| Age | Commit message (Collapse) | Author |
|---|
|
don't say "file missing", because it may be present!
instead, say that the download failed. this covers both
contexts: internet failed and thus no file present, or
the file is present but checksum verification failed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
on the initial check, the output is confusing because
it will say "checksum verification failed" if the
file doesn't already exist, but then goes to download.
only say checksum failed if a download occured, and the
check failed, otherwise report nothing except that the
file already exists.
this will not reduce the ability to debug issues later
on, and it will reduce the amount of confusion for users.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it was only downloading the main url, even when
it should use the backup.
fix it by actually using the for loop variable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's a very compact nuke
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
do not over-engineer such a trivial thing.
seriously. all we're doing is nuking some files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
when we download coreboot, we currently don't have a way to
download crossgcc tarballs, so we rely on coreboot to do it,
which means running the coreboot build system to do it; which
means we don't get them in release archives, unless we add
very hacky logic (which did exist and was removed).
the problem with coreboot's build system is that it does not
define backup links for each given tarball, instead relying
on gnu.org exclusively, which seems OK at first because the
gnu.org links actually return an HTTP 302 response leading
to a random mirror, HOWEVER:
the gnu.org 302 redirect often fails, and the download fails,
causing an error. a mitigation for this has been to patch the
coreboot build system to download directly from a single mirror
that is reliable (in our case mirrorservice.org).
while this mitigation mostly works, it's not redundant; the
kent mirror is occasionally down too, and again we still have
the problem of not being able to cleanly provide crossgcc
tarballs inside release archives.
do it in config/submodules, like so:
module.list shall say the relative path of a given file,
once downloaded, relative to the given source tree.
module.cfg shall be re-used, in the same way as for git
submodules, but:
subfile="url"
subfile_bkup="backup url"
do this, instead of:
subrepo="url"
subrepo_bkup="backup url"
example entries in module.list:
util/crossgcc/tarballs/binutils-2.41.tar.xz
util/crossgcc/tarballs/gcc-13.2.0.tar.xz
util/crossgcc/tarballs/gmp-6.3.0.tar.xz
util/crossgcc/tarballs/mpc-1.3.1.tar.gz
util/crossgcc/tarballs/mpfr-4.2.1.tar.xz
util/crossgcc/tarballs/nasm-2.16.01.tar.bz2
util/crossgcc/tarballs/R06_28_23.tar.gz
the "subrev" variable (in module.cfg) has been renamed
to "subhash", so that this makes sense, and that name is
common to both subfile/subrepo.
the download logic from the vendor scripts has been re-used
for this purpose, and it verifies files using sha512sum.
therefore:
when specifying subrepo(git submodule), subhash will still
be a sha1 checksum, but:
when specifying subfile(file, e.g. tarball), subhash will
be a sha512 checksum
the logic for both (subrepo and subfile) is unified, and
has this rule:
subrepo* and subfile* must never *both* be declared.
the actual configuration of coreboot crossgcc tarballs
will be done in a follow-up commit. this commit simply
modifies the code to accomodate this.
over time, this feature could be used for many other files
within source trees, and could perhaps be expanded to allow
extracting source tarballs in leiu of git repositories, but
the latter is not yet required and thus not implemented.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i don't like that it's not there, because of the quirks
in sh behaviour. put it there to put my mind at ease.
otherwise, this doesn't change any behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in future revisions, i will make tarballs become subfiles,
to complement submodules. e.g. crossgcc tarballs in coreboot
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
line exceeds 80 characters
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i accidentally cloned to tmpdir rather than tmpgit
oops!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
copying the module list into tmpdir/ no longer makes sense,
because it was only done before when we supported either
running the list from "git submodule update", or module.list.
since we only support handling of module.list, we can
greatly simplify this function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
there were stragglers remaining, from when we used to
actually run "git submodule update", but this was removed.
clean up the submodule functions and merge them together.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, it's not clear to the operator what's happening
i'm normally against such verbose feedback, because it's bloat,
but this minimal amount of feedback will make the build system
more pleasant to use, especially during testing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
don't do it after, because that means the main project
is saved under src/ before we know whether the subrepo
was downloaded.
the "depend" variable (in config/git/) is no longer used
for projects that go in subdirectories of a parent; now,
we use config/submodules/ for this type of dependency.
download the "depend" projects (as per config/git/) first.
this way, if they fail, the main one will fail, but if
they succeed and main fails, you can just run the main
download again and it won't fail.
this fixes a bug where, depending on how you download a
set of projects and depending on the order which you do so,
a given project can become un-downloadable on current design,
because git will complain that a directory already exists.
this fix is done not only in code (by this commit), but
by prior configuration changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
only use config/submodules/ which the build system then
uses to run git clones manually, replicating the submodules
feature. we must never use a project's own gitmodules feature,
because we can't easily control it. better to let it break first,
and then figure out what modules to add manually, so that we
have only what we need for each project.
it's done this way, because git's own submodules feature
doesn't have very good error checking in general, nor
does it have good redundancy.
with the current design, we can declare backup repositories
for each submodule.
we replicate it precisely. for example:
3rdparty/vboot
this is a coreboot submodule, and we handle that in the
coreboot trees.
however, our current design also allows you to do this even
if the upstream repository does not contain a .gitmodules file
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it doesn't really make sense placed in lib.sh,
because it's only called from script/trees
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
one directory per util, under elf/
e.g. elf/cbfstool/
further split by tree name, e.g.:
elf/cbfstool/default/
elf/cbfstool/foo/
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
just run make directly. the trees script isn't really
designed to directly build directories, so don't.
nothing wrong with good old fashioned make -C
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
now it no longer hardcodes a check for whether the
project name is coreboot. this maintains the same
behaviour but will now work for other multi-tree
projects; in practise, the other multi-tree projects
did not use .gitmodules files anyway, but some of
them used config/submodules/ in our build system.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's only ever used here
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's also used from script/roms, in addition to trees
move these variables to a common file used everywhere
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
certain code checks for build.list, to skip it, for
example in items()
we already use config/data/grub to store grub config data
that applied to all trees
create these directories too:
config/data/coreboot
config/data/u-boot
config/data/seabios
move the respective build.list files in here, and also
to config/data/grub
now multi-tree projects contain, per directory, just the
target.cfg file and the patches directory. this is much
cleaner, because some of the logic can be simplified more
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
instead, check for the presence of target.cfg files
not in config/project/ but config/project/tree/
the way this check is done, it merely returns 1 if
config/project/*/target.cfg is detected, and returns
0 in all other cases, even if config/project/target.cfg
exists
that way, if the maintainer accidentally adds a
target.cfg in the main directory, the given multi-tree
project will not break
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
doesn't really matter, it's just an extra layer to ensure
reliability, but "id" is pretty standard
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this avoids writing the version/versiondate files as root.
this complements the previous fix, that avoided writing those
same files when running the dependencies command.
initial setup of the build system requires root, to run the
dependencies script, but otherwise the build system prevents
running as root for everything else, so we must avoid writing
the version/versiondate files as root.
that same avoidance is necessary when checking whether running
other commands as root; ironically, this check then prevented
running the build system at all!
the bug should be fully fixed now. i found this quite by accident
the other day, when testing something else.
good thing this got fixed because the release!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
do it strategically, in just the right place so that the
version and versiondate files aren't written.
otherwise, version/versiondate are written as root and
the build system becomes unusable after that, unless you
reset the file ownerships from root. hardly user-friendly.
mitigate this bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
A user had TMUX_TMPDIR set, which broke the TMPDIR check
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
already of saying "found", say "already exists"
this means the output of these commands more user
friendly and intuitive:
./update trees -b grub default
./update trees -b coreboot i945
this is just an example. when an ELF file already
exists, the build is skipped even if src isn't downloaded.
this design is intentional, because it means that you can
use previous builds if you want to save time on another.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
adding help again is a bad idea. code should never
document itself; that's what documentation is for.
so, make the code do a better job telling the user
where to find documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Re-add xHCI only on haswell and broadwell machines, where
they are needed. Otherwise, keep the same GRUB code.
The xHCI patches were removed because they caused issues
on Sandybridge-based Dell Latitude laptops. See:
https://codeberg.org/libreboot/lbmk/issues/216
The issue was not reported elsewhere, including on the
Haswell/Broadwell hardware where they are needed, but the
build system could only build one version of GRUB.
The older machines do not need xHCI patches, because they
either do not have xHCI patches, or work (in GRUB) because
they're in EHCI mode when running the payload.
So, the problem is that we need the xHCI patches for GRUB
on Haswell/Broadwell hardware, but the patches break
Sandybridge hardware, and we only had the one build of GRUB.
To mitigate this problem, the build system now supports
building multiple revisions of GRUB, with different patches,
and each given coreboot target can say which GRUB tree to use
by setting this in target.cfg:
grubtree="xhci"
In the above example, the "xhci" tree would be used. Some
generic GRUB config has been moved to config/data/grub/
and config/grub/ now looks like config/coreboot/ - also,
the grub.cfg file (named "payload" in each tree) is copied
to the GRUB source tree as ".config", then added to GRUB's
memdisk in the same way, as grub.cfg.
Several other design changes had to be made because of this:
* grub.cfg in memdisk no longer automatically jumps to one
in CBFS, but now shows a menuentry for it if available
* Certain commands in script/trees are disabled for GRUB,
such as *config make commands.
* gnulib is now defined in config/submodule/grub/, instead
of config/git/grub - and this mitigates an existing bug
where downloading gnulib first would make grub no longer
possible to download in lbmk.
The coreboot option CONFIG_FINALIZE_USB_ROUTE_XHCI has been
re-enabled on: Dell OptiPlex 9020 MT, Dell OptiPlex 9020 SFF,
Lenovo ThinkPad T440p and Lenovo ThinkPad W541 - now USB should
work again in GRUB.
The GRUB payload has been re-enabled on HP EliteBook 820 G2.
This change will enable per-board GRUB optimisation in the
future. For example, we hardcode what partitions and LVMs
GRUB scans because * is slow on ICH7-based machines, due
to GRUB's design. On other machines, * is reasonably fast,
for automatically enumerating the list of devices for boot.
Use of * (and other wildcards) could enable our GRUB payload
to automatically boot more distros, with minimal fuss. This
can be done at a later date, in subsequent revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
dl_fail is set to n and then immediately to y afterward
why?
clearly i was dehydrated
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the reason for it is because sometimes the coreboot build
system auto-downloads submodules which we don't want.
however, we now pass UPDATED_SUBMODULES=1 in make, which
disables this behaviour in coreboot's build system.
therefore, remove this unnecessary logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
cbmk revision:
cdce8ba70b863ea3fe0ad7a4d7b27d0c5ca30421
as of date 30 May 2024
Canoeboot provides deblobbing, fully, on all sources, so
as to provide a GNU FSDG compliant coreboot distro.
Libreboot used to do this but now uses a more pragmatic
Binary Blob Reduction Policy, allowing better hardware
support in general. See:
https://libreboot.org/news/policy.html
Well! We sometimes still need to delete files in Libreboot,
but for other reasons. For example, the poorly licensed
strlcat.c file that we delete from U-Boot, in both projects.
I currently hardcode such deletions in lbmk. After this
revision, I will start using "nuke.list" files as in cbmk.
Simply patching the sources to exclude such files, in this
context, is not OK because then we are still including them
but as diffs. This is why the nuke() function exists.
Import Canoeboot's nuke technology.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
We use a path of /dev/null pointing to a ROM for
Fam15h AMD boards, to add fake PIKE2008 images.
This is to mitigate a hang in SeaBIOS, but now with
recent changes, this causes the command below to
download coreboot, when it should just exit saying
no vendor files needed. Prevent accidentally wasted
bandwidth. The command was:
./vendor download kcma_d8_rdimm_16mb
This now correctly does the following:
$ ./vendor download kcma_d8_rdimm_16mb
Vendor files not needed for: kcma_d8_rdimm_16mb
The joys of programming a build system in sh!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
By default, the build system does set -u -e
Some errors are unavoidable and have to be handled, so
we have to set +u +e (turn off error handling in sh),
when downloading vendor files, but only certain parts of
vendor.sh trigger errors (which cause an exit).
Replace the current bazooka approach with a more fine
grained approach, turning error handling back on again
when it is safe to do so.
In the parts of the code where it is disabled, the code
is written very, very carefully, with errors still handled
manually, but more careful auditing is required.
This change has been tested and makes the command much
safer to run. In security (or any bug auditing), it is
the principle of least privilege that holds true.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
e.g. coreboot/default contains no config directory, so
the old logic would be trying to do:
.
which is obviously invalid
now for example:
$ ./vendor download default
Vendor files not needed for: default
and it will exit with zero status
the only thing that should ever return non-zero status
is when you define a target that does not exist, config
or no.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
