lbmk/script/build/grub/payload

105 lines
2.9 KiB
Plaintext
Raw Normal View History

#!/usr/bin/env sh
# generate GRUB ELF files (coreboot payload) and configuration files
#
# Copyright (C) 2014,2015,2020,2021,2023 Leah Rowe <info@minifree.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
[ "x${DEBUG+set}" = 'xset' ] && set -v
set -u -e
. "include/err.sh"
grubcfgsdir="resources/grub"
keymap=""
. "${grubcfgsdir}/modules.list"
main()
{
printf "Creating GRUB payloads and configuration files\n"
handle_dependencies
# Separate GRUB payload per keymap to save space in ROM.
for keylayoutfile in ${grubcfgsdir}/keymap/*.gkb; do
[ -f "${keylayoutfile}" ] || continue
build_grub_payloads "${keylayoutfile}"
done
consolidate u-boot/seabios/coreboot build scripts See file: resources/scripts/build/defconfig/for It is based on: resources/scripts/build/payload/u-boot The u-boot payload script has been deleted, as has the seabios payload script; the build/boot/roms logic has been heavily simplified too, by removing the logic for building of elf files based on defconfig. SeaBIOS, U-Boot and coreboot all use defconfig-type infrastructure for their build systems, and they are fundamentally the *same* in how to compile each codebase, at least in an lbmk context, regardless of actual (and very huge) differences in these codebases. Several hundred sources-lines of code have been eliminated by this change, drastically simplifying everything; U-Boot payload compiling also now errors out when a single build fails, instead of continuing. Also: build/boot/roms no longer re-compiles a coreboot target that was already compiled, which is the same behaviour observed for payloads. (this means you must now manually delete a target, when you wish to re-build it; the build/boot/roms logic now more or less just runs cbfstool; blobutil is handled from build/defconfig/for) ALSO: Since crossgcc is now handled by build/defconfig/for, not build/boot/roms, standalone compiling of u-boot is now possible. This has been tested. You compile it like so: ./build defconfig for u-boot or specific trees, e.g. ./build defconfig for u-boot default One other consequence of this patch is that re-building the same ROM image is now much faster, because the same builds are re-used unless deleted. This could be useful when testing grub.cfg changes, for example, if that's all you change. With things like ccache used (not yet used robustly in lbmk), this could speed things up more, depending on the codebase. This patch demonstrates the raw power of lbmk; it is a very simple and highly efficient build system, and now much more so! Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-17 22:27:30 +00:00
printf "Done! Check elf/grub/ to see the files.\n\n"
}
handle_dependencies()
{
[ -d "grub/" ] || \
much, much stricter, more verbose error handling lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
./fetch grub || \
err "handle_dependencies: cannot fetch grub"
[ -f "grub/grub-mkstandalone" ] || \
much, much stricter, more verbose error handling lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
./build grub utils || \
err "handle_dependencies: cannot build grub utils"
[ -d "elf/grub" ] || \
much, much stricter, more verbose error handling lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
mkdir -p elf/grub || \
err "handle_dependencies: cannot mkdir elf/grub"
rm -f elf/grub/* || \
err "handle_dependencies: cannot rm inside: elf/grub/"
}
build_grub_payloads()
{
keylayoutfile=${1}
[ -f "${keylayoutfile}" ] || continue
keymap="${keylayoutfile##${grubcfgsdir}/keymap/}"
keymap="${keymap%.gkb}"
build_grub_elf "${keylayoutfile}"
create_grub_config
printf "Created 'elf/grub/grub_%s.elf' and configs.'\n" "${keymap}"
}
build_grub_elf()
{
keylayoutfile=${1}
gcfg="/boot/grub/grub.cfg=${grubcfgsdir}"
gcfg="${gcfg}/config/grub_memdisk.cfg"
grubk="/boot/grub/layouts/${keymap}.gkb=${keylayoutfile}"
grub/grub-mkstandalone \
--grub-mkimage="grub/grub-mkimage" \
-O i386-coreboot \
-o "elf/grub/grub_${keymap}.elf" \
-d grub/grub-core/ \
--fonts= --themes= --locales= \
--modules="${grub_modules}" \
--install-modules="${grub_install_modules}" \
"${gcfg}" "${grubk}" || \
much, much stricter, more verbose error handling lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
err "build_grub_elf: cannot build grub payload (grub-mkstandalone)"
}
create_grub_config()
{
sed "s/usqwerty/${keymap}/" < "${grubcfgsdir}/config/grub.cfg" \
> "elf/grub/grub_${keymap}.cfg" || \
much, much stricter, more verbose error handling lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
err "create_grub_config: sed failed: grub.cfg"
sed "s/grubtest.cfg/grub.cfg/" < "elf/grub/grub_${keymap}.cfg" \
> "elf/grub/grub_${keymap}_test.cfg" || \
much, much stricter, more verbose error handling lbmk is much more likely to crash now, in error conditions, which is a boon for further auditing. also: in "fetch", remove the downloaded program if fail() was called. this would also be done for gnulib, when downloading grub, but done in such a way that gnulib goes first. where calls to err write "ERROR" in the string, they no longer say "ERROR" because the "err" function itself now does that automatically. also: listmodes/listoptions (in "lbmk") now reports an error if no scripts and/or directories are found. also: where a warning is given, but not an error, i've gone through in some places and redirected the output to stderr, not stdout as part of error checks: running anything as root, except for the "./build dependencies *" commands, is no longer permitted and lbmk will throw an error mrc downloads: debugfs output no longer redirected to /dev/null, and stderr no longer redirected to stdout. everything is verbose. certain non-error states are also more verbose. for example, patch_rom in blobs/inject will now state when injection succeeds certain actual errors(bugs) were fixed: for example, build/release/roms now correctly prepares the blobs hash files for a given target, containing only the files and checksums in the list. Previously, a printf message was included. Now, with this new code: blobutil/inject rightly verifies hashes. doing all of this in one giant patch is cleaner than 100 patches changing each file. even this is yet part of a much larger audit going on in the Libreboot project. Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-08-24 19:19:41 +00:00
err "create_grub_config: sed failed: grubtest.cfg"
}
main $@