handle errors on sha512sum - also handle awk errors inside
the mini subshell, and provide overall error handling.
we know that the project.hash file should always exist, and
always be read no matter what; technically, the find command
that proceeds it might not yield any results, but an empty
file would then be produced.
the edge case of an empty file would have lead to an error
beforehand, when configuring the project in function,
configure_project(), so we've already got that covered.
Signed-off-by: Leah Rowe <leah@libreboot.org>
when reading old_pjhash, we need to error out where a read
error occurs. such an error is unlikely, but could occur under
certain edge cases.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't do no-op if it fails; fall back to "clean" instead,
and fail if that fails.
The no-op was there was not all projects have distclean,
but we do intend for them all to be cleaned.
We mitigate further error by only running make-clean if
a makefile exists.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Don't copy the files directly, because we might be doing
this from a work directory that has no files; in this case,
generic "unknown" variables are used, without generating
any files, so the current logic would produce an error.
However, we do need to create those dot files, because
we then rely on them for building release binaries.
The new logic maintains current behaviour, while fixing
this technical edge-case scenario via mitigation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
stick it in git_prep, which both single- and multi-tree
projects will use, when downloading git repositories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The following execution will result in another printf
that says exactly what is being downloaded.
There is no need to inform the user twice about
what is being downloaded.
Signed-off-by: Leah Rowe <leah@libreboot.org>
A git-pull is performed immediately after git-fetch.
Git-pull already performs git-fetch as a prerequisite.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the checks at the end of the function are mostly
superfluous, because bad_checksum() is immediately
called just beforehand, and performs the same checks.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the current behaviour is a relic from the older lbmk
design, before recent auditing.
the current logic would cause xbmk to continue execution,
going into a child process with .git/ being a symlink.
The .git/ directory should never be a symlink, because
it is extremely error-prone.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We rely on a non-zero exit on other try_ commands, which
works fine there because we then check the file afterward
and error out accordingly.
For git repositories, we assume that both mirrors are
identical and therefore once we get to the first clone
attempt, we assume that it must succeed.
Therefore, if it does not succeed, we must fail. This fixes
a regression I found in testing, where sometimes a failed
patching attempt would not result in an error exit, and
would therefore result in broken sources being present.
In practise, I always very closely watch the terminal when
testing xbmk, especially when updating project patches, so
we probably didn't introduce any broken sources in practice.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This code was introduced to provide fault tolerance,
so that if I forgot to manually update the configs
myself, builds would still succeed, e.g. coreboot
builds.
However, there have been cases in the past where this
introduces settings we don't want, and in general we
do want to know when there is an error in the configs.
The policy should always be: fail early, fail hard.
This also mitigates bugs in U-Boot's build system; for
example, when I last attempted to update the U-Boot
tree for x86, make-oldconfig introduced a lot of junk
settings unrelated, which then introduced code that
would brick the board if you tried it on one, e.g.
it broke booting most Linux kernels via bootflow.
With this change, U-Boot will be easier to handle,
which normally requires manual configuration; the
automated make-oldconfig reconfiguration feature
breaks U-Boot. This will no longer occur, since we
no longer run it manually.
On the other hand, this feature has also prevented
other disastrous bugs in the past, such as when I
forgot to properly set the SPD size on T480; it was
set to 256 bytes, not 512 as is correct. Therefore,
this new design change means I must also be more
vigilant about config changes in project trees.
Signed-off-by: Leah Rowe <leah@libreboot.org>
it mainly does general tasks, like handling utils
and enabling ccache. the vfiles are a small part.
rename the function accordingly. it is called by
premake, so let's call it corebootpremake.
this change will also make sense when cherry-picked
into cbmk, which does not handle vfiles at all.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we simply do not need to run the make-oldconfig command
at all, and after removing it, the "cook" function seemed
quite redundant so i merged it with mkvendorfiles()
Signed-off-by: Leah Rowe <leah@libreboot.org>
define it with a single variable, rather than several.
this allows several checks to be greatly simplified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
In practise, coreboot can set this bit at build time.
We also use ME Soft Temporary Disable by default, on
this platform.
We also use me_cleaner by default, so the me.bin file
added to flash only contains the code that would run
with HAP set anyway.
Therefore, this change is of little practical consequence,
but as a friend put it to me, this change is most technically
correct.
And I'm all about technical correctness.
Signed-off-by: Leah Rowe <leah@libreboot.org>
We only need the Kabylake version. We can safely
remove the other ones, thereby significantly
reducing the size of the lbmk release archive.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Right now, if cache/clone/PROJECT/ already exists,
the logic for pulling new changes doesn't execute,
and neither does the logic for updating remotes.
This is bad when updating revisions, because then
manual updating is required, defeating the purpose
of xbmk's own automation in this regard.
Fix it by only checking the cached download on files,
not Git repositories; the try_git function itself will
already perform this check, before updating remotes
and pulling in new commits from upstream.
The updating only happens when a given target directory
doesn't exist, e.g. src/flashprog/ or src/grub/default/,
so this won't slow down release builds for example.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, an "unknown" version number is created.
This regression was caused by the recent optimisation
that reduces the amount of extra work done by init.sh
on child instances of xbmk.
As a result of those changes, now release.sh has to
do some minor initialisation of its own, such as this.
Signed-off-by: Leah Rowe <leah@libreboot.org>
also pcsx-redux
this way, commands like "./mk -u" without argument
will not fail. these fake makefile commands do nothing.
otherwise, an error errors because their makefiles
do not define these options.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Otherwise, ./mk -d (without arguments) fails for GRUB,
which first requires running autoconf to get a Makefile.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This brings in several changes from upstream:
* 73d1c959e cryptocheck: Add --quiet option
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
* 301b4ef25 disk/cryptodisk: Add the "erase secrets" function
* 23ec4535f docs: Document available crypto disks checks
* 10d778c4b commands/search: Add the diskfilter support
* 7a584fbde disk/diskfilter: Introduce the "cryptocheck" command
* ed691c0e0 commands/search: Introduce the --cryptodisk-only argument
* c448f511e kern/rescue_reader: Block the rescue mode until the CLI authentication
* 4abac0ad5 fs/xfs: Fix large extent counters incompat feature support
This commit is of particular interest:
* dbc0eb5bd disk/cryptodisk: Wipe the passphrase from memory
Signed-off-by: Leah Rowe <leah@libreboot.org>
This reverts commit fb7aaa78bb.
it caused a few issues. will re-do later
the old code isn't really broken, just inefficient, because
several files are scanned twice, but in practise the overhead
isn't that great
The error occurs sometimes, when bruteforcing me.bin:
ERROR ./mk: Unhandled error for: mv /home/user/lbmk/tmp/me.bin /home/user/lbmk/cache/tmpdl/check
This revert should fix the issue, for now.
i'm adding characters to 7ztest, which isn't being passed
on through because everything runs in subshells; the next
pass would default back to the original string, so a given
file may be checked multiple times.
fix this by mitigation; use the random string from mktemp
as a suffix instead.
in practice, this has not affected performance much, but it
will nevertheless avoid unnecessary work by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't skip if the URL is empty. throw an error instead.
i decree that all links must be properly initialised, because
that is the design of lbmk. where only one link is provided,
such as in a local copy operation, the second would succeed no
better than the first so two identical paths are given.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the intent once again is that this for loop shall
return, with zero status, if success is observed.
otherwise, the loop breaks and an error is thrown.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The idea in this function is that if a file or repo is
successfully handled, a return will be performed from the
loop.
If the loop exits for any reason, an error is thrown. The
current code is probably fine, but I can forsee future
modifications possibly causing bugs here.
Make it unambiguous, by always throwing an error if execution
reaches the end of the function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Because of how sh works, having just the [] line causes
sh to exit, annoyingly without an error message, but it
does cause a non-zero exit.
This bug will have already been triggering, before I added
the recent error handling on files for this for loop.
also do it to the other loop in lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
I never really intended for this to be configurable,
but the cache directory is also used during release
builds.
There's too much that can go wrong, letting the user
decide where their cache is. Simplify it by hardcoding.
Signed-off-by: Leah Rowe <leah@libreboot.org>
