The goal of this script is similar to Linux's checkpatch.pl: it is
meant to check patch before sending them.
Right now it only tests if a signed-off-by is missing, and if the
commit information (commit message, author, date, etc but not the
diff) is too big as a workaround to the bug #66268[1], but over time
more checks can be added.
The report of the bug #66268[1] mention that what tend to trigger the
issue is commits "with a large (4kB) commit message".
[1]https://debbugs.gnu.org/cgi/bugreport.cgi?bug=66268
So we want to avoid such commits to avoid breaking "guix git
authenticate" in the future.
To do that, checkpatch.scm reports an error if the size of the patch
from the beginning of the patch file until the point where the diff
starts is less than 2500 Bytes.
A lower threshold has been chosen as the commit object size can be
bigger than the patch file without the diff, as there are at least
signatures inside the commit objects.
The last commit GNUtoo signed at the time of writing is the commit
83f955870a ("website/docs/build: mark
the Trisquel bug as solved and clarify the Guix one") and this is done
with an RSA GPG key of 4096 bits and in this case the signature is
about 855 bytes. This was calculated with 'git cat-file -p 83f95587'.
As GNU Boot is looking for contributions, including contributions by
less technical users, we do not require its use by people sending
patches, however it is still a good idea to require its use by the GNU
Boot maintainers as we want to spot the most important issues that
cannot be fixed later on.
Thanks to neox for the research and the calculation on the git commit
signature size.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Currently GNU Boot has no manual, and it needs one to organize better
the information it provides to users and/or contributors.
Since we need to start somewhere, beside adding the manual license, we
describe a bit what the GNU Boot project is, and also ask for help for
completing the manual.
The GFDL 1.3 comes from the gnulib source code at the commit
d64d66cc4897d605f543257dcd038524a0a55215 ("autoupdate").
The beginning and the end of the document are also very similar to the
GNU Hello manual from the commit
24225d705684322f482135e8a2d679485fce0811 ("maint: remove the obsolete
gettext module") as they were copied and modified from that.
The 'dircategory Kernel' was chosen to be the same than GRUB, so they
both appear in the same group in the Emacs info reader ('info'
command in Emacs).
As for the "Overview" of GNU Boot it also contains background
information that will be needed later on and that needs to be
introduced right from the start:
- If people reading the manual do not understand what a boot software
is, all the rest will be too complicated to explain.
- We also need to explain where GNU Boot is physically located on the
computer from the start as we plan not to use the 'ROM' terminology
as it's confusing: ROM means read-only-memory, and so there is no
point of providing GNU Boot ROM images if the nonfree boot software
can't be replaced.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
While the website code is separate from the rest, the same rationale
than in the commit ada459875c ("Use a
released guix revision globally.") applies for using Guix 1.4.0
(having access to the Guix manual for the right Guix version, not
needing to run guix pull in some cases).
However if we do that we run into an issue where guix fails to find a
substitute for pandoc for Guix 1.4.0 for i686-linux. This results in
Guix bootstraping ghc and then building pandoc and its dependencies.
The ghc bootstrap is extremely long (many hours / few days on a
ThinkPad X200, and it takes more than one night inside a VM with 8
cores and 16 GiB of RAM that runs on a KGPE-D16). Not running the ghc
tests also doesn't speed up the build enough to be practical.
However while the pandoc substitutes are not available on
ci.guix.gnu.org, they are available on bordeaux.guix.gnu.org which is
also in the default substitute servers.
So the workaround is to tell users to make sure to authorize
bordeaux.guix.gnu.org and then to force its use if it is authorized.
This still enable users to not use substitute (for security reasons)
if they want to.
To do the detection we use guix repl as the guix command is supposed
to be available and it also has access to Guix's guile modules.
In addition, running ./autogen.sh && ./configure && make check results
in the following error without this commit:
guix time-machine --commit= -- shell --system=i686-linux --container
--network --emulate-fhs --share=`realpath ../` bash coreutils
findutils git grep nss-certs pandoc sed -- ./build.sh
guix time-machine: error: Git error: unable to parse OID - too short
make: *** [Makefile:696: build] Error 1
This was broken by the commit 07e9cbd12c99e39d0bc0b8449423bd914bb92b10
("website: properly handle the dot dependency.").
However if we bisect it, we instead find that the commit
f8874d77803426cc01305e7f895284dbe7caae00 ("website: remove
history/git-history.jpg") broke 'make check'.
This is because history/git-history.jpg is supposed to be generated
but it was included in git in the commit
388c0ef3d0 ("website: add history page
of the GNU Boot git repositories.") and so once we starts generating
the file again, 'make check' breaks.
So we modified the commit 388c0ef3d0
("website: add history page of the GNU Boot git repositories.") to not
add history/git-history.jpg to properly bisect it.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
neox: fixed typos in message and diff
Acked-by: Adrien Bourmault <neox@gnu.org>
This change has several goals:
- It reduces code duplication. This also makes it easier to check that
all the commands using Guix use the same revision and system, which
are supposed to be common to the use of Guix. Unifying the Guix
revision between the website and the rest of GNU Boot will be done
later on.
- It reduce the size of the commands, which also help reduces the
indentation and/or increase readability.
Guix users typically run "guix shell [arguments] -- [command]", and
here we abstract away some GNU Boot specific parts like using Guix
1.4.0 and i686-linux, so it makes sense to abstract them.
The --container argument is also specific to GNU Boot as it avoids
potentially leaks between the host and the container (which we want to
avoid for increased reproducibility across different host
distributions), however people used to guix shell will typically
expect to select between --container or not.
In order to more easily enforce --container and make it clear that we
use it, we named the variable GUIX_SHELL_CONTAINER.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
This was broken by the commit 6b4b553d49
("website-build: targets: rename targets to use build, serve and
publish.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
For some reasons I used MediaWiki syntax for that link instead of the
CommonMark syntax.
The broken link was introduced by the commit
88d3ad4765 ("site: fix the GNU Boot
build instructions.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
The commit 768fde6f2d ("website: Remove
news generation.") was supposed to produce a web page at
https://www.gnu.org/software/gnuboot/web/news.html.
This didn't work because due to a combination of the Apache rules
deployed on the web server and the fact that we couldn't delete files.
After discussing with the FSF sysadmins, they now fixed the problem,
so we can now use --delete with rsync and this makes the news page
appear.
It's also possible to get the Apache rules being used under a free
license, so to avoid this kind of situation again, so in the future we
should get these rules and replace the test with lighttpd with a test
that uses Apache and these rules instead.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
The page name aren't directly meaningful. In contrib.md for instance I
would expect to find how to contribute. In git.md instead I would
expect to find how to download GNU Boot but not how to contribute.
Since the authors page isn't meaningful anymore for GNU Boot as it has
different priorities than Libreboot at the time where it was fully
free, and also because GNU Boot also wants to put forward smaller
contributions, especially contributions that aren't recorded in git.
As the GNU Boot project doesn't have the same community or dynamics
than the Libreboot project had, the gaps it has are different. So we
also try to put forward contributions that fills these gaps.
However since this page is very important historically, so we need to
keep it not to forget about it. So to fix that we added GNU Boot's
point of view and moved it in the history section.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
neox: updated link in pages/template.include
Acked-by: Adrien Bourmault <neox@gnu.org>
As the page is quite similar to the NetBSD and OpenBSD pages,
it should contain similar changes.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
As the page is quite similar to the OpenBSD page, it should contain
similar changes.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
The mention of LibertyBSD was removed in the OpenBSD page, because
according to the LibertyBSD web page: "LibertyBSD's dormant, and in
archive-mode."[1]. The LibertyBSD project also point to the
HyperbolaBSD project as a future alternative to LibertyBSD ("Support
HyperbolaBSD!"[1].).
[1]https://libertybsd.net/
Given that we still mention that the tutorial was made for LibertyBSD
as well but we point to the BSD index page for the warnings and a way
forward (which is basically HyperbolaBSD) to improve support for BSD
systems in GNU Boot.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
Since the GNU Boot project doesn't want to force any of its
contributors to test with nonfree distributions or operating systems,
we can't review the accuracy of the BSD pages, and there are no GNU
Boot users who already use BSD systems that contacted the GNU Boot
project.
So the solution here is instead to document the current project
decisions, to point to freedom reviews of the BSD operating systems by
the GNU project, and to convert the articles to refer to what
Libreboot stated about BSD systems, while taking the point of view of
GNU Boot.
Since Libreboot already very strongly discouraged the use of GRUB to
boot encrypted BSD systems, users using BSD systems probably have
followed this advice or were aware of it, so this enables us to remove
support for BSD encryption inside GRUB without the need to try to
directly contact users.
Still, as I plan to try to do that (to reduce GRUB's size for
computers with 512KiB flash size), it's still a good idea good idea to
document it inside the page as well to explain why, according to GNU
Boot (and not LibreBoot) it is a good idea not to rely on GRUB images
for booting encrypted BSD systems.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
The history/git-history.jpg file is supposed to be generated so we
don't want to track it in git.
This was broken by the commit 388c0ef3d0
("website: add history page of the GNU Boot git repositories.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
This was broken by the commit 388c0ef3d0
("website: add history page of the GNU Boot git repositories.").
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
In the Makefile we have the following:
if WANT_GUIX
check: build website.tar.gz index.html history/git-history.jpg
rm -rf site/
mkdir -p site/$(WEBSITE_PREFIX)
tar xf website.tar.gz -C site/$(WEBSITE_PREFIX)
Here the mkdir is used outside of a guix shell, so we need to also
check if mkdir is is present when using guix to build the website.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
neox: fixed the commit message
Acked-by: Adrien Bourmault <neox@gnu.org>
In the Makefile we have the following:
pages/footer.include: pages/footer.include.tmpl pages/footer-git-commit.include
cat \
[...]
This rule is valid reguardless of the '--without-guix' configure
option, so we need to also check if cat is present when using guix to
build the website.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
In the Makefile we have the following:
help:
@printf "%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n" \
[...]
This rule is valid reguardless of the '--without-guix' configure
option, so we need to also check if printf is present when using guix
to build the website.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
In the Makefile we have the following:
pages/footer-git-commit.include:
rm -f $@
[...]
This rule is valid reguardless of the '--without-guix' configure
option, so we need to also check if rm is present when using guix to
build the website.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
In the Makefile we have the following:
index.html: index.html.tmpl
sed -e "s#WEBSITE_PREFIX#$(WEBSITE_PREFIX)#g" "$^" > "$@"
so we need to make sure that 'sed' is available.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
Without this fix we have the following error on Trisquel 11 when
building the GRUB payload:
configure: error: qemu, coreboot and loongson ports need unifont
Trisquel 10 also has an 'unifont' package, and installing it doesn't
break the build of the GRUB payload.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The entries inside the "Verified copyright headers" section refer to
commit hashes. And since a commit can't refer to itself (unless SHA1
is broken), we split that in two commits.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The build system was designed to produce images with different GPU
drivers for a single computer and/or to show the image name in the
final image names, to enable users to know which GPU driver was used.
However since all boards have practically speaking the same GPU driver
('libgfxinit') this adds too much complexity for almost no benefits.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The seabios_grubfirst images provides the same functionality than the
GRUB images, but instead of having GRUB being loaded directly by
Coreboot, Coreboot loads SeaBIOS which then loads GRUB.
These images probably exist to enable end users to try it to workaround
potential compatibility issues between the OS and GRUB with the GRUB
image as we have a BIOS implementation being loaded.
While this looks useful, it also makes things more complicated:
- It increase the number of images to choose from, and it's
complicated to explain the difference between grub and
seabios_grubfirst to end users.
For instance for the "x200_8mb", users need to choose between 2 GPU
modes (corebootfb, or txtmode) and 12 keyboard layouts. So having to
choose between 2 payloads instead of 3 with one difference that is
hard to understand makes things easier.
- It makes testing more complicated as we have one more payload to
test and we also need to make sure to always differenciate both
images in bug reports, documentation, etc.
And if issues arise from this change in the future, we could work with
upstream to fix them and/or replace the grub images with
'seabios_grubfirst' while keeping the 'grub' name to avoid
complicating things by having two main payloads with identical
features.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
neox: fixed typos in commit message
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The entries inside the "Files with an incomplete copyright header"
section refer to commit hashes. And since a commit can't refer to
itself (unless SHA1 is broken), we split that in two commits.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Note that we only have the history of the global.css file since the
commit 501e77d996 ("libreboot site").
Since this "libreboot site" commit is about 38000 lines, and that some
pages contain many translations (site/news/rms.md is translated in 20
languages), it is most likely that it was based on an earlier history
of either the older Libreboot website, or the osboot website if it
existed at the time.
The license however is easier to find as the commit mentioned above
has site/license.md which has the following:
Unless otherwise stated, every page and image (e.g. JPG/PNG files) on
libreboot.org or in the repository that it is built on, is released under the
terms of the GNU Free Documentation License, either version 1.3 or (at your
option) any newer version as published by the [Free Software
Foundation](https://www.fsf.org/), with no Invariant Sections, no Front Cover
Texts and no Back Cover
Texts.
And both the osboot website or the older versions of the Libreboot
website also used the same license (GFDL 1.3+ with no Invariant
Sections, no Front Cover Texts and no Back Cover Texts).
Also while I touched the global.css file I didn't modify its content,
including in the commit 0e3ff8047f
(Announce and release GNU Boot 0.1 RC2 and project status.) where I
extracted global.css from site/template.include. This can easily be
verified with meld. Because of that there I didn't add my copyright in
this file.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
We have redundant news systems: GNU Boot is already using GNU and
Savannah's new infrastructure, so we don't need to duplicate that on
the GNU Boot website.
This lowers the maintenance now (as we need to do less work to publish
news).
But it also lowers the amount of work in the future as Untitled (the
static website generator that we use) handles news generation
differently from the rest of the pages, and since we planned to
migrate to Haunt, getting rid of news generation should probably
divide the amount of work needed to do the migration by two.
Thanks a lot to Adrien 'neox' Bourmault for the help with this patch
(neox gave me the links, told me about the capabilities of Savannah,
Planet, etc).
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
We need to somehow isolate the git configuration being used to build
GNU Boot from the rest of the system as otherwise things like
automatic gpg signatures can kick in and block the build because it
waits for a pinentry.
In addition:
- It enables us to simplify the build code as the git configuration is
now the same during all the build.
- Contributors don't need to setup git anymore just to build GNU
Boot. This also makes GNU Boot a bit more reproductible.
Replacing git inside the build scripts / Makefiles enable us to still
run them manually (like ./resources/packages/coreboot/download).
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien Bourmault <neox@gnu.org>
Without this change, we have no idea if the website we see on
https://gnu.org/software/gnuboot/ is using the latest git commit.
It also allows anyone to spot and report to us that the website has
the wrong revision.
With this change we can also potentially spot issues in the website
generation for instance when the website should have been regenerated
and it wasn't, or from an archive or web page file, get to the git
commit it was generated from.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
Since the commit 776073e2f8 ("website:
make the website prefix (software/gnuboot) configurable."), site.cfg
is generated. So we also need to add it to .gitignore as well, else it
shows up in git status.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
All the content on this page has now been reviewed by the GNU Boot
project.
This change is badly needed as the docs link is available in the
header of most pages of the website, and also because the docs page
also links to pages that were reviewed and that are perfectly valid,
so readers might stop there and not look at other pages below.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The information on how to find the GNU Boot version that is running is
outdated (for instance there is no lbversion, it also refers to older
Libreboot revisions). Because of that, we move it in a separate page
for now as this can then enable to remove the unreviewed tag to the
docs index page.
This is urgent and important as the docs link is available in the
header of most pages of the website, and also because the docs page
also links to pages that were reviewed and that are perfectly valid,
so readers might stop there and not look at other pages below.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The entries inside the "Verified copyright headers" section refer to
commit hashes. And since a commit can't refer to itself (unless SHA1
is broken), we split that in two commits.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The serve.sh script was added in the commit
58fc2a673d ("Add the ability to test the
website locally") in the website-build repository of the Genuine
Libreboot project. This repository was then merged in GNU Boot.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>
The entries inside the "Verified copyright headers" section refer to
commit hashes. And since a commit can't refer to itself (unless SHA1
is broken), we split that in two commits.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Acked-by: Adrien 'neox' Bourmault <neox@gnu.org>