summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Banon <mikebdp2@gmail.com>2021-02-21 19:20:40 +0300
committerPatrick Georgi <pgeorgi@google.com>2021-04-16 06:49:18 +0000
commit40df8aa84bcdb13b5b7213d90eca04c3f4f6c6ac (patch)
tree791685ab958e21750977fbcf6d4305ffdc00a50b
parenta7696adbeb1f3ad7408a02ba82930c02079b01ed (diff)
downloadcoreboot-40df8aa84bcdb13b5b7213d90eca04c3f4f6c6ac.tar.xz
tint: introduce the new tint build system with checksum verification
Three stages of the new tint build system: 1) generate_core.sh extracts the core part from buildgcc script, most importantly the checksum calculation/verification functions. 2) tintify_core.sh adds the tint-specific footer/header to the core, such as the properties of current version including its checksum. 3) tint.sh - generated and "tintified" core script - builds a tint. Signed-off-by: Mike Banon <mikebdp2@gmail.com> Change-Id: Ib71f5b861ecf91949a5af12812258e60873f0498 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50991 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
-rw-r--r--payloads/external/tint/Makefile73
-rwxr-xr-xpayloads/external/tint/generate_core.sh102
-rw-r--r--payloads/external/tint/tint-0.05_libpayload.patch (renamed from payloads/external/tint/libpayload_tint.patch)0
-rwxr-xr-xpayloads/external/tint/tintify_core.sh98
4 files changed, 252 insertions, 21 deletions
diff --git a/payloads/external/tint/Makefile b/payloads/external/tint/Makefile
index e57132c8e3..5bd9df5a4f 100644
--- a/payloads/external/tint/Makefile
+++ b/payloads/external/tint/Makefile
@@ -1,5 +1,25 @@
-project_url=https://mirror.fsf.org/trisquel/pool/main/t/tint/tint_0.05.tar.xz
-archive_name=tint_0.05.tar.xz
+#
+# TINT build system - helps to securely download TINT with a checksum verification and build it.
+#
+
+#
+# Properties of the current TINT version
+#
+
+TINT_VERSION=0.05
+TINT_EXT_VERSION=0.05
+TINT_ARCHIVE_LINK="https://mirror.fsf.org/trisquel/pool/main/t/tint/tint_${TINT_EXT_VERSION}.tar.xz"
+TINT_ARCHIVE="tint_${TINT_VERSION}.tar.xz"
+TINT_DIR="tint-${TINT_VERSION}"
+TINT_SHA1SUM="859008216930a4584e622d0df41fd75c44d2b47f"
+
+#
+# Locations of the input/output scripts
+#
+
+buildgcc="./../../../util/crossgcc/buildgcc"
+corescript="./core.sh"
+tintified="./tint.sh"
unexport KCONFIG_AUTOHEADER
unexport KCONFIG_AUTOCONFIG
@@ -10,28 +30,39 @@ unexport KCONFIG_NEGATIVES
all: tint
-tint: patch
- echo " MAKE TINT "
- $(MAKE) -C tint
-
-patch: download
- cd tint; \
- if [ -e debian ]; then \
- rm -rf debian typedefs.h Makefile; \
- touch Makefile; \
- patch -l -p1 < ../libpayload_tint.patch; \
- fi
+################################################################################
+#
+# Three stages of TINT build system:
+#
+# 1) generate_core.sh extracts the core part from buildgcc script,
+# most importantly the checksum calculation/verification functions.
+#
+# 2) tintify_core.sh adds the TINT-specific footer/header to the core,
+# such as the properties of current version including its checksum.
+#
+# 3) tint.sh - generated and "tintified" core script - builds a TINT.
+#
+################################################################################
-download:
- test -d tint || { wget $(project_url); \
- tar -xvf $(archive_name); \
- rm $(archive_name); \
- mv tint-0.05 tint; }
+tint:
+ if [ ! -f ${tintified} ]; then \
+ chmod +x "./generate_core.sh" ; \
+ "./generate_core.sh" ${buildgcc} ${corescript} "prepare_before_patch" ; \
+ chmod +x "./tintify_core.sh" ; \
+ "./tintify_core.sh" ${corescript} ${tintified} \
+ ${TINT_ARCHIVE_LINK} ${TINT_ARCHIVE} ${TINT_DIR} ${TINT_SHA1SUM} ; \
+ fi ; \
+ chmod +x ${tintified}
+ ${tintified}
clean:
- test -d tint && $(MAKE) -C tint clean || exit 0
+ test -d "./tint/" && $(MAKE) -C "./tint/" clean || exit 0
distclean:
- rm -rf tint
+ rm -rf "./tint/"
+ rm -f ${corescript}
+ rm -f ${tintified}
+
+.PHONY: tint clean distclean
-.PHONY: download patch tint clean distclean
+#
diff --git a/payloads/external/tint/generate_core.sh b/payloads/external/tint/generate_core.sh
new file mode 100755
index 0000000000..bb0de2d169
--- /dev/null
+++ b/payloads/external/tint/generate_core.sh
@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# generate_core.sh extracts the core part from buildgcc script,
+# most importantly the checksum calculation/verification functions.
+#
+# Copyright (C) 2019 Mike Banon <mikebdp2@gmail.com>
+#
+##############################################################################
+#
+# USAGE:
+# ./generate_core.sh <buildgcc> <corescript> prepare_before_patch
+# where
+# buildgcc - path to input buildgcc script
+# corescript - path to output core part script
+# prepare_before_patch - optional argument to insert prepare_${package}
+# call into the unpack_and_patch function, e.g.
+# for removing some files with rm command
+# in order to reduce the size of patch file
+#
+##############################################################################
+
+buildgcc="$1"
+corescript="$2"
+prepare_before_patch="$3"
+
+#
+# Imports the source file fragment between start and end into the
+# destination file, optionally excluding the last line if not needed
+#
+
+import_from_file() {
+ source="$1"
+ destination="$2"
+ start="$3"
+ end="$4"
+ last_line_disabled="$5"
+ if [ -z "${last_line_disabled}" ] ; then
+ sed -n "/^${start}/,/^${end}/{/^${start}/{p;n};{p}}" "$source" >> "$destination"
+ else
+ sed -n "/^${start}/,/^${end}/{/^${start}/{p;n};/^${end}/{q};{p}}" "$source" >> "$destination"
+ fi
+}
+
+#
+# Import the color defines together with UNAME/HALT_FOR_TOOLS variables
+#
+
+import_from_file "$buildgcc" "$corescript" "red=" "HALT_FOR_TOOLS=0" || exit "$?"
+
+#
+# Import the core functions
+#
+
+FUNCTIONS="please_install searchtool download compute_hash error_hash_mismatch verify_hash unpack_and_patch"
+
+for F in $FUNCTIONS ; do
+ import_from_file "$buildgcc" "$corescript" "$F()" "}" || exit "$?"
+done
+
+#
+# Import a fragment where we find tar/patch/make and other essential tools
+#
+
+import_from_file "$buildgcc" "$corescript" "# Find all the required tools" "# Allow" "last_line_disabled" || exit "$?"
+
+#
+# Import a fragment with conditional exit if some required tools were not found
+#
+
+import_from_file "$buildgcc" "$corescript" "if \[ \"\$HALT_FOR_TOOLS" "fi" || exit "$?"
+
+#
+# Avoid the unnecessary subdirectories holding a single file each
+#
+
+sed -i -e "s/patches\///g" "$corescript"
+sed -i -e "s/sum\///g" "$corescript"
+sed -i -e "s/tarballs\///g" "$corescript"
+sed -i -e "s/cd tarballs || exit 1//g" "$corescript"
+sed -i -e "s/cd \.\.//g" "$corescript"
+
+#
+# Get the known checksum without using a dedicated single-line file
+#
+
+sed -i -e "s/\tknown_hash=\"\$(get_known_hash.*/\tknown_hash=\"\$2\"/g" "$corescript"
+
+#
+# Update the paths printed at the error messages
+#
+
+sed -i -e "s/util\/crossgcc\///g" "$corescript"
+
+#
+# Insert prepare_${package} function call between the unpack and patch operations
+#
+
+if [ ! -z "${prepare_before_patch}" ] ; then
+ sed -i -e "/\$TAR \$FLAGS \"\$(basename \"\$archive\")\"/a prepare_\${package} || exit \"\$?\"" "$corescript"
+fi
+
+#
diff --git a/payloads/external/tint/libpayload_tint.patch b/payloads/external/tint/tint-0.05_libpayload.patch
index 6c9594a369..6c9594a369 100644
--- a/payloads/external/tint/libpayload_tint.patch
+++ b/payloads/external/tint/tint-0.05_libpayload.patch
diff --git a/payloads/external/tint/tintify_core.sh b/payloads/external/tint/tintify_core.sh
new file mode 100755
index 0000000000..c2eb7e6b78
--- /dev/null
+++ b/payloads/external/tint/tintify_core.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+#
+# tintify_core.sh adds the TINT-specific footer/header to the core,
+# such as the properties of current TINT version including its checksum.
+#
+# Copyright (C) 2019 Mike Banon <mikebdp2@gmail.com>
+#
+################################################################################
+#
+# USAGE:
+# ./tintify_core.sh <corescript> <tintified> \
+# <TINT_ARCHIVE_LINK> <TINT_ARCHIVE> <TINT_DIR> <TINT_SHA1SUM>
+# where
+# corescript - path to input core script
+# tintified - path to output tint script
+#
+################################################################################
+
+corescript="$1"
+tintified="$2"
+
+#
+# TINT-specific header
+#
+
+#
+# Insert the properties of the current TINT version
+#
+
+echo "#!/bin/sh" > "$tintified"
+echo "TINT_ARCHIVE_LINK=${3}" >> "$tintified"
+echo "TINT_ARCHIVE=${4}" >> "$tintified"
+echo "TINT_DIR=${5}" >> "$tintified"
+echo "TINT_SHA1SUM=${6}" >> "$tintified"
+
+#
+# Add the replace_plus_with_minus() function - needed to fix the version number
+#
+
+echo "replace_plus_with_minus() {" >> "$tintified"
+echo "for x in *\"+\"*; do" >> "$tintified"
+echo "y=\$(printf %sa \"\$x\" | tr \"+\" \"-\")" >> "$tintified"
+echo "mv -- \"\$x\" \"\${y%a}\"" >> "$tintified"
+echo "done" >> "$tintified"
+echo "}" >> "$tintified"
+
+#
+# Add the prepare_TINT() function, it will remove the unneeded debian directory
+# as well as typedefs.h and old Makefile to significantly reduce the patch size
+#
+
+echo "prepare_TINT() {" >> "$tintified"
+# echo "replace_plus_with_minus" >> "$tintified"
+echo "if [ ! -z ./\${TINT_DIR} ] && [ -e ./\${TINT_DIR}/debian ] ; then" >> "$tintified"
+echo "rm -rf ./\${TINT_DIR}/debian ./\${TINT_DIR}/typedefs.h ./\${TINT_DIR}/Makefile;" >> "$tintified"
+echo "touch ./\${TINT_DIR}/Makefile;" >> "$tintified"
+echo "fi" >> "$tintified"
+echo "}" >> "$tintified"
+
+#
+# Importing the core script
+#
+
+cat "$corescript" >> "$tintified"
+
+#
+# download() function adjustments - became necessary after a version number fix
+#
+
+sed -i -e "/download() {/a package=\$1\narchive_link=\"\$(eval echo \\\\\$\$package\"_ARCHIVE_LINK\")\"" "$tintified"
+sed -i -e "s/downloading from \$archive/&_link/g" "$tintified"
+sed -i -e "s/\(download_showing_percentage \"\$archive\)./\1_link\"/g" "$tintified"
+
+#
+# TINT-specific footer
+#
+
+echo "if [ ! -d tint ] ; then" >> "$tintified"
+
+echo "printf \"Downloading and verifying TINT tarball ... \\n\"" >> "$tintified"
+echo "download TINT || exit \"\$?\"" >> "$tintified"
+echo "verify_hash TINT \${TINT_SHA1SUM} || exit \"\$?\"" >> "$tintified"
+echo "printf \"Downloaded TINT tarball ... \${green}ok\${NC}\\n\"" >> "$tintified"
+
+echo "printf \"Unpacking and patching TINT... \\n\"" >> "$tintified"
+echo "unpack_and_patch TINT || exit 1" >> "$tintified"
+echo "printf \"Unpacked and patched TINT... \${green}ok\${NC}\\n\"" >> "$tintified"
+
+echo "mv ./\${TINT_DIR} ./tint" >> "$tintified"
+echo "fi" >> "$tintified"
+
+echo "printf \"Building TINT ... \\n\"" >> "$tintified"
+echo "make -C ./tint" >> "$tintified"
+echo "printf \"TINT built ... \${green}ok\${NC}\\n\"" >> "$tintified"
+
+chmod +x "$tintified"
+
+#