Age | Commit message (Collapse) | Author |
|
this avoids writing the version/versiondate files as root.
this complements the previous fix, that avoided writing those
same files when running the dependencies command.
initial setup of the build system requires root, to run the
dependencies script, but otherwise the build system prevents
running as root for everything else, so we must avoid writing
the version/versiondate files as root.
that same avoidance is necessary when checking whether running
other commands as root; ironically, this check then prevented
running the build system at all!
the bug should be fully fixed now. i found this quite by accident
the other day, when testing something else.
good thing this got fixed because the release!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
do it strategically, in just the right place so that the
version and versiondate files aren't written.
otherwise, version/versiondate are written as root and
the build system becomes unusable after that, unless you
reset the file ownerships from root. hardly user-friendly.
mitigate this bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
A user had TMUX_TMPDIR set, which broke the TMPDIR check
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
already of saying "found", say "already exists"
this means the output of these commands more user
friendly and intuitive:
./update trees -b grub default
./update trees -b coreboot i945
this is just an example. when an ELF file already
exists, the build is skipped even if src isn't downloaded.
this design is intentional, because it means that you can
use previous builds if you want to save time on another.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
adding help again is a bad idea. code should never
document itself; that's what documentation is for.
so, make the code do a better job telling the user
where to find documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Re-add xHCI only on haswell and broadwell machines, where
they are needed. Otherwise, keep the same GRUB code.
The xHCI patches were removed because they caused issues
on Sandybridge-based Dell Latitude laptops. See:
https://codeberg.org/libreboot/lbmk/issues/216
The issue was not reported elsewhere, including on the
Haswell/Broadwell hardware where they are needed, but the
build system could only build one version of GRUB.
The older machines do not need xHCI patches, because they
either do not have xHCI patches, or work (in GRUB) because
they're in EHCI mode when running the payload.
So, the problem is that we need the xHCI patches for GRUB
on Haswell/Broadwell hardware, but the patches break
Sandybridge hardware, and we only had the one build of GRUB.
To mitigate this problem, the build system now supports
building multiple revisions of GRUB, with different patches,
and each given coreboot target can say which GRUB tree to use
by setting this in target.cfg:
grubtree="xhci"
In the above example, the "xhci" tree would be used. Some
generic GRUB config has been moved to config/data/grub/
and config/grub/ now looks like config/coreboot/ - also,
the grub.cfg file (named "payload" in each tree) is copied
to the GRUB source tree as ".config", then added to GRUB's
memdisk in the same way, as grub.cfg.
Several other design changes had to be made because of this:
* grub.cfg in memdisk no longer automatically jumps to one
in CBFS, but now shows a menuentry for it if available
* Certain commands in script/trees are disabled for GRUB,
such as *config make commands.
* gnulib is now defined in config/submodule/grub/, instead
of config/git/grub - and this mitigates an existing bug
where downloading gnulib first would make grub no longer
possible to download in lbmk.
The coreboot option CONFIG_FINALIZE_USB_ROUTE_XHCI has been
re-enabled on: Dell OptiPlex 9020 MT, Dell OptiPlex 9020 SFF,
Lenovo ThinkPad T440p and Lenovo ThinkPad W541 - now USB should
work again in GRUB.
The GRUB payload has been re-enabled on HP EliteBook 820 G2.
This change will enable per-board GRUB optimisation in the
future. For example, we hardcode what partitions and LVMs
GRUB scans because * is slow on ICH7-based machines, due
to GRUB's design. On other machines, * is reasonably fast,
for automatically enumerating the list of devices for boot.
Use of * (and other wildcards) could enable our GRUB payload
to automatically boot more distros, with minimal fuss. This
can be done at a later date, in subsequent revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
dl_fail is set to n and then immediately to y afterward
why?
clearly i was dehydrated
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the reason for it is because sometimes the coreboot build
system auto-downloads submodules which we don't want.
however, we now pass UPDATED_SUBMODULES=1 in make, which
disables this behaviour in coreboot's build system.
therefore, remove this unnecessary logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
cbmk revision:
cdce8ba70b863ea3fe0ad7a4d7b27d0c5ca30421
as of date 30 May 2024
Canoeboot provides deblobbing, fully, on all sources, so
as to provide a GNU FSDG compliant coreboot distro.
Libreboot used to do this but now uses a more pragmatic
Binary Blob Reduction Policy, allowing better hardware
support in general. See:
https://libreboot.org/news/policy.html
Well! We sometimes still need to delete files in Libreboot,
but for other reasons. For example, the poorly licensed
strlcat.c file that we delete from U-Boot, in both projects.
I currently hardcode such deletions in lbmk. After this
revision, I will start using "nuke.list" files as in cbmk.
Simply patching the sources to exclude such files, in this
context, is not OK because then we are still including them
but as diffs. This is why the nuke() function exists.
Import Canoeboot's nuke technology.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We use a path of /dev/null pointing to a ROM for
Fam15h AMD boards, to add fake PIKE2008 images.
This is to mitigate a hang in SeaBIOS, but now with
recent changes, this causes the command below to
download coreboot, when it should just exit saying
no vendor files needed. Prevent accidentally wasted
bandwidth. The command was:
./vendor download kcma_d8_rdimm_16mb
This now correctly does the following:
$ ./vendor download kcma_d8_rdimm_16mb
Vendor files not needed for: kcma_d8_rdimm_16mb
The joys of programming a build system in sh!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
By default, the build system does set -u -e
Some errors are unavoidable and have to be handled, so
we have to set +u +e (turn off error handling in sh),
when downloading vendor files, but only certain parts of
vendor.sh trigger errors (which cause an exit).
Replace the current bazooka approach with a more fine
grained approach, turning error handling back on again
when it is safe to do so.
In the parts of the code where it is disabled, the code
is written very, very carefully, with errors still handled
manually, but more careful auditing is required.
This change has been tested and makes the command much
safer to run. In security (or any bug auditing), it is
the principle of least privilege that holds true.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
e.g. coreboot/default contains no config directory, so
the old logic would be trying to do:
.
which is obviously invalid
now for example:
$ ./vendor download default
Vendor files not needed for: default
and it will exit with zero status
the only thing that should ever return non-zero status
is when you define a target that does not exist, config
or no.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i was checking whether it's a directory, whereas i should
have been checking whether it's a file. this is a workaround
put in place in case someone downloaded a tarball from codeberg
which is pre-generated per commit. in this situation, the
version and versiondate files do not exist, but the design
of the build system requires that they do exist.
the existing check is correct except for this bug, so fix
the bug. check that they are files, not directories
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in each submodule configuration directory, a module.cfg
file can now be provided. in it, the user can specify
two repository links (main and backup) and a revision, like
so:
subrepo="repo link goes here"
subrepo_bkup="backup repo link goes here"
subrev="git revision id goes here"
additionally:
in the *main* project directory for the submodules,
a module.list file can be provided. example entries:
3rdparty/vboot
3rdparty/libgfxinit
if the module.list file is provided, only those submodules
will be downloaded. this can be combined with the module.cfg
files, if you wish, but it's optional. you can mix and match.
example locations:
multi-tree project:
config/submodule/coreboot/default/module.list
config/submodule/coreboot/default/vboot/module.cfg
single-tree project:
config/submodule/flashprog/module.list
config/submodule/flashprog/foo/module.cfg
*no* configuration files have been provided, in this commit,
which means that the current behaviour is maintained.
follow-up commits will absolutely configure the submodules.
this is being done to reduce the number of modules downloaded,
because we don't use most of the coreboot submodules that are
downloaded, thus wasting bandwidth and the releases are also
much bigger than necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
a user was getting error "version unset" when using the
tarball generated from codeberg. it's recommended to use
the git repository properly, or a release archive.
mitigate this so that the build succeeds anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
link_crossgcc is called after git_am_patches, so
put it after ward
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
again, the directory in question is simply used
in a for loop using asterisk (git_am_patches) and
the for loop simply won't iterate if either the
directory doesn't exist or it contains no items.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in the function that immediately follows, it
starts two for loops that check every item in
that directory, using the asterisk wildcard.
if the directory does not exist, then the for
loop will simply break on first pass.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
"./update project trees" is a leftover from the
old build system design, prior to audits.
this particular call is for when xtree is defined,
which means that a given tree must rely on the given
coreboot tree defined by xtree. the "xtree" tree is
downloaded, so that its crossgcc builds can be re-used
to save time when building targets across many trees.
this is because trees often use identical crossgcc builds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
for single-tree project (e.g. flashprog):
config/submodule/PROJECT/MODNAME/patches
for multi-tree project (e.g. coreboot):
config/submodule/PROJECT/TREE/MODNAME/patches
MODNAME is e.g.:
3rdparty/vboot directory in coreboot: would become vboot
(the submodule codepath is filtered to up to the final slash)
another example:
submodire src dir 3rdparty/foo/bar
MODNAME would be "bar"
Add whatever patches you like to a given submodule.
An example patch is included in this commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, "./update release" will epicly fail
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the function is very small and only called once,
from fetch_project_trees()
merge it into fetch_project_trees()
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
one of the calling functions relies on the return value
to be always 0, so these error conditions in mkrom_tarball
have been altered to cause an *exit* (non-zero) instead.
in practise, the commands in question were printf commands
run after tho directory they output to had been created,
so write access would probably not be an issue.
nonetheless, technically correct is the best kind of correct.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that's all it's used for, to compress the rom images
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
they will later be removed, as part of unification against
other files that perform the same tasks
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
previously, it was attempting to load the configs and silently
failing. we must provide feedback to the user.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we literally do this check twice, in immediate succession.
avoid wasted i/o
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
re-use check_defconfig from option.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
The build system already deletes .git in all source
directories for each given release, but does so at
the very end; it still does, but now it is deleted
one by one per project, to save space during very
large builds (release sizes vary wildly, depending
on how many trees exist for coreboot basically).
If you're building entirely in tmpfs (as I do), this
could be a problem if you have lots of .git/ directories.
This change reduces disk usage, or in the above example,
memory usage when running the build system from tmpfs.
This complements another recent change, where ROM images
are compressed per target during release builds, rather
than all at the very end of the process. It is part of a
series of optimisations, to reduce the memory and disk
usage of the build system, and to reduce I/O wastage
in general.
This change will not be the last of such changes!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
an equivalent change has been made in cbmk.
certain lbmk-specific variable names have been made
generic, with certain functions and other variables
moved around.
i maintain sync between libreboot and canoeboot, where
both projects can have the same behaviours, and most of
the merge conflicts have to do with variable names
containing "LBMK", "lbmk", "cbmk" or "CBMK", or
indeed "canoeboot" and "libreboot"
LBMK/lbmk/CBMK/cbmk variables between canoeboot and
libreboot now contain the string XBMK/xbmk
it should now be *much* easier to merge build system
changes between lbmk and cbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's only used from main() in the main build script,
and it's very small, as is main()
therefore, move the logic into main()
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in lbmk, we call check_project() to set variables
such as projectname, version, version date
this is unnecessary, because all main scripts use
this functionality anyway
do it by default
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
set relname from option.sh under check_project()
now the release logic simply has to move a directory
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
releases aren't reproducible anyway. we were
using options available in gnu tar for this.
it will be revisited at a later date. however, the next
time this is done, we will use another method because
there are in fact portable ways to create tarballs
reproducibly, documented on reproducible-builds.org
to be revisited, at a later date. for now, remove bloat.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|