Add support for releasing deblobbed u-boot 2020.07 source tarballs

Once the tarball are released, it will enable distributions to use
these tarballs to produce deblobbed u-boot packages.

Note that the produced tarball is not reproducible yet. Because of
that it has to be trusted.

During a release, it's a good idea to sign the uncompressed tarball as
the various compression formats and associated tools make different
tradeoffs.

For instance with xz, xz -9e tends to compress really well with the
the most used xz[1] implementation, and most GNU/Linux users probably
already have it installed, but and the drawbacks is that the format is
very fragile[2].

The lzip format is more suited for long term archiving but its most
packaged implementation[3] is less likely to be already installed by
users than more well known formats like xz, bzip2 or gzip.

Being able to add more compression formats after the release is also
useful, for instance to accommodate different build systems or use
cases (like being able to build u-boot with less dependencies in
distributions like Guix, or building u-boot directly on devices which
don't have enough RAM for xz for instance).

[1]https://tukaani.org/xz/
[2]https://www.nongnu.org/lzip/xz_inadequate.html
[3]https://www.nongnu.org/lzip/

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
Denis 'GNUtoo' Carikli 2021-12-18 01:46:19 +01:00
parent ae0be6f8b4
commit 7422411b24
Signed by: GNUtoo
GPG Key ID: 5F5DFCC14177E263
3 changed files with 368 additions and 0 deletions

View File

@ -0,0 +1,60 @@
#!/usr/bin/env bash
#
# helper script: generate deblobbed stable u-boot source code releases
#
# Copyright (C) 2020,2021 Leah Rowe <info@minifree.org>
# Copyright (C) 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
[ "x${DEBUG+set}" = 'xset' ] && set -v
set -u -e
version="v2021.07"
revision="r1"
topdir="$(realpath $(dirname $(realpath $0))/../../../../)"
tmpdir="${topdir}/release/u-boot/u-boot-${version}-${revision}"
tarball="${tmpdir}.tar"
printf "Building source code archive, version %s revision %s\n" "${version}" "${revision}"
cd "${topdir}"
"${topdir}/download" u-boot
rm -rf \
"${tmpdir}/" \
"${tarball}" \
"${tarball}.lz" \
"${tarball}.xz"
mkdir -p "$(dirname ${tmpdir})"
cp -R "u-boot/u-boot/" "${tmpdir}"
rm -rf ${tmpdir}/.git ${tmpdir}/.gitignore
make -C ${tmpdir} distclean
prefix="$(dirname ${tmpdir} | sed 's#^/*##')/"
tar cf "${tarball}" "${tmpdir}" --transform="s#${prefix}##"
lzip -9 --keep -vv "${tarball}"
xz -9 --keep -vv "${tarball}"
rm -rf "${tmpdir}/"
printf "Source code archives available at:\n\t%s\n\t%s\n\t%s\n" \
"${tarball}" \
"${tarball}.lz" \
"${tarball}.xz"

123
resources/scripts/download/u-boot Executable file
View File

@ -0,0 +1,123 @@
#!/usr/bin/env bash
# helper script: download u-boot
#
# Copyright (C) 2014, 2015, 2016, 2020, 2021 Leah Rowe <info@minifree.org>
# Copyright (C) 2021 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
[ "x${DEBUG+set}" = 'xset' ] && set -v
set -u -e
# set this when you want to modify each u-boot tree
# for example, you want to test custom patches
# NODELETE= ./download coreboot
deleteblobs="true"
[ "x${NODELETE+set}" = 'xset' ] && deleteblobs="false"
# Error handling is extreme in this script.
# This script handles the internet, and Git. Both are inherently unreliable.
[[ -f build_error ]] && rm -f build_error
downloadfor() {
uboot_revision="v2021.07"
uboot_dir="u-boot/u-boot"
if [ -d "${uboot_dir}" ]; then
printf \
"REMARK: '%s' directory already exists. Skipping setup.\n" \
"${uboot_dir}"
return 0
fi
if [ ! -d "${uboot_dir}" ]; then
mkdir -p "${uboot_dir}"
fi
if [ ! -d "${uboot_dir}" ]; then
printf \
"ERROR: '%s' directory not created. Check file system permissions\n" \
"${uboot_dir}"
return 1
fi
if [ ! -d "${uboot_dir}/.git" ] && [ -d "${uboot_dir}" ]; then
rm -Rf "${uboot_dir}"
fi
if [ ! -d "${uboot_dir}" ]; then
printf "Download u-boot from upstream:\n"
git clone https://source.denx.de/u-boot/u-boot \
"${uboot_dir}" || \
rm -Rf "${uboot_dir}"
if [ ! -d "${uboot_dir}" ]; then
printf \
"ERROR: %s: Problem with git-clone. Network issue?\n" \
"download/u-boot"
return 1
fi
else
git -C "${uboot_dir}" pull || touch build_error
if [ -f build_error ]; then
printf \
"ERROR: %s: Problem with git-pull. Network issue?\n" \
"download/u-boot"
return 1
fi
fi
git -C "${uboot_dir}" reset --hard ${uboot_revision} || \
touch build_error
if [ -f build_error ]; then
printf \
"ERROR: %s: Unable to reset to commit ID/tag '%s' for board '%s' on tree '%s'\n" \
"download/u-boot" "${uboot_revision}" "${1}" "${uboot_dir}"
return 1
fi
}
strip_comments()
{
file="$1"
# Remove comments
sed 's/#.*//' "${file}" | \
# Remove lines composed of whitespaces only
sed '/^\W\+$/d' | \
# Remove empty lines
sed '/^$/d'
}
printf "Downloading u-boot and (if exist in build system) applying patches\n"
downloadfor
rm -f "build_error"
printf "\n\n"
if [ "${deleteblobs}" = "true" ]; then
bloblist="resources/u-boot/default/blobs.list"
for blob_path in $(strip_comments "${bloblist}"); do
if echo "${blob_path}" | grep '/$' 2>&1 >/dev/null ; then
printf "Deleting blob directory: '%s/%s'\n" \
"${uboot_dir}" "${blob_path}"
rm -rf "${uboot_dir}/${blob_path}"
else
printf "Deleting blob file: '%s/%s'\n" \
"${uboot_dir}" "${blob_path}"
rm -f "${uboot_dir}/${blob_path}"
fi
done
fi
exit 0

View File

@ -0,0 +1,185 @@
arch/x86/dts/microcode/
# The license is nonfree because it contains the following: "Reverse
# engineering, decompilation, or disassembly of this software is not
# permitted."
Licenses/r8a779x_usb3.txt
drivers/usb/host/xhci-rcar-r8a779x_usb3_v3.h
# The documentation contains instructions to download and install nonfree
# software. Note that if a board doesn't have such instructions it doesn't
# necessarily means that it can boot with only free software and viceversa.
###########
# Amlogic #
###########
# Amlogic SOCs Usually have various nonfree components, like the first stages
# of the bootloaders and code that runs in TrustZone. They are most likely
# not signed.
# ---------
# TODO: List the nonfree software of specific documentation
doc/board/amlogic/beelink-gtkingpro.rst
doc/board/amlogic/beelink-gtking.rst
doc/board/amlogic/index.rst
doc/board/amlogic/khadas-vim2.rst
doc/board/amlogic/khadas-vim3l.rst
doc/board/amlogic/khadas-vim3.rst
doc/board/amlogic/khadas-vim.rst
doc/board/amlogic/libretech-ac.rst
doc/board/amlogic/libretech-cc.rst
doc/board/amlogic/nanopi-k2.rst
doc/board/amlogic/odroid-c2.rst
doc/board/amlogic/odroid-c4.rst
doc/board/amlogic/odroid-n2.rst
doc/board/amlogic/p200.rst
doc/board/amlogic/p201.rst
doc/board/amlogic/p212.rst
doc/board/amlogic/q200.rst
doc/board/amlogic/s400.rst
doc/board/amlogic/sei510.rst
doc/board/amlogic/sei610.rst
doc/board/amlogic/u200.rst
doc/board/amlogic/w400.rst
doc/board/amlogic/wetek-core2.rst
#########
# Linux #
#########
# Has intructions to build Linux which is not FSDG compliant.
# TODO: Use linux-libre instead, especially because documentation about vboot
# could be interesting to have. Vboot is a chain of trust that can work with
# only free software. The hardware root of trust can be created by booting on
# a flash chip whose security registers are configured to set the first
# bootloader component read-only.
doc/uImage.FIT/beaglebone_vboot.txt
# Steers very strongly users into using Linux as it shows that the only tested
# kernels are Broadcom forks of Linux. We would need to have linux-libre
# versions of these or test it with stock linux-libre instead.
doc/README.bcm7xxx
############
# Mediatek #
############
# The instructions uses binaries that lack any corresponding source code.
doc/README.mediatek
#############
# NXP I.MX8 #
#############
# I.MX8 SOCs require a nonfree firmware for the DDR4 controller. In some
# documentation, I didn't find that requirement mentioned, but instead
# there are still nonfree files mentioned. So I assume that they might
# somehow contain code for that nonfree DDR4 controller, but it might be
# worth checking if it's the case or not. The DDR4 controller firmware is not
# signed. In addition the I.MX8 HDMI controller requires a signed firmware.
# -----------
# nonfree DDR4 controller firmware
doc/board/freescale/imx8mp_evk.rst
# nonfree DDR4 controller and HDMI firmwares
doc/board/freescale/imx8mq_evk.rst
# nonfree DDR4 controller firmware
doc/board/freescale/imx8mn_evk.rst
# nonfree imx-sc-firmware-1.2.7.1.bin and imx-seco-2.3.1.bin firmwares
doc/board/freescale/imx8qxp_mek.rst
# nonfree DDR4 controller firmware
doc/board/freescale/imx8mm_evk.rst
# nonfree imx-sc-firmware-1.1.bin and firmware-imx-8.0.bin firmwares
doc/board/advantech/imx8qm-rom7720-a1.rst
# TODO
doc/board/verdin-imx8mm.rst
doc/board/toradex/colibri-imx8x.rst
doc/board/toradex/apalix-imx8x.rst
doc/board/toradex/apalix-imx8.rst
#######################
# NXP nonfree srktool #
#######################
# The SRK tool is a tool that is involved in one way or another with
# authenticated or encrypted boot. I'm unsure if free software replacements
# exists or if could easily be replaced with a free software implementation.
# In any case the I.MX6 and I.MX5 can proabably be setup for encrypted or
# authenticated boot with free software tools. The first and second versions
# of the USB Armory has documentation on how to do that.
# ---------------------
doc/imx/board/toradex/colibri_imx7.rst
doc/imx/habv4/introduction_habv4.txt
##################
# Samsung Exynos #
##################
# The instructions makes users nonfree components like a nonfree first stage
# bootloaders, and nonfree code that runs in TrustZone.
doc/README.odroid
# The instructions makes its users download an image and update u-boot in that
# image. Because of that, it's extremely likely that the images contains
# nonfree components that cannot even be redistributed in another form, and
# that the instructions uses that images because of that.
doc/README.s5p4418
#####################
# Texas Instruments #
#####################
# Users are expected to use nonfree tools and even sign an NDA to get access
# to them.
doc/README.ti-secure
###########
# Unknown #
###########
# Everything looks free software, but the code still needs to be reviewed.
doc/board/microchip/mpfs_icicle.rst
# OP-TEE is under a free software license but its code needs to be reviewed.
doc/README.tee
# The tutorial has instructions to download a downstream u-boot, so it might
# have the same issues than u-boot itself if the u-boot is recent enough.
doc/chromium/run_vboot.rst
#######
# x86 #
#######
# Unless the computer is supported by Libreboot, or that u-boot runs after
# some other nonfree boot software like a BIOS or UEFI, it's unlikely to be
# able to run with only free software. Though I'm pretty sure that some
# exceptions do exists, but they are probably not supported by u-boot.
# -----
# nonfree Management Engine firmware, RAM intialization code, and video BIOS
doc/board/google/chromebook_link.rst
# nonfree SDRAM and hardware intialization code
doc/board/google/chromebook_coral.rst
# nonfree FSP, video BIOS, Management Engine firmware
doc/board/intel/minnowmax.rst
# nonfree FSP, Chipset Micro Code (CMC), microcode
doc/board/intel/crownbay.rst
# TODO: check
# board/intel/edison.rst
# Steers userstoward using nonfree FSP
board/intel/slimbootloader.rst
# Steers users and developers toward using nonfree FSP
doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-m.txt
# Steers users and developers toward using nonfree FSP
doc/device-tree-bindings/fsp/fsp2/apollolake/fsp-s.txt
############
# Rockchip #
############
# rkbin binaries without license nor source code
doc/board/rockchip/rockchip.rst
# TODO: check the following files
# imx/common/mxs.txt
# README.armada-secureboot
# README.fdt-control
# README.fsl-ddr
# README.m54418twr
# README.marvell
# README.mpc85xxcds
# README.mpc85xx-sd-spi-boot
# README.OFT
# README.rmobile
# README.rockchip
# README.rockusb
# README.socfpga