the rom functions print a path to the rom they built,
which is then used, but these are called inside what
are essentially subshells, and we had no error handling
Signed-off-by: Leah Rowe <leah@libreboot.org>
cros roms are always using libgfxinit, with a coreboot
framebuffer, so the "normal" initmode is never used.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk used to set version/versiondate directly in
err.sh, but now it's handled there by a function,
which is called by the main script.
script/update/release hadn't yet been adapted. the
only change necessary is to call check_project()
script/update/trees also makes use of it
script/build/roms is using "projectname"
Signed-off-by: Leah Rowe <leah@libreboot.org>
when make-all is being executed on a coreboot tree,
the "./vendor download target" command is used, where
target is the tree/board name.
that script then checks whether cbfstool and ifdtool
are built, and if they're not, they then call
./update trees -b coreboot utils bla bla bla
in this scenario, project=coreboot and mode="", meaning
make-all, and the same check that checks whether the
vendor download script should be run, is executed,
which in turn then checks cbutils again
fix the infinite loop by checking whether it was coreboot
utils, as opposed to *firmware*, that is to be built, before
running ./vendor download
Signed-off-by: Leah Rowe <leah@libreboot.org>
the x_ function doesn't handle arguments with spaces
well, and this cd command is going to an asterisk, so
it's unknown what the resultant string will be.
Signed-off-by: Leah Rowe <leah@libreboot.org>
at present, lbmk can remove microcode updates on images for
a given target, if the target specifies
microcode_required="n" in target.cfg
lbmk then provides images with microcode, and images without,
in a given release. although the user can also remove them
manually, this just makes it a bit more convenient, for those
users who do wish to run without the updates. this functionality
is provided only on those platforms where no-microcode is tested.
well, this behaviour implements a compromise on libreboot policy,
which is to always include microcode updates by default. see:
Binary Blob Reduction Policy
the *canoeboot* project now exists, developed in parallel with
libreboot, and it ships without microcode updates, on the same
targets where lbmk also handled this.
running without microcode updates is foolish, and should not
be encouraged. clean up lbmk by not providing this kludge.
the libreboot documentation will be updated, telling such users
to try canoeboot instead, or to remove the update from a given
libreboot rom - this is still possible, and mitigations such as
PECI disablement on GM45 are still in place (and will be kept),
so that this continues to work well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the purpose of script/update/release is not to test the
build system, but to build release archives.
testing of lbmk is done during the course of development.
remove this bloat from the release script. we run the nuke
mode anyway, to scrub blobs from releases, which will more
or less test the logic in that script (the only difference
is that it runs e.g. ifdtool --nuke instead of -i).
Signed-off-by: Leah Rowe <leah@libreboot.org>
why are we distributing gcc at all?
the coreboot build system downloads it at build time,
and the GNU rsync mirrors aren't going anywhere.
simplify script/update/release by not handling gcc.
this means: release archives will no longer contain gcc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't handle "romtype" at all, in board target.cfg files
add /dev/null as pike2008 rom on amd boards. this serves
the same purpose, adding them as empty vga roms, to add
an empty rom in cbfs. pike2008 cards cause seabios to hang,
when their oproms are executed, so we insert a fake rom
on i945 thinkpads, use the coreboot config option:
CONFIG_INTEL_ADD_TOP_SWAP_BOOTBLOCK
when set, this enables the same bootblock copy, for use
with bucts. these two cases, namely pike2008 roms and
i945 bootblock copies, no longer need to be handled in code
Signed-off-by: Leah Rowe <leah@libreboot.org>
only call crossgcc for coreboot and u-boot, but use
hostcc for everything else. simplify the checking of
which architecture to compile for. "arch" in target.cfg
files has been modified, to allow further simplification.
without this patch, the logic currently only *barely* avoids
using crossgcc on things like utils, and only works in practise
because, in practise, lbmk only works on x86_64 anyway.
the new logic, as per this patch, is simpler and more robust.
Signed-off-by: Leah Rowe <leah@libreboot.org>
remove unnecessary "continue" command. it's written
at the end of a for loop, where it'll continue anyway
Signed-off-by: Leah Rowe <leah@libreboot.org>
all it did was set -v in the shell, which doesn't yield
very useful results. this is a relic of very old design
in the libreboot build system, that is no longer needed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk didn't quote certain arguments in commands, or
used ! -z instead of -n, things like that. simple fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of these are probably redundant, and will never
be called, but lbmk needs to be as safe as possible
under fault conditions. fail early, fail hard.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in cases where lbmk must always return from a function,
there are some cases where it relies on non-zero exit
status, which in practise is always the case, but may
change in the future if the relevant part is modified
e.g. do_something && return 0
the proper form is:
do_something
return 0
also do this for unconditional exits
Signed-off-by: Leah Rowe <leah@libreboot.org>
it didn't work in the past, but it does work nowadays;
specifically, it only worked with libgfxinit in the past,
but not on VGA ROMs.
now it does work on VGA ROMs, tested on e6400 and t1650 so
it was enabled there.
in this setup, a special image is provided where SeaBIOS is
the main payload, but it only loads GRUB; nothing else, every.
this is called SeaGRUB. this setup is useful in cases where
the user only has a GPU that lacks libgfxinit support.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when printing the name of the rom being created, it's
done before the check to rename based on vendorfiles
in target.cfg. this patch fixes that bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
note: me6_update_parser needs to be written, similar
to me7_update_parser, to generate the partition
tables within intel me6 on lenovo bios updates.
the current logic in lbmk goes like this:
mkdir -p vendorfiles/cache/
and save your factory dump as:
vendorfiles/cache/x201_factory.rom
the build system has been modified, in such a way
as to support extracting me.bin (which is the full
one) and then neutering from this.
this is done automatically, if the file is present,
but you must first insert that file there, which means
you'll need a dump of the original boot flash on your
thinkpad x201
Signed-off-by: Leah Rowe <leah@libreboot.org>
it wasn't being copied right
the roms under elf/ were being copied, but not the ones
under bin/ - i need to audit it further
for now, i run modify_coreboot_roms from build/roms
instead of update/trees
so, the ones under elf/ no longer have bootblocks copied.
it's only done in bin/
Signed-off-by: Leah Rowe <leah@libreboot.org>
when building only for u-boot, the current script
works just fine. however, when building for other
payloads in additional to u-boot, the final u-boot
stage fails because other payloads are already
inserted via cbfs.
when we build u-boot, we do that last because we want
u-boot setups to only be u-boot, nothing else.
this patch enables qemu x86 to build properly with
u-boot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
keymaps weren't being set in keymay.cfg of cbfs, due
to use of x_ in the rom script, and x_ doesn't handle
quotes or spaces in arguments well.
i'm going to remove use of x_ and xx_ (it's in my todo),
for next release.
for now, hot patch the release. i've gone through and
replaced use of x_ with || err, in some places.
not just the keymap.cfg command, but others too. in case
there are more issues we missed.
this commit is being tagged "20231021fix" and i'm using
this tag to re-build the 20231021 release. i'll just
replace the tarballs in rsync and add errata to the news
page announcing the release. all i did was break peoples
umlauts, i didn't brick their machines fortunately!
very minor bug. anyway, x_/xx_ is a great idea, but sh
isn't really designed for that style of programming. i'll
go back to using just || err in the next release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
clean it up after copying the tarballs
i really hate how this logic is written, it's clunky
but it should work; the only issue is that it's quite
slow, and inefficient on use of disk space.
however, i've not yet figured out how to reproducible
add files to a tarball, once the tarball has been created,
and i rely on sorting (of file names) when creating them.
it's really not a problem because normal people won't
use this script, only i or anyone who wants to test out
the libreboot release infrastructure. this script is
largely intended to *work*
but i'm still annoyed by how crappy it is. i'll fix it
after the Libreboot 20231021 release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
everything downloaded, then tarballed, then built,
now crossgcc is downloaded by coreboot.
now extract, copy crossgcc tarballs, re-compress.
TODO: simply add files to the archive, without re-
compressing the whole thing.
this is still more efficient than the old way: build
everything, then clean and compress, making another
build test on the release archive necessary; with this,
there is still only one build test per release.
with this, and the previous revisions dealing with
submodules, the source archives should now be complete.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in release archives, .git is excluded but the version
and versiondate files are included. from these, the
git history is re-created with the exact date (but not
taking into account timezone, at present).
in this way, lbmk will have git history in a release
archive. some build systems, like coreboot, prefer that
there be git history available, so this is a nice
workaround on those build systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
do it using find -exec
this is more robust, and it will never need to be
maintained over time (famous last words).
this is done because now we download submodules
for all git projects, so it's hard to predict.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when [] is used right at the end of a function, or
certain loops/subshells, some sh implementations will
just return a non-zero exit
Signed-off-by: Leah Rowe <leah@libreboot.org>
config/git has been re-arranged in a prior revision,
ensuring that each file only refers to a main source
tree defined within those files.
the erstwhile "./build clean all" functionality is now
once again possible in lbmk
Signed-off-by: Leah Rowe <leah@libreboot.org>
in some cases, use of x_ or xx_ can be error-prone,
due to the way $@ is handled; commands requiring
quotes, or with funny file names as arguments such
as spaces in the file name, or other special
characters, can make the x/xx functions break.
in those cases, where x/xx must not be used, the
commands use || err instead
in other cases, use of x/xx is superfluous, and has
been removed in some commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as opposed to the current 3-level structure.
recent build system simplifications have enabled
this change, thus:
./build fw coreboot -> ./build roms
./build fw grub -> ./build grub
./build fw serprog -> ./build serprog
./update project release -> ./update release
./update project trees -> ./update trees
./update vendor download -> ./vendor download
./update vendor inject -> ./vendor inject
alper criticised that the commands were too long,
so i made them shorter!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i forgot to include option.sh in this script,
during previous re-factoring. the cbfstoos variable
is now defined exclusively in option.sh, but other
scripts can set it to something else.
Signed-off-by: Leah Rowe <leah@libreboot.org>
move it all to other files where items are used, and not
used anywhere else. this reduces the size of vendor.sh.
also remove a few redundant variables, or variables that
are not meaningfully used.
a few items have been moved to include/option.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
they are the functions only used by the download
script, so they don't belong in vendor.sh
an include file should only contain variables and
functions used by multiple main scripts
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't really need a custom coreboot tree for Chromebooks. I had added
one, because at a cursory glance to the available config/coreboot/board
subdirectories I had the impression that I should. But upstreams have
one tree for every board and I think we should move towards that too.
Move the one important BL31 makefile patch into the default coreboot
patches, update the gru boards' configs by running savedefconfig in the
cros tree and then running olddefconfig in the default tree.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Add an "-s" flag for "make savedefconfig", "-l" for "make olddefconfig"
and "-n" for "make nconfig" to the update script. The first two are
mainly useful for U-Boot, to compare our configs to the upstream
defconfigs and stay in sync with any upstream changes. The latter is
because the ncurses one has a nice "Symbol Search" that can point out
the menu entry for a config symbol we know.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
The "u-boot.bin" file generated by U-Boot builds is a raw binary. When
adding payloads to a CBFS, we need to use ELF files with add-payload
or manually pass the entry point and load address of the payload binary
with add-flat-binary.
We primarily use the "u-boot.elf" which gets build with the REMAKE_ELF
option, as it also has the necessary device-tree binary that U-Boot
usually needs to work. When the option is not set (e.g. for QEMU), we
need to use the "u-boot" file which is an ELF.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
i wasn't getting the very first line of tar --version,
so it wasn't doing the check properly.
further sort the files by name within the tar archive.
for reliability, don't bother using versiondate anymore:
set a *fixed* date, and fixed timezone, to ensure
that it works reliably for reproducible tarball creation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This way, the handling of configs is unified into one
script, which reduces the possibility of bugs later,
and it reduces the repetition of code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use find and touch, to force all files, directories and
links to the desired timestamp (versiondate file)
Signed-off-by: Leah Rowe <leah@libreboot.org>
e.g. src/coreboot/coreboot must not appear in a release,
because we instead have directories like
src/coreboot/default or src/coreboot/cros
lbmk resets src/coreboot/coreboot to HEAD, but then resets
revisions properly in copies of it
therefore, for reproducibility, we must not include
src/coreboot/coreboot, src/u-boot/u-boot or
src/seabios/seabios into libreboot releases
Signed-off-by: Leah Rowe <leah@libreboot.org>
with --mtime, files added to the archive can be set
to a static date (in this case, the unix epoch)
the one used here is derived from git commit dates,
and it is static; if not being handled in lbmk.git,
the versiondate file never changes
this is the first patch in a series of patches designed
to bring about reproducible builds in libreboot
a solution will need to be found, for non-GNU tar
implementations, because they did not have an
equivalent option according to their manpages.
for example, BSD tar implementations.
perhaps i could systematically go around changing
file dates, on each file, as a fallback behaviour?
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, the src tarball is guaranteed to be clean.
the downside is that lbmk itself does not currently
handle crossgcc downloads, and there may be some
stragglers such as third party modules automatically
downloaded by certain codebases that libreboot uses.
this will have to be audited later (and it will be).
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's sometimes done unconditionally. this change
ensures that it is not repeated needlessly.
i observed otherwise that cbfstool would be
re-built from time to time, even if it was built.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Riku's mSATA patch for HP8300USDT was merged upstream, so the
patch has been dropped from lbmk because it is contained within
this new coreboot revision.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot closely matches upstream, whose current release
is version 1.2 from 2018, and coreboot has not changed it
in any meaningful way.
the upstream did add patches since, but they are documentation
patches only.
this means: we do not need to use the upstream version
Signed-off-by: Leah Rowe <leah@libreboot.org>
also rename elf/coreboot to something scary
some users were flashing roms built under elf/, which
lack payloads. lbmk builds no-payload roms (and payloads)
under elf/ then inserts them, creating full (flashable)
images under bin/
Signed-off-by: Leah Rowe <leah@libreboot.org>
some users reported build errors. technically, there's
nothing wrong with lbmk but it relies on hostcc, and
hostcc is hit or miss when it comes to cross compiling
32-bit, depending on the build system of whatever project.
lbmk needs to handle cross compilation. for now, i'm just
disabling memtest86plus on non-64-bit hosts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The logic has been re-written, where source archives are
concerned. This clones the current repository, and starts
a new build from scratch. A custom release directory is
possible, by passing -d
This eliminates a step during build-testing, saving hours
of time, because it builds the release archive *inside* the
release archive, with git files removed, thus replicating
the same setup that the user would have.
This also makes everything a bit more consistent, because
it's guaranteed that a release archive will always have
the same files; previously, the release build script would
only copy what was already built, without building anything.
Now, this script builds everything itself.
The script also builds serprog images, not just coreboot.
Usage:
./update project release
If -d is not passed, release/ is used inside lbmk.
Otherwise, you could do:
./update project release -d /path/to/directory
If the directory exists, this script will exit (error).
Other minor fixes: build/fw/coreboot: make version in
coreboot-version (file) not contain hyphens, to work
around a quirk in coreboot's build system when not building
on regular libreboot releases. this quirk only appears
when lbmk is not being compiled under git.
The other main benefit of this change is that the new
script will probably require a lot less maintenance.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the script used to be called once per target, now it
handles every target. the grub background image wasn't
being set, so if it changed at build time, it would
stay changed.
keep the default in place for each run, while still
allowing target.cfg files to change it per target.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Just one script.
Just one!
Well, two, but the 2nd one already existed:
logic in update/project/trees and
update/project/repo was merged into
include/git.sh and update/project/build
was renamed to update/project/trees; an -f
option was added, which calls the functions
under git.sh
so git clones are now handled by the main build
script (for handling makefiles and defconfigs)
but the logic there is a stub, where git.sh
does all the actual heavy lifting
this cuts the file count down by two, and reduces
sloccount a reasonable amount because much of
the logic already exists in the build script, when
it comes to handling targets. git.sh was adjusted
to integrate with this, rather than act standalone
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, if src/grub/ was already compiled, this
would not print anything on the screen. however, the
files will have been created under elf/grub
this message just makes lbmk a bit more user friendly
Signed-off-by: Leah Rowe <leah@libreboot.org>
The benefit now is that it can be cleaned. E.g.
./update project build -b coreboot utils
./update project build -b coreboot utils default
./update project build -c coreboot utils
./update project build -c coreboot utils default
the update/project/build script checks when arguments
are provided after the project name. if the first one
is "utils", then it acts in the same way as the old
build/coreboot/util script
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's buggy. "./build fw coreboot" was made to work,
but it caused lots of unknown issues when mixing other
args
the old way wasn't broken. now, once again, you must
pass the "all" argument. e.g.:
./build fw coreboot all
Also, the confirmation messages at the end are a bit
clearer, when listing which ROM images were compiled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the future, we may start downloading files that aren't
blobs, such as mxm port configs (on mainboards that use
MXM graphics)
this directory will contain all of those files
generally change the language used, across lbmk, to make
use of "vendorfile" instead of "blob"
Signed-off-by: Leah Rowe <leah@libreboot.org>
during the switch to src/ for all downloads, i
overlooked that the path check was hardcoded.
now the check for this binary is corrected.
Signed-off-by: Leah Rowe <leah@libreboot.org>
build/release/src was partly re-written to accomodate this
memtest86plus was patched to have a central Makefile, and
lbmk modified to use that, rather than mess with build32
and build64. the central Makefile just builds both targets
or cleans both targets
Signed-off-by: Leah Rowe <leah@libreboot.org>
return with error status if no images were compiled
if a rom image fails to compile, then it will also
exit with error status, but sometimes you can pass
argument "cros" or "default", and it would not give
you rom images due to no target.cfg files, but these
are also ignored because of that.
this restores the same behaviour that existed before,
for this final error check.
Signed-off-by: Leah Rowe <leah@libreboot.org>
for the first time ever, this is a single script.
with recent simplifications in how variables are
handled, and techniques i've developed during
auditing, it's now feasible design-wise for this
to be a single script, without a helper script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Previously, this script only checked for "Makefile",
but "makefile" is another valid name; additionally, if
GNU Make is used, "GNUmakefile" is an accepted default.
Signed-off-by: Leah Rowe <leah@libreboot.org>
There is no reason to err if no Makefile exists.
Just exit with zero status. This makes the following
command work:
./handle make file -c util/*
Within util/, there is me7 update parser which does
not have a makefile (it's a python script).
Signed-off-by: Leah Rowe <leah@libreboot.org>
The previous patch to the file was correct, except for
off by one at the end, resulting in no argument being
passed for project names.
Now the extra commands are run *before* handle_dependencies,
instead of running at the end of main. This prevents error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
At the end of the function, this script will now
run itself again if there are more arguments. This
enables the following:
./handle make file -c project1 project2 project3
Whereas previously, it could only do this:
./handle make file -c project1
Substitude -b and it's the same.
Signed-off-by: Leah Rowe <leah@libreboot.org>
some x_ calls are made that aren't needed. this is now
corrected. additionally, some x_ calls were being made
that are quite error-prone, like ones that use $PWD.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the one at the end of main is unnecessary, because
it's handled inside the for loop.
this file isn't used anywhere else, so it's OK.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as it turns out, i delete "seen" inside the for loop,
which is a more thorough way to do it.
thus, the first rm command is unnecessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
slight sloccount reduction. light renaming of
functions between the two scripts, placing more
logic in main() under include/boot.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
errors are not defined for mktemp, and the /tmp file
system should be assumed reliable.
if /tmp is *unreliable*, then this is not something that
lbmk either can or should fix; the user clearly has
bigger problems.
manpages for mktemp do not define errors. it is assumed
to be completely reliable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Instead of having detailed error messages, run most
commands through a function that calls err() under
fault conditions.
Where detail is still required, err() is still called
manually. Where it isn't, the error message is simply
whatever command was executed to cause the error.
This results in a massive sloccount reduction for lbmk;
specifically, 178 sloc reduction, or a 8.1% reduction.
The total sloccount is now 2022, for shell scripts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also: further reduce the number of arguments passed,
to certain functions as and when feasible, in cases
where those are global variables that never change.
the cbfstool argument in mkUbootRom wasn't even used.
that function was only using the global variable, which
again is only set once.
i also shortened a few messages, removed a few errant
line breaks and reduced sloccount by exactly 1 in main()
by re-arranging how the shift command is used.
it's mainly about shortening variable names, to then
reduce the number of line breaks, but it's a surgical
code size reduction in build/boot/roms.
Signed-off-by: Leah Rowe <leah@libreboot.org>
These are only ever initialised globally, and set once.
Other instances where they are set are only in cases
where they are passed as argument, at the start of
a function, so they are being *needlessly* re-set.
Set them only once and use them globally.
Signed-off-by: Leah Rowe <leah@libreboot.org>
-k, -p and -d let you set keymap, payload and displaymode
respectively, but the handling for this is buggy when
passing multiple arguments.
Support only one argument, for simplicity. This is how
people use them anyway, and it makes lbmk less buggy.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The *same* main() function is now used on both scripts.
However, merging both scripts together would be less efficient
on sloccount, and would be error-prone. The purpose of having
roms_helper is that the variables get re-initialised the same
way each time, for each board, automatically.
Signed-off-by: Leah Rowe <leah@libreboot.org>
If one of them doesn't exist, error out.
Previously, a build would start but then it would
error out later on. This implements the mentality:
fail early, fail hard
Signed-off-by: Leah Rowe <leah@libreboot.org>
e.g. -k ukqwerty
previously, this would not work:
./build boot roms -k ukqwerty all
only this would work:
./build boot roms all
this patch fixes the bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
update/blobs/download and update/project/repo both use
the same logic, for setting variables with awk and a
specially formatted configuration file.
unify this logic under include/option.sh, and use that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
mkdirs() should be in include/blobutil.sh, as should
extract_archive(), because that is primarily where
they are used.
script/update/blobs/download calls these functions
aswell, but it sources include/blobutil.sh so it's OK.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't use only wget. Some systems may only have curl.
The user can always install wget anyway, but why not
support both? I've added the right user agent string.
Signed-off-by: Leah Rowe <leah@libreboot.org>
They are only ever used by script/update/blobs/*, so
put them all in blobutil.sh. This cuts down on the
number of scripts in lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
mrc.bin is now handled by include/mrc.sh, adapted
from now-deleted script/update/blobs/mrc
much of the logic has been re-written or adapted for
inside script/update/blobs/download
mrc links/hashes now defined in config/blobs/sources
the new code is simpler (and smaller). in addition,
lbmk can now easily handle mrc.bin files for other
platforms such as broadwell. watch this space.
the full .zip download is now cached, like with other
vendor downloads. this means it won't be re-downloaded
if it was already downloaded before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
individual functions for downloading each archive have
been removed. instead, eval is used in fetch_update(),
which is now renamed to fetch().
Signed-off-by: Leah Rowe <leah@libreboot.org>
the called functions directly call err() under fault condition,
so this additional handling is redundant.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This script is incomplete, buggy and its use is ill advised.
This script can be re-added later, when more work is done.
The download and/or inject script is recommended.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use the variable names directly, as defined in defconfig.
do not hardcode the if/else chain in detect_firmware, use
eval instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
do not update them in project/repos - despite what
the previous commit message says, this behaviour is
error prone and should be avoided.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, lbmk now also updates submodules on
simple git clones, not just multi-tree clones.
This is OK, because git does not return non-zero status
when git submodule update is ran, where git submodules
are not actually defined.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This functionality has never been used, except in the
erstwhile osboot project, and even then only experimentally.
It was intended for use with coreboot's gerrit site, but
it became Libreboot project policy that this not be relied
upon, instead preferring to include patches directly within
lbmk. This functionality can be re-added, if necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also: the grub-mkstandalone command didn't have
a || at the end, even though it did specify an err
call. This has been corrected, so that the command
now defers to err() under fault conditions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This results in much cleaner copyright and license declarations.
SPDX headers are legally recognised and make auditing easier.
Also, remove descriptions of each script, from each script.
Libreboot documentation at docs/maintain/ describes them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, it's still possible to have a single
file at config/git/revisions, but this has been scrapped.
Instead, multiple files now exist under config/git/ with
the same modules declared, but the files are separated
logically. List of files under config/git:
* bios_extract
* biosutilities
* coreboot
* flashrom
* grub (gnulib also defined here)
* me_cleaner
* memtest86plus
* seabios
* serprog (multiple projects defined)
* u-boot
* uefitool
The rationale behind this change is simple: in the future,
we will stop relying on build systems within imported
projects for the import of git submodules. Instead, we
will handle them directly in lbmk.
Additionally, a Linux payload is planned for Libreboot, made
easier by the recent audit (script handle/make/config makes
it easy to integrate Linux, and handle cross-compilers for
userland utilities); a "linux" file under config/git/ could
also define rules for each project besides linux, such as
musl libc, busybox and other utilities.
Signed-off-by: Leah Rowe <leah@libreboot.org>
moved cmake files into a separate build directory.
this can just be deleted for the source release.
might as well use cmake for the actual build too.
that makes repeated builds faster for some reason.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
flashrom distclean resulted in zero status upon exit,
but did not remove the actual flashrom binary.
our logic was to run distclean and defer to clean;
now, we run clean and *then* run distclean, but we
do not throw an error if distclean fails. (we do
throw one if clean fails)
Signed-off-by: Leah Rowe <leah@libreboot.org>
the builds were being created within that srcdir,
because build/release/src runs lbmk commands within
it, and one of them is building (re-building) it.
there's no point addressing this, other than rm -Rf
Signed-off-by: Leah Rowe <leah@libreboot.org>
the main lbmk script already creates these files,
and these files are then copied by build/release/src
so we don't need to re-create them here
Signed-off-by: Leah Rowe <leah@libreboot.org>
previously, it was possible that the distclean or
crossgcc-clean modes were being executed on the same
project tree, needlessly. this patch fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these commands weren't being run at all, leading
to binaries (such as xgcc) not being removed, and
thus they were present in tested release archives.
this bug did not affect libreboot 20230625. it
appeared during my audit, post-20230625.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there were a few missing err calls
i actually went through all of lbmk and found no
instances where err calls were missing except in
build/boot/roms_helper
Signed-off-by: Leah Rowe <leah@libreboot.org>
if you copy a symlink, you create a whole new file with the
contents of what that symlink points to.
what we need to do instead is re-create the symlinks. this
is relevant for all symlinks to the main lbmk script, from
the main directory of lbmk.git.
this avoids there being multiple copies of the main lbmk
script, in release archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in some cases, messages that should be considered errors
or warnings, were being written to the standard output,
rather than written as error messages.
also: one or two printf statements should specifically
avoid printing errors (to any file); in these cases,
stdout has been redirected to /dev/null
Signed-off-by: Leah Rowe <leah@libreboot.org>
these scripts used to be in the main directory of
lbmk, and thus needed to check for root user, and
also git credentials. now they are called by the main
lbmk script, which also runs the same checks.
avoid waste of resources by not running the same
check twice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on e6400_4mb, the release build scripts remove nvidia's vga
rom which is used on dgpu models. however, microcode is also
removed in separately copied rom images
the inject script was inserting vgaroms directly into these
no-microcode roms, but the microcode blob is bigger than the
vga rom, and cbfstool inserts into the first available free
spot within cbfs, so it was inserting into the spot where
cpu microcode went. this caused the rom checksum to not match
what was generated during build/release/roms being executed
the only real fix is to guarantee offsets within cbfs for all
files, by recording what offsets were used and then calculating
that during insertion
so this patch is a workaround, but fixes the issue. the workaround
is: don't insert blobs directly on no-microcode roms, instead
insert only on microcode-based roms, then re-copy those roms
and remove microcode in aptly named copies
it's a bit more convoluted, but works perfectly fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Tested on a Nucleo-F042K6.
That has an onboard stlink:
`st-flash --format ihex write bin/serprog_stm32/serprog_nucleo-f042k6.hex`
The usb port used for flashing is separate, its is exposed on
the pin header instead. Check boards/nucleo-f042k6.h for usb pinout.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
where it is set to "both" (grub_scan_disk), inserting
scan.cfg is superfluous, because grub.cfg defaults to
both anyway, unless otherwise specified by scan.cfg,
and only if that file exists within cbfs.
thus, save a bit of build time (only a slight saving)
Signed-off-by: Leah Rowe <leah@libreboot.org>
target.cfg can now specify e.g.
grub_timeout=20
this would then be inserted as timeout.cfg in cbfs,
containing the instruction:
set timeout=20
HP laptops need a bit of extra time, due to the delay
caused by the EC bug workaround deployed in GRUB
desktops in general need extra time. this too is set to
10s, like the HP laptops.
only insert timeout.cfg if actually needed (declared in
target.cfg), otherwise grub.cfg will default to 5s
Signed-off-by: Leah Rowe <leah@libreboot.org>
My previous patch b0rked memtest and others because when making sure
their parent directory (the project root) exists, it would instead create
the project directory (memtest86lus). The later move would then put the
git repo inside that (memtest86plus/memtest86plus_123456).
We just need to make sure we don't create the target directory itself.
This way, there's no need to hardcode any project names.
Tested by ./updating rpi-pico-serprog, memtest86plus, grub and seabios.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
we are copying large numbers of ROM images, and the
host system may have /tmp under a tmpfs; that same
host system may or may not have a lot of memory.
respect the user's machine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we must conserve memory usage, in the event that the
user's /tmp is a tmpfs. copying of ROM images into
tmpfs is ill advised; we must copy them, due to how
the release process works (e.g. stripping of blobs,
but this must be done in a way so as to not interfere
with regular builds, thus they are copied instead)
Signed-off-by: Leah Rowe <leah@libreboot.org>
now under coreboot mainboards, target.cfg can specify
a background. if not specified, the 1280x800 one is
assumed, and used by default. it can be overridden.
the path should be relative to:
config/grub/background/
Signed-off-by: Leah Rowe <leah@libreboot.org>
explicitly set the count to 3, so that a maximum of 3
attemps are made per download, barring fatal errors such
as http 404.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the /tmp/ file system may be a tmpfs, with conservative
memory limits, depending on host system.
it's more likely that the user will have enough disk space
under tmp/ within lbmk (if they don't, they can't use
lbmk anyway). that is to say: more likely that they would
have the disk space, but not the memory.
Signed-off-by: Leah Rowe <leah@libreboot.org>
check based on whether defconfigs are available, which
are used extensively, rather than checking based on
whether target.cfg is available, which is not used
Signed-off-by: Leah Rowe <leah@libreboot.org>
also: only return zero status if rom images were succesfully
built, and print a list of each rom image directory based on
what was actually compiled, rather than just saying that the
rom images are stored under bin/
Signed-off-by: Leah Rowe <leah@libreboot.org>
the handling of target.cfg is *not* required, in
this script. other mechanisms are also used for
error checking. this script only uses defconfigs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
they weren't even handled at all, but they were referenced
under coreboot configuration
they don't need to be handled. lbmk simply includes these files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it doesn't really make sense for them to be under
blobs/ - nominally, they are blobs, but they are
well-understood data files containing config data,
that is easily parsed by tools like ich9show or
ifdtool (and tools like bincfg or nvmutil)
blobs/ has been re-purposed: this directory no longer
exists in lbmk, but it is created (and on .gitignore)
when needed, by blobutil
thus, the blobs/ directory shall only contain vendor
files, and only those files that libreboot scrubs from
releases. therefore, build/release/src can (and has
been) simplified; it currently copies just the ifd and
gbe files from blobs/, selectively, and this logic is
quite error prone, requiring maintenance. now, the
build/release/src script simply copies config/ (which
only ever contains distributable files) and entirely
ignores the blobs/ directory
the blob download script already creates the required
directory, except for the sch5545 download; this is
now fixed
lbmk code size is slightly smaller, due to this patch
Signed-off-by: Leah Rowe <leah@libreboot.org>
This cuts down on build time, and it will allow libreboot
to remove large chunks of code.
these ifd/gbe configs are just binary-encoded config files,
in a format well-understood. they can easily be opened up
and displayed, using ich9show or ifdtool, and manipulated
by these tools; bincfg can generate them from scratch, and
nvmutil can change mac addresses, for example.
so, do this and remove from lbmk the following:
* ich9utils (which contains ich9gen) - not needed anymore
* code in lbmk for handling ich9gen and insertions; the
coreboot build system is now used, for this same purpose,
so remove such code from lbmk
this results in a massive code size reduction (thousands of
lines) in lbmk; smaller when only looking at the build
system, but much larger when you consider that ich9utils
is also removed (about 3k sloc)
Signed-off-by: Leah Rowe <leah@libreboot.org>
a follow-up patch will make use of these, rather than ich9gen,
and ich9gen will be deleted.
these files were in fact generated *by* ich9gen.
coreboot has ifdtool and bincfg, the latter of which can
generate both ifd and gbe files for ich9m. that, and nvmutil
which is part of libreboot, can change gbe mac addresses.
i was going to replace ich9gen with a script that would run
bincfg, ifdtool and nvmutil, to greatly reduce code size,
because ich9gen is about 3k sloc.
however, in practise we would always generate the same ifd
config, and basically only change the mac address if that's
what the user wants; nvmutil can already do that just fine.
so, just include the binaries directly.
Signed-off-by: Leah Rowe <leah@libreboot.org>