libreboot
/
lbmk
1
0
Fork 0
Code Packages Projects Releases Activity

vendor.sh: error out if nuking failed 

We already have code to handle this, but it's possible
that I might break it in the future, due to the complex
logic of this script.

So, I've implemented this catch-all check at the end of
the process. It still relies on the actual setting of
the variables, upon which this check is based, to be set
correctly.

This condition will most certainly never be met, unless
I break some other part of the code in the future. That
is precisely what this overly pedantic check is for.

Example scenarios:

I forget to set xchanged=y, on a new modification.

I set has_hashes erroneously.

The variables are re-used between runs, and not properly
reset; at present, a given run of ./mk inject only
operates on a single target, but this latter fact could
change in the future.

need_files is set erroneously; vendorfiles detected as
being required, when they aren't.

These are just a few examples. As such, this is a preventative
bug fix, because it's preventing a bug.

The main reason I want this i n here is because I need to ensure
that vendor files are properly deleted, for a given release.
If I accidentally includes ones that I'm not supposed to,
inside ROM images, that could be a big problem.

Signed-off-by: Leah Rowe <leah@libreboot.org>
20241206_branch
Leah Rowe 2025-01-04 19:24:53 +00:00
parent 8819a93d89
commit fc4ee88e16
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
include/vendor.sh
View File

@ -386,6 +386,23 @@ vendor_inject()
printf "WARNING! Vendorfiles *removed*. DO NOT FLASH.\n" 1>&2 \
&& printf "DO NOT flash images from '%s'\n" \
"$archive" 1>&2
#
# catch-all error handler, for libreboot release opsec:
#
# if vendor files defined, and a hash file was missing, that means
# a nuke must succeed, if specified. if no hashfile was present,
# that means vendorfiles had been injected, so a nuke must succeed.
# this check is here in case of future bugs in lbmk's handling
# of vendorfile deletions on release archives, which absolutely
# must always be 100% reliable, so paranoia is paramount:
#
if [ "$xchanged" != "y" ] && [ "$need_files" = "y" ] && \
[ "$nukemode" = "nuke" ] && [ "$has_hashes" != "y" ]; then
printf "FAILED NUKE: tarball '$archive', board '$board'\n" 1>&2
$err "Unhandled vendorfile deletion: DO NOT RELEASE TO RSYNC"
fi # of course, we assume that those variables are also set right
err="$_olderr"
return 0
}