also remove inject_vendorfiles() and merge it
into vendor_download()
the "release" variable is included in some target.cfg
files, which we put in config/coreboot/ and handle
here, so they could conflict with the release variable
used in vendor.sh, used for a different purpose. therefore,
rename it to "vrelease".
Signed-off-by: Leah Rowe <leah@libreboot.org>
the trees script itself will check that the directory
exists, and exit with zero status if it does, without
doing anything else other than the return.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't want the user to flash coreboot from elf/, because
those images do not contain payloads. the user must flash from
bin/
ample warning is given, at build time, but the warning is written
in english. therefore, some people may not understand it, because
they may not even speak english.
hide the coreboot elf/ directory, to mitigate this possibility.
in most cases, this will probably prevent the average user from
flashing those images, since they likely won't see it.
the "DO NOT FLASH" warning is still included in that directory
name, while creating it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
error out if it's not set. ditto projectsite.
that way, if the files are accidentally deleted, or not
added in a derivative of the build system, you'll know.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the e() and setvars() functions need to be declared before
the dependencies function.
also: after calling install_packages, it was doing a return
when it should have done an exit.
this is all fixed now. i apologise to anyone who previously
ran into trouble with this!
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's bloat. telling the user to rtfm is something that
we already do on irc; they will still ask how to do
everything, and ignore the message from badcmd(), or
they will automatically know to rtfm.
i'm on a massive purge, removing bloat from lbmk as
part of Libreboot Build System Audit 6.
all bloat must go.
Signed-off-by: Leah Rowe <leah@libreboot.org>
replace it with logic that simply uses "." to load
files directly. for this, "vcfg" is added as a variable
in coreboot target.cfg files, referring to a directory
in config/vendor/ containing a file named pkg.cfg, and
this file then contains the same variables as the
erstwhile config/vendor/sources
config/git files are now directories, also containing
pkg.cfg files each with the same variables as before,
such as repository link and commit hash
this change results in a noticeable reduction in code
complexity within the build system.
unified reading of config files: new function setcfg()
added to lib.sh
setcfg checks if a config exists. if a 2nd argument is
passed, it is used as a return value for eval, otherwise
a string calling err is passed. setcfg output is passed
through eval, to set strings based on config; eval must
be used, so that the variables are set within the same
scope, otherwise they'd be set within setcfg which could
lead to some whacky results.
there's still a bit more more to do, but this single change
results in a substantial reduction in code complexity.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i tried to be clever with this one, but it just made
the script exit with an error.
revert back to the old check (check whether one of
either repo or repo backup is set)
Signed-off-by: Leah Rowe <leah@libreboot.org>
nowadays, we don't insert GRUB keymaps automatically, for
sake of efficiency; without one, the default is US QWERTY.
a user will only want one keymap in particular, so this
is more efficient. in practise, they're either building
from source anyway, or using the inject scripts which
compile cbfstool anyway, so the user will already have
cbfstool.
also output this message from the inject script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
prevent duplicate main instances of the build
system from running
the lock file is deleted when the parent process
exits, alongside the tmpdir deletion
the build system must only ever be run ot one
instance at a time, per work directory
Signed-off-by: Leah Rowe <leah@libreboot.org>
this for loop is a hack to make sure that all the
sources get nuked (using nuke.list files).
hide the messages so that they do not appear when
running just any command in the trees script.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i was being a bit too clever about some optimisations
revert this change. otherwise, nothing will download
or build
Signed-off-by: Leah Rowe <leah@libreboot.org>
downloading it after means that if an error occurs
when downloading the xtree project, the main project
will still be there and nothing will mandate the
downloading of the xtree project. whereas, if we
grab the xtree project first, then the main project
won't get saved to src/
this makes the build system a bit more resilient under
fault conditions, but otherwise doesn't change behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't say "file missing", because it may be present!
instead, say that the download failed. this covers both
contexts: internet failed and thus no file present, or
the file is present but checksum verification failed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on the initial check, the output is confusing because
it will say "checksum verification failed" if the
file doesn't already exist, but then goes to download.
only say checksum failed if a download occured, and the
check failed, otherwise report nothing except that the
file already exists.
this will not reduce the ability to debug issues later
on, and it will reduce the amount of confusion for users.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it was only downloading the main url, even when
it should use the backup.
fix it by actually using the for loop variable.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when we download coreboot, we currently don't have a way to
download crossgcc tarballs, so we rely on coreboot to do it,
which means running the coreboot build system to do it; which
means we don't get them in release archives, unless we add
very hacky logic (which did exist and was removed).
the problem with coreboot's build system is that it does not
define backup links for each given tarball, instead relying
on gnu.org exclusively, which seems OK at first because the
gnu.org links actually return an HTTP 302 response leading
to a random mirror, HOWEVER:
the gnu.org 302 redirect often fails, and the download fails,
causing an error. a mitigation for this has been to patch the
coreboot build system to download directly from a single mirror
that is reliable (in our case mirrorservice.org).
while this mitigation mostly works, it's not redundant; the
kent mirror is occasionally down too, and again we still have
the problem of not being able to cleanly provide crossgcc
tarballs inside release archives.
do it in config/submodules, like so:
module.list shall say the relative path of a given file,
once downloaded, relative to the given source tree.
module.cfg shall be re-used, in the same way as for git
submodules, but:
subfile="url"
subfile_bkup="backup url"
do this, instead of:
subrepo="url"
subrepo_bkup="backup url"
example entries in module.list:
util/crossgcc/tarballs/binutils-2.41.tar.xz
util/crossgcc/tarballs/gcc-13.2.0.tar.xz
util/crossgcc/tarballs/gmp-6.3.0.tar.xz
util/crossgcc/tarballs/mpc-1.3.1.tar.gz
util/crossgcc/tarballs/mpfr-4.2.1.tar.xz
util/crossgcc/tarballs/nasm-2.16.01.tar.bz2
util/crossgcc/tarballs/R06_28_23.tar.gz
the "subrev" variable (in module.cfg) has been renamed
to "subhash", so that this makes sense, and that name is
common to both subfile/subrepo.
the download logic from the vendor scripts has been re-used
for this purpose, and it verifies files using sha512sum.
therefore:
when specifying subrepo(git submodule), subhash will still
be a sha1 checksum, but:
when specifying subfile(file, e.g. tarball), subhash will
be a sha512 checksum
the logic for both (subrepo and subfile) is unified, and
has this rule:
subrepo* and subfile* must never *both* be declared.
the actual configuration of coreboot crossgcc tarballs
will be done in a follow-up commit. this commit simply
modifies the code to accomodate this.
over time, this feature could be used for many other files
within source trees, and could perhaps be expanded to allow
extracting source tarballs in leiu of git repositories, but
the latter is not yet required and thus not implemented.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i don't like that it's not there, because of the quirks
in sh behaviour. put it there to put my mind at ease.
otherwise, this doesn't change any behaviour.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in future revisions, i will make tarballs become subfiles,
to complement submodules. e.g. crossgcc tarballs in coreboot
Signed-off-by: Leah Rowe <leah@libreboot.org>
copying the module list into tmpdir/ no longer makes sense,
because it was only done before when we supported either
running the list from "git submodule update", or module.list.
since we only support handling of module.list, we can
greatly simplify this function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there were stragglers remaining, from when we used to
actually run "git submodule update", but this was removed.
clean up the submodule functions and merge them together.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, it's not clear to the operator what's happening
i'm normally against such verbose feedback, because it's bloat,
but this minimal amount of feedback will make the build system
more pleasant to use, especially during testing.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't do it after, because that means the main project
is saved under src/ before we know whether the subrepo
was downloaded.
the "depend" variable (in config/git/) is no longer used
for projects that go in subdirectories of a parent; now,
we use config/submodules/ for this type of dependency.
download the "depend" projects (as per config/git/) first.
this way, if they fail, the main one will fail, but if
they succeed and main fails, you can just run the main
download again and it won't fail.
this fixes a bug where, depending on how you download a
set of projects and depending on the order which you do so,
a given project can become un-downloadable on current design,
because git will complain that a directory already exists.
this fix is done not only in code (by this commit), but
by prior configuration changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
only use config/submodules/ which the build system then
uses to run git clones manually, replicating the submodules
feature. we must never use a project's own gitmodules feature,
because we can't easily control it. better to let it break first,
and then figure out what modules to add manually, so that we
have only what we need for each project.
it's done this way, because git's own submodules feature
doesn't have very good error checking in general, nor
does it have good redundancy.
with the current design, we can declare backup repositories
for each submodule.
we replicate it precisely. for example:
3rdparty/vboot
this is a coreboot submodule, and we handle that in the
coreboot trees.
however, our current design also allows you to do this even
if the upstream repository does not contain a .gitmodules file
Signed-off-by: Leah Rowe <leah@libreboot.org>
one directory per util, under elf/
e.g. elf/cbfstool/
further split by tree name, e.g.:
elf/cbfstool/default/
elf/cbfstool/foo/
Signed-off-by: Leah Rowe <leah@libreboot.org>
just run make directly. the trees script isn't really
designed to directly build directories, so don't.
nothing wrong with good old fashioned make -C
Signed-off-by: Leah Rowe <leah@libreboot.org>
now it no longer hardcodes a check for whether the
project name is coreboot. this maintains the same
behaviour but will now work for other multi-tree
projects; in practise, the other multi-tree projects
did not use .gitmodules files anyway, but some of
them used config/submodules/ in our build system.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's also used from script/roms, in addition to trees
move these variables to a common file used everywhere
Signed-off-by: Leah Rowe <leah@libreboot.org>
certain code checks for build.list, to skip it, for
example in items()
we already use config/data/grub to store grub config data
that applied to all trees
create these directories too:
config/data/coreboot
config/data/u-boot
config/data/seabios
move the respective build.list files in here, and also
to config/data/grub
now multi-tree projects contain, per directory, just the
target.cfg file and the patches directory. this is much
cleaner, because some of the logic can be simplified more
Signed-off-by: Leah Rowe <leah@libreboot.org>
instead, check for the presence of target.cfg files
not in config/project/ but config/project/tree/
the way this check is done, it merely returns 1 if
config/project/*/target.cfg is detected, and returns
0 in all other cases, even if config/project/target.cfg
exists
that way, if the maintainer accidentally adds a
target.cfg in the main directory, the given multi-tree
project will not break
Signed-off-by: Leah Rowe <leah@libreboot.org>
this avoids writing the version/versiondate files as root.
this complements the previous fix, that avoided writing those
same files when running the dependencies command.
initial setup of the build system requires root, to run the
dependencies script, but otherwise the build system prevents
running as root for everything else, so we must avoid writing
the version/versiondate files as root.
that same avoidance is necessary when checking whether running
other commands as root; ironically, this check then prevented
running the build system at all!
the bug should be fully fixed now. i found this quite by accident
the other day, when testing something else.
good thing this got fixed because the release!
Signed-off-by: Leah Rowe <leah@libreboot.org>
do it strategically, in just the right place so that the
version and versiondate files aren't written.
otherwise, version/versiondate are written as root and
the build system becomes unusable after that, unless you
reset the file ownerships from root. hardly user-friendly.
mitigate this bug.
Signed-off-by: Leah Rowe <leah@libreboot.org>
already of saying "found", say "already exists"
this means the output of these commands more user
friendly and intuitive:
./update trees -b grub default
./update trees -b coreboot i945
this is just an example. when an ELF file already
exists, the build is skipped even if src isn't downloaded.
this design is intentional, because it means that you can
use previous builds if you want to save time on another.
Signed-off-by: Leah Rowe <leah@libreboot.org>
adding help again is a bad idea. code should never
document itself; that's what documentation is for.
so, make the code do a better job telling the user
where to find documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Re-add xHCI only on haswell and broadwell machines, where
they are needed. Otherwise, keep the same GRUB code.
The xHCI patches were removed because they caused issues
on Sandybridge-based Dell Latitude laptops. See:
https://codeberg.org/libreboot/lbmk/issues/216
The issue was not reported elsewhere, including on the
Haswell/Broadwell hardware where they are needed, but the
build system could only build one version of GRUB.
The older machines do not need xHCI patches, because they
either do not have xHCI patches, or work (in GRUB) because
they're in EHCI mode when running the payload.
So, the problem is that we need the xHCI patches for GRUB
on Haswell/Broadwell hardware, but the patches break
Sandybridge hardware, and we only had the one build of GRUB.
To mitigate this problem, the build system now supports
building multiple revisions of GRUB, with different patches,
and each given coreboot target can say which GRUB tree to use
by setting this in target.cfg:
grubtree="xhci"
In the above example, the "xhci" tree would be used. Some
generic GRUB config has been moved to config/data/grub/
and config/grub/ now looks like config/coreboot/ - also,
the grub.cfg file (named "payload" in each tree) is copied
to the GRUB source tree as ".config", then added to GRUB's
memdisk in the same way, as grub.cfg.
Several other design changes had to be made because of this:
* grub.cfg in memdisk no longer automatically jumps to one
in CBFS, but now shows a menuentry for it if available
* Certain commands in script/trees are disabled for GRUB,
such as *config make commands.
* gnulib is now defined in config/submodule/grub/, instead
of config/git/grub - and this mitigates an existing bug
where downloading gnulib first would make grub no longer
possible to download in lbmk.
The coreboot option CONFIG_FINALIZE_USB_ROUTE_XHCI has been
re-enabled on: Dell OptiPlex 9020 MT, Dell OptiPlex 9020 SFF,
Lenovo ThinkPad T440p and Lenovo ThinkPad W541 - now USB should
work again in GRUB.
The GRUB payload has been re-enabled on HP EliteBook 820 G2.
This change will enable per-board GRUB optimisation in the
future. For example, we hardcode what partitions and LVMs
GRUB scans because * is slow on ICH7-based machines, due
to GRUB's design. On other machines, * is reasonably fast,
for automatically enumerating the list of devices for boot.
Use of * (and other wildcards) could enable our GRUB payload
to automatically boot more distros, with minimal fuss. This
can be done at a later date, in subsequent revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the reason for it is because sometimes the coreboot build
system auto-downloads submodules which we don't want.
however, we now pass UPDATED_SUBMODULES=1 in make, which
disables this behaviour in coreboot's build system.
therefore, remove this unnecessary logic.
Signed-off-by: Leah Rowe <leah@libreboot.org>
cbmk revision:
cdce8ba70b863ea3fe0ad7a4d7b27d0c5ca30421
as of date 30 May 2024
Canoeboot provides deblobbing, fully, on all sources, so
as to provide a GNU FSDG compliant coreboot distro.
Libreboot used to do this but now uses a more pragmatic
Binary Blob Reduction Policy, allowing better hardware
support in general. See:
https://libreboot.org/news/policy.html
Well! We sometimes still need to delete files in Libreboot,
but for other reasons. For example, the poorly licensed
strlcat.c file that we delete from U-Boot, in both projects.
I currently hardcode such deletions in lbmk. After this
revision, I will start using "nuke.list" files as in cbmk.
Simply patching the sources to exclude such files, in this
context, is not OK because then we are still including them
but as diffs. This is why the nuke() function exists.
Import Canoeboot's nuke technology.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We use a path of /dev/null pointing to a ROM for
Fam15h AMD boards, to add fake PIKE2008 images.
This is to mitigate a hang in SeaBIOS, but now with
recent changes, this causes the command below to
download coreboot, when it should just exit saying
no vendor files needed. Prevent accidentally wasted
bandwidth. The command was:
./vendor download kcma_d8_rdimm_16mb
This now correctly does the following:
$ ./vendor download kcma_d8_rdimm_16mb
Vendor files not needed for: kcma_d8_rdimm_16mb
The joys of programming a build system in sh!
Signed-off-by: Leah Rowe <leah@libreboot.org>
By default, the build system does set -u -e
Some errors are unavoidable and have to be handled, so
we have to set +u +e (turn off error handling in sh),
when downloading vendor files, but only certain parts of
vendor.sh trigger errors (which cause an exit).
Replace the current bazooka approach with a more fine
grained approach, turning error handling back on again
when it is safe to do so.
In the parts of the code where it is disabled, the code
is written very, very carefully, with errors still handled
manually, but more careful auditing is required.
This change has been tested and makes the command much
safer to run. In security (or any bug auditing), it is
the principle of least privilege that holds true.
Signed-off-by: Leah Rowe <leah@libreboot.org>
e.g. coreboot/default contains no config directory, so
the old logic would be trying to do:
.
which is obviously invalid
now for example:
$ ./vendor download default
Vendor files not needed for: default
and it will exit with zero status
the only thing that should ever return non-zero status
is when you define a target that does not exist, config
or no.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i was checking whether it's a directory, whereas i should
have been checking whether it's a file. this is a workaround
put in place in case someone downloaded a tarball from codeberg
which is pre-generated per commit. in this situation, the
version and versiondate files do not exist, but the design
of the build system requires that they do exist.
the existing check is correct except for this bug, so fix
the bug. check that they are files, not directories
Signed-off-by: Leah Rowe <leah@libreboot.org>
in each submodule configuration directory, a module.cfg
file can now be provided. in it, the user can specify
two repository links (main and backup) and a revision, like
so:
subrepo="repo link goes here"
subrepo_bkup="backup repo link goes here"
subrev="git revision id goes here"
additionally:
in the *main* project directory for the submodules,
a module.list file can be provided. example entries:
3rdparty/vboot
3rdparty/libgfxinit
if the module.list file is provided, only those submodules
will be downloaded. this can be combined with the module.cfg
files, if you wish, but it's optional. you can mix and match.
example locations:
multi-tree project:
config/submodule/coreboot/default/module.list
config/submodule/coreboot/default/vboot/module.cfg
single-tree project:
config/submodule/flashprog/module.list
config/submodule/flashprog/foo/module.cfg
*no* configuration files have been provided, in this commit,
which means that the current behaviour is maintained.
follow-up commits will absolutely configure the submodules.
this is being done to reduce the number of modules downloaded,
because we don't use most of the coreboot submodules that are
downloaded, thus wasting bandwidth and the releases are also
much bigger than necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
a user was getting error "version unset" when using the
tarball generated from codeberg. it's recommended to use
the git repository properly, or a release archive.
mitigate this so that the build succeeds anyway.
Signed-off-by: Leah Rowe <leah@libreboot.org>