| Age | Commit message (Collapse) | Author |
|---|
|
stick it in a new function, for easier reading.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
most implementations of unzip are info-zip
we already compile libarchive for bsdtar, to extract
rar archives in vendor.sh
now we also use bsdunzip
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
mkdst cycles through a bunch of outputted files
when running an extract function, to find the
right file as per defined checksums; if one is
found, it can still show errors for the others,
leading the user to think something is wrong.
remove their fear by removing this benign error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
unar is buggy and crap
and bsdtar has superior licensing
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the only practical way to use it is to to use
the non-free version; currently used as a
fallback if unar fails.
however, i'm also going to scrap unar and
use bsdtar instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Patch in Gerrit: https://review.coreboot.org/c/coreboot/+/89281
Not working: USB3 ports only work at USB2 speeds.
IFD:
Modified the original by:
- Removing Device Exp2 region (empty anyway)
- Enlarging the BIOS region to use this freed space
- Setting the HAP bit in PCHSTRP55 using a fork of
me_cleaner: https://github.com/XutaxKamay/me_cleaner
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
add line breaks, so that the license and author are
visually separated. this makes it easier to read.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
be a bit less pedantic about if else clauses. leave the
big ones still with then on separate lines, where else
is specified.
also unroll a few condensed code lines where i missed
a few.
sloccount 2303 in lbmk. that's still only slightly bigger
than libreboot 20260907 which was 2180, and still much
smaller than libreboot 20230625 which was 3322.
this is *without* the condensed codelines, so now the only
thing that's reduced is the overall amount of logic present
in the build system.
and i should clarify that lbmk is presently much more powerful
than both of those two versions (20160907/20230625).
the 2016 one is useful for comparison historically, since that
was the last major version of libreboot prior to the great
second coming of leah in 2021; and the 2023 june release was
basically the last one before the great audits of 2023 to
2025 began.
not to brag (not much anyway), but all of this means that lbmk
is an insanely efficient build system, considering all the
features it has and what it does.
i unrolled the condensed code style in lbmk, making the scripts
a lot easier to read, because i received complainst about the
condensed style previously used; nicholas chin and alper nebi
yasak both told me that it sucked, and riku viitanen had hinted
at that same fact several months prior.
so hopefully now, lbmk is a bit nicer. those and other people
often find it challenging to challenge me because for reason
they assume i'll get upset and fly off the handle, but it's the
opposite. i want constant criticism, so that i know to improve!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is part of a general effort to make lbmk
easier for novices to understand.
more commits to follow (one for every script).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit 4999a49de39667b3239fc2010d0e99c958b29417.
|
|
it's still outputting to a file, with an error handle
there, but use of x_ on the sha512sum command itself
adds further assurance of reliability.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use the new functionality in err(), whereby a given
function name and arguments can be provided, for
debugging purposes.
something similar was already done in a few places,
and replaced with this unified functionality.
this patch will make xbmk much easier to debug, under
fault conditions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, some files from a previous me.bin scan
might still be there, which could lead to the wrong
me.bin being found.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this file being deleted was never created.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the newer way handles escaped characters better, and it
can be nested more easily. it's also more readable.
personally, i prefer the old way, because it's more
minimalist, but it occurs to me that a lot of people
nowadays don't know about backticks, but they do know
of the modern way.
to make the code more readable, i have modernised it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit 69934d18cc5fa93cdf5dd24ac36e9cb4b3cd364a.
|
|
This reverts commit 4c74311eae6c25d082735532471da248596182c9.
|
|
do away with redundant variable "vendir"
the "appdir" directory is for files extracted from
vendor updates, which are then further processed to
create the real files that we need, such as me.bin
images processed via me_cleaner.
thus, appdir should go in xbtmp.
the appdir currently clutters vendorfiles/, which is
not ideal.
we want it to be that the vendorfiles/ directory only
contains the final firmwares.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
XBMK_CACHE (cache/) is meant for permanently cached
files, not temporary files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit c9a81292e5cfa99de2fdbe20e6a6c9da154c6d7d.
This never caused actual issues. Keep it strict.
|
|
i added a stricter check recently, but this broke
extraction on fresh lbmk clones, tested when doing
a release-build test.
loosen it up again, but only for find_me
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we no longer separate them. xbloc was the on-disk
tmp directory, whereas xbtmp used to be in /tmp
which we assumed to be tmpfs (it may not be, but
often is on many workstation setups - and our
documentation recommended doing this).
as mentioned in the previous commit, benchmarking
shows little speed difference using tmpfs /tmp
versus on-disk /tmp, for our purposes at least.
therefore, the handling of tmp files is being
greatly simplified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
setting a variable in this way will never result in
an error. this is a relic from a prior re-factoring
versus older versions of the code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
set - as soon as possible, for example in the extract_me
function.
we only turn off error handling when certain error-prone
tasks are performed, and mitigations are in place after
these commands run to make sure that the result was valid.
this is because in some cases, we want certain buggy behaviours
to be permitted, with errors handled in a more fine-tuned way,
because sh can sometimes be much stricter depending on the
implementation; otherwise, we almost always rely on -e -u in
most of the build system.
this mainly affects the vendorfile insertion logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
too many chained commands. break it out a bit.
this makes it more readable, without changing behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i overlooked this one in the previous commit
there is always one.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not elf/UTIL/TREE
This way, they are automatically deleted when a tree
has to be re-built.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
shorten them
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the checks at the end of the function are mostly
superfluous, because bad_checksum() is immediately
called just beforehand, and performs the same checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit fb7aaa78bb080a473bdf0edf449bf08045e8366c.
it caused a few issues. will re-do later
the old code isn't really broken, just inefficient, because
several files are scanned twice, but in practise the overhead
isn't that great
The error occurs sometimes, when bruteforcing me.bin:
ERROR ./mk: Unhandled error for: mv /home/user/lbmk/tmp/me.bin /home/user/lbmk/cache/tmpdl/check
This revert should fix the issue, for now.
|
|
i'm adding characters to 7ztest, which isn't being passed
on through because everything runs in subshells; the next
pass would default back to the original string, so a given
file may be checked multiple times.
fix this by mitigation; use the random string from mktemp
as a suffix instead.
in practice, this has not affected performance much, but it
will nevertheless avoid unnecessary work by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
just call it "nuke". this is what tells whether to remove
vendor files from an archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Also, provide more ample warning to the user
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
On release archives, I overlooked the previous change to
downloads, during the recent implementation of extra safety
checks. I previously checked there whether the variable named
CONFIG_KBC1126_FIRMWARE was defined, and grabbed both; now I
check CONFIG_KBC1126_FW1 and CONFIG_KBC1126_FW2 separately,
grabbing each file separately.
This patch replicates that change for insertions. Otherwise,
hash verification on ROM images will fail, when running the
inject script on release images.
Downloading was being done, reliably, and the extracted files
were correct, so there was no danger if the user was building
from source and flashing that way.
However, checksum verification on full images failed when
inserting into archives. This is not because the files were
wrong; they were *correct*. However, the EC firmware was not
being inserted *at all* on HP EliteBooks, because of this
oversight. The check is now based on whether the paths to
the files themselves are defined, not whether EC firmware
is enabled in the coreboot config; the latter is implied.
With this patch, vendor file insertion once again works
perfectly, without error, on every board. There was no real
danger for users, just a minor inconvenience. Sorry!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the exit from mkdst can also be non-zero if mv or cp
failed, but there's no way to handle that reliably.
therefore, the checksum verification should be done
one final time, to compensate.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
I currently check the downloaded files e.g. .exe file, but
then I don't check - or even define - sha512sums for the
files extracted from them e.g. me.bin
This patch fixes that. It also caches the hashed files, so
that extraction is faster on a re-run - this makes release
builds go faster, when running ./mk release
If a checksum is not defined, i.e. blank, then a warning is
given, telling you to check a specific directory. This way,
when adding new vendor files, you can add it first without
specifying the checksum, e.g. me.bin checksum. Then you can
manually inspect the files that were extracted, and define it,
then test again.
In a given pkg.cfg for config/vendor, the following variables
are now available for use:
FSPM_bin_hash for fsp m module
FSPS_bin_hash for fsp s module
EC_FW1_hash for KBC1126 EC firmware (1st file)
EC_FW2_hash for KBC1126 EC firmware (2nd file)
ME_bin_hash for me.bin
MRC_bin_hash for mrc.bin (broadwell boards)
REF_bin_hash for refcode (broadwell boards)
SCH5545EC_bin_hash for sch5545 firmware (Dell Precision T1650)
TBFW_bin_hash for Lenovo ThunderBolt firmware (e.g. T480/T480s)
E6400_VGA_bin_hash for Dell E6400 Nvidia VGA ROM
In practise, most people use release archives, and the
inject script, so I knew those were reliable, because the ROM
images were hashed prior to removing files. This patch benefits
people using lbmk.git directly, without using release files,
because now they know they have a valid file e.g. me.bin
Previously, only the download was checked, not the extracted
files, which meant that the only thing preventing a brick was
the code not being buggy. Any number of bugs could pop up in
the future, so this new level of integrity will protect against
such a scenario, and provide early warning prompting bug fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
they were always re-downloading every time.
i've basically re-written most of xbmkget.
there was some erroneous conditions under which
it wrongly deleted the cached file, resulting in
it being downloaded again.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i don't need it. i can use fx_ instead, on functions
that previously called mk().
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is unused in cbmk.
it's only used from vendor.sh.
therefore, lbmk shall have it in vendor.sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is used here, and also needed in cbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We don't need it. The vfile variable is only used in
one place, and only once, for use with setcfg.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
