"./update project trees" is a leftover from the
old build system design, prior to audits.
this particular call is for when xtree is defined,
which means that a given tree must rely on the given
coreboot tree defined by xtree. the "xtree" tree is
downloaded, so that its crossgcc builds can be re-used
to save time when building targets across many trees.
this is because trees often use identical crossgcc builds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
for single-tree project (e.g. flashprog):
config/submodule/PROJECT/MODNAME/patches
for multi-tree project (e.g. coreboot):
config/submodule/PROJECT/TREE/MODNAME/patches
MODNAME is e.g.:
3rdparty/vboot directory in coreboot: would become vboot
(the submodule codepath is filtered to up to the final slash)
another example:
submodire src dir 3rdparty/foo/bar
MODNAME would be "bar"
Add whatever patches you like to a given submodule.
An example patch is included in this commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the function is very small and only called once,
from fetch_project_trees()
merge it into fetch_project_trees()
Signed-off-by: Leah Rowe <leah@libreboot.org>
one of the calling functions relies on the return value
to be always 0, so these error conditions in mkrom_tarball
have been altered to cause an *exit* (non-zero) instead.
in practise, the commands in question were printf commands
run after tho directory they output to had been created,
so write access would probably not be an issue.
nonetheless, technically correct is the best kind of correct.
Signed-off-by: Leah Rowe <leah@libreboot.org>
previously, it was attempting to load the configs and silently
failing. we must provide feedback to the user.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The build system already deletes .git in all source
directories for each given release, but does so at
the very end; it still does, but now it is deleted
one by one per project, to save space during very
large builds (release sizes vary wildly, depending
on how many trees exist for coreboot basically).
If you're building entirely in tmpfs (as I do), this
could be a problem if you have lots of .git/ directories.
This change reduces disk usage, or in the above example,
memory usage when running the build system from tmpfs.
This complements another recent change, where ROM images
are compressed per target during release builds, rather
than all at the very end of the process. It is part of a
series of optimisations, to reduce the memory and disk
usage of the build system, and to reduce I/O wastage
in general.
This change will not be the last of such changes!
Signed-off-by: Leah Rowe <leah@libreboot.org>
an equivalent change has been made in cbmk.
certain lbmk-specific variable names have been made
generic, with certain functions and other variables
moved around.
i maintain sync between libreboot and canoeboot, where
both projects can have the same behaviours, and most of
the merge conflicts have to do with variable names
containing "LBMK", "lbmk", "cbmk" or "CBMK", or
indeed "canoeboot" and "libreboot"
LBMK/lbmk/CBMK/cbmk variables between canoeboot and
libreboot now contain the string XBMK/xbmk
it should now be *much* easier to merge build system
changes between lbmk and cbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's only used from main() in the main build script,
and it's very small, as is main()
therefore, move the logic into main()
Signed-off-by: Leah Rowe <leah@libreboot.org>
in lbmk, we call check_project() to set variables
such as projectname, version, version date
this is unnecessary, because all main scripts use
this functionality anyway
do it by default
Signed-off-by: Leah Rowe <leah@libreboot.org>
releases aren't reproducible anyway. we were
using options available in gnu tar for this.
it will be revisited at a later date. however, the next
time this is done, we will use another method because
there are in fact portable ways to create tarballs
reproducibly, documented on reproducible-builds.org
to be revisited, at a later date. for now, remove bloat.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's only called once, from this file, within a small
function, and the function itself is very small.
remove, and put the contents of the function in the
calling function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
export LBMK_RELEASE="y"
if this is done, the tarball is created instead
of a directory, and the rom images are nuked using
./vendor inject with the nuke option, inserting the
correct version files; the rom directory is deleted
now the release script logic simple renames existing
tarballs. the benefit of this change is fewer lines of
code, and now lbmk doesn't use an insane amount of disk
space when building a *lot* of release images (the
uncompressed directories are deleted after each build)
Signed-off-by: Leah Rowe <leah@libreboot.org>
broadwell mrc is retained, because it's needed on 820 g2
it's no longer needed on haswell, because nri is stable. nri
is short for "native ram initialisation", and libreboot provides
this for: thinkpad t440p, thinkpad w541, dell optiplex 9020 mt,
and dell optiplex 9020 sff
remove, in line with libreboot's binary blob reduction policy
previous revisions, prior to the recent release, stated that
it would be retained for compatibility, but it's really not
right to retain it, because doing so violates libreboot's policy
the recent release excluded mrc-based rom images for haswell
machines, providing only those rom images that use the libre
raminit, while retaining support for mrc in the build system, so
that users could still run the lbmk inject script on older release
roms that use mrc
again: libreboot's binary blob reduction policy is very clear:
https://libreboot.org/news/policy.html
it is a policy that can be summarised, thus:
if a blob can be avoided, it must be avoided.
therefore, we will avoid the Haswell MRC raminit blob
Signed-off-by: Leah Rowe <leah@libreboot.org>
the release variable is all we need, turning a target on
or off for a given release.
the status checks were prone to bugs, and unnecessary; it
also broke certain benchmark scripts.
it's better to keep the lbmk logic simpler. board status
will be moved to the documentation instead.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stub it from the main build script
the commands remain identical:
./vendor download arguments_here
./vendor inject arguments_here
Signed-off-by: Leah Rowe <leah@libreboot.org>
i replaced 2022, 2023 with 2022, 2024 when updating
the years, as per modifications, but the 2023 copyright
doesn't become invalidated
change it to 2022-2024 instead, which is correct
Signed-off-by: Leah Rowe <leah@libreboot.org>
export LBMK_THREADS=x
where x is an integer. this is already supported for
setting the number of build threads, but if not set
it uses nproc.
openbsd doesn't have nproc. default to 1 thread.
now you MUST set threads. e.g. in linux do:
export LBMK_THREADS=$(nproc)
preliminary work is being done to make lbmk run
on openbsd!
Signed-off-by: Leah Rowe <leah@libreboot.org>
export LBMK_STATUS=n
if not set, the status checks and confirmation dialogs
persist. if set to y they persist.
if you set it to n, all checks are disabled, so e.g.:
./build roms all
this would once again build all targets, regardless
of status. this is if you want the old behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
export LBMK_VERSION_TYPE=x
x can be: stable, unstable
in target.cfg files, specify:
status=x
x can be: stable, unstable, broken, untested
if unset, lbmk defaults to "unknown"
if LBMK_VERSION_TYPE is set, no confirmation is asked
if the given target matches what's set (but what's set
in that environmental variable can only be stable or
unstable)
if LBMK_RELEASE="y", no confirmation is asked, unless
the target is something other than stable/unstable
"unstable" means it works, but has a few non-breaking
bugs, e.g. broken s3 on dell e6400
whereas, if raminit regularly fails or it is so absolutely
unreliable as to be unusable, then the board should be
declared "broken"
untested means: it has not been tested
With this change, it should now be easier to track whether
a given board is tested, in preparation for releases. When
working on trees/boards, status can be set for targets.
Also: in the board directory, you can add a "warn.txt" file
which will display a message. For example, if a board has a
particular quirk to watch out for, write that there. The message
will be printed during the build process, to stdout.
If status is anything *other* than stable, or it is unstable
but LBMK_VERSION_TYPE is not set to "unstable", and not building
a release, a confirmation is passed.
If the board is not specified as stable or unstable, during
a release build, the build is skipped and the ROM is not
provided in that release; this is in *addition* to
release="n" or release="y" that can be set in target.cfg,
which will skip the release build for that target if "n"
Signed-off-by: Leah Rowe <leah@libreboot.org>
LC_COLLATE and LBMK_RELEASE are important variables. we want
to make sure that these are seen by everything.
since err.sh is included from all scripts, doing it there will
accomplish just that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk sets TMPDIR to /tmp, and then creates a tmpdir, then
exports *that* as the value of TMPDIR. this unified TMPDIR
location then contains all subsequent files and directories,
when any script or program makes use of /tmp, via mktemp. at
least, that's the theory!
in practise, because it was only being properly exported from
the main build scripts, subscripts that are then called were
not exporting it, at least that is my assumption because in
some cases, i found that the coreboot build system was leaving
errant files behind outside of our own TMPDIR, and that build
system did not seem to be setting TMPDIR itself; more debugging
is needed.
anyway: use the exact same logic, but do it from err.sh. since
err.sh is included from every lbmk script, that means it will
always be exported when running every single part of lbmk. this
should reduce the chance that mktemp creates files and directories
outside of our custom TMPDIR location.
this is because in lbmk, we mitigate unhandled tmpdirs/files by
unifying it in the manner described, then deleting the entire
TMPDIR on exit from the main lbmk parent process (the main
script that the user called from, which is always the "build"
file).
in lbmk, effort is made to clean up temporary files properly,
without relying on this catch-all, but we can't rely on that.
the catch-all should also be as robust as possible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
release="n" is set in target.cfg on haswell build targets
that use mrc.bin
script/update/release exports LBMK_RELEASE="y"
script/build/roms skips building a given target if release="n"
in target.cfg *and* LBMK_RELEASE="y"
you could also do the export yourself before running ./build roms,
for example:
export LBMK_RELEASE="y"
./build roms all
This would skip these ROM images. The native haswell raminit is
now stable enough in my testing, that I wish to delete the MRC-based
targets. This is in line with Libreboot's Binary Blob Reduction Policy,
which states: if a blob can be avoided, it should be avoided.
The problem is that users often run the inject script in *lbmk* from
Git, instead of from the src release archive. I forsee some users
running this on modern lbmk with older release images. If the mrc-based
target isn't there, the user may use an NRI-based target name, and
think it works; they will insert without MRC. I foresaw this ages
ago, which is why Caleb and I ensured that the script checks hashes,
and hashes are included in releases.
Therefore: for the time being, keep the MRC-based configs in lbmk
but do not include images for them in releases. This can be done
indefinitely, but I'll probably remove those configs entirely at
some point.
On the following boards, Libreboot now will *only* provide NRI-based
ROM images for the following machines:
* Dell OptiPlex 9020 SFF
* Dell OptiPlex 9020 MT
* Lenovo ThinkPad T440p
* Lenovo ThinkPad W541/W540
I now recommend exclusive use of NRI-based images, on Haswell
hardware. It's stable enough in my testing, and now supports S3.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk otherwise uses nproc to set the number of build threads,
in these places:
* generic make commands in script/update/trees
* crossgcc make command in script/update/trees
the -T0 option is also used in script/update/release, when running
tar.
with this change, you can do:
export LBMK_THREADS=x
where x is the number of threads. when you then run
lbmk, your chosen number of threads will override
the default. this may be useful on a host that does
not have a lot of memory.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in shell scripts, a function named the same as a program included in
the $PATH will override that program. for example, you could make a
function called ls() and this would override the standand "ls".
in lbmk, a part of it was first trying to run the "fail" command,
deferring to "err", because some scripts call fail() which does
some minor cleanup before calling err.
in most cases, fail() is not defined, and it's possible that the user
could have a program called "fail" in their $PATH, the behaviour of
which we could not determine, and it could have disastrous effects.
lbmk error handling has been re-engineered in such a way that the
err function is defined in a variable, which defaults to err_ which
calls err_, so defined under include/err.sh.
in functions that require cleanup prior to error handling, a fail()
function is still defined, and err is overridden, thus:
err="fail"
this change has made xx_() obsolete, so now only x_ is used. the x_
function is a wrapper that can be used to run a command and exit with
non-zero status (from lbmk) if the command fails. the xx_ command
did the same thing, but called fail() which would have called err();
now everything is $err
example:
rm -f "$filename" || err "could not delete file"
this would now be:
rm -f "$filename" || $err "could not delete file"
overriding of err= must be done *after* including err.sh. for
example:
err="fail"
. "include/err.sh"
^ this is wrong. instead, one must do:
. "include/err.sh"
err="fail"
this is because err is set as a global variable under err.sh
the new error handling is much cleaner, and safer. it also reduces
the chance of mistakes such as: calling err when you meant to
call fail. this is because the standard way is now to call $err,
so you set err="fail" at the top of the script and all is well.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a tree can specify:
tree_depend="treename"
this will make the other tree be downloaded. this is
used for coreboot trees, to ensure that dependency
trees are downloaded, because trees can now re-use
crossgcc from other trees.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is of Broadwell platform, one generation above Haswell.
Of note: this uses HP Sure Start. Although the flash is 16MB,
our CBFS section (and IFD configuration) assumes 12MB flash,
so the final 4MB will be left unflashed on installation,
after blanking the private flash. The coreboot documents have
more information about this.
Some minor design changes in lbmk were made, to accomodate
this port:
Support for extracting refcode binaries added (pulled from
Google recovery images). The refcode file is an ELF that
initialises the MRC and the PCH. It is also responsible for
enabling or disabling the Intel GbE device, where Google
does not enable it, but lbmk modifies it per the instructions
on the coreboot documentation, so as to enable Intel GbE.
Google's recovery image stores the refcode as a stage file,
but coreboot changed the format (for CBFS files) after 4.13
so coreboot 4.13's cbfstool is used to extract refcode. This
realisation made me also change the script logic to use a
cbfstool and ifdtool version matching the coreboot tree, for
all parts of lbmk, whereas lbmk previously used only the
default tree for cbfstool/ifdtool, on insertion and deletion
of vendor files - it was 81dc20e744 that broke extraction of
refcode on google's recovery images, where google used an older
version of cbfstool to insert the files in their coreboot ROMs.
A further backported patch has been added, copying coreboot
revision f22f408956 which is a build fix from Nico Huber.
Iru Cai submitted an ACPI bugfix after the revision lbmk
currently uses, for coreboot/default, and this fix is
needed for rebooting to work on Linux 6.1 or higher. This
patch has been backported to lbmk, while it still uses the
same October 2023 revision of coreboot.
Broadwell MRC is inserted at the same offset as Haswell,
so I didn't need to tweak that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
u-boot doesn't use submodules, so there's no point in
checking for it. now we can do with just one call to
the git submodule command, for simplicity
also, general code cleanup in this file (minor code
formatting improvements)
Signed-off-by: Leah Rowe <leah@libreboot.org>
the directory is checked for deletion, but it's already
checked before download, to see whether it already exists.
lbmk already exits with zero status if the directory exists,
so the check is pointless (in this function)
also, general code style/formatting cleanup
Signed-off-by: Leah Rowe <leah@libreboot.org>
the patchfail variable was only needed in the old design,
where git am was being handled inside a subshell, and
also when we did it directly in the target directory
without using a temporary directory. with the current
design, we can just call err() and ditch the tmp repo
Signed-off-by: Leah Rowe <leah@libreboot.org>
there isn't really a problem right now, but a desired
and implemented behavioural change was that patches are
to be applied *before* updating submodules. well, the
previous commit reversed this change, under certain
conditions, such that submodules were applied first.
this patch fixes it, so that patches are done first.
Signed-off-by: Leah Rowe <leah@libreboot.org>
right now, if we want to patch a project such that certain
submodules are no tdownloaded, or diffreent submodules are
downloaded, or current ones are downloaded from other
locations, we cannot do this, because we apply submodule
updates *before* applying patches.
therefore, we should change it so that they are applied
*after* installing patches.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the script can now also handle autoconf build systems,
whereas this could previously only be done for grub.
with this change, the overall sloccount is also lower
Signed-off-by: Leah Rowe <leah@libreboot.org>
while seemingly pedantic, this does actually make code
easier to read. mostly just switching to shorthand for
variable names, where no expansions or patterns are used
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk used to set version/versiondate directly in
err.sh, but now it's handled there by a function,
which is called by the main script.
script/update/release hadn't yet been adapted. the
only change necessary is to call check_project()
script/update/trees also makes use of it
script/build/roms is using "projectname"
Signed-off-by: Leah Rowe <leah@libreboot.org>
the shellball (for extracting the coreboot rom, to get
at mrc.bin) contains lines that are not posix-friendly.
specifically, the "local" command is used, and this is
not defined for posix sh.
the shellball is essentially just a bunch of shell
functions that compress/decompress the zip file,
containing the firmware update. you can modify the
files and re-run the shellball to recompress, though
lbmk just uses the decompress function.
as pointed out by Nicholas Chin, it is possible to just
run "unzip" directly on the update, to get at bios.bin.
we don't really need all the extra checks performed by
the shellball, so let's just bypass it altogether.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this part of the code *must* return. the for loop
afterwards must not be permitted to execute.
it's unlikely that this would ever occur, unless
perhaps the user is using a very buggy sh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk didn't quote certain arguments in commands, or
used ! -z instead of -n, things like that. simple fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of these are probably redundant, and will never
be called, but lbmk needs to be as safe as possible
under fault conditions. fail early, fail hard.
Signed-off-by: Leah Rowe <leah@libreboot.org>
update/trees wasn't correctly returning non-zero status,
even though it was printing an error message, when git-am
failed. this is due to the way subshells work, and it was
overlooked in previous auditing.
additionally: don't directly copy trees to the destination,
instead patch/reset first, then copy only under normal
condition, just as with single-tree projects.
when running build/roms, the script would continue after
a bad git-am, without exit. this patch fixes it in the
most paranoid way possible. i'm now fairly confident that
lbmk will fail gracefully and efficiently, under error
conditions. this should prevent bad image builds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't run it directly at the bottom of err.sh,
because otherwise the version and versiondate
files will be generated when running "./build
dependencies distroname" which would then create
these files, but as root because the user runs
that specific command as root.
the rest of lbmk, for any other command, prevents
use of the root account, so running check_project
during "./build dependencies distroname" will cause
the build system to fail (because as non-root user,
the user will run lbmk and it will try to update
those files, and fail because it can't, due to lack
of permissions)
this patch fixes the issue, by only generating those
files if the user is *not* root
Signed-off-by: Leah Rowe <leah@libreboot.org>
it wasn't being copied right
the roms under elf/ were being copied, but not the ones
under bin/ - i need to audit it further
for now, i run modify_coreboot_roms from build/roms
instead of update/trees
so, the ones under elf/ no longer have bootblocks copied.
it's only done in bin/
Signed-off-by: Leah Rowe <leah@libreboot.org>
keymaps weren't being set in keymay.cfg of cbfs, due
to use of x_ in the rom script, and x_ doesn't handle
quotes or spaces in arguments well.
i'm going to remove use of x_ and xx_ (it's in my todo),
for next release.
for now, hot patch the release. i've gone through and
replaced use of x_ with || err, in some places.
not just the keymap.cfg command, but others too. in case
there are more issues we missed.
this commit is being tagged "20231021fix" and i'm using
this tag to re-build the 20231021 release. i'll just
replace the tarballs in rsync and add errata to the news
page announcing the release. all i did was break peoples
umlauts, i didn't brick their machines fortunately!
very minor bug. anyway, x_/xx_ is a great idea, but sh
isn't really designed for that style of programming. i'll
go back to using just || err in the next release.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in release archives, .git is excluded but the version
and versiondate files are included. from these, the
git history is re-created with the exact date (but not
taking into account timezone, at present).
in this way, lbmk will have git history in a release
archive. some build systems, like coreboot, prefer that
there be git history available, so this is a nice
workaround on those build systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when [] is used right at the end of a function, or
certain loops/subshells, some sh implementations will
just return a non-zero exit
Signed-off-by: Leah Rowe <leah@libreboot.org>
only fetch if .gitmodules exists
in some cases, lbmk is compiling source trees that
use submodules, without having downloaded them first.
in all cases, those submodules are either optional,
or the build system auto-fetches them (or if it can,
we sometimes disable it as with grub and gnulib).
this is a nice fallback behaviour, for situations where
we forget to put submodules as dependencies under
config/git (and disable submodules in the given project).
with this change, release archives are guaranteed to
be complete, sans crossgcc downloads in coreboot; this
will be handled in a follow-up commit.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in some cases, use of x_ or xx_ can be error-prone,
due to the way $@ is handled; commands requiring
quotes, or with funny file names as arguments such
as spaces in the file name, or other special
characters, can make the x/xx functions break.
in those cases, where x/xx must not be used, the
commands use || err instead
in other cases, use of x/xx is superfluous, and has
been removed in some commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
as opposed to the current 3-level structure.
recent build system simplifications have enabled
this change, thus:
./build fw coreboot -> ./build roms
./build fw grub -> ./build grub
./build fw serprog -> ./build serprog
./update project release -> ./update release
./update project trees -> ./update trees
./update vendor download -> ./vendor download
./update vendor inject -> ./vendor inject
alper criticised that the commands were too long,
so i made them shorter!
Signed-off-by: Leah Rowe <leah@libreboot.org>
move it all to other files where items are used, and not
used anywhere else. this reduces the size of vendor.sh.
also remove a few redundant variables, or variables that
are not meaningfully used.
a few items have been moved to include/option.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
they are the functions only used by the download
script, so they don't belong in vendor.sh
an include file should only contain variables and
functions used by multiple main scripts
Signed-off-by: Leah Rowe <leah@libreboot.org>
This way, the handling of configs is unified into one
script, which reduces the possibility of bugs later,
and it reduces the repetition of code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
coreboot closely matches upstream, whose current release
is version 1.2 from 2018, and coreboot has not changed it
in any meaningful way.
the upstream did add patches since, but they are documentation
patches only.
this means: we do not need to use the upstream version
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's already executed in "build"
running it in err.sh makes the user have to set
git name/email as root, when running dependencies
scripts. this is a regression, that this patch
fixes. git isn't needed to install dependencies.
Signed-off-by: Leah Rowe <leah@libreboot.org>