alper made a fix to this file a few hours ago, but
forgot to update the copyright header
i'm doing it for alper, as a courtesy
Signed-off-by: Leah Rowe <leah@libreboot.org>
Properly set $pyver to "3" when we detect we can use python3. In the
following version checks, use the $python we detected instead of a
'python' from PATH because the latter might be a python2 while still
co-existing with a python3.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
A number of regressions were caused by the recent CVE fixes,
many of which have since been fixed upstream. This includes
several ext4 file system bugs, which caused some systems not
to boot properly, when dealing with very large initramfs files.
No additional patching has been made. This will be tested, and
then used to provide a revision update for Libreboot 20241206.
After this, there are several additional OOT patches that will
be merged, for the next *testing release* of Libreboot.
Update to this revision, for all GRUB trees:
a4da71dafeea519b034beb159dfe80c486c2107c
This brings in the following changes from upstream:
* a4da71daf util/grub-install: Include raid5rec module for RAID 4 as well
* 223fcf808 loader/ia64/efi/linux: Reset grub_errno on failure to allocate
* 6504a8d4b lib/datetime: Specify license in emu module
* 8fef533cf configure: Add -mno-relax on riscv*
* 1fe094855 docs: Document the long options of tpm2_key_protect_init
* 6252eb97c INSTALL: Document the packages needed for TPM2 key protector tests
* 9d4b382aa docs: Update NV index mode of TPM2 key protector
* 2043b6899 tests/tpm2_key_protector_test: Add more NV index mode tests
* 9f66a4719 tests/tpm2_key_protector_test: Reset "ret" on fail
* b7d89e667 tests/tpm2_key_protector_test: Simplify the NV index mode test
* 5934bf51c util/grub-protect: Support NV index mode
* cd9cb944d tpm2_key_protector: Support NV index handles
* fa69deac5 tpm2_key_protector: Unseal key from a buffer
* 75c480885 tss2: Add TPM 2.0 NV index commands
* 041164d00 tss2: Fix the missing authCommand
* 46c9f3a8d tpm2_key_protector: Add tpm2_dump_pcr command
* 617dab9e4 tpm2_key_protector: Dump PCRs on policy fail
* 204a6ddfb loader/i386/linux: Update linux_kernel_params to match upstream
* 6b64f297e loader/xnu: Fix memory leak
* f94d257e8 fs/btrfs: Fix memory leaks
* 81146fb62 loader/i386/linux: Fix resource leak
* 1d0059447 lib/reloacator: Fix memory leaks
* f3f1fcecd disk/ldm: Fix memory leaks
* aae2ea619 fs/ntfs: Fix NULL pointer dereference and possible infinite loop
* 3b25e494d net/drivers/ieee1275/ofnet: Add missing grub_malloc()
* fee6081ec kern/ieee1275/init: Increase MIN_RMA size for CAS negotiation on PowerPC machines
* b66c6f918 fs/zfs: Fix a number of memory leaks in ZFS code
* 1d59f39b5 tests/util/grub-shell: Remove the work directory on successful run and debug is not on
* e0116f3bd tests/grub_cmd_cryptomount: Remove temporary directories if successful and debug is not on
* e6e2b73db tests/grub_cmd_cryptomount: Default TMPDIR to /tmp
* 32b02bb92 tests/grub_cmd_cryptomount: Cleanup the cryptsetup script unless debug is enabled
* c188ca5d5 tests: Cleanup generated files on expected failure in grub_cmd_cryptomount
* 50320c093 tests/util/grub-shell-luks-tester: Add missing line to create RET variable in cleanup
* bb6d3199b tests/util/grub-shell-luks-tester: Find cryptodisk by UUID
* 3fd163e45 tests/util/grub-shell: Default qemuopts to envvar $GRUB_QEMU_OPTS
* ff7f55307 disk/lvm: Add informational messages in error cases of ignored features
* a16b4304a disk/lvm: Add support for cachevol LV
* 9a37d6114 disk/lvm: Add support for integrity LV
* 6c14b87d6 lvm: Match all LVM segments before validation
* d34b9120e disk/lvm: Remove unused cache_pool
* 90848a1f7 disk/lvm: Make cache_lv more generic as ignored_feature_lv
* 488ac8bda commands/ls: Add directory header for dir args
* 096bf59e4 commands/ls: Print full paths for file args
* 90288fc48 commands/ls: Output path for single file arguments given with path
* 6337d84af commands/ls: Show modification time for file paths
* cbfb031b1 commands/ls: Merge print_files_long() and print_files() into print_file()
* 112d2069c commands/ls: Return proper GRUB_ERR_* for functions returning type grub_err_t
* da9740cd5 commands/acpi: Use options enum to index command options
* 1acf11fe4 docs: Capture additional commands restricted by lockdown
* 6a168afd3 docs: Document restricted filesystems in lockdown
* be0ae9583 loader/i386/bsd: Fix type passed for the kernel
* ee27f07a6 kern/partition: Unbreak support for nested partitions
* cb639acea lib/tss2/tss2_structs.h: Fix clang build - remove duplicate typedef
* 696e35b7f include/grub/mm.h: Remove duplicate inclusion of grub/err.h
* 187338f1a script/execute: Don't let trailing blank lines determine the return code
* ff173a1c0 gitignore: Ignore generated files from libtasn
* fbcc38891 util/grub.d/30_os-prober.in: Conditionally show or hide chain and efi menu entries
* 56ccc5ed5 util/grub.d/30_os-prober.in: Fix GRUB_OS_PROBER_SKIP_LIST for non-EFI
* 01f064064 docs: Do not reference non-existent --dumb option
* 3f440b5a5 docs: Replace @lbracechar{} and @rbracechar{} with @{ and @}
* f20988738 fs/xfs: Fix grub_xfs_iterate_dir() return value in case of failure
* 1ed2628b5 fs/xfs: Add new superblock features added in Linux 6.12/6.13
* 348cd416a fs/ext2: Rework out-of-bounds read for inline and external extents
* c730eddd2 disk/ahci: Remove conditional operator for endtime
* f0a08324d term/ns8250-spcr: Return if redirection is disabled
* 7161e2437 commands/file: Fix NULL dereference in the knetbsd tests
* 11b9c2dd0 gdb_helper: Typo hueristic
* 224aefd05 kern/efi/mm: Reset grub_mm_add_region_fn after ExitBootServices() call
* 531750f7b i386/tsc: The GRUB menu gets stuck due to unserialized rdtsc
* f2a1f66e7 kern/i386/tsc_pmtimer: The GRUB menu gets stuck due to failed calibration
* 13f005ed8 loader/i386/linux: Fix cleanup if kernel doesn't support 64-bit addressing
Signed-off-by: Leah Rowe <leah@libreboot.org>
initialising variables, setting PWD, setting version,
this is all unnecessary before the root check, because
the dependencies commands use none of these.
Signed-off-by: Leah Rowe <leah@libreboot.org>
cbmk creates TMPDIR as /tmp/xbmk_*, but it's theoretically
possible that something could re-export it by mistake.
this change retains the same initialisation, but further
use is now via a new variable "xbmktmp", that stores the
value of TMPDIR upon cbmk's initialisation of it.
this reduces the chance of such a bug in the future, as
described above, so it is a preemptive/preventative fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
merge it with git_prep, since it's only a small
function and only called from there. the merged
code still makes sense and its purpose is still
quite clear on casual reading.
Signed-off-by: Leah Rowe <leah@libreboot.org>
merge it with git_prep, since it's only a tiny
function and only called from there. the for
loop moved to the if block still makes sense
on casual reading.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the "u" argument can actually be any thing. git_prep
handles git submodules only for single-tree projects,
under any candition, or on multi-tree projects if
the number of arguments to git_prep is above four.
"u" is the 5th argument, meant to enable submodule
downloads. it really doesn't matter what this string
says, so let's just make it as clear as possible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the combination of x_ with the "e" function enables
for much simpler file-check error handling, which is
a unique innovation of cbmk as it pertains to sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the cbfs function will call cbfstool, which will perform
the same check, and the same error condition would cause
the same exit behaviour in lbmk. the error message would
also provide output that is just as useful for debugging.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There was no error handling, *at all*, on the actual tar
command, due to the lack of set -o pipefail, which we cannot
rely on in sh.
The x_ wrapper can be used in this case, as a mitigation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We can't do set -o pipefail in POSIX sh, which we're using,
but the build system has x_ which wraps around a command
and executes it, exiting with non-zero status if it does.
This fact enables lbmk to have functionality that is actually
superior to pipefail, since you can more easily control
specifically which parts error.
For example:
foo | bar | foo2 | bar2 | $err "error"
ERROR exits with non-zero status, but foo2, bar and foo
would not exit on error, only bar2 would. In *bash*, which
we avoid, set -o pipefail would make all of them exit on
error, but what if you wanted "bar" to not exit?
With lbmk, you could do, in the above example, and with the
above question asked ("what if you wanted bar not to exit"):
x_ foo | bar | x_ foo2 | bar2 > file | $err "error"
of course, you could also do, if not outputting to "file":
x_ foo | bar | x_ foo2 | x_ bar2
NOTE: in lbmk, $err is a variable containing the name of
a function that does something (whatever you want) and
then exits with non-zero status.
This entire explanation is beyond the scope of simply
providing (and explaining) this fix, but I also wanted to
use this commit as an example of the power of lbmk with
regards to POSIX shell scripting.
Signed-off-by: Leah Rowe <leah@libreboot.org>
x_ cannot be used, where output is redirected to a file;
only the convention piping can be used, for errors.
relying on x_ in these cases will cause unpredictable bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i can't call $err (variable), because it's set
to fail_inject. fix this infinite loop, which
was an oversight in the previous commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I was using a complicated method of knowing whether
the current instance was parent or a child, to know
whether the lock file and TMPDIR needed to be purged.
It was quite error-prone too. Instead, I'm now handling
it directly from within the if statement that previously
initialised xbmk_parent=y, forking ./mk from there.
The forked instance would not trigger that if clause
again, since then TMPDIR is created, thus avoiding
recursion.
This is an improvement because it doesn't rely on how
the parent handles exit statuses, and it ensures that
the lock/tmp files are never accidentally deleted.
Even if a given program/script that cbmk runs would
export TMPDIR, it doesn't matter because cbmk doesn't,
so it would be unaffected.
Signed-off-by: Leah Rowe <leah@libreboot.org>
because the top-down function order isn't as reliable
in lib.sh, since this is what first runs, included
in every other script
Signed-off-by: Leah Rowe <leah@libreboot.org>
Leah Rowe