From 2e779a54951406247197cf21a31c54a36ec1fa06 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Mon, 11 Dec 2023 05:21:27 +0000
Subject: [PATCH] handle errors on exits from subshells

most of these are probably redundant, and will never
be called, but lbmk needs to be as safe as possible
under fault conditions. fail early, fail hard.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 include/git.sh         |  4 ++--
 include/mrc.sh         |  2 +-
 script/build/grub      |  2 +-
 script/update/release  | 18 +++++++++---------
 script/update/trees    |  2 +-
 script/vendor/download |  4 ++--
 script/vendor/inject   |  2 +-
 7 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/include/git.sh b/include/git.sh
index 49148224..811b298a 100755
--- a/include/git.sh
+++ b/include/git.sh
@@ -72,7 +72,7 @@ prepare_new_tree()
 		git submodule update --init --checkout || \
 		    err "prepare_new_tree ${project}/${tree}: !submodules"
 	fi
-	)
+	) || err "git submodule update failure"
 	git_am_patches "${tmp_git_dir}" "$PWD/$cfgsdir/$tree/patches" || \
 	    err "prepare_new_tree ${project}/${tree}: patch fail"
 	[ "${patchfail}" = "y" ] && err "PATCH FAIL"
@@ -138,7 +138,7 @@ git_reset_rev()
 		git submodule update --init --checkout || \
 		    err "git_reset_rev ${1}: can't download submodules"
 	fi
-	)
+	) || err "git reset fail"
 }
 
 git_am_patches()
diff --git a/include/mrc.sh b/include/mrc.sh
index e57026a4..929aed7a 100755
--- a/include/mrc.sh
+++ b/include/mrc.sh
@@ -20,7 +20,7 @@ extract_mrc()
 	extract_partition
 	extract_shellball
 	extract_coreboot
-	)
+	) || err "mrc download/extract failure"
 
 	"${cbfstool}" "${appdir}/"coreboot-*.bin extract -n mrc.bin \
 	    -f "${_dest}" -r RO_SECTION || err "extract_mrc: cbfstool ${_dest}"
diff --git a/script/build/grub b/script/build/grub
index 31fc0084..5fa47c00 100755
--- a/script/build/grub
+++ b/script/build/grub
@@ -38,7 +38,7 @@ build_grub_utils()
 	x_ ./autogen.sh
 	x_ ./configure --with-platform=coreboot
 	make -j$(nproc) FS_PAYLOAD_MODULES="" || err "!mk grub utils"
-	)
+	) || err "grub build error"
 }
 
 build_keymap_configs()
diff --git a/script/update/release b/script/update/release
index dcddb44c..447d93ce 100755
--- a/script/update/release
+++ b/script/update/release
@@ -50,11 +50,11 @@ build_release()
 	cd "${srcdir}" || err "${_xm}: !cd \"${srcdir}\""
 	fetch_trees
 	x_ mv src/docs docs
-	)
+	) || err "can't copy docs"
 	(
 	cd "${srcdir%/*}" || err "${_xm}: mktarball \"${srcdir}\""
 	mktarball "${srcdir##*/}" "${srcdir##*/}.tar.xz" || err "${_xm}: mksrc"
-	)
+	) || err "can't create pre-crossgcc src tarball"
 	[ "${mode}" = "src" ] && return 0 # for src mode, xgcc tarballs are
 					  # not included in the src archive
 
@@ -64,7 +64,7 @@ build_release()
 	(
 	cd "${srcdir}" || err "${_xm}: 2 !cd \"${srcdir}\""
 	mkrom_images
-	)
+	) || err "can't build rom images"
 	for _cbd in "${srcdir}/src/coreboot/"*; do
 		[ -d "${_cbd}/util/crossgcc/tarballs" ] || continue
 		_xgccdir="${vdir}/crossgcc/${_cbd##*/}"
@@ -78,7 +78,7 @@ build_release()
 	cd "${srcdir%/*}" || err "${_xm} 2: mktarball \"${srcdir}\""
 	tar -xf "${srcdir##*/}.tar.xz" || err "!extract ${srcdir##*/}.tar.xz"
 	rm -f "${srcdir##*/}.tar.xz" || err "!rm -f ${srcdir##*/}.tar.xz"
-	)
+	) || err "can't extract pre-crossgcc src tarball"
 	for _xgcc in "${vdir}/crossgcc/"*; do
 		[ -d "${_xgcc}" ] || continue
 		mkdir -p "${srcdir}/src/coreboot/${_xgcc##*/}/util/crossgcc/tarballs" || \
@@ -91,7 +91,7 @@ build_release()
 	(
 	cd "${srcdir%/*}" || err "${_xm}: mktarball \"${srcdir}\""
 	mktarball "${srcdir##*/}" "${srcdir##*/}.tar.xz" || err "${_xm}: mksrc"
-	)
+	) || err "can't create src tarball with crossgcc"
 
 	# now test the vendor insert script, using the release archive:
 	(
@@ -106,7 +106,7 @@ build_release()
 		    err "TESTFAIL: inject: ${vrom##*/}"
 		continue
 	done
-	)
+	) || err "vendorfile inject test failure"
 
 	rm -Rf "${srcdir}" || err "!rm -Rf ${srcdir}"
 }
@@ -210,7 +210,7 @@ nukerom()
 	(
 	cd "${romdir}" || err "!cd romdir ${romdir}, nukerom"
 	sha512sum *.rom >> vendorhashes || err "!create vendorhashes, nukerom"
-	)
+	) || err "can't create vendor hashes"
 
 	for romfile in "${romdir}"/*.rom; do
 		[ -f "${romfile}" ] || continue
@@ -257,7 +257,7 @@ mkrom_tarball()
 	(
 	cd "${romdir%/bin/${target}}" || err "!cd ${romdir%/bin/${target}}"
 	mktarball "bin/${target}" "${archivename}.tar.xz"
-	)
+	) || err "can't create rom tarball"
 	mv "${romdir%/bin/${target}}/${archivename}.tar.xz"* "${f%/*}" || \
 	    err "!mktarball, rom, ${f%/*}/${romdir%/bin/${target}}/${archivename}.tar.xz"
 
@@ -289,7 +289,7 @@ mktarball()
 	[ "${2%/*}" != "${2}" ] && x_ cd "${2%/*}"
 	sha512sum "${2##*/}" > "${2##*/}.sha512" || \
 	    err "!sha512sum \"${2##*/}\" > \"${2##*/}.sha512\""
-	)
+	) || err "failed to create tarball checksum"
 }
 
 main $@
diff --git a/script/update/trees b/script/update/trees
index bd0fcb61..1719aab9 100755
--- a/script/update/trees
+++ b/script/update/trees
@@ -61,7 +61,7 @@ build_projects()
 		x_ cd src/uefitool
 		cmake UEFIExtract/ || [ -f Makefile ] || \
 		    err "build_projects: !cmake UEFIExtract/"
-	)
+	) || err "can't build cmake on uefiextract"
 	fi
 
 	[ "${mode}" = "distclean" ] && mode="clean"
diff --git a/script/vendor/download b/script/vendor/download
index 4613c2b6..eada2e91 100755
--- a/script/vendor/download
+++ b/script/vendor/download
@@ -214,7 +214,7 @@ extract_kbc1126ec()
 	[ -f ec.bin ] || err "extract_kbc1126_ec ${board}: can't extract"
 	"${kbc1126_ec_dump}" ec.bin || \
 	    err "extract_kbc1126_ec ${board}: can't extract ecfw1/2.bin"
-	)
+	) || err "can't extract kbc1126 ec firmware"
 	ec_ex="y"
 	for i in 1 2; do
 		[ -f "${appdir}/ec.bin.fw${i}" ] || ec_ex="n"
@@ -239,7 +239,7 @@ extract_e6400vga()
 	"${e6400_unpack}" bios.bin || printf "TODO: fix dell extract util\n"
 	[ -f "${E6400_VGA_romname}" ] || \
 		err "extract_e6400vga: can't extract vga rom from bios.bin"
-	)
+	) || err "can't extract e6400 vga rom"
 	cp "${appdir}/${E6400_VGA_romname}" "${_dest}" || \
 	    err "extract_e6400vga ${board}: can't copy vga rom to ${_dest}"
 }
diff --git a/script/vendor/inject b/script/vendor/inject
index 088851ca..2e125f4f 100755
--- a/script/vendor/inject
+++ b/script/vendor/inject
@@ -141,7 +141,7 @@ patch_release_roms()
 	    sha512sum --status -c blobhashes || \
 	    sha1sum --status -c blobhashes || \
 	    err "patch_release_roms: ROMs did not match expected hashes"
-	)
+	) || err "can't verify vendor hashes"
 
 	if [ "${modifygbe}" = "true" ]; then
 		for x in "${_tmpdir}"/bin/*/*.rom ; do
-- 
GitLab