splatink/lbmk
1
0
Fork 0
mirror of https://codeberg.org/libreboot/lbmk.git synced 2026-03-27 06:19:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f44b99c808ed834dceea1109c34a2f587bb46a06
lbmk/script/update/release
Leah Rowe f44b99c808 don't delete microcode updates in rom images 
at present, lbmk can remove microcode updates on images for
a given target, if the target specifies
microcode_required="n" in target.cfg

lbmk then provides images with microcode, and images without,
in a given release. although the user can also remove them
manually, this just makes it a bit more convenient, for those
users who do wish to run without the updates. this functionality
is provided only on those platforms where no-microcode is tested.

well, this behaviour implements a compromise on libreboot policy,
which is to always include microcode updates by default. see:
Binary Blob Reduction Policy

the *canoeboot* project now exists, developed in parallel with
libreboot, and it ships without microcode updates, on the same
targets where lbmk also handled this.

running without microcode updates is foolish, and should not
be encouraged. clean up lbmk by not providing this kludge.

the libreboot documentation will be updated, telling such users
to try canoeboot instead, or to remove the update from a given
libreboot rom - this is still possible, and mitigations such as
PECI disablement on GM45 are still in place (and will be kept),
so that this continues to work well.

Signed-off-by: Leah Rowe <leah@libreboot.org>
2023-12-23 06:59:48 +00:00

212 lines
6.1 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env sh
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2020-2023 Leah Rowe <leah@libreboot.org>
set -u -e
. "include/err.sh"
. "include/option.sh"
eval "$(setvars "" vdir relname src_dirname srcdir _xm target romdir mode)"
main()
{
vdir="release"
while getopts d:m: option; do
[ -z "${OPTARG}" ] && err "Empty argument not allowed"
case "${option}" in
d) vdir="${OPTARG}" ;;
m) mode="${OPTARG}" ;;
*) err "Invalid option" ;;
esac
done
vdir="${vdir}/${version}"
relname="${projectname}-${version}"
src_dirname="${relname}_src"
srcdir="${vdir}/${src_dirname}"
[ -e "${vdir}" ] && err "already exists: \"${vdir}\""
mkvdir
build_release
printf "DONE! Check release files under %s\n" "${vdir}"
}
mkvdir()
{
mkdir -p "${vdir}" || err "mkvdir: !mkdir -p \"${vdir}\""
git clone . "${srcdir}" || err "mkdir: !gitclone \"${srcdir}\""
insert_version_files "${srcdir}" || err "mkvdir ${srcdir}: versionfile"
}
build_release()
{
_xm="build_release ${vdir}"
(
cd "${srcdir}" || err "${_xm}: !cd \"${srcdir}\""
fetch_trees
x_ mv src/docs docs
) || err "can't create release files"
(
cd "${srcdir%/*}" || err "${_xm}: mktarball \"${srcdir}\""
mktarball "${srcdir##*/}" "${srcdir##*/}.tar.xz" || err "${_xm}: mksrc"
) || err "can't create src tarball"
[ "${mode}" = "src" ] && return 0
(
cd "${srcdir}" || err "${_xm}: 2 !cd \"${srcdir}\""
mkrom_images
) || err "can't build rom images"
rm -Rf "${srcdir}" || err "!rm -Rf ${srcdir}"
}
fetch_trees()
{
for x in config/git/*; do
[ ! -f "${x}" ] || ./update trees -f "${x#config/git/}" || \
err "${_xm}: fetch ${x#config/git/}"
done
for x in config/*/build.list; do
[ -f "${x}" ] || continue
xp="${x#*/}"; xp="${xp%/*}"
[ -L "${xp}" ] || rm -Rf "src/${xp}/${xp}" || \
err "!rm -Rf \"src/${xp}/${xp}\""
done
find . -name ".git" -exec rm -Rf {} + || err "${_xm}: rm .git"
find . -name ".gitmodules" -exec rm -Rf {} + || err "${_xm}: rm .gitmod"
x_ rm -Rf tmp .git
}
mkrom_images()
{
x_ mkdir -p "vendorfiles/x201/"
dd if=/dev/zero of="vendorfiles/x201/me.bin" \
bs=68k count=1 || err "mkvdir: can't make fake x201 me.bin"
./build roms all || err "${_xm}: roms-all"
./build serprog rp2040 || err "${_xm}: rp2040"
./build serprog stm32 || err "${_xm}: stm32"
for rombuild in bin/*; do
[ -d "${rombuild}" ] || continue
handle_rom_archive "${rombuild}"
done
mv "release/${version}/roms/" ../roms || err "${_xm}: copy roms/"
}
handle_rom_archive()
{
builddir="${1}"
romdir="tmp/romdir"
rm -Rf "${romdir}" || err "!rm romdir, handle_rom_archive"
target="${builddir##*/}"
if [ ! -f "config/coreboot/${target}/target.cfg" ]; then
# No config, just make a tarball
tarball="release/${version}/roms/${relname}_${target}.tar.xz"
insert_copying_files "${builddir}" || \
err "!insert copy, handle, ${builddir}"
mktarball "${builddir}" "${tarball}"
return 0
fi
romdir="${romdir}/bin/${target}"
mkdir -p "${romdir}" || err "!mkdir -p romdir, handle_rom_archive"
cp "${builddir}/"* "${romdir}" || err "!cp romdir, handle_rom_archive"
nukerom
printf "Generating release/%s/roms/%s-%s_%s.tar.xz\n" \
"${version}" "${projectname}" "${version}" "${target##*/}"
insert_version_files "${romdir}" || \
err "mkrom_tarball ${romdir}: versionfile"
insert_copying_files "$romdir" || err "!insert copy, handle 2, $romdir"
mkrom_tarball
}
nukerom()
{
. "config/coreboot/${target}/target.cfg"
# Hash the images before removing vendor files
# which "./vendor inject" uses for verification
rm -f "${romdir}/vendorhashes" || err "!rm ${romdir}/vendorhashes"
touch "${romdir}/vendorhashes" || err "!touch ${romdir}/vendorhashes"
(
cd "${romdir}" || err "!cd romdir ${romdir}, nukerom"
sha512sum ./*.rom >> vendorhashes || err "!create vendorhashes, nukerom"
) || err "can't create vendor hashes"
for romfile in "${romdir}"/*.rom; do
[ -f "${romfile}" ] || continue
./vendor inject -r "${romfile}" -b "${target}" -n nuke || \
err "!vendor inject (nuke) ${romfile}, nukerom"
done
}
insert_copying_files()
{
remkdir "${1}/licenses"
l="${1}/licenses"
# copy licenses to rom image archive, for completion
cp "src/grub/COPYING" "${l}/COPYING.grub" || return 1
cp "src/coreboot/default/COPYING" "${l}/COPYING.coreboot" || return 1
cp -R "src/coreboot/default/LICENSES" "${l}/LICENSES.coreboot" || return 1
cp "src/seabios/default/COPYING" "${l}/COPYING.coreboot" || return 1
cp "src/seabios/default/COPYING.LESSER" "${l}/COPYING.LESSER.seabios" || return 1
cp -R "src/u-boot/default/Licenses" "${l}/COPYING.u-boot" || return 1
printf "Multiple licenses. Check corresponding %s source archive\n" \
"${projectname}" > "${1}/COPYING" || return 1
}
mkrom_tarball()
{
archivename="${relname}_${target##*/}"
f="release/${version}/roms/${archivename}"
mkdir -p "${f%/*}" || err "mkrom_tarball: !mkdir -p ${f%/*}"
(
cd "${romdir%"/bin/${target}"}" || err "!cd ${romdir%"/bin/${target}"}"
mktarball "bin/${target}" "${archivename}.tar.xz"
) || err "can't create rom tarball"
mv "${romdir%"/bin/${target}"}/${archivename}.tar.xz"* "${f%/*}" || \
err "!mktarball, rom, ${f%/*}/${romdir%"/bin/${target}"}/${archivename}.tar.xz"
printf "Created ROM archive: %s" "${f%/*}/${archivename}.tar.xz"
}
insert_version_files()
{
printf "%s\n" "${version}" > "${1}/version" || return 1
printf "%s\n" "${versiondate}" > "${1}/versiondate" || return 1
printf "%s\n" "${projectname}" > "${1}/projectname" || return 1
}
mktarball()
{
# preserve timestamps for reproducible tarballs
tar_implementation=$(tar --version | head -n1) || :
[ "${2%/*}" = "${2}" ] || mkdir -p "${2%/*}" || err "mk, !mkdir -p \"${2%/*}\""
if [ "${tar_implementation% *}" = "tar (GNU tar)" ]; then
tar --sort=name --owner=root:0 --group=root:0 \
--mtime="UTC 2023-11-06" -c "${1}" | xz -T0 -9e > "${2}" || \
err "mktarball 1, ${1}"
else
# TODO: reproducible tarballs on non-GNU systems
tar -c "${1}" | xz -T0 -9e > "${2}" || err "mktarball 2, ${1}"
fi
(
[ "${2%/*}" != "${2}" ] && x_ cd "${2%/*}"
sha512sum "${2##*/}" > "${2##*/}.sha512" || \
err "!sha512sum \"${2##*/}\" > \"${2##*/}.sha512\""
) || err "failed to create tarball checksum"
}
main $@
Reference in New Issue View Git Blame Copy Permalink