A lot of size-coding was performed in prior audits, to
make the sloccount lower on nvmutil, but this resulted in
code that wasn't very human readable.
I've reversed some of it and added comments, for clarity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user might have boot their kernel inside luks
inside lvm for some dumb reason
it's theoretically possible that the user would be
so silly indeed
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were scanning a hardcoded set up LVM volumes, so in practise,
LVM boot didn't really work. We did this because scanning for
asterisk is slow on some machines. However, since LVM is the last
one, and since most users don't boot directly from LVM, it wasn't
that much of an issue in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is based on include/vendor.sh from this lbmk
revision:
3c9f4be76f61c80060b4238eff96ef268272cffb
This version doesn't support downloading/injecting
vendor files such as Intel ME; that's what the lbmk
version is for.
If you try to run this on a Libreboot archive that
uses vendor files, the script will see that there is
a hash file present, and not inject a new MAC.
HOWEVER: if the hash file is not present, it will
work just fine, but again only change the MAC. That
way, you can use the "./mk inject" command from lbmk,
to insert files such as Intel ME. In practise, due to
the design checking out a specific cbfstool version
based on the board config, you can only use a config
in this way that's present on both Libreboot and
Canoeboot, such as the E6400 images; the E6400 images
on Libreboot insert an Nvidia GPU ROM, but Canoeboot
does not.
You don't need to run this on Libreboot tarballs, because
the Libreboot version can be used anyway. Canoeboot is
mostly a pointless project, but I maintain it for fun. I
make it adhere to GNU FSDG for fun, even though I disagree
with it; Libreboot's binary blob reduction policy is better.
The reason for this design is because of GNU FSDG,
which Canoeboot complies with to the letter. It states
that any such project must not distribute, promote or
otherwise boost proprietary software in any way; it must
steer the user only towards entirely free software.
It also doesn't support nuking. It only sets MAC
addresses; the "setmac keep" command is not present,
because it's pointless, but these work, e.g.:
./mk inject tarball.tar.xz
./mk inject tarball.tar.xz setmac
./mk inject tarball.tar.xz setmac restore
./mk inject tarball.tar.xz MACADDRESS
./mk inject tarball.tar.xz ??:aa:bb:??:22:01
etc
Same command structure as setmac for lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This was leftover from idk when. It's not in lbmk.
We don't need it here. This is a relic from when
the build system used git's submodules feature.
Nowadays, the build system automatically handles
directories such as what this patch handled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
./vendor commands were never used in cbmk
this was added accidentally, when cherry-picking newer
changes from lbmk
Signed-off-by: Leah Rowe <leah@libreboot.org>
This revision:
* 2f1e4e5e85 mb/hp/snb_ivb_desktops/z220*: Remove leftover old usb configurations
This is in line with the revision used by Libreboot 20241206,
8th revision - as of this commit, Canoeboot 20241207 rev1 can
be compiled, I just need to update the GRUB/SeaBIOS/U-Boot
version reporting, and sync up lbwww->cbwww with a release page.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We were previously not handling picotool at all, and
pico-sdk would download picotool itself, at build time.
This means that the source archive, if created, would
not contain picotool. While not strictly required, for
complete corresponding source, since it's a toolchain
and not the actual pico-serprog firmware, it is my policy
that releases must include full corresponding source code,
when it is feasible to do so.
I must say, I intensely dislike cmake, with such burning
passion; I am thoroughly displeased by how hacky this is,
but it works and now nothing is in my way for a Libreboot
20241206 rev8 release!
Signed-off-by: Leah Rowe <leah@libreboot.org>
See:
https://docs.python.org/3/library/sys.html#sys.version_info
The sys.version_info tuple is a more reliable way to
get the version. Our previous logic assumed that Python
would always output "Python versionnumber", but this may
not always be how it works. We've seen this for example
where Debian modifies some GNU toolchains to include Debian
something in the output.
Python has a standard method built in for outputting exact
the information we need. In my system, what I got was this:
(3, 11, 2, 'final', 0)
That output was from running this command:
python -c 'import sys; print(sys.version_info[:])'
This is much more robust, so use this instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we already check the python version, and set a variable
for it, so that we can reliably use python3, even if
python in PATH doesn't correspond to python3. for
example if a system has python as python2 and python3
as python3
well, we use that when running deguard for example, but
various upstream projects that we use may need python,
and all of them use python3, not 2
so, re-use the python variable set up by lbmk, and
set it up in PATH accordingly. this now makes the note
about python3 obsolete, on docs/build.md in lbwww.git
Signed-off-by: Leah Rowe <leah@libreboot.org>
probably not actually needed, but it annoys me that it doesn't
come installed by default, and it's needed for certain git
operations
Signed-off-by: Leah Rowe <leah@libreboot.org>
it should fix more build errors that might have appeared
in the aforementioned revision, mentioned in the previous
commit message
Signed-off-by: Leah Rowe <leah@libreboot.org>
the bug was actually caused by chkvars
add an escape for the quotes and bam. fixed.
without this, i got the following e.g.
For command: ./mk dependencies debian
Output:
./mk: 1: [: apt-get: unexpected operator
ERROR ./mk: pkg_add unset
Someone reported a similar issue with the Arch one,
which is also now fixed. This regression was caused
by the previous commit:
commit 0cf58c22734b19293f4cbef83add59b031ca1773
Author: Leah Rowe <leah@libreboot.org>
Date: Thu Jan 2 23:52:45 2025 +0000
fix lbmk shellcheck errors
I forgot to escape the double quotes in an eval.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This check is a good idea, but not viable here,
because the modules naturally aren't set in all
circumstances, so it just causes a build error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the gnu.org mirror is always slow for some reason, but only
for gnulib. it may only be for me, because routing in other
countries/networks may differ.
when i'm freshly cloning lbmk modules, gnulib is always really
slow, like 300KB/s (bytes, not bits)
i have 1gbps internet and wish to not have 2005-era speeds,
thank you kindly!
Signed-off-by: Leah Rowe <leah@libreboot.org>
Mention Riku's copyright in the COPYING file, and update
my years in that file. Add Riku to the AUTHORS file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The user might wish to uninstall, but not remove the
build that they just did.
The user can still do make clean if they wish.
Signed-off-by: Leah Rowe <leah@libreboot.org>
DESTDIR is the root directory where it goes, which
is normally an empty string; PREFIX is where the
bin directory is located, relative to DESTDIR
Default to /usr/local for PREFIX, not /usr, because
/usr/bin is for system utilities.
nvmutil is a local utility.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't want to clobber anything that the user set themselves.
Instead, we should respect the user's choice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This makes the code easier to understand.
All 2-byte words, stored in little endian order within
the 128-byte GbE NVM area, must add up to 0xBABA.
If it doesn't, then software is supposed to reject that
GbE config. The nvmutil software works on that basis.
Signed-off-by: Leah Rowe <leah@libreboot.org>
make it look like hexdump -C, where individual bytes are
spaced, and there is an additional space after 8 bytes,
per row.
i won't bother with a character display, since that is
meaningless on gbe nvm words.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i also removed that printf, because the path it prints is
actually wrong sometimes; in the recent re-write of vendor.sh,
it prints the correct path instead
Signed-off-by: Leah Rowe <leah@libreboot.org>
There was also a condition in run_make_command that is now
an OR, where it was an AND, on script/trees, to fix the use
of mixed (and erroneous) OR/AND operators.
I'm planning a much more invasive audit than this. These are
light fixes, intended for Libreboot 20241206 rev8.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't make sha512 files for tar archives, because it
is my intention to add the ./mk inject command to
canoeboot in a future commit, but without the vendor
file download/inject functionality, just the mac
address changer.
this commit is based on lbmk commit 41275d699ca
Signed-off-by: Leah Rowe <leah@libreboot.org>
Must not exceed 79 lines. Some variables and functions have
been renamed, and there has been some minor re-factoring.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I don't like using SPDX for actual copyright declarations.
I only want it to be used for the license identifier.
Also:
I made a *single* change to nvmutil.c in 2024, which means
that I have copyright in all years since and including 2022;
the file said 2022, 2023, 2025, but it's actually 2022-2025.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Leah Rowe