| Age | Commit message (Collapse) | Author | 
|---|
|  | mkdirs() should be in include/blobutil.sh, as should
extract_archive(), because that is primarily where
they are used.
script/update/blobs/download calls these functions
aswell, but it sources include/blobutil.sh so it's OK.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Don't use only wget. Some systems may only have curl.
The user can always install wget anyway, but why not
support both? I've added the right user agent string.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Just one function.
Just one.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | This way, the file is checked regardless of what type of
blob is handled, not just Intel ME.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Because fetch() is only called now from blobs/download,
we can reliably know what dl_path should be.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | They are only ever used by script/update/blobs/*, so
put them all in blobutil.sh. This cuts down on the
number of scripts in lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | mrc.bin is now handled by include/mrc.sh, adapted
from now-deleted script/update/blobs/mrc
much of the logic has been re-written or adapted for
inside script/update/blobs/download
mrc links/hashes now defined in config/blobs/sources
the new code is simpler (and smaller). in addition,
lbmk can now easily handle mrc.bin files for other
platforms such as broadwell. watch this space.
the full .zip download is now cached, like with other
vendor downloads. this means it won't be re-downloaded
if it was already downloaded before.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Use the same logic between blobs/download and blobs/mrc.
The logic is taken from blobs/download.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | generally condense the code, but not in a way that
makes the code unreadable.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | individual functions for downloading each archive have
been removed. instead, eval is used in fetch_update(),
which is now renamed to fetch().
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | the called functions directly call err() under fault condition,
so this additional handling is redundant.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | i added that echo command when working on the function
in question, but it's not needed now.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | This script is incomplete, buggy and its use is ill advised.
This script can be re-added later, when more work is done.
The download and/or inject script is recommended.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Do not specifically name types of firmware. Instead,
pass the URLs and checksum as direct arguments.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | remove the giant case/esac list, and set variables directly.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | use the variable names directly, as defined in defconfig.
do not hardcode the if/else chain in detect_firmware, use
eval instead.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | also, some of them were out of date; years now updated.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | This results in much cleaner copyright and license declarations.
SPDX headers are legally recognised and make auditing easier.
Also, remove descriptions of each script, from each script.
Libreboot documentation at docs/maintain/ describes them.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | there were a few missing err calls
i actually went through all of lbmk and found no
instances where err calls were missing except in
build/boot/roms_helper
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | printf has more universal behaviour, across various
implementations of sh, so it's better to use this.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | single quotes are not valid
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | in some cases, messages that should be considered errors
or warnings, were being written to the standard output,
rather than written as error messages.
also: one or two printf statements should specifically
avoid printing errors (to any file); in these cases,
stdout has been redirected to /dev/null
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | this was overlooked, earlier on in lbmk audit 2
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | on e6400_4mb, the release build scripts remove nvidia's vga
rom which is used on dgpu models. however, microcode is also
removed in separately copied rom images
the inject script was inserting vgaroms directly into these
no-microcode roms, but the microcode blob is bigger than the
vga rom, and cbfstool inserts into the first available free
spot within cbfs, so it was inserting into the spot where
cpu microcode went. this caused the rom checksum to not match
what was generated during build/release/roms being executed
the only real fix is to guarantee offsets within cbfs for all
files, by recording what offsets were used and then calculating
that during insertion
so this patch is a workaround, but fixes the issue. the workaround
is: don't insert blobs directly on no-microcode roms, instead
insert only on microcode-based roms, then re-copy those roms
and remove microcode in aptly named copies
it's a bit more convoluted, but works perfectly fine.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | we are copying large numbers of ROM images, and the
host system may have /tmp under a tmpfs; that same
host system may or may not have a lot of memory.
respect the user's machine.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | explicitly set the count to 3, so that a maximum of 3
attemps are made per download, barring fatal errors such
as http 404.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | they all more or less use the same variables, so put
them all under include/blobutil.sh
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | check based on whether defconfigs are available, which
are used extensively, rather than checking based on
whether target.cfg is available, which is not used
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | just like the last patch, target.cfg handling is not
required in this script either. remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | the handling of target.cfg is *not* required, in
this script. other mechanisms are also used for
error checking. this script only uses defconfigs.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | they weren't even handled at all, but they were referenced
under coreboot configuration
they don't need to be handled. lbmk simply includes these files.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | it doesn't really make sense for them to be under
blobs/ - nominally, they are blobs, but they are
well-understood data files containing config data,
that is easily parsed by tools like ich9show or
ifdtool (and tools like bincfg or nvmutil)
blobs/ has been re-purposed: this directory no longer
exists in lbmk, but it is created (and on .gitignore)
when needed, by blobutil
thus, the blobs/ directory shall only contain vendor
files, and only those files that libreboot scrubs from
releases. therefore, build/release/src can (and has
been) simplified; it currently copies just the ifd and
gbe files from blobs/, selectively, and this logic is
quite error prone, requiring maintenance. now, the
build/release/src script simply copies config/ (which
only ever contains distributable files) and entirely
ignores the blobs/ directory
the blob download script already creates the required
directory, except for the sch5545 download; this is
now fixed
lbmk code size is slightly smaller, due to this patch
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | The same ROM images that you flash on Intel GPU variants,
are now flashed on Nvidia models. The same ROM will work
on both. If an Intel GPU variant is present, libgfxinit
is used, and the VGA ROM is used if an Nvidia GPU variant;
however, release ROMs will scrub the nvidia option ROM,
so release ROMs will only work on Intel GPUs unless you
run the blobutil inject command.
I decided to no longer have this under WIP, but to put
it in master. The issue with it pertains to video drivers,
which is not Libreboot's problem.
Nouveau crashes under Linux, so use "nomodeset" if it does.
The "nv" drivers in BSD systems work very well.
The nvidia model of E6400 isn't recommended for other
reasons, namely: poor thermal cooling (thermal pad on
the GPU) and that Nvidia GPU doesn't get very good
performance on any libre drivers anyway. The Intel GPU
variant is better, in terms of power efficiency and
software support; the intel variant also works with
native graphics initialisation in coreboot.
This board port already only enables SeaBIOS, which will
simply execute the VGA ROM. Blobutil already supports
reading the config, detecting that a VGA ROM is needed,
because that part of the WIP E6400 branch was already
merged in lbmk master.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | this means the unified /tmp handling is now provided for
in both the former "fetch" and "fetch_trees" script, which
are now (respectively):
./update project repo
./update project trees
if the fetch scripts weren't cleaning /tmp before, they
now are, because lbmk handles it
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | the error messages that it shows are benign, but users
see them and worry that something went wrong
this patch reduces the number of people asking pointless
questions on irc
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> |