as opposed to the current 3-level structure.
recent build system simplifications have enabled
this change, thus:
./build fw coreboot -> ./build roms
./build fw grub -> ./build grub
./build fw serprog -> ./build serprog
./update project release -> ./update release
./update project trees -> ./update trees
./update vendor download -> ./vendor download
./update vendor inject -> ./vendor inject
alper criticised that the commands were too long,
so i made them shorter!
Signed-off-by: Leah Rowe <leah@libreboot.org>
i forgot to include option.sh in this script,
during previous re-factoring. the cbfstoos variable
is now defined exclusively in option.sh, but other
scripts can set it to something else.
Signed-off-by: Leah Rowe <leah@libreboot.org>
move it all to other files where items are used, and not
used anywhere else. this reduces the size of vendor.sh.
also remove a few redundant variables, or variables that
are not meaningfully used.
a few items have been moved to include/option.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
they are the functions only used by the download
script, so they don't belong in vendor.sh
an include file should only contain variables and
functions used by multiple main scripts
Signed-off-by: Leah Rowe <leah@libreboot.org>
We don't really need a custom coreboot tree for Chromebooks. I had added
one, because at a cursory glance to the available config/coreboot/board
subdirectories I had the impression that I should. But upstreams have
one tree for every board and I think we should move towards that too.
Move the one important BL31 makefile patch into the default coreboot
patches, update the gru boards' configs by running savedefconfig in the
cros tree and then running olddefconfig in the default tree.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Add an "-s" flag for "make savedefconfig", "-l" for "make olddefconfig"
and "-n" for "make nconfig" to the update script. The first two are
mainly useful for U-Boot, to compare our configs to the upstream
defconfigs and stay in sync with any upstream changes. The latter is
because the ncurses one has a nice "Symbol Search" that can point out
the menu entry for a config symbol we know.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
i wasn't getting the very first line of tar --version,
so it wasn't doing the check properly.
further sort the files by name within the tar archive.
for reliability, don't bother using versiondate anymore:
set a *fixed* date, and fixed timezone, to ensure
that it works reliably for reproducible tarball creation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This way, the handling of configs is unified into one
script, which reduces the possibility of bugs later,
and it reduces the repetition of code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use find and touch, to force all files, directories and
links to the desired timestamp (versiondate file)
Signed-off-by: Leah Rowe <leah@libreboot.org>
e.g. src/coreboot/coreboot must not appear in a release,
because we instead have directories like
src/coreboot/default or src/coreboot/cros
lbmk resets src/coreboot/coreboot to HEAD, but then resets
revisions properly in copies of it
therefore, for reproducibility, we must not include
src/coreboot/coreboot, src/u-boot/u-boot or
src/seabios/seabios into libreboot releases
Signed-off-by: Leah Rowe <leah@libreboot.org>
with --mtime, files added to the archive can be set
to a static date (in this case, the unix epoch)
the one used here is derived from git commit dates,
and it is static; if not being handled in lbmk.git,
the versiondate file never changes
this is the first patch in a series of patches designed
to bring about reproducible builds in libreboot
a solution will need to be found, for non-GNU tar
implementations, because they did not have an
equivalent option according to their manpages.
for example, BSD tar implementations.
perhaps i could systematically go around changing
file dates, on each file, as a fallback behaviour?
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, the src tarball is guaranteed to be clean.
the downside is that lbmk itself does not currently
handle crossgcc downloads, and there may be some
stragglers such as third party modules automatically
downloaded by certain codebases that libreboot uses.
this will have to be audited later (and it will be).
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's sometimes done unconditionally. this change
ensures that it is not repeated needlessly.
i observed otherwise that cbfstool would be
re-built from time to time, even if it was built.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Riku's mSATA patch for HP8300USDT was merged upstream, so the
patch has been dropped from lbmk because it is contained within
this new coreboot revision.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot closely matches upstream, whose current release
is version 1.2 from 2018, and coreboot has not changed it
in any meaningful way.
the upstream did add patches since, but they are documentation
patches only.
this means: we do not need to use the upstream version
Signed-off-by: Leah Rowe <leah@libreboot.org>
also rename elf/coreboot to something scary
some users were flashing roms built under elf/, which
lack payloads. lbmk builds no-payload roms (and payloads)
under elf/ then inserts them, creating full (flashable)
images under bin/
Signed-off-by: Leah Rowe <leah@libreboot.org>
The logic has been re-written, where source archives are
concerned. This clones the current repository, and starts
a new build from scratch. A custom release directory is
possible, by passing -d
This eliminates a step during build-testing, saving hours
of time, because it builds the release archive *inside* the
release archive, with git files removed, thus replicating
the same setup that the user would have.
This also makes everything a bit more consistent, because
it's guaranteed that a release archive will always have
the same files; previously, the release build script would
only copy what was already built, without building anything.
Now, this script builds everything itself.
The script also builds serprog images, not just coreboot.
Usage:
./update project release
If -d is not passed, release/ is used inside lbmk.
Otherwise, you could do:
./update project release -d /path/to/directory
If the directory exists, this script will exit (error).
Other minor fixes: build/fw/coreboot: make version in
coreboot-version (file) not contain hyphens, to work
around a quirk in coreboot's build system when not building
on regular libreboot releases. this quirk only appears
when lbmk is not being compiled under git.
The other main benefit of this change is that the new
script will probably require a lot less maintenance.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Just one script.
Just one!
Well, two, but the 2nd one already existed:
logic in update/project/trees and
update/project/repo was merged into
include/git.sh and update/project/build
was renamed to update/project/trees; an -f
option was added, which calls the functions
under git.sh
so git clones are now handled by the main build
script (for handling makefiles and defconfigs)
but the logic there is a stub, where git.sh
does all the actual heavy lifting
this cuts the file count down by two, and reduces
sloccount a reasonable amount because much of
the logic already exists in the build script, when
it comes to handling targets. git.sh was adjusted
to integrate with this, rather than act standalone
Signed-off-by: Leah Rowe <leah@libreboot.org>
The benefit now is that it can be cleaned. E.g.
./update project build -b coreboot utils
./update project build -b coreboot utils default
./update project build -c coreboot utils
./update project build -c coreboot utils default
the update/project/build script checks when arguments
are provided after the project name. if the first one
is "utils", then it acts in the same way as the old
build/coreboot/util script
Signed-off-by: Leah Rowe <leah@libreboot.org>
in the future, we may start downloading files that aren't
blobs, such as mxm port configs (on mainboards that use
MXM graphics)
this directory will contain all of those files
generally change the language used, across lbmk, to make
use of "vendorfile" instead of "blob"
Signed-off-by: Leah Rowe <leah@libreboot.org>
during the switch to src/ for all downloads, i
overlooked that the path check was hardcoded.
now the check for this binary is corrected.
Signed-off-by: Leah Rowe <leah@libreboot.org>
build/release/src was partly re-written to accomodate this
memtest86plus was patched to have a central Makefile, and
lbmk modified to use that, rather than mess with build32
and build64. the central Makefile just builds both targets
or cleans both targets
Signed-off-by: Leah Rowe <leah@libreboot.org>
some x_ calls are made that aren't needed. this is now
corrected. additionally, some x_ calls were being made
that are quite error-prone, like ones that use $PWD.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the one at the end of main is unnecessary, because
it's handled inside the for loop.
this file isn't used anywhere else, so it's OK.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as it turns out, i delete "seen" inside the for loop,
which is a more thorough way to do it.
thus, the first rm command is unnecessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Instead of having detailed error messages, run most
commands through a function that calls err() under
fault conditions.
Where detail is still required, err() is still called
manually. Where it isn't, the error message is simply
whatever command was executed to cause the error.
This results in a massive sloccount reduction for lbmk;
specifically, 178 sloc reduction, or a 8.1% reduction.
The total sloccount is now 2022, for shell scripts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
update/blobs/download and update/project/repo both use
the same logic, for setting variables with awk and a
specially formatted configuration file.
unify this logic under include/option.sh, and use that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
mkdirs() should be in include/blobutil.sh, as should
extract_archive(), because that is primarily where
they are used.
script/update/blobs/download calls these functions
aswell, but it sources include/blobutil.sh so it's OK.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't use only wget. Some systems may only have curl.
The user can always install wget anyway, but why not
support both? I've added the right user agent string.
Signed-off-by: Leah Rowe <leah@libreboot.org>
They are only ever used by script/update/blobs/*, so
put them all in blobutil.sh. This cuts down on the
number of scripts in lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
mrc.bin is now handled by include/mrc.sh, adapted
from now-deleted script/update/blobs/mrc
much of the logic has been re-written or adapted for
inside script/update/blobs/download
mrc links/hashes now defined in config/blobs/sources
the new code is simpler (and smaller). in addition,
lbmk can now easily handle mrc.bin files for other
platforms such as broadwell. watch this space.
the full .zip download is now cached, like with other
vendor downloads. this means it won't be re-downloaded
if it was already downloaded before.
Signed-off-by: Leah Rowe <leah@libreboot.org>
individual functions for downloading each archive have
been removed. instead, eval is used in fetch_update(),
which is now renamed to fetch().
Signed-off-by: Leah Rowe <leah@libreboot.org>
the called functions directly call err() under fault condition,
so this additional handling is redundant.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This script is incomplete, buggy and its use is ill advised.
This script can be re-added later, when more work is done.
The download and/or inject script is recommended.
Signed-off-by: Leah Rowe <leah@libreboot.org>
use the variable names directly, as defined in defconfig.
do not hardcode the if/else chain in detect_firmware, use
eval instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
do not update them in project/repos - despite what
the previous commit message says, this behaviour is
error prone and should be avoided.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, lbmk now also updates submodules on
simple git clones, not just multi-tree clones.
This is OK, because git does not return non-zero status
when git submodule update is ran, where git submodules
are not actually defined.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This functionality has never been used, except in the
erstwhile osboot project, and even then only experimentally.
It was intended for use with coreboot's gerrit site, but
it became Libreboot project policy that this not be relied
upon, instead preferring to include patches directly within
lbmk. This functionality can be re-added, if necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This results in much cleaner copyright and license declarations.
SPDX headers are legally recognised and make auditing easier.
Also, remove descriptions of each script, from each script.
Libreboot documentation at docs/maintain/ describes them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
With this change, it's still possible to have a single
file at config/git/revisions, but this has been scrapped.
Instead, multiple files now exist under config/git/ with
the same modules declared, but the files are separated
logically. List of files under config/git:
* bios_extract
* biosutilities
* coreboot
* flashrom
* grub (gnulib also defined here)
* me_cleaner
* memtest86plus
* seabios
* serprog (multiple projects defined)
* u-boot
* uefitool
The rationale behind this change is simple: in the future,
we will stop relying on build systems within imported
projects for the import of git submodules. Instead, we
will handle them directly in lbmk.
Additionally, a Linux payload is planned for Libreboot, made
easier by the recent audit (script handle/make/config makes
it easy to integrate Linux, and handle cross-compilers for
userland utilities); a "linux" file under config/git/ could
also define rules for each project besides linux, such as
musl libc, busybox and other utilities.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there were a few missing err calls
i actually went through all of lbmk and found no
instances where err calls were missing except in
build/boot/roms_helper
Signed-off-by: Leah Rowe <leah@libreboot.org>
in some cases, messages that should be considered errors
or warnings, were being written to the standard output,
rather than written as error messages.
also: one or two printf statements should specifically
avoid printing errors (to any file); in these cases,
stdout has been redirected to /dev/null
Signed-off-by: Leah Rowe <leah@libreboot.org>
these scripts used to be in the main directory of
lbmk, and thus needed to check for root user, and
also git credentials. now they are called by the main
lbmk script, which also runs the same checks.
avoid waste of resources by not running the same
check twice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on e6400_4mb, the release build scripts remove nvidia's vga
rom which is used on dgpu models. however, microcode is also
removed in separately copied rom images
the inject script was inserting vgaroms directly into these
no-microcode roms, but the microcode blob is bigger than the
vga rom, and cbfstool inserts into the first available free
spot within cbfs, so it was inserting into the spot where
cpu microcode went. this caused the rom checksum to not match
what was generated during build/release/roms being executed
the only real fix is to guarantee offsets within cbfs for all
files, by recording what offsets were used and then calculating
that during insertion
so this patch is a workaround, but fixes the issue. the workaround
is: don't insert blobs directly on no-microcode roms, instead
insert only on microcode-based roms, then re-copy those roms
and remove microcode in aptly named copies
it's a bit more convoluted, but works perfectly fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org>