Age | Commit message (Collapse) | Author |
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
More than 90% of cats were thus terminated.
read (shell built-in) is better at reading, and dogs are better pets.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
|
|
it looks a bit cluttered just sitting there in
the main script. make it an include.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
export TMPDIR to scripts, and handle it in a way that
we know lbmk set it
delete it at the end of the parent process, but not child
processes; when the lbmk script calls itself, child processes
will not delete the tmp directory.
some scripts in lbmk weren't cleaning up the tmpfiles they
made, and they still don't, but this mitigates that.
now in follow-up commits, i can start cleaning up those
scripts too.
not handled by this patch:
if the user cancels lbmk (ctrl+c), the tmp directory will
still be there. this too will be handled, in subsequent
patches
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
After that, do not allow anything to run if the user is
root. This logic flow is more robust, and reduces the
chance of bugs in the future.
We must not permit the user to run lbmk as root.
Running it as root *is* possible, by just removing
the check, and wily enough users will do that, but
this behaviour in lbmk is good practise because it
prevents accidentally running as root. If the user
went into root just for installing dependencies, they
might accidentally forget to switch back. This is a
safeguard against such folly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this was an oversight on my part. the script cannot be
run as root, except to install distro dependencies e.g.:
as root: ./build dependencies debian
however, ./checkgit was being run *before* checking that,
making it required to set git config as root.
this patch fixes that bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the way the old script worked was extremely hacky
it's cleaner just to make the user configure git
i haven't used anything from the old .gitcheck script,
which is now deleted. i completely re-wrote this, in
a much simpler way.
this is less maintenance now, when things change in
the upstream projects. coreboot makes heavy use of git
within its build system
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
e.g. ./build boot roms list
./update blobs inject listboards
./build boot list
./build clean list
also this is now possible:
./build list
or maybe
./update list
^ would list directories in resources/scripts/build
and resources/scripts/update respectively
this script is added:
resources/scripts/build/command/options
call it like so, e.g.
./build command options resources/coreboot
this script is now used, for list functions in
other scripts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the user may have re-downloaded a coreboot tree,
in a release. this is supported. therefore, some
may have .git, and some will not
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
include/err.sh
this new handling also does mundane things,
such as tell you what script b0rked
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
thanks Riku Viitanen for pointing out the bug
i b0rked it myself in an earlier revision, while
auditing.
it's funny because i made this exact same mistake
during the last audit, and in the exact same way
it's fixed once again
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the unified logic is so small that i simply added it
to the main "build" script
commands are identical. example:
./build dependencies debian
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's bloat, and was only there for backwards compatibility
with the old commands, but the new commands are e.g.
./update blobs inject
instead of:
./blobutil inject
this results in a slight code size reduction in lbmk
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
most of them were just calling the gitclone script,
so remove them.
the grub script was treating gnulib as a dependency.
i've now added the ability to grab 1 dependency, in
the gitclone script (it should be expanded later to
support multiple dependencies)
the gitclone script has been renamed to "fetch".
the "fetch_trees" script does more or less the same
thing, but calls "fetch" and handles multiple revisions
if a project needs that
this is more efficient, and slightly reduces the code
size of lbmk!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
a glaring oversight on my part
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
script is -e anyway, so this is redundant, but best
put it here anyway. it can only help. correct behaviour
is always to fail on error, except in certain cases that
would be handled on a case-by-case basis in each script
|
|
- A spurious semicolon caused the arguments to printf in die() to be
executed instead of printed
- ${@} in die() needs to be in quotes or else printf prints each word on
a separate line
- The number of arguments to main() does not include main itself so it
should be comparing against 1 instead of 2 to determine if enough
arguments were supplied.
|
|
make blobutil a symlink. Example of command changes:
./blobutil download x220_8mb
is now:
./update blobs download x220_8mb
The old command still works, for compatibility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
move resources/scripts/download/ to:
resources/scripts/update/module/
This: ./download coreboot
Is now: ./update module coreboot
However, running "./download coreboot"
still works, via backwards compatibility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
unify them, by turning them into symlinks pointing
to a generic script named lbmk
the script named lbmk is a fork of the script
named "build", which just checks argument 0 and adapts
accordingly
all of these core scripts had the exact same overall
logic, and they are thus compatible
Signed-off-by: Leah Rowe <leah@libreboot.org>
|