leah Rowe <leah@libreboot.org>