there is no need to have these as defines, when err_if
exists; get rid of xunveil and xpledge. use the bare
pledge and unveil functions directly, with err_if().
268 sloccount now on nvmutil.c, versus 289 sloccount
before this change, with no loss of functionality.
Signed-off-by: Leah Rowe <leah@libreboot.org>
non-zero exit, whereas it was previously an unhandled
non-zero exit as per -e - now it is simply more verbose.
Signed-off-by: Leah Rowe <leah@libreboot.org>
if ./build command options fails, it just means that
lbmk would next check whether ./buildpath mode list exists,
which it never will because that would violate lbmk design.
the generic "help" output is more than sufficient, and tells
the user to check "list" anyway, so there's no point in saying
it here. simplify this function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
for example: ./build boot all
the "all" function is a relic from a much older lbmk
design, where for example we might have done:
./build clean all
./download all
this is no longer used, nor is this currently relevant
for the types of scripts present in lbmk.
we can always re-add this function later if needed,
but for now? remove unwanted code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
moved cmake files into a separate build directory.
this can just be deleted for the source release.
might as well use cmake for the actual build too.
that makes repeated builds faster for some reason.
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
flashrom distclean resulted in zero status upon exit,
but did not remove the actual flashrom binary.
our logic was to run distclean and defer to clean;
now, we run clean and *then* run distclean, but we
do not throw an error if distclean fails. (we do
throw one if clean fails)
Signed-off-by: Leah Rowe <leah@libreboot.org>
the builds were being created within that srcdir,
because build/release/src runs lbmk commands within
it, and one of them is building (re-building) it.
there's no point addressing this, other than rm -Rf
Signed-off-by: Leah Rowe <leah@libreboot.org>
the main lbmk script already creates these files,
and these files are then copied by build/release/src
so we don't need to re-create them here
Signed-off-by: Leah Rowe <leah@libreboot.org>
previously, it was possible that the distclean or
crossgcc-clean modes were being executed on the same
project tree, needlessly. this patch fixes that.
Signed-off-by: Leah Rowe <leah@libreboot.org>
these commands weren't being run at all, leading
to binaries (such as xgcc) not being removed, and
thus they were present in tested release archives.
this bug did not affect libreboot 20230625. it
appeared during my audit, post-20230625.
Signed-off-by: Leah Rowe <leah@libreboot.org>
there were a few missing err calls
i actually went through all of lbmk and found no
instances where err calls were missing except in
build/boot/roms_helper
Signed-off-by: Leah Rowe <leah@libreboot.org>
if you copy a symlink, you create a whole new file with the
contents of what that symlink points to.
what we need to do instead is re-create the symlinks. this
is relevant for all symlinks to the main lbmk script, from
the main directory of lbmk.git.
this avoids there being multiple copies of the main lbmk
script, in release archives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
in some cases, messages that should be considered errors
or warnings, were being written to the standard output,
rather than written as error messages.
also: one or two printf statements should specifically
avoid printing errors (to any file); in these cases,
stdout has been redirected to /dev/null
Signed-off-by: Leah Rowe <leah@libreboot.org>
these scripts used to be in the main directory of
lbmk, and thus needed to check for root user, and
also git credentials. now they are called by the main
lbmk script, which also runs the same checks.
avoid waste of resources by not running the same
check twice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
on e6400_4mb, the release build scripts remove nvidia's vga
rom which is used on dgpu models. however, microcode is also
removed in separately copied rom images
the inject script was inserting vgaroms directly into these
no-microcode roms, but the microcode blob is bigger than the
vga rom, and cbfstool inserts into the first available free
spot within cbfs, so it was inserting into the spot where
cpu microcode went. this caused the rom checksum to not match
what was generated during build/release/roms being executed
the only real fix is to guarantee offsets within cbfs for all
files, by recording what offsets were used and then calculating
that during insertion
so this patch is a workaround, but fixes the issue. the workaround
is: don't insert blobs directly on no-microcode roms, instead
insert only on microcode-based roms, then re-copy those roms
and remove microcode in aptly named copies
it's a bit more convoluted, but works perfectly fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
sha-1 has known collision issues, which may not be readily
exploitable yet (in our context), but we should ideally use
a more secure method for checking file integrity.
therefore, use sha-2 (sha512sum) for checking files. this is
slower than sha-1, but checksum verification is only a minor
part of what lbmk does, so the overall effect on build times
is quite negligible.
Signed-off-by: Leah Rowe <leah@libreboot.org>