From fc4ee88e167c8a8a537a57e7d44f643ffff19385 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Sat, 4 Jan 2025 19:24:53 +0000 Subject: vendor.sh: error out if nuking failed We already have code to handle this, but it's possible that I might break it in the future, due to the complex logic of this script. So, I've implemented this catch-all check at the end of the process. It still relies on the actual setting of the variables, upon which this check is based, to be set correctly. This condition will most certainly never be met, unless I break some other part of the code in the future. That is precisely what this overly pedantic check is for. Example scenarios: I forget to set xchanged=y, on a new modification. I set has_hashes erroneously. The variables are re-used between runs, and not properly reset; at present, a given run of ./mk inject only operates on a single target, but this latter fact could change in the future. need_files is set erroneously; vendorfiles detected as being required, when they aren't. These are just a few examples. As such, this is a preventative bug fix, because it's preventing a bug. The main reason I want this i n here is because I need to ensure that vendor files are properly deleted, for a given release. If I accidentally includes ones that I'm not supposed to, inside ROM images, that could be a big problem. Signed-off-by: Leah Rowe --- include/vendor.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/include/vendor.sh b/include/vendor.sh index 93acf64d..cefed456 100644 --- a/include/vendor.sh +++ b/include/vendor.sh @@ -386,6 +386,23 @@ vendor_inject() printf "WARNING! Vendorfiles *removed*. DO NOT FLASH.\n" 1>&2 \ && printf "DO NOT flash images from '%s'\n" \ "$archive" 1>&2 + + # + # catch-all error handler, for libreboot release opsec: + # + # if vendor files defined, and a hash file was missing, that means + # a nuke must succeed, if specified. if no hashfile was present, + # that means vendorfiles had been injected, so a nuke must succeed. + # this check is here in case of future bugs in lbmk's handling + # of vendorfile deletions on release archives, which absolutely + # must always be 100% reliable, so paranoia is paramount: + # + if [ "$xchanged" != "y" ] && [ "$need_files" = "y" ] && \ + [ "$nukemode" = "nuke" ] && [ "$has_hashes" != "y" ]; then + printf "FAILED NUKE: tarball '$archive', board '$board'\n" 1>&2 + $err "Unhandled vendorfile deletion: DO NOT RELEASE TO RSYNC" + fi # of course, we assume that those variables are also set right + err="$_olderr" return 0 } -- cgit v1.2.1