diff options
author | Mike Banon <mikebdp2@gmail.com> | 2021-02-21 19:20:40 +0300 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2021-04-16 06:49:18 +0000 |
commit | 40df8aa84bcdb13b5b7213d90eca04c3f4f6c6ac (patch) | |
tree | 791685ab958e21750977fbcf6d4305ffdc00a50b | |
parent | a7696adbeb1f3ad7408a02ba82930c02079b01ed (diff) | |
download | coreboot-40df8aa84bcdb13b5b7213d90eca04c3f4f6c6ac.tar.xz |
tint: introduce the new tint build system with checksum verification
Three stages of the new tint build system:
1) generate_core.sh extracts the core part from buildgcc script,
most importantly the checksum calculation/verification functions.
2) tintify_core.sh adds the tint-specific footer/header to the core,
such as the properties of current version including its checksum.
3) tint.sh - generated and "tintified" core script - builds a tint.
Signed-off-by: Mike Banon <mikebdp2@gmail.com>
Change-Id: Ib71f5b861ecf91949a5af12812258e60873f0498
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50991
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
-rw-r--r-- | payloads/external/tint/Makefile | 73 | ||||
-rwxr-xr-x | payloads/external/tint/generate_core.sh | 102 | ||||
-rw-r--r-- | payloads/external/tint/tint-0.05_libpayload.patch (renamed from payloads/external/tint/libpayload_tint.patch) | 0 | ||||
-rwxr-xr-x | payloads/external/tint/tintify_core.sh | 98 |
4 files changed, 252 insertions, 21 deletions
diff --git a/payloads/external/tint/Makefile b/payloads/external/tint/Makefile index e57132c8e3..5bd9df5a4f 100644 --- a/payloads/external/tint/Makefile +++ b/payloads/external/tint/Makefile @@ -1,5 +1,25 @@ -project_url=https://mirror.fsf.org/trisquel/pool/main/t/tint/tint_0.05.tar.xz -archive_name=tint_0.05.tar.xz +# +# TINT build system - helps to securely download TINT with a checksum verification and build it. +# + +# +# Properties of the current TINT version +# + +TINT_VERSION=0.05 +TINT_EXT_VERSION=0.05 +TINT_ARCHIVE_LINK="https://mirror.fsf.org/trisquel/pool/main/t/tint/tint_${TINT_EXT_VERSION}.tar.xz" +TINT_ARCHIVE="tint_${TINT_VERSION}.tar.xz" +TINT_DIR="tint-${TINT_VERSION}" +TINT_SHA1SUM="859008216930a4584e622d0df41fd75c44d2b47f" + +# +# Locations of the input/output scripts +# + +buildgcc="./../../../util/crossgcc/buildgcc" +corescript="./core.sh" +tintified="./tint.sh" unexport KCONFIG_AUTOHEADER unexport KCONFIG_AUTOCONFIG @@ -10,28 +30,39 @@ unexport KCONFIG_NEGATIVES all: tint -tint: patch - echo " MAKE TINT " - $(MAKE) -C tint - -patch: download - cd tint; \ - if [ -e debian ]; then \ - rm -rf debian typedefs.h Makefile; \ - touch Makefile; \ - patch -l -p1 < ../libpayload_tint.patch; \ - fi +################################################################################ +# +# Three stages of TINT build system: +# +# 1) generate_core.sh extracts the core part from buildgcc script, +# most importantly the checksum calculation/verification functions. +# +# 2) tintify_core.sh adds the TINT-specific footer/header to the core, +# such as the properties of current version including its checksum. +# +# 3) tint.sh - generated and "tintified" core script - builds a TINT. +# +################################################################################ -download: - test -d tint || { wget $(project_url); \ - tar -xvf $(archive_name); \ - rm $(archive_name); \ - mv tint-0.05 tint; } +tint: + if [ ! -f ${tintified} ]; then \ + chmod +x "./generate_core.sh" ; \ + "./generate_core.sh" ${buildgcc} ${corescript} "prepare_before_patch" ; \ + chmod +x "./tintify_core.sh" ; \ + "./tintify_core.sh" ${corescript} ${tintified} \ + ${TINT_ARCHIVE_LINK} ${TINT_ARCHIVE} ${TINT_DIR} ${TINT_SHA1SUM} ; \ + fi ; \ + chmod +x ${tintified} + ${tintified} clean: - test -d tint && $(MAKE) -C tint clean || exit 0 + test -d "./tint/" && $(MAKE) -C "./tint/" clean || exit 0 distclean: - rm -rf tint + rm -rf "./tint/" + rm -f ${corescript} + rm -f ${tintified} + +.PHONY: tint clean distclean -.PHONY: download patch tint clean distclean +# diff --git a/payloads/external/tint/generate_core.sh b/payloads/external/tint/generate_core.sh new file mode 100755 index 0000000000..bb0de2d169 --- /dev/null +++ b/payloads/external/tint/generate_core.sh @@ -0,0 +1,102 @@ +#!/bin/sh +# +# generate_core.sh extracts the core part from buildgcc script, +# most importantly the checksum calculation/verification functions. +# +# Copyright (C) 2019 Mike Banon <mikebdp2@gmail.com> +# +############################################################################## +# +# USAGE: +# ./generate_core.sh <buildgcc> <corescript> prepare_before_patch +# where +# buildgcc - path to input buildgcc script +# corescript - path to output core part script +# prepare_before_patch - optional argument to insert prepare_${package} +# call into the unpack_and_patch function, e.g. +# for removing some files with rm command +# in order to reduce the size of patch file +# +############################################################################## + +buildgcc="$1" +corescript="$2" +prepare_before_patch="$3" + +# +# Imports the source file fragment between start and end into the +# destination file, optionally excluding the last line if not needed +# + +import_from_file() { + source="$1" + destination="$2" + start="$3" + end="$4" + last_line_disabled="$5" + if [ -z "${last_line_disabled}" ] ; then + sed -n "/^${start}/,/^${end}/{/^${start}/{p;n};{p}}" "$source" >> "$destination" + else + sed -n "/^${start}/,/^${end}/{/^${start}/{p;n};/^${end}/{q};{p}}" "$source" >> "$destination" + fi +} + +# +# Import the color defines together with UNAME/HALT_FOR_TOOLS variables +# + +import_from_file "$buildgcc" "$corescript" "red=" "HALT_FOR_TOOLS=0" || exit "$?" + +# +# Import the core functions +# + +FUNCTIONS="please_install searchtool download compute_hash error_hash_mismatch verify_hash unpack_and_patch" + +for F in $FUNCTIONS ; do + import_from_file "$buildgcc" "$corescript" "$F()" "}" || exit "$?" +done + +# +# Import a fragment where we find tar/patch/make and other essential tools +# + +import_from_file "$buildgcc" "$corescript" "# Find all the required tools" "# Allow" "last_line_disabled" || exit "$?" + +# +# Import a fragment with conditional exit if some required tools were not found +# + +import_from_file "$buildgcc" "$corescript" "if \[ \"\$HALT_FOR_TOOLS" "fi" || exit "$?" + +# +# Avoid the unnecessary subdirectories holding a single file each +# + +sed -i -e "s/patches\///g" "$corescript" +sed -i -e "s/sum\///g" "$corescript" +sed -i -e "s/tarballs\///g" "$corescript" +sed -i -e "s/cd tarballs || exit 1//g" "$corescript" +sed -i -e "s/cd \.\.//g" "$corescript" + +# +# Get the known checksum without using a dedicated single-line file +# + +sed -i -e "s/\tknown_hash=\"\$(get_known_hash.*/\tknown_hash=\"\$2\"/g" "$corescript" + +# +# Update the paths printed at the error messages +# + +sed -i -e "s/util\/crossgcc\///g" "$corescript" + +# +# Insert prepare_${package} function call between the unpack and patch operations +# + +if [ ! -z "${prepare_before_patch}" ] ; then + sed -i -e "/\$TAR \$FLAGS \"\$(basename \"\$archive\")\"/a prepare_\${package} || exit \"\$?\"" "$corescript" +fi + +# diff --git a/payloads/external/tint/libpayload_tint.patch b/payloads/external/tint/tint-0.05_libpayload.patch index 6c9594a369..6c9594a369 100644 --- a/payloads/external/tint/libpayload_tint.patch +++ b/payloads/external/tint/tint-0.05_libpayload.patch diff --git a/payloads/external/tint/tintify_core.sh b/payloads/external/tint/tintify_core.sh new file mode 100755 index 0000000000..c2eb7e6b78 --- /dev/null +++ b/payloads/external/tint/tintify_core.sh @@ -0,0 +1,98 @@ +#!/bin/sh +# +# tintify_core.sh adds the TINT-specific footer/header to the core, +# such as the properties of current TINT version including its checksum. +# +# Copyright (C) 2019 Mike Banon <mikebdp2@gmail.com> +# +################################################################################ +# +# USAGE: +# ./tintify_core.sh <corescript> <tintified> \ +# <TINT_ARCHIVE_LINK> <TINT_ARCHIVE> <TINT_DIR> <TINT_SHA1SUM> +# where +# corescript - path to input core script +# tintified - path to output tint script +# +################################################################################ + +corescript="$1" +tintified="$2" + +# +# TINT-specific header +# + +# +# Insert the properties of the current TINT version +# + +echo "#!/bin/sh" > "$tintified" +echo "TINT_ARCHIVE_LINK=${3}" >> "$tintified" +echo "TINT_ARCHIVE=${4}" >> "$tintified" +echo "TINT_DIR=${5}" >> "$tintified" +echo "TINT_SHA1SUM=${6}" >> "$tintified" + +# +# Add the replace_plus_with_minus() function - needed to fix the version number +# + +echo "replace_plus_with_minus() {" >> "$tintified" +echo "for x in *\"+\"*; do" >> "$tintified" +echo "y=\$(printf %sa \"\$x\" | tr \"+\" \"-\")" >> "$tintified" +echo "mv -- \"\$x\" \"\${y%a}\"" >> "$tintified" +echo "done" >> "$tintified" +echo "}" >> "$tintified" + +# +# Add the prepare_TINT() function, it will remove the unneeded debian directory +# as well as typedefs.h and old Makefile to significantly reduce the patch size +# + +echo "prepare_TINT() {" >> "$tintified" +# echo "replace_plus_with_minus" >> "$tintified" +echo "if [ ! -z ./\${TINT_DIR} ] && [ -e ./\${TINT_DIR}/debian ] ; then" >> "$tintified" +echo "rm -rf ./\${TINT_DIR}/debian ./\${TINT_DIR}/typedefs.h ./\${TINT_DIR}/Makefile;" >> "$tintified" +echo "touch ./\${TINT_DIR}/Makefile;" >> "$tintified" +echo "fi" >> "$tintified" +echo "}" >> "$tintified" + +# +# Importing the core script +# + +cat "$corescript" >> "$tintified" + +# +# download() function adjustments - became necessary after a version number fix +# + +sed -i -e "/download() {/a package=\$1\narchive_link=\"\$(eval echo \\\\\$\$package\"_ARCHIVE_LINK\")\"" "$tintified" +sed -i -e "s/downloading from \$archive/&_link/g" "$tintified" +sed -i -e "s/\(download_showing_percentage \"\$archive\)./\1_link\"/g" "$tintified" + +# +# TINT-specific footer +# + +echo "if [ ! -d tint ] ; then" >> "$tintified" + +echo "printf \"Downloading and verifying TINT tarball ... \\n\"" >> "$tintified" +echo "download TINT || exit \"\$?\"" >> "$tintified" +echo "verify_hash TINT \${TINT_SHA1SUM} || exit \"\$?\"" >> "$tintified" +echo "printf \"Downloaded TINT tarball ... \${green}ok\${NC}\\n\"" >> "$tintified" + +echo "printf \"Unpacking and patching TINT... \\n\"" >> "$tintified" +echo "unpack_and_patch TINT || exit 1" >> "$tintified" +echo "printf \"Unpacked and patched TINT... \${green}ok\${NC}\\n\"" >> "$tintified" + +echo "mv ./\${TINT_DIR} ./tint" >> "$tintified" +echo "fi" >> "$tintified" + +echo "printf \"Building TINT ... \\n\"" >> "$tintified" +echo "make -C ./tint" >> "$tintified" +echo "printf \"TINT built ... \${green}ok\${NC}\\n\"" >> "$tintified" + +chmod +x "$tintified" + +# |