also: the grub-mkstandalone command didn't have
a || at the end, even though it did specify an err
call. This has been corrected, so that the command
now defers to err() under fault conditions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This results in much cleaner copyright and license declarations.
SPDX headers are legally recognised and make auditing easier.
Also, remove descriptions of each script, from each script.
Libreboot documentation at docs/maintain/ describes them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, it's still possible to have a single
file at config/git/revisions, but this has been scrapped.
Instead, multiple files now exist under config/git/ with
the same modules declared, but the files are separated
logically. List of files under config/git:
* bios_extract
* biosutilities
* coreboot
* flashrom
* grub (gnulib also defined here)
* me_cleaner
* memtest86plus
* seabios
* serprog (multiple projects defined)
* u-boot
* uefitool
The rationale behind this change is simple: in the future,
we will stop relying on build systems within imported
projects for the import of git submodules. Instead, we
will handle them directly in lbmk.
Additionally, a Linux payload is planned for Libreboot, made
easier by the recent audit (script handle/make/config makes
it easy to integrate Linux, and handle cross-compilers for
userland utilities); a "linux" file under config/git/ could
also define rules for each project besides linux, such as
musl libc, busybox and other utilities.
Signed-off-by: Leah Rowe <leah@libreboot.org>
moved cmake files into a separate build directory.
this can just be deleted for the source release.
might as well use cmake for the actual build too.
that makes repeated builds faster for some reason.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
flashrom distclean resulted in zero status upon exit,
but did not remove the actual flashrom binary.
our logic was to run distclean and defer to clean;
now, we run clean and *then* run distclean, but we
do not throw an error if distclean fails. (we do
throw one if clean fails)
Signed-off-by: Leah Rowe <leah@libreboot.org>
the builds were being created within that srcdir,
because build/release/src runs lbmk commands within
it, and one of them is building (re-building) it.
there's no point addressing this, other than rm -Rf
Signed-off-by: Leah Rowe <leah@libreboot.org>
the main lbmk script already creates these files,
and these files are then copied by build/release/src
so we don't need to re-create them here
Signed-off-by: Leah Rowe <leah@libreboot.org>
previously, it was possible that the distclean or
crossgcc-clean modes were being executed on the same
project tree, needlessly. this patch fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these commands weren't being run at all, leading
to binaries (such as xgcc) not being removed, and
thus they were present in tested release archives.
this bug did not affect libreboot 20230625. it
appeared during my audit, post-20230625.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there were a few missing err calls
i actually went through all of lbmk and found no
instances where err calls were missing except in
build/boot/roms_helper
Signed-off-by: Leah Rowe <leah@libreboot.org>
if you copy a symlink, you create a whole new file with the
contents of what that symlink points to.
what we need to do instead is re-create the symlinks. this
is relevant for all symlinks to the main lbmk script, from
the main directory of lbmk.git.
this avoids there being multiple copies of the main lbmk
script, in release archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in some cases, messages that should be considered errors
or warnings, were being written to the standard output,
rather than written as error messages.
also: one or two printf statements should specifically
avoid printing errors (to any file); in these cases,
stdout has been redirected to /dev/null
Signed-off-by: Leah Rowe <leah@libreboot.org>
these scripts used to be in the main directory of
lbmk, and thus needed to check for root user, and
also git credentials. now they are called by the main
lbmk script, which also runs the same checks.
avoid waste of resources by not running the same
check twice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on e6400_4mb, the release build scripts remove nvidia's vga
rom which is used on dgpu models. however, microcode is also
removed in separately copied rom images
the inject script was inserting vgaroms directly into these
no-microcode roms, but the microcode blob is bigger than the
vga rom, and cbfstool inserts into the first available free
spot within cbfs, so it was inserting into the spot where
cpu microcode went. this caused the rom checksum to not match
what was generated during build/release/roms being executed
the only real fix is to guarantee offsets within cbfs for all
files, by recording what offsets were used and then calculating
that during insertion
so this patch is a workaround, but fixes the issue. the workaround
is: don't insert blobs directly on no-microcode roms, instead
insert only on microcode-based roms, then re-copy those roms
and remove microcode in aptly named copies
it's a bit more convoluted, but works perfectly fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Tested on a Nucleo-F042K6.
That has an onboard stlink:
`st-flash --format ihex write bin/serprog_stm32/serprog_nucleo-f042k6.hex`
The usb port used for flashing is separate, its is exposed on
the pin header instead. Check boards/nucleo-f042k6.h for usb pinout.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
where it is set to "both" (grub_scan_disk), inserting
scan.cfg is superfluous, because grub.cfg defaults to
both anyway, unless otherwise specified by scan.cfg,
and only if that file exists within cbfs.
thus, save a bit of build time (only a slight saving)
Signed-off-by: Leah Rowe <leah@libreboot.org>
target.cfg can now specify e.g.
grub_timeout=20
this would then be inserted as timeout.cfg in cbfs,
containing the instruction:
set timeout=20
HP laptops need a bit of extra time, due to the delay
caused by the EC bug workaround deployed in GRUB
desktops in general need extra time. this too is set to
10s, like the HP laptops.
only insert timeout.cfg if actually needed (declared in
target.cfg), otherwise grub.cfg will default to 5s
Signed-off-by: Leah Rowe <leah@libreboot.org>
My previous patch b0rked memtest and others because when making sure
their parent directory (the project root) exists, it would instead create
the project directory (memtest86lus). The later move would then put the
git repo inside that (memtest86plus/memtest86plus_123456).
We just need to make sure we don't create the target directory itself.
This way, there's no need to hardcode any project names.
Tested by ./updating rpi-pico-serprog, memtest86plus, grub and seabios.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
we are copying large numbers of ROM images, and the
host system may have /tmp under a tmpfs; that same
host system may or may not have a lot of memory.
respect the user's machine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we must conserve memory usage, in the event that the
user's /tmp is a tmpfs. copying of ROM images into
tmpfs is ill advised; we must copy them, due to how
the release process works (e.g. stripping of blobs,
but this must be done in a way so as to not interfere
with regular builds, thus they are copied instead)
Signed-off-by: Leah Rowe <leah@libreboot.org>
now under coreboot mainboards, target.cfg can specify
a background. if not specified, the 1280x800 one is
assumed, and used by default. it can be overridden.
the path should be relative to:
config/grub/background/
Signed-off-by: Leah Rowe <leah@libreboot.org>
explicitly set the count to 3, so that a maximum of 3
attemps are made per download, barring fatal errors such
as http 404.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the /tmp/ file system may be a tmpfs, with conservative
memory limits, depending on host system.
it's more likely that the user will have enough disk space
under tmp/ within lbmk (if they don't, they can't use
lbmk anyway). that is to say: more likely that they would
have the disk space, but not the memory.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Leah Rowe