the way the old script worked was extremely hacky
it's cleaner just to make the user configure git
i haven't used anything from the old .gitcheck script,
which is now deleted. i completely re-wrote this, in
a much simpler way.
this is less maintenance now, when things change in
the upstream projects. coreboot makes heavy use of git
within its build system
Signed-off-by: Leah Rowe <leah@libreboot.org>
and only where grub was already enabled; on boards
that did not enable grub, grub is still disabled
on desktops, it's possible that the user may insert
a graphics card. if their first payload was grub,
it won't work because lbmk doesn't configure coreboot
itself to execute vga roms at present
i found when testing t1650 (dell) that if a vgarom is
loaded from seabios (from a graphics card), the grub
payload still works; if booting in corebootfb mode,
text mode is still used when booting with the card
to decrease the probability of bricks with any given
set of users, make seabios the only payload that starts
first, but make grub available in the esc menu on seabios
it's possible to add a bootorder file and disable the
seabios menu, if you only want a grub payload accessible
Signed-off-by: Leah Rowe <leah@libreboot.org>
e.g. ./build boot roms list
./update blobs inject listboards
./build boot list
./build clean list
also this is now possible:
./build list
or maybe
./update list
^ would list directories in resources/scripts/build
and resources/scripts/update respectively
this script is added:
resources/scripts/build/command/options
call it like so, e.g.
./build command options resources/coreboot
this script is now used, for list functions in
other scripts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't use it in lbmk. it's there mostly because
it was technically feasible, and it still is
however, i've been doing massive re-factoring of
lbmk and the makefile and i just don't feel like
constantly patching up the makefile
if someone wants to re-add it, that's fine. but i
don't see the point in maintaining something that
we don't need.
the makefile is not needed. all it did was call
lbmk directly. the makefile had no logic itself.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk is much more likely to crash now, in error conditions,
which is a boon for further auditing.
also: in "fetch", remove the downloaded program
if fail() was called.
this would also be done for gnulib, when downloading
grub, but done in such a way that gnulib goes first.
where calls to err write "ERROR" in the string, they
no longer say "ERROR" because the "err" function itself
now does that automatically.
also: listmodes/listoptions (in "lbmk") now reports an
error if no scripts and/or directories are found.
also: where a warning is given, but not an error, i've
gone through in some places and redirected the output
to stderr, not stdout
as part of error checks: running anything as root, except
for the "./build dependencies *" commands, is no longer
permitted and lbmk will throw an error
mrc downloads: debugfs output no longer redirected to /dev/null,
and stderr no longer redirected to stdout. everything is verbose.
certain non-error states are also more verbose. for example,
patch_rom in blobs/inject will now state when injection succeeds
certain actual errors(bugs) were fixed:
for example, build/release/roms now correctly prepares the blobs
hash files for a given target, containing only the files and
checksums in the list. Previously, a printf message was included.
Now, with this new code: blobutil/inject rightly verifies hashes.
doing all of this in one giant patch is cleaner
than 100 patches changing each file. even this is yet part
of a much larger audit going on in the Libreboot project.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user may have re-downloaded a coreboot tree,
in a release. this is supported. therefore, some
may have .git, and some will not
Signed-off-by: Leah Rowe <leah@libreboot.org>
we also run it in releases, so to compensate:
it now checks for .git/, but only in project
directories, not the main lbmk directory of
the git repository or a release.
this is because in a release, it's possible
that the user may still delete coreboot/
directories and re-download coreboot trees
this is not intended, but we must not assume
that users use libreboot the way it's intended!
"much stricter" because there was previously
none, intentionally, due to the above fact. the
checking of .git/ should mitigate this (the
script will exit with zero status if it isn't
there)
Signed-off-by: Leah Rowe <leah@libreboot.org>
there were stragglers left over from the last audit,
and these stragglers still exist even after all the
major re-factoring as of late
the new style is: bsd-like coding style and error
handling. verbose yet simple error handling. we use
an "err" function in a way reminiscent of most C
programs that you see in openbsd base (err.h)
this style is very clean, resulting in readable code
Signed-off-by: Leah Rowe <leah@libreboot.org>
this same change has been applied, selectively, to
certain return statements. the general rule is this:
the return statement should only be used to direct
logic within a script, where certain non-errors
states are used to skip certain actions; the exit
command should *never* be used to return non-zero,
except by err(). in so doing, we ensure easier
debugging of the build system
also: strip_rom_image in build/release/roms was
running "continue" when a rom file didn't exist,
despite not being a while/for loop. i make it
return (non-error condition) instead
it's ok for a script to exit 0, where appropriate,
but perhaps a function could also be written for it
Signed-off-by: Leah Rowe <leah@libreboot.org>
moving it defeats the purpose of the caching mechanism
that's in place. this should avoid unnecessary downloads
Signed-off-by: Leah Rowe <leah@libreboot.org>
u-boot and seabios are now handled by the same logic
as coreboot, in lbmk, and these files are used for
recursive downloads in the build system
Signed-off-by: Leah Rowe <leah@libreboot.org>
uses 32-bit variant for x86_32 arch. 64-bit for x86_64.
resources/scripts/build/src/for:
modified it a bit. when building e.g. "memtest86plus/build32"
it correctly fetches "memtest86plus" instead.
but builds memtest86plus/build32, which is inside that git repo
Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>
in update/blobs/download, i saw instances where
appdir was being deleted with rm -r, but the more
appropriate command would rm -Rf. this is now fixed.
other than that, i've mostly just simplified a bunch
of if statements and consolidated some duplicated
logic (e.g. if/else block for dependencies in
build_dependencies() of update/blobs/download
one or two functions and/or variables have been
renamed, for greater clarity in the code, also
removed a few messages that were redundant
used printf instead of echo, in a few places, also
fixed up the indentation in a few places
Signed-off-by: Leah Rowe <leah@libreboot.org>
they fundamentally perform the same action: copy
the .config file and run make, but build runs
make-all, while modify runs make-oldconfig or
make-menuconfig
merge this functionality together
also:
./handle config file
^ this is the new syntax, not:
./build defconfig for
for example:
./handle config file -b coreboot x200_8mb <-- build x200 rom
./handle config file -m coreboot x200_8mb <-- modify configs
./handle config file -u coreboot x200_8mb <-- make-oldconfig
./handle config file -u seabios
./handle config file -b u-boot
yes, 1 script and a sloccount reduction of 52. and the audit?
it continues.
Signed-off-by: Leah Rowe <leah@libreboot.org>
thanks Riku Viitanen for pointing out the bug
i b0rked it myself in an earlier revision, while
auditing.
it's funny because i made this exact same mistake
during the last audit, and in the exact same way
it's fixed once again
Signed-off-by: Leah Rowe <leah@libreboot.org>
the unified logic is so small that i simply added it
to the main "build" script
commands are identical. example:
./build dependencies debian
Signed-off-by: Leah Rowe <leah@libreboot.org>
handle it all in the 1 script
quite a few clean scripts are still present,
so resources/scripts/build/clean/ still exists.
23 sloc reduction.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Some of them weren't even used at all, such as the flashrom
build script. the bios_extract build script existed but was
never used, because we only called (from blobutil) a python
script from in there, without actually compiling anything!
resources/script/build/src/for
Usage, e.g.:
./build src for memtest86plus
It also handles fetch. This script is intended largely for
those codebases that are quite simple, requiring trivial
or no intervention besides running "make".
37 sloc reduction. Not a lot, but the audit continues! These
optimisations add up. I started at 3300 sloc in
resources/scripts and me target is 2k (2000) sloc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
new commands are thus,
build grub payloads:
./build grub payload
(formerly ./build payload grub)
build grub utils:
./build grub utils
(formerly ./build module grub)
The scripts is build/module/ will mostly be
deleted. I say mostly, because some of them
are being moved instead.
The deleted ones will be ones that basically
just run "make" in the target directory. They
will be unified, in a follow-up patch.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Patches pulled from:
https://git.nicholasjohnson.ch/grub
This is the author of the rebased patches:
https://nicholasjohnson.ch/
(Nicholas Johnson <nick@nicholasjohnson.ch>)
However, this is a *rebase* performed by Nicholas,
based on these patches:
https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git
...at revision: 1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d
The AUR patches were based on GRUB 2.06, whereas Nicholas's
rebase is upon grub 2.12, which Libreboot currently uses.
These patches import the PHC implementation of argon2i/id
key derivation functions, seen here:
https://github.com/P-H-C/phc-winner-argon2
GRUB (upstream) does not merge these patches and probably won't,
because even though they're libre, they're not copylefted or
otherwise under GPL terms that GRUB can accept.
Therefore, we in Libreboot must maintain these from now on,
for our version of GRUB. The upshot? LUKSv2 decryption should
now work, perfectly, in GRUB!
Signed-off-by: Leah Rowe <leah@libreboot.org>
17 commits above 2.12-rc1, with some fixes.
i'm about to merge luks2 argon2 patches in a
follow-up commit, and they're based upon this
revision of grub
Signed-off-by: Leah Rowe <leah@libreboot.org>
./update seabios configs? gone
.modify coreboot configs? gone
it's now all 1 script, called e.g.
./modify defconfig options -u coreboot <-- runs make oldconfig
./modify defconfig options -m seabios <-- runs make menuconfig
./modify defconfig options -u u-boot gru_bob <-- oldconfig, and only gru_bob
./modify defconfig options -u coreboot x60 x200_8mb
etc. you get the idea. same behaviour as before with all
the separate scripts, but now its one unified script.
184 sloc reduction in resources/scripts/
Signed-off-by: Leah Rowe <leah@libreboot.org>
x86 u-boot is a bit flaky and this board never builds.
re-add it ot a later date.
u-boot is only really used in arm machines,
for our purposes at least.
Signed-off-by: Leah Rowe <leah@libreboot.org>
See file:
resources/scripts/build/defconfig/for
It is based on:
resources/scripts/build/payload/u-boot
The u-boot payload script has been deleted, as has the
seabios payload script; the build/boot/roms logic has
been heavily simplified too, by removing the logic for
building of elf files based on defconfig.
SeaBIOS, U-Boot and coreboot all use defconfig-type
infrastructure for their build systems, and they are
fundamentally the *same* in how to compile each codebase,
at least in an lbmk context, regardless of actual (and
very huge) differences in these codebases.
Several hundred sources-lines of code have been eliminated
by this change, drastically simplifying everything; U-Boot
payload compiling also now errors out when a single build
fails, instead of continuing. Also: build/boot/roms no longer
re-compiles a coreboot target that was already compiled,
which is the same behaviour observed for payloads.
(this means you must now manually delete a target, when you
wish to re-build it; the build/boot/roms logic now more or
less just runs cbfstool; blobutil is handled from
build/defconfig/for)
ALSO: Since crossgcc is now handled by build/defconfig/for, not
build/boot/roms, standalone compiling of u-boot is now possible.
This has been tested. You compile it like so:
./build defconfig for u-boot
or specific trees, e.g.
./build defconfig for u-boot default
One other consequence of this patch is that re-building the same
ROM image is now much faster, because the same builds are re-used
unless deleted. This could be useful when testing grub.cfg changes,
for example, if that's all you change. With things like ccache used
(not yet used robustly in lbmk), this could speed things up more,
depending on the codebase.
This patch demonstrates the raw power of lbmk; it is a very
simple and highly efficient build system, and now much more so!
Signed-off-by: Leah Rowe <leah@libreboot.org>
With newer hostcc, trying to build GCC 8.3.0 will raise an error from ld:
undefined reference to `__gnat_begin_handler_v1'
This commit adds a patch for GCC found on coreboot [1] correcting this
error by backporting the GNAT exception handler v1 to GCC 8.3.0 allowing
GNAT to be built with newer hostcc like GCC 10+.
[1]https://review.coreboot.org/c/coreboot/+/42158
Signed-off-by: Adrien 'neox' Bourmault <neox@gnu.org>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
it's bloat, and was only there for backwards compatibility
with the old commands, but the new commands are e.g.
./update blobs inject
instead of:
./blobutil inject
this results in a slight code size reduction in lbmk
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of them were just calling the gitclone script,
so remove them.
the grub script was treating gnulib as a dependency.
i've now added the ability to grab 1 dependency, in
the gitclone script (it should be expanded later to
support multiple dependencies)
the gitclone script has been renamed to "fetch".
the "fetch_trees" script does more or less the same
thing, but calls "fetch" and handles multiple revisions
if a project needs that
this is more efficient, and slightly reduces the code
size of lbmk!
Signed-off-by: Leah Rowe <leah@libreboot.org>
Leah Rowe