| Age | Commit message (Collapse) | Author |
|---|
|
this matches cbmk, where inject.sh is the file name
this will make future cherry-picks of lbmk->cbmk easier
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
move them where they are used, or if they are used
in many places, move them to lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
lbmk creates TMPDIR as /tmp/xbmk_*, but it's theoretically
possible that something could re-export it by mistake.
this change retains the same initialisation, but further
use is now via a new variable "xbmktmp", that stores the
value of TMPDIR upon lbmk's initialisation of it.
this reduces the chance of such a bug in the future, as
described above, so it is a preemptive/preventative fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
code equals bugs. code that doesn't exist can't
have bugs, so it is superior by definition.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the next part checks whether the file is below 512k,
so there's no point checking if it's below 2, because
the lowest a file size can be is zero, and expr will
produce a result of -1 if decrementing from zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the combination of x_ with the "e" function enables
for much simpler file-check error handling, which is
a unique innovation of lbmk as it pertains to sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it wouldn't exit with error status anyway, since i'm
setting +e here, but if that accidentally changed in
the future, i still wouldn't want this to exit.
the bruteforce me extraction naturally throws a lot of
errors, hence +e, because of how the extraction works,
but the result is checked at the end of the process,
to compensate. hence +e, because otherwise this brute
force extraction would never work.
therefore, this is an extremely theoretical bug fix, the
most quintessential of preemptive bug fixes, to the point
that it is actually rather pedantic.
The ":" in "|| :" will likely *never* be executed, but it
handles the theoretical case where the subshell exits with
non-zero status and +e is set; subshells aren't meant to
behave this way anyway, but who knows what cursed sh
implementation the user is on?
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in these if clauses, what follows afterward is exactly
the same: set xchanged and return.
Therefore, these lines are redundant and they can be
removed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This change finally ensures that no insertions will be
attempted, on the basis that readkconfig failed; this
covers the instance whereby vcfg was set, but no scanned
items were indicated e.g. Intel ME files not specified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This should speed up automated tests. Otherwise, it goes
through all the extra checks that aren't needed, for each
individual type of vendor file, and also errors out when
handling pico serprog images; during automated testing,
on the bin directory, you might try on every tarball, one
of which is the pico tarball and this patch makes lbmk skip
that one too.
In general, we must not perform unnecessary tasks. Doing so
may even cause other bugs that we couldn't easily detect.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
x_ cannot be used, where output is redirectod to a file;
only the conventional piping can be used.
same as the last change. this and the other fix were caught
during testing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
x_ can be used nowadays on any function, because it
properly handles globbing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i can't call $err (variable), because it's set
to fail_inject. fix this infinite loop, which
was an oversight in the previous commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
I was using a complicated method of knowing whether
the current instance was parent or a child, to know
whether the lock file and TMPDIR needed to be purged.
It was quite error-prone too. Instead, I'm now handling
it directly from within the if statement that previously
initialised xbmk_parent=y, forking ./mk from there.
The forked instance would not trigger that if clause
again, since then TMPDIR is created, thus avoiding
recursion.
This is an improvement because it doesn't rely on how
the parent handles exit statuses, and it ensures that
the lock/tmp files are never accidentally deleted.
Even if a given program/script that lbmk runs would
export TMPDIR, it doesn't matter because lbmk doesn't,
so it would be unaffected.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
So much bloat
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
instead of running pwd all the time, run it once in lib.sh,
and export PWD.
for lbmk-specific use of PWD, use xbmkpwd, which contains
the value of PWD as was set by the pwd utility in lib.sh.
many parts of lbmk rely on pwd, and it *must* be correct.
this change adds basic error handling, since pwd can in
fact return errors in some cases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
PWD could be anything, if the user manually exported
it before running lbmk.
always run pwd instead, to get the real string.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
several code lines were condensed together, which
make them less readable. make the code more readable
by having separate commands on separate lines.
i previously did this during my manic build system
audits of 2023 and 2024; condensing lines like this
is overly pedantic and serves no real purpose.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some lines were needlessly condensed, and less readable
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's a temporary file, so printing it may confuse
the user. hide it from the output.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
They may not actually always be binary blobs, at least not
software. I started referring to these as "vendor files" some
time ago, for this reason.
With this terminology, it applies properly to any sort of file
from the vendor. For example, it may be that in the future, we
start inserting the MFS section of an an Intel ME image, into
the Intel ME.
We already do that with deguard for example (set MFS config),
on MEv11 based setup. That is a vendor *file*, and though it
may still actually be a binary blob, it's not software, but
configuration.
The term "blob" normally means compiled software, in most people's
minds, but the term blob is technically accurate for any blob,
not just software; however, we have to keep people's perception
in mind.
Whereas, "vendor file" is also understood by most people to
include code supplied by the vendor.
We haven't done any releases yet with this ROM image file name
prefix, so it's perfectly OK to handle it now, without handling
the old one for backwards compatibility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Users running setmac on an X200 tarball for example, will
now see it being modified, if they didn't specify
setmac keep, so they might think vendor files are being
inserted, which they are not.
Therefore, a confirmation is provided at the end of the output.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
./mk inject libreboot-YYYYMMDD_board.tar.xz setmac restore
This does the same thing as a normal setmac command, except
that it does not alter the MAC address; it is also not the
same as "keep", which skips *writing* the GbE region in-ROM.
The *restore* argument writes the default, unmodified GbE file
kept by lbmk, unmodified because nvmutil is skipped when the
user specifies this argument.
This option is useful for debugging purposes, because it can
be used to verify whether anything else is being wrongly
modified by the script; the "nuke" command can be executed
afterward, and the hash file inspected versus release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
MAC addresses are generic, inside Libreboot images where
an Intel GbE region is specified.
We commonly get users flashing multiple systems for their
own use, and sometimes they complain that they networking
broke, because they don't know that the MAC address is
identical on each machine.
This still doesn't work around the case where the same machine
is used, e.g. multiple T440p thinkpads, but if they have one
of each model, it can work nicely, because we do in fact
change it for various platforms.
This change will also reduce the number of people at conferences
in the future, where there are multiple Libreboot users, having
MAC address conflicts.
Changing the MAC address is a good practise, so we enforce good
practise. The user can still retain the old behaviour by
using this command:
./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac keep
The "keep" argument clears new_mac, which will then skip
changing the MAC address. They can also still set an arbitrary
MAC address as an argument for setmac, e.g.:
./mk inject libreboot-YYYYMMDD_boardname.tar.xz setmac 00:de:ad:c0:ff:ee
This change will be covered in the documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
if the user ran this on an x60 tarball, the no-gbe
warning seems confusing since that one has intel gbe,
but pre-ifd, so no gbe region in the flash; on pre-ifd
systems e.g. ich7 southbridge, the mac address was baked
into a separate gbe nvm on mask rom, inaccessible to users
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
setcfg already checks it, but it's good to check anyway
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We already have code to handle this, but it's possible
that I might break it in the future, due to the complex
logic of this script.
So, I've implemented this catch-all check at the end of
the process. It still relies on the actual setting of
the variables, upon which this check is based, to be set
correctly.
This condition will most certainly never be met, unless
I break some other part of the code in the future. That
is precisely what this overly pedantic check is for.
Example scenarios:
I forget to set xchanged=y, on a new modification.
I set has_hashes erroneously.
The variables are re-used between runs, and not properly
reset; at present, a given run of ./mk inject only
operates on a single target, but this latter fact could
change in the future.
need_files is set erroneously; vendorfiles detected as
being required, when they aren't.
These are just a few examples. As such, this is a preventative
bug fix, because it's preventing a bug.
The main reason I want this i n here is because I need to ensure
that vendor files are properly deleted, for a given release.
If I accidentally includes ones that I'm not supposed to,
inside ROM images, that could be a big problem.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
forgot a line break, three times in a rowe
you got a problem with that?
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
because printf
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
where the nuke command is used, we need the files to be
there; if they're not, it will try to nuke them, which will result
in an error in most cases, but there may be some cases where that
isn't true, for instance if only the Intel ME is needed; it'll be
writing zeroes over zeroes.
we want to only allow technically correct behaviour, because
technically correct is the best kind of correct.
it is theoretically possible that a double-nuke might affect
certain behaviours unpredictably. for example, if vendor.sh
later integrates another tool that works whereby the same command
inserts or nukes depending on a certain condition, but with the
same command, and where that command would return zero in both
cases.
this is a preventative bug fix, because it fixes an issue that
does not yet actually occur in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the user must be well-informed as to the next step, which
this script directly influences
guide the user accordingly
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
The message at the end that states a file was
not modified, is not currently printed when vendor
files are not needed, and setmac is not used.
This patch fixes that, so the user now sees a
confirmation of such change, or lack thereof.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
