Commit Graph

509 Commits (789631ccb822560281c5b52f849b54e80bf92467)

Author SHA1 Message Date
Leah Rowe 789631ccb8 trees, multi: download bare project *before* trees
when downloading multi-tree projects, the rev can be reset
to HEAD instead of the actual rev for a given target. this
occurs when the bare repo (e.g. src/coreboot/coreboot) does
not exist and has to be downloaded first.

bare repository downloading does not rely on target.cfg, in
this context, only pkg.cfg, but it uses the same variable
names (e.g. "rev").

instead of using a separate variable name, thus increasing
code complexity (which is the exact opposite of what i want
to do), do the bare repository download first.

this means that the git.sh script is much cleaner now, for
multi-tree projects, in that it *only* copies the bare repo
then runs git_prep; in that context, the bare repo is cloned
directly by calling the relevant function from script/trees,
which is the same behaviour as when cloning single-tree
project sources.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-30 00:40:30 +01:00
Leah Rowe a5e724e51e trees: unified multi-tree configuration handling
the same function that loads configurations for single-tree
projects has been merged with the function for multi-tree
configs in git.sh, and that functionality has been removed
from git.sh; now it is all unified in the trees script.

as the saying goes: write one program to do one thing well.

the purpose of git.sh is to download source code, but not
to handle configuration files; the latter is meant to be
handled by the trees script, which then calls into git.sh
before running the build logic for that given project.

additionally: the "seen" files are no longer handled, at all.
the logic there was added ages ago, because at the time, i was
considering whether to separate configuration into a new
repository, so that users could more easily make their own
configuration, so it was a guard against misconfiguration.
however, that decision was canceled and we're always very
careful not to introduce a loop; if a loop does occur, the
worst that can possibly happen is you waste some CPU cycles.

Instead, print (on standard output) what config file is being
used, so the operator can see when an infinite loop occurs.

ALSO:

remove _setcfgarg in load_project_config()

it was used to skip when a target.cfg file didn't exist,
specifically on single-tree projects, but this is now
handled using -f instead, on the while loop inside that
function, so _setcfgarg is now a redundant variable.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-30 00:02:03 +01:00
Leah Rowe cfc9f62ffe trees: unified handling of source downloads
run it from load_project_config()

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29 22:25:54 +01:00
Leah Rowe 7bf2835207 git.sh: rename Fetch_project_trees fetch_targets
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29 19:59:16 +01:00
Leah Rowe e0c244f37b git.sh: rename fetch_project_repo to fetch_project
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29 19:58:03 +01:00
Leah Rowe 02f7417952 trees: better skip-clean string in handle_src_tree
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29 19:47:25 +01:00
Leah Rowe f7ec42d379 trees: add return to check_coreboot_utils()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29 19:46:07 +01:00
Leah Rowe 8d02adfbb5 trees: simplify "utilmode" variable initialisation
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29 19:44:47 +01:00
Leah Rowe fbe36b01ac trees mkpayload_grub: remove unnecessary check
these variables are initialised empty, then populated
by reading a configuration file.

it may be that in some cases, we want these variables
to be empty. besides that, the "setcfg" command before
it will throw an error if the module file is missing,
and it is assumed that the variables would be set there.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-29 18:39:25 +01:00
Leah Rowe 3f37c3788b tidy up some setvars lists
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28 15:02:11 +01:00
Leah Rowe ed3cce84bc roms: explicitly shift by 1 on the "all" target
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28 14:57:07 +01:00
Leah Rowe 359d00bd56 roms: add return value for the list command
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28 14:56:30 +01:00
Leah Rowe 3f540e7565 roms: build u-boot *before* checking ubootelf
the current check is flawed, because if u-boot doesn't
exist, but a given build would be the file verified by
the first check, the check would still fail even after
then building u-boot.

building it first will make this check pass, under such
a condition.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28 14:52:08 +01:00
Leah Rowe afc0030682 remove more unnecessary checks on trees commands
the trees script already performs these checks

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-28 14:51:32 +01:00
Leah Rowe 136787185d trees: don't hardcode use of mkpayload_grub
instead, make it a helper function, defined in target.cfg

this means that we can also do the same with other projects
in the future, and it is expected that we will have to.

these helper functions are used in cases where we want
additional actions to be performed.

actually, the helper could be anything. for example, you
could write:

mkhelper="./build foo bar"

and it would do that (at the point of execution, PWD
is the root directory of the build system)

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 16:51:48 +01:00
Leah Rowe c59fbb3651 trees: simplify single/multi handling in main()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 16:43:35 +01:00
Leah Rowe 902b98d1ac trees: rename build_projects to build_project
the script used to support building multiple single-tree
projects, but this behaviour was buggy and unused, so it
was removed.

rename the build_projects variable accordingly.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 16:41:23 +01:00
Leah Rowe e1e04aa80d trees: err if target.cfg not given if multi-tree
it was always by design that an error should occur, if a
target.cfg file does not exist on multi-tree projects,
but we previously did not support target.cfg files on
single-tree projects.

single-tree target.cfg support was later added, and it was
done by making target.cfg optional there, but i accidentally
made it optional on multi-tree projects.

in practise, all multi-tree projects included target.cfg,
but this was not being enforced in code.

this patch should fix the issue.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 16:38:49 +01:00
Leah Rowe 93ff80d96d trees: set btype if target.cfg doesn't exist
set it to "auto", because otherwise it'll be unset,
which means that kconfig type is assumed.

the build system is designed in such a way that multi-tree
is assumed, if the target build system uses kconfig files.

target.cfg is optional on single-tree but not multi-tree,
so it's ok to set something here.

basically, kconfig-type projects will never be single-tree.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 16:33:30 +01:00
Leah Rowe 119cebc4d8 roms: remove unnecessary assignment to cbdir
cbdir isn't used in this script

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 16:10:09 +01:00
Leah Rowe 7a15ba18cb trees: avoid kconfig make commands generically
don't hardcode the check based on whether the current
project is grub. instead, define "btype" in target.cfg

if unset, we assume kconfig and permit kconfig commands
e.g. make menuconfig, make silentoldconfig, etc

this is to avoid the deadliest of sins:
project-specific hacks

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 15:55:56 +01:00
Leah Rowe 144b3c93a4 trees: condense elfcheck() a bit
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 14:05:19 +01:00
Leah Rowe ffdecb0ce1 trees: shorten the final confirmation message
must stay below 80 characters per line

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 03:36:32 +01:00
Leah Rowe fac74cd60a lib.sh: simplified TMPDIR handling
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 03:18:23 +01:00
Leah Rowe 19bc5845a6 trees: remove redundant space in printf
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 02:45:11 +01:00
Leah Rowe 9154ba5b85 trees: explicitly err if OPTARG is not set
we currently rely on -e to make this happen

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 02:44:01 +01:00
Leah Rowe f383b1ad70 trees: only permit one single-tree project
the current logic for handling multiple single-tree projects
is quite error-prone, and uses recursion.

since we don't actually use it this way, remove that feature.

the most correct way to do it is with a for loop.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 02:42:59 +01:00
Leah Rowe a64e2db589 trees: call err if multiple flags are provided
this script is designed to only run a single flag.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 02:33:45 +01:00
Leah Rowe 0e97e98fe1 trees: explicitly set mode for -b
doing nothing means that if a flag is passed, and then
another flag overriding it, the resulting action will
not be correct; only one flag should be provided anyway,
but some users may feel a bit more adventurous.

mitigate it.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 02:31:54 +01:00
Leah Rowe 7f7b640d3a roms: re-add compression of coreboot images
i accidentally removed this feature, during prior cleanup.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-27 02:05:29 +01:00
Leah Rowe 1ab9189cbd roms: build coreboot *after* checking variables
otherwise, release=n is ignored and an image is built in
the elf/ directory, even if it's still skipped for bin/

avoid doing unnecessary work per-release by checking the
variables before building coreboot via script/trees

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25 09:54:22 +01:00
Leah Rowe 4e48fa808e lib.sh: simplify use of environment variables
don't have a separate variable for them.

just export them directly and use them directly.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-25 00:12:18 +01:00
Leah Rowe b4fb251008 roms main(): confirm what serprog images are built
just like we do for coreboot images, do it for serprog.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 18:39:53 +01:00
Leah Rowe 5e2308ce05 roms: remove unused variable name
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 18:35:32 +01:00
Leah Rowe 2960abd008 roms: remove redundant printf
we don't need this message here, because the final confirmation
at the end of main() says which targets were built. saying what
individual rom images were built is just needless bloat,
especially with the new simplified lbmk design; we no longer
provide lots of rom images with different keymaps, because we
now expect the user to insert a gkb file themselves with cbfstool.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 18:32:18 +01:00
Leah Rowe c661eca6b9 roms: optimise u-boot elf check
because we use crossgcc here, blindly running trees -f
means needlessly re-running buildgcc, which then checks
for gcc binaries, even though we already know that the
u-boot binary exists. skip this check if u-boot exists.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 18:30:48 +01:00
Leah Rowe 8af9f904c4 roms: simplify build_roms()
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 18:24:50 +01:00
Leah Rowe c9f26dbc94 roms: make the bin/elf message more polite
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 17:42:58 +01:00
Leah Rowe 9484eda5a7 roms: re-add final confirmation of targets
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 17:41:43 +01:00
Leah Rowe 2b7df7ab2c roms: rename functions for extra clarity
the names of these functions do not match their true
intent. fix that by renaming them appropriately.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 17:35:44 +01:00
Leah Rowe 6753222d0e roms: build coreboot early to avoid duplicate work
we're building it per coreboot configuration file, rather
than per-target; the latter is more appropriate, and saves
on compilation time.

do it per-target.cfg, not per coreboot configuration.

this works because the trees script compiles all images
per target, for each given coreboot configuration within
that target, e.g. libgfxinit _corebootfb and _txtmode.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 17:28:25 +01:00
Leah Rowe 19e7c1eabb trees: try xgcc build twice if first attempt fails
sometimes buildgcc just fails for like no reason. we had this
the other day and another fix was made to the trees script, to
mitigate; the user ran it again and buildgcc worked just fine.

run it twice, and then call err only if the second one fails.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-24 14:23:56 +01:00
Leah Rowe 6468bdb3aa trees: don't check if xgcc is already built
just run the make crossgcc command anyway.
coreboot's own build system checks itself, and much
more reliably, but the check is more thorough and a bit
slower.

in rare cases, lbmk may come into build issues with xgcc,
and if you run the build again, it will always fail every
time because the checks is based on whether the xgcc
directory exists, rather than checking each
individual crossgcc binary.

checking every binary is also possible, but as i said,
the coreboot build system already does that, so let's defer
to coreboot's own handling of it.

remove the directory check. this will slow down the build
process a little bit, but should improve reliability under
fault conditions.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-23 17:24:28 +01:00
Leah Rowe 0158a08111 roms: general code cleanup
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-23 01:10:11 +01:00
Leah Rowe e67cd17164 roms: only support SeaBIOS/SeaGRUB on x86
Never, ever build images where GRUB is the primary payload.

These options have been removed from target.cfg handling:

* seabios_withgrub
* grub_withseabios

The "payload_grub" variable now does the same thing as
the old "seabios_withgrub" variable, if set.

The "grubonly" configuration is retained, and enabled by
default when SeaGRUB is enabled (non-grubonly also available).

Due to lbmk issue #216, it is no longer Libreboot policy to
make GRUB the primary payload on any board. GRUB's sheer size
and complexity, plus the large number of memory corruption issues
similar to it that *have* been fixed over the years, tells me
that GRUB is a liability when it is the primary payload.

SeaBIOS is a much safer payload to run as primary, on x86, due
to its smaller size and much more conservative development; it
is simply far less likely to break.

If GRUB breaks in the future, the user's machine is not
bricked. This is because SeaBIOS is the default payload.

Since I no longer wish to ever provide GRUB as a primary
payload, supporting it in lbmk adds needless bloat that
will later probably break anyway due to lack of testing,
so let's just assume SeaGRUB in all cases where the user
wants to use a GRUB payload.

You can mitigate potential security issues with SeaBIOS
by disabling option ROM execution, which can be done at
runtime by inserting integers into CBFS. The SeaBIOS
documentation says how to do this.

Libreboot's GRUB hardening guide still says how to add
a bootorder file in CBFS, making SeaBIOS only load GRUB
from CBFS, and nothing else. This, combined with the
disablement of option ROM execution (if using Intel
graphics), pretty much provides the same security benefits
as GRUB-as-primary, for example when setting a GRUB password
and GPG checks, with encrypted /boot as in the hardening guide.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 22:57:39 +01:00
Leah Rowe 71137b12b4 roms: remove support for "grubonly" seabios
due to lbmk issue #216, it is now unwise to use grub as the
primary payload on any machine; the sheer complexity of grub
and the number of memory corruption bugs that have been fixed
due to auditing over the years, means more such bugs exist.

we now provide seabios as the primary payload on all x86 ports,
but provide a "grubfirst" configuration where a bootorder file
in seabios can be added via cbfs, which tells seabios to load
grub from cbfs first, while still allowing use of the boot select
menu by pressing esc in seabios.

well, the "grubonly" option also disables the seabios esc menu,
so that *only* grub runs. there is no point in using this unless
you want to harden your setup, for example if you want to set up
encrypted /boot and boot that from grub, and have a grub password
disallowing unauthorised bootup of your machine.

see grub hardening guide;
https://libreboot.org/docs/linux/grub_hardening.html

at least as of today, 22 June 2024, that page already says
how to manually disable the seabios menu in the same way, if that
is the setup you want. alternatively, a user may be wily
enough to edit target.cfg for their board and compile a rom
that only has the grub payload in it, if that is what the user
wishes to do.

regardless, the default configurations provided by lbmk must never
be unsafe, norc should the build system support such unsafe
settings;

yes, grub as primary payload is technically still supported in
lbmk. actually, at the time of this revision, i have half a mind
to remove that functionality altogether, so that only seabios is
allowed as primary payload, when compiling a rom image that also
has grub, chainloading grub from the seabios menu instead.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 21:44:49 +01:00
Leah Rowe d4d5d2902c use backticks on eval commands, not subshells
Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 13:46:20 +01:00
Leah Rowe c1527b6114 lib.sh: remove badcmd()
it's bloat. telling the user to rtfm is something that
we already do on irc; they will still ask how to do
everything, and ignore the message from badcmd(), or
they will automatically know to rtfm.

i'm on a massive purge, removing bloat from lbmk as
part of Libreboot Build System Audit 6.

all bloat must go.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 13:46:20 +01:00
Leah Rowe fc7ae3e590 lib.sh: more unified config handling
replace it with logic that simply uses "." to load
files directly. for this, "vcfg" is added as a variable
in coreboot target.cfg files, referring to a directory
in config/vendor/ containing a file named pkg.cfg, and
this file then contains the same variables as the
erstwhile config/vendor/sources

config/git files are now directories, also containing
pkg.cfg files each with the same variables as before,
such as repository link and commit hash

this change results in a noticeable reduction in code
complexity within the build system.

unified reading of config files: new function setcfg()
added to lib.sh

setcfg checks if a config exists. if a 2nd argument is
passed, it is used as a return value for eval, otherwise
a string calling err is passed. setcfg output is passed
through eval, to set strings based on config; eval must
be used, so that the variables are set within the same
scope, otherwise they'd be set within setcfg which could
lead to some whacky results.

there's still a bit more more to do, but this single change
results in a substantial reduction in code complexity.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-22 13:44:27 +01:00
Leah Rowe ad1602569e trees: more robust check to avoid "make fetch"
do not use shorthand here. the test was failing to
produce the desired result under some circumstances,
for example when i did "./update release" i got this:

make: Entering directory '/home/lbdev/lbmk/release/20240612-62-ga6b1a6bd/libreboot-20240612-62-ga6b1a6bd_src/src/stm32-vserprog'
make: *** No rule to make target 'fetch'.  Stop.
make: Leaving directory '/home/lbdev/lbmk/release/20240612-62-ga6b1a6bd/libreboot-20240612-62-ga6b1a6bd_src/src/stm32-vserprog'
ERROR script/trees: !mk src/stm32-vserprog fetch
ERROR ./update: excmd: script/trees -f
ERROR script/roms: Unhandled non-zero exit: ./update
ERROR ./build: excmd: script/roms serprog
ERROR ./update: build_release release/20240612-62-ga6b1a6bd: stm32
ERROR ./update: can't build rom images

in the above circumstance, run_make_command was executed,
which is not the desired behaviour; rather, fetch_project_trees
or fetch_project_repo should be called, and then the script
should immediately exit. it should also exit, without downloading
anything, if a changelog file exists as in release archives.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2024-06-21 03:10:46 +01:00