i'm adding characters to 7ztest, which isn't being passed
on through because everything runs in subshells; the next
pass would default back to the original string, so a given
file may be checked multiple times.
fix this by mitigation; use the random string from mktemp
as a suffix instead.
in practice, this has not affected performance much, but it
will nevertheless avoid unnecessary work by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't skip if the URL is empty. throw an error instead.
i decree that all links must be properly initialised, because
that is the design of lbmk. where only one link is provided,
such as in a local copy operation, the second would succeed no
better than the first so two identical paths are given.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the intent once again is that this for loop shall
return, with zero status, if success is observed.
otherwise, the loop breaks and an error is thrown.
Signed-off-by: Leah Rowe <leah@libreboot.org>
The idea in this function is that if a file or repo is
successfully handled, a return will be performed from the
loop.
If the loop exits for any reason, an error is thrown. The
current code is probably fine, but I can forsee future
modifications possibly causing bugs here.
Make it unambiguous, by always throwing an error if execution
reaches the end of the function.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Because of how sh works, having just the [] line causes
sh to exit, annoyingly without an error message, but it
does cause a non-zero exit.
This bug will have already been triggering, before I added
the recent error handling on files for this for loop.
also do it to the other loop in lib.sh
Signed-off-by: Leah Rowe <leah@libreboot.org>
I never really intended for this to be configurable,
but the cache directory is also used during release
builds.
There's too much that can go wrong, letting the user
decide where their cache is. Simplify it by hardcoding.
Signed-off-by: Leah Rowe <leah@libreboot.org>
already present on a few other config files, e.g. arch
i noticed on debian-experimental that i needed to explicitly
install it, whereas it was implicitly installed on debian 12
Signed-off-by: Leah Rowe <leah@libreboot.org>
it's just two lines, and we want much more granular
control of where the lock is enforced. it should be
JUST after confirming that the instance is a parent.
it is at this moment that we should bail if a lock
file exists, because this signals that another instance
of xbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
once again, we are being stricter in child instances.
we must ensure that these variables are set by xbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we no longer rely on the .git version being
read by child instances, so we MUST ensure
that it is being read.
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't update them on child instances, since it's a waste
of time; the lock file prevents further execution, so we
are just wasting time writing to disk.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we don't need to read or write a file at all, in that case.
we only then need to generate one if running ./mk release.
the scenario in which no .git and no version files exist
is when someone grabs the build system from a snapshot
generated by e.g. forgejo instances. it's ill advised, so
we advise against it, but it is mitigated in code.
Signed-off-by: Leah Rowe <leah@libreboot.org>
That way, unnecessary work is avoided on child instances.
Of course, the current check assumes that TMPDIR wasn't
already set by a wily user before running lbmk, but then
those sorts of users probably know what they're doing.
If they don't know, they will soon find out. Therefore, I
have added additional checks on child instances, preventing
the build system from running if XBMK_CACHE is not set; if
it isn't, then that could very easy lead to certain system
files being overwritten.
The user must never know what happens if XBMK_CACHE is unset.
We simply will not allow it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
all this function does now is create the python symlink,
based on work that was already performed in set_pyver
Signed-off-by: Leah Rowe <leah@libreboot.org>
Do it after the creation of xbmkpath.
This avoids performing an unnecessary check, since
PATH will have already been corrected for child
instances; Python will already be correct there.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we mkdir -p xbmklocal, only to remkdir it immediately
afterward, which is the intended behaviour; on parent
instances, xbmklocal is to be re-created fresh.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this function now simply creates directories that lbmk
will use, rather than creating specific directories.
Signed-off-by: Leah Rowe <leah@libreboot.org>
we must only set this in the parent instance, not
child instances. this prevents the variable from
being over-populated with repeated entries.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this way, initialisation will not be performed erroneously
while another parent instance of lbmk is running.
Signed-off-by: Leah Rowe <leah@libreboot.org>
This is earlier than the current check, thus preventing
the initialisation of a git repository and/or the recreation
of xbmktmp and xbmklocal by erroneous parent executions of lbmk
while another parent is running - the latter of which could have
caused a massively unpredictable build failure, so this is also
a pre-emptive bug fix, fixing all kinds of weird bugs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
i wasn't ok having that variable initialisation and
then the commands on the same line. it looks messy.
having the commands on a separate line makes the code nice
to read, so let's separate them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
the user doesn't care where the temporary git repo is
git shows that information anyway, in the git clone command
Signed-off-by: Leah Rowe <leah@libreboot.org>
we really only need it there, because the context is
for release archives. normal use of the git repository
doesn't matter in the context of deletions, because that
will not be distributed. only the result of ./mk release
will be distributed.
the builds produced will not change as a result of this,
for people using the normal git repository, because the
files in question are never used anyway, in our configs.
this is being done to make working on local repos easier.
Signed-off-by: Leah Rowe <leah@libreboot.org>
otherwise, ./mk -b (without argument) will fail, on release
archives. also, perhaps i should add an mkhelper to build it?
Signed-off-by: Leah Rowe <leah@libreboot.org>
this is the mkdir call that createsn the directory where
a cached git repository is moved to, during creation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
On release archives, I overlooked the previous change to
downloads, during the recent implementation of extra safety
checks. I previously checked there whether the variable named
CONFIG_KBC1126_FIRMWARE was defined, and grabbed both; now I
check CONFIG_KBC1126_FW1 and CONFIG_KBC1126_FW2 separately,
grabbing each file separately.
This patch replicates that change for insertions. Otherwise,
hash verification on ROM images will fail, when running the
inject script on release images.
Downloading was being done, reliably, and the extracted files
were correct, so there was no danger if the user was building
from source and flashing that way.
However, checksum verification on full images failed when
inserting into archives. This is not because the files were
wrong; they were *correct*. However, the EC firmware was not
being inserted *at all* on HP EliteBooks, because of this
oversight. The check is now based on whether the paths to
the files themselves are defined, not whether EC firmware
is enabled in the coreboot config; the latter is implied.
With this patch, vendor file insertion once again works
perfectly, without error, on every board. There was no real
danger for users, just a minor inconvenience. Sorry!
Signed-off-by: Leah Rowe <leah@libreboot.org>
the exit from mkdst can also be non-zero if mv or cp
failed, but there's no way to handle that reliably.
therefore, the checksum verification should be done
one final time, to compensate.
Signed-off-by: Leah Rowe <leah@libreboot.org>
I currently check the downloaded files e.g. .exe file, but
then I don't check - or even define - sha512sums for the
files extracted from them e.g. me.bin
This patch fixes that. It also caches the hashed files, so
that extraction is faster on a re-run - this makes release
builds go faster, when running ./mk release
If a checksum is not defined, i.e. blank, then a warning is
given, telling you to check a specific directory. This way,
when adding new vendor files, you can add it first without
specifying the checksum, e.g. me.bin checksum. Then you can
manually inspect the files that were extracted, and define it,
then test again.
In a given pkg.cfg for config/vendor, the following variables
are now available for use:
FSPM_bin_hash for fsp m module
FSPS_bin_hash for fsp s module
EC_FW1_hash for KBC1126 EC firmware (1st file)
EC_FW2_hash for KBC1126 EC firmware (2nd file)
ME_bin_hash for me.bin
MRC_bin_hash for mrc.bin (broadwell boards)
REF_bin_hash for refcode (broadwell boards)
SCH5545EC_bin_hash for sch5545 firmware (Dell Precision T1650)
TBFW_bin_hash for Lenovo ThunderBolt firmware (e.g. T480/T480s)
E6400_VGA_bin_hash for Dell E6400 Nvidia VGA ROM
In practise, most people use release archives, and the
inject script, so I knew those were reliable, because the ROM
images were hashed prior to removing files. This patch benefits
people using lbmk.git directly, without using release files,
because now they know they have a valid file e.g. me.bin
Previously, only the download was checked, not the extracted
files, which meant that the only thing preventing a brick was
the code not being buggy. Any number of bugs could pop up in
the future, so this new level of integrity will protect against
such a scenario, and provide early warning prompting bug fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
