2023-06-13 11:09:01 +00:00
|
|
|
#!/usr/bin/env sh
|
2022-11-14 00:51:12 +00:00
|
|
|
|
|
|
|
|
# SPDX-FileCopyrightText: 2022 Caleb La Grange <thonkpeasant@protonmail.com>
|
2023-06-13 11:09:01 +00:00
|
|
|
# SPDX-FileCopyrightText: 2022 Ferass El Hafidi <vitali64pmemail@protonmail.com>
|
2023-05-18 12:19:38 +00:00
|
|
|
# SPDX-FileCopyrightText: 2023 Leah Rowe <leah@libreboot.org>
|
2022-11-14 00:51:12 +00:00
|
|
|
# SPDX-License-Identifier: GPL-3.0-only
|
|
|
|
|
|
2023-08-23 17:56:31 +00:00
|
|
|
. "include/err.sh"
|
|
|
|
|
|
2023-05-06 16:15:14 +00:00
|
|
|
name=""
|
2023-05-18 11:34:47 +00:00
|
|
|
revision=""
|
|
|
|
|
location=""
|
|
|
|
|
url=""
|
|
|
|
|
bkup_url=""
|
|
|
|
|
tmp_dir=""
|
2023-08-17 10:41:58 +00:00
|
|
|
depend=""
|
2023-05-06 16:15:14 +00:00
|
|
|
|
2023-05-18 11:34:47 +00:00
|
|
|
main()
|
|
|
|
|
{
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
id -u 1>/dev/null 2>/dev/null || \
|
|
|
|
|
fail "cannot ascertain user id"
|
|
|
|
|
if [ "$(id -u)" = "0" ]; then
|
2023-08-27 17:25:49 +00:00
|
|
|
fail "running lbmk as root is not permitted"
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
fi
|
2023-08-27 16:57:30 +00:00
|
|
|
./checkgit || err "Please read: https://libreboot.org/docs/build/"
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
|
|
|
|
|
[ $# -gt 0 ] || fail "no argument given"
|
|
|
|
|
|
|
|
|
|
[ -z "${1+x}" ] && fail 'main(): name not set'
|
2023-05-18 11:34:47 +00:00
|
|
|
name=${1}
|
2022-11-14 00:51:12 +00:00
|
|
|
|
2023-05-18 11:55:34 +00:00
|
|
|
read_config
|
|
|
|
|
verify_config
|
|
|
|
|
|
|
|
|
|
clone_project
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
[ "${depend}" = "" ] || ./fetch ${depend} || \
|
|
|
|
|
fail "Cannot fetch dependency, ${depend}, for project, ${name}"
|
2023-05-18 11:55:34 +00:00
|
|
|
|
2023-08-27 08:25:50 +00:00
|
|
|
rm -Rf "${tmp_dir}" || fail "cannot remove tmpdir, ${tmp_dir}"
|
2023-05-18 11:55:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
read_config()
|
|
|
|
|
{
|
|
|
|
|
awkstr=" /\{.*${name}.*}{/ {flag=1;next} /\}/{flag=0} flag { print }"
|
2023-05-18 11:34:47 +00:00
|
|
|
while read -r line ; do
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
set ${line} || fail "read_config: set line"
|
2023-05-18 11:34:47 +00:00
|
|
|
case ${line} in
|
2023-07-29 06:24:18 +00:00
|
|
|
rev:*)
|
2023-08-21 23:34:15 +00:00
|
|
|
revision=${2} ;;
|
2023-07-29 06:24:18 +00:00
|
|
|
loc:*)
|
2023-08-21 23:34:15 +00:00
|
|
|
location=${2} ;;
|
2023-07-29 06:24:18 +00:00
|
|
|
url:*)
|
2023-08-21 23:34:15 +00:00
|
|
|
url=${2} ;;
|
2023-07-29 06:24:18 +00:00
|
|
|
bkup_url:*)
|
2023-08-21 23:34:15 +00:00
|
|
|
bkup_url=${2} ;;
|
2023-08-17 10:41:58 +00:00
|
|
|
depend:*)
|
2023-08-21 23:34:15 +00:00
|
|
|
depend=${2} ;;
|
2023-05-18 11:34:47 +00:00
|
|
|
esac
|
2023-06-13 11:09:01 +00:00
|
|
|
done << EOF
|
|
|
|
|
$(eval "awk '${awkstr}' resources/git/revisions")
|
|
|
|
|
EOF
|
2022-11-14 00:51:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-05-18 11:55:34 +00:00
|
|
|
verify_config()
|
2023-05-18 11:34:47 +00:00
|
|
|
{
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
[ -z "${revision+x}" ] && fail 'verify_config: revision not set'
|
|
|
|
|
[ -z "${location+x}" ] && fail 'verify_config: location not set'
|
|
|
|
|
[ -z "${url+x}" ] && fail 'verify_config: url not set'
|
2022-11-14 00:51:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-05-18 11:34:47 +00:00
|
|
|
clone_project()
|
|
|
|
|
{
|
2023-05-18 11:55:34 +00:00
|
|
|
tmp_dir=$(mktemp -dt "${name}_XXXXX")
|
|
|
|
|
|
2023-08-27 08:25:50 +00:00
|
|
|
git clone ${url} "${tmp_dir}" || git clone ${bkup_url} "${tmp_dir}" || \
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
fail "clone_project: could not download ${name}"
|
2023-05-18 11:34:47 +00:00
|
|
|
(
|
2023-08-27 08:25:50 +00:00
|
|
|
cd "${tmp_dir}" || fail "clone_project: tmpdir not created"
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
git reset --hard ${revision} || \
|
|
|
|
|
fail "clone_project: Cannot reset revision"
|
2023-05-18 11:34:47 +00:00
|
|
|
)
|
2023-05-18 11:55:34 +00:00
|
|
|
patch_project
|
2023-05-18 12:03:28 +00:00
|
|
|
|
2023-08-21 23:34:15 +00:00
|
|
|
[ ! -d "${location}" ] || \
|
2023-08-27 08:25:50 +00:00
|
|
|
rm -Rf "${location}" || \
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
fail "clone_project: Can't remove directory '${location}'"
|
|
|
|
|
mv "${tmp_dir}" "${location}" || \
|
|
|
|
|
fail "clone_project: could not copy temp file to destination"
|
2023-05-18 11:34:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
patch_project()
|
|
|
|
|
{
|
2023-05-18 11:55:34 +00:00
|
|
|
patchdir="resources/${name}/patches"
|
|
|
|
|
|
2023-08-27 08:25:50 +00:00
|
|
|
for patchfile in "${PWD}/${patchdir}"/*.patch ; do
|
2023-08-21 23:34:15 +00:00
|
|
|
[ -f "${patchfile}" ] || continue
|
2023-05-18 11:55:34 +00:00
|
|
|
(
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
cd "${tmp_dir}" || fail "patch_project: tmpdir unavailable"
|
|
|
|
|
git am "${patchfile}" || \
|
|
|
|
|
fail "patch_project: Cannot patch project: $name"
|
2022-11-14 00:51:12 +00:00
|
|
|
)
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-23 17:56:31 +00:00
|
|
|
fail()
|
|
|
|
|
{
|
much, much stricter, more verbose error handling
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
|
|
|
for x in "${location}" "${tmp_dir}"; do
|
|
|
|
|
[ -z "${x}" ] || [ ! -d "${x}" ] || rm -Rf "${location}" || :
|
|
|
|
|
done
|
2023-08-23 17:56:31 +00:00
|
|
|
usage
|
|
|
|
|
err "${1}"
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-18 11:34:47 +00:00
|
|
|
usage()
|
|
|
|
|
{
|
|
|
|
|
cat <<- EOF
|
2023-08-17 10:41:58 +00:00
|
|
|
Usage: ./fetch [name]
|
2022-11-14 00:51:12 +00:00
|
|
|
|
2023-05-18 11:34:47 +00:00
|
|
|
Options:
|
|
|
|
|
name: Module name as specified in resources/git/revisions
|
|
|
|
|
EOF
|
|
|
|
|
}
|
2022-11-14 00:51:12 +00:00
|
|
|
|
2023-05-18 11:34:47 +00:00
|
|
|
main $@
|