* [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 @ 2026-04-08 0:09 ankur.tyagi85 2026-04-15 21:05 ` Yoann Congal 0 siblings, 1 reply; 5+ messages in thread From: ankur.tyagi85 @ 2026-04-08 0:09 UTC (permalink / raw) To: openembedded-core; +Cc: Ankur Tyagi From: Ankur Tyagi <ankur.tyagi85@gmail.com> 2025.09.3 --------- Fixed FIT image vulnerability https://lore.barebox.org/barebox/abljJRMecNdejSD0@pengutronix.de/ Changelog: https://github.com/barebox/barebox/compare/v2025.09.2...v2025.09.3 2025.09.2 --------- Changelog: https://github.com/barebox/barebox/compare/v2025.09.1...v2025.09.2 2025.09.1 --------- This stable release is specifically targeted at whinlatter which is currently at v2025.09.0 https://lore.barebox.org/barebox/aUkaSKDePHF8__LB@pengutronix.de/ Changelog: https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.1 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> --- meta/recipes-bsp/barebox/barebox-common.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc index e41d0858fd..91865b4d44 100644 --- a/meta/recipes-bsp/barebox/barebox-common.inc +++ b/meta/recipes-bsp/barebox/barebox-common.inc @@ -3,6 +3,6 @@ SECTION = "bootloaders" LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192" -PV = "2025.09.0" +PV = "2025.09.3" SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2" -SRC_URI[sha256sum] = "7df1aa47bb7bf1763a729137ac773e69a4052812af094475d739fc63a9295f0d" +SRC_URI[sha256sum] = "e87eb863cbe45e4f5af8930825c8f6e20c02b82451e9e1125ea1c73c1fb49a87" ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 2026-04-08 0:09 [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 ankur.tyagi85 @ 2026-04-15 21:05 ` Yoann Congal 2026-04-16 11:34 ` Ahmad Fatoum 0 siblings, 1 reply; 5+ messages in thread From: Yoann Congal @ 2026-04-15 21:05 UTC (permalink / raw) To: ankur.tyagi85, openembedded-core On Wed Apr 8, 2026 at 2:09 AM CEST, Ankur Tyagi via lists.openembedded.org wrote: > From: Ankur Tyagi <ankur.tyagi85@gmail.com> > > 2025.09.3 > --------- > Fixed FIT image vulnerability > https://lore.barebox.org/barebox/abljJRMecNdejSD0@pengutronix.de/ > > Changelog: > https://github.com/barebox/barebox/compare/v2025.09.2...v2025.09.3 > > 2025.09.2 > --------- > Changelog: > https://github.com/barebox/barebox/compare/v2025.09.1...v2025.09.2 > > 2025.09.1 > --------- > This stable release is specifically targeted at whinlatter which is > currently at v2025.09.0 > https://lore.barebox.org/barebox/aUkaSKDePHF8__LB@pengutronix.de/ > > Changelog: > https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.1 > > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> I'm a bit torn on this one. Because on one hand, this looks like a proper stable branch (and I appreciate the effort), but on the other hand, there are changes that I find too risky: For example: * API Change: https://github.com/barebox/barebox/commit/5e9f709b2b56bd9689e174572ef2af59b9fed5d2 * New feature: https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.3#diff-2dd6d3e4c91931c982f091155a47dd8d03e26731f8d59b112e938508fe12255aR1 Thoughts? In the meantime, I will keep it in my branch for awareness. > --- > meta/recipes-bsp/barebox/barebox-common.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc > index e41d0858fd..91865b4d44 100644 > --- a/meta/recipes-bsp/barebox/barebox-common.inc > +++ b/meta/recipes-bsp/barebox/barebox-common.inc > @@ -3,6 +3,6 @@ SECTION = "bootloaders" > > LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192" > > -PV = "2025.09.0" > +PV = "2025.09.3" > SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2" > -SRC_URI[sha256sum] = "7df1aa47bb7bf1763a729137ac773e69a4052812af094475d739fc63a9295f0d" > +SRC_URI[sha256sum] = "e87eb863cbe45e4f5af8930825c8f6e20c02b82451e9e1125ea1c73c1fb49a87" -- Yoann Congal Smile ECS ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 2026-04-15 21:05 ` Yoann Congal @ 2026-04-16 11:34 ` Ahmad Fatoum 2026-04-16 13:40 ` Yoann Congal 0 siblings, 1 reply; 5+ messages in thread From: Ahmad Fatoum @ 2026-04-16 11:34 UTC (permalink / raw) To: yoann.congal, ankur.tyagi85, openembedded-core Hello Yoann! On 4/15/26 11:05 PM, Yoann Congal via lists.openembedded.org wrote: > On Wed Apr 8, 2026 at 2:09 AM CEST, Ankur Tyagi via lists.openembedded.org wrote: >> From: Ankur Tyagi <ankur.tyagi85@gmail.com> >> >> 2025.09.3 >> --------- >> Fixed FIT image vulnerability >> https://lore.barebox.org/barebox/abljJRMecNdejSD0@pengutronix.de/ >> >> Changelog: >> https://github.com/barebox/barebox/compare/v2025.09.2...v2025.09.3 >> >> 2025.09.2 >> --------- >> Changelog: >> https://github.com/barebox/barebox/compare/v2025.09.1...v2025.09.2 >> >> 2025.09.1 >> --------- >> This stable release is specifically targeted at whinlatter which is >> currently at v2025.09.0 >> https://lore.barebox.org/barebox/aUkaSKDePHF8__LB@pengutronix.de/ >> >> Changelog: >> https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.1 >> >> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> > > I'm a bit torn on this one. Because on one hand, this looks like a > proper stable branch (and I appreciate the effort), I had prepared the v2025.09.y releases, so we (barebox) can hone a workflow to be able to support the release that makes it into Wrynose for a longer time than the usual 1 month it takes between the monthly releases of barebox. > but on the other > hand, there are changes that I find too risky: > For example: > * API Change: https://github.com/barebox/barebox/commit/5e9f709b2b56bd9689e174572ef2af59b9fed5d2 barebox is a bare metal bootloader. Its API surface is: - the data formats it parses - the data it passes along, e.g. fixed up device trees - the boot/runtime services it provides to an OS (UEFI/PSCI/TEE-supplicant). The change to bootm_set_overrides is not a change that affects user-visible API for any of that; it is completely internal to barebox. Revisiting it, I still think it was appropriate to backport it. > * New feature: https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.3#diff-2dd6d3e4c91931c982f091155a47dd8d03e26731f8d59b112e938508fe12255aR1 Which features do you see there? I read through the 50 commit titles on the first page and nearly all of them are fixes. The very few that aren't direct fixes are relatively benign preparatory commits followed by a fix and they were then backported together. > Thoughts? For the record, v2026.09.3 and v2026.03.1 were released together and that's the number of commits they have compared to v2025.09.0: $ git log v2025.09.0..v2025.09.3 --oneline | wc -l 111 $ git log v2025.09.0..v2026.03.1 --oneline | wc -l 1023 So roughly 10% of commits to master since v2025.09.0 were hand selected to be backported as fixes. FWIW, I got curious and compared v6.19.12 to v7.0 and there it's 21%, so there's still some untapped potential (for squashing bugs!). > In the meantime, I will keep it in my branch for awareness. I appreciate that the stable branch was picked up, so many thanks for that! Cheers, Ahmad > >> --- >> meta/recipes-bsp/barebox/barebox-common.inc | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc >> index e41d0858fd..91865b4d44 100644 >> --- a/meta/recipes-bsp/barebox/barebox-common.inc >> +++ b/meta/recipes-bsp/barebox/barebox-common.inc >> @@ -3,6 +3,6 @@ SECTION = "bootloaders" >> >> LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192" >> >> -PV = "2025.09.0" >> +PV = "2025.09.3" >> SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2" >> -SRC_URI[sha256sum] = "7df1aa47bb7bf1763a729137ac773e69a4052812af094475d739fc63a9295f0d" >> +SRC_URI[sha256sum] = "e87eb863cbe45e4f5af8930825c8f6e20c02b82451e9e1125ea1c73c1fb49a87" > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#235329): https://lists.openembedded.org/g/openembedded-core/message/235329 > Mute This Topic: https://lists.openembedded.org/mt/118717996/4830399 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [a.fatoum@pengutronix.de] > -=-=-=-=-=-=-=-=-=-=-=- > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 2026-04-16 11:34 ` Ahmad Fatoum @ 2026-04-16 13:40 ` Yoann Congal 2026-04-16 15:45 ` Ahmad Fatoum 0 siblings, 1 reply; 5+ messages in thread From: Yoann Congal @ 2026-04-16 13:40 UTC (permalink / raw) To: Ahmad Fatoum, ankur.tyagi85, openembedded-core On Thu Apr 16, 2026 at 1:34 PM CEST, Ahmad Fatoum wrote: > Hello Yoann! > > On 4/15/26 11:05 PM, Yoann Congal via lists.openembedded.org wrote: >> On Wed Apr 8, 2026 at 2:09 AM CEST, Ankur Tyagi via lists.openembedded.org wrote: >>> From: Ankur Tyagi <ankur.tyagi85@gmail.com> >>> >>> 2025.09.3 >>> --------- >>> Fixed FIT image vulnerability >>> https://lore.barebox.org/barebox/abljJRMecNdejSD0@pengutronix.de/ >>> >>> Changelog: >>> https://github.com/barebox/barebox/compare/v2025.09.2...v2025.09.3 >>> >>> 2025.09.2 >>> --------- >>> Changelog: >>> https://github.com/barebox/barebox/compare/v2025.09.1...v2025.09.2 >>> >>> 2025.09.1 >>> --------- >>> This stable release is specifically targeted at whinlatter which is >>> currently at v2025.09.0 >>> https://lore.barebox.org/barebox/aUkaSKDePHF8__LB@pengutronix.de/ >>> >>> Changelog: >>> https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.1 >>> >>> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> >> >> I'm a bit torn on this one. Because on one hand, this looks like a >> proper stable branch (and I appreciate the effort), > > I had prepared the v2025.09.y releases, so we (barebox) can hone a > workflow to be able to support the release that makes it into Wrynose > for a longer time than the usual 1 month it takes between the monthly > releases of barebox. > >> but on the other >> hand, there are changes that I find too risky: >> For example: >> * API Change: https://github.com/barebox/barebox/commit/5e9f709b2b56bd9689e174572ef2af59b9fed5d2 > > barebox is a bare metal bootloader. Its API surface is: > > - the data formats it parses > - the data it passes along, e.g. fixed up device trees > - the boot/runtime services it provides to an OS (UEFI/PSCI/TEE-supplicant). > > The change to bootm_set_overrides is not a change that affects > user-visible API for any of that; it is completely internal to barebox. > Revisiting it, I still think it was appropriate to backport it. I kind of agreeing with you I just remember my BSP dev days where this is the kind of function I would call for my custom boot flow (But in this case, fix looks easy enough) > >> * New feature: https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.3#diff-2dd6d3e4c91931c982f091155a47dd8d03e26731f8d59b112e938508fe12255aR1 > > Which features do you see there? Sorry the URL is not as direct as I thought. This should link to the new "scripts/imx/pread.c" file. Also, looks like imx-image gained a new option : "-a authenticate additionaly the DCD block..." But those look like dependencies of a bugfix. > I read through the 50 commit titles on the first page and nearly all of > them are fixes. The very few that aren't direct fixes are relatively > benign preparatory commits followed by a fix and they were then > backported together. > >> Thoughts? > > For the record, v2026.09.3 and v2026.03.1 were released together and > that's the number of commits they have compared to v2025.09.0: > > $ git log v2025.09.0..v2025.09.3 --oneline | wc -l > 111 > > $ git log v2025.09.0..v2026.03.1 --oneline | wc -l > 1023 > > So roughly 10% of commits to master since v2025.09.0 were hand selected > to be backported as fixes. FWIW, I got curious and compared v6.19.12 to > v7.0 and there it's 21%, so there's still some untapped potential (for > squashing bugs!). > >> In the meantime, I will keep it in my branch for awareness. > > I appreciate that the stable branch was picked up, so many thanks for that! Globally, I lean towards taking the upgrade. We will see if there are other point of views. And by the way, thank you for creating and maintaining a stable branch :) > > Cheers, > Ahmad > >> >>> --- >>> meta/recipes-bsp/barebox/barebox-common.inc | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc >>> index e41d0858fd..91865b4d44 100644 >>> --- a/meta/recipes-bsp/barebox/barebox-common.inc >>> +++ b/meta/recipes-bsp/barebox/barebox-common.inc >>> @@ -3,6 +3,6 @@ SECTION = "bootloaders" >>> >>> LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192" >>> >>> -PV = "2025.09.0" >>> +PV = "2025.09.3" >>> SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2" >>> -SRC_URI[sha256sum] = "7df1aa47bb7bf1763a729137ac773e69a4052812af094475d739fc63a9295f0d" >>> +SRC_URI[sha256sum] = "e87eb863cbe45e4f5af8930825c8f6e20c02b82451e9e1125ea1c73c1fb49a87" >> >> >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#235329): https://lists.openembedded.org/g/openembedded-core/message/235329 >> Mute This Topic: https://lists.openembedded.org/mt/118717996/4830399 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [a.fatoum@pengutronix.de] >> -=-=-=-=-=-=-=-=-=-=-=- >> -- Yoann Congal Smile ECS ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 2026-04-16 13:40 ` Yoann Congal @ 2026-04-16 15:45 ` Ahmad Fatoum 0 siblings, 0 replies; 5+ messages in thread From: Ahmad Fatoum @ 2026-04-16 15:45 UTC (permalink / raw) To: Yoann Congal, ankur.tyagi85, openembedded-core Hello Yoann, Cc += yocto@pengutronix.de who are listed as recipe maintainers. On 4/16/26 3:40 PM, Yoann Congal wrote: > On Thu Apr 16, 2026 at 1:34 PM CEST, Ahmad Fatoum wrote: >> On 4/15/26 11:05 PM, Yoann Congal via lists.openembedded.org wrote: >>> On Wed Apr 8, 2026 at 2:09 AM CEST, Ankur Tyagi via lists.openembedded.org wrote: >> I had prepared the v2025.09.y releases, so we (barebox) can hone a >> workflow to be able to support the release that makes it into Wrynose >> for a longer time than the usual 1 month it takes between the monthly >> releases of barebox. >> >>> but on the other >>> hand, there are changes that I find too risky: >>> For example: >>> * API Change: https://github.com/barebox/barebox/commit/5e9f709b2b56bd9689e174572ef2af59b9fed5d2 >> >> barebox is a bare metal bootloader. Its API surface is: >> >> - the data formats it parses >> - the data it passes along, e.g. fixed up device trees >> - the boot/runtime services it provides to an OS (UEFI/PSCI/TEE-supplicant). Rereading this, it's probably worth to spell out also: - The protocols that barebox speaks - The build integration (e.g. Kconfig options) - The shell environment Such changes are also not suitable for a point release. >> The change to bootm_set_overrides is not a change that affects >> user-visible API for any of that; it is completely internal to barebox. >> Revisiting it, I still think it was appropriate to backport it. > > I kind of agreeing with you I just remember my BSP dev days where this > is the kind of function I would call for my custom boot flow (But in > this case, fix looks easy enough) We had rather heated discussions not so long ago about the extent we should accommodate out-of-tree board code. :-) I believe a build-time failure is as good as it gets if an API is just not salvageable like the one you pointed out; It didn't take recursive calls into account, which occurred in real world scenarios. For compatibility breakage that is not immediately obvious at compile-time, we are maintaining migration notes: https://www.barebox.org/doc/latest/migration-guides/index.html But nothing that deserves an entry there should be something that would be ok to include in a point release - save grave security bugs that can't be fixed any other way. Most recently, both barebox v2026.03.1 and U-Boot v2026.04.0 will refuse to boot a FIT with a verified signed configuration when some of the images were left unsigned: https://lore.kernel.org/barebox/20260416153455.2630276-1-a.fatoum@pengutronix.de/T/#u Migration guide entry is the best we can do here. >>> * New feature: https://github.com/barebox/barebox/compare/v2025.09.0...v2025.09.3#diff-2dd6d3e4c91931c982f091155a47dd8d03e26731f8d59b112e938508fe12255aR1 >> >> Which features do you see there? > > Sorry the URL is not as direct as I thought. > This should link to the new "scripts/imx/pread.c" file. We don't have mingw build in CI, so this fixes a build regression even if doesn't sound this way. > Also, looks like imx-image gained a new option : > "-a authenticate additionaly the DCD block..." So this was the second commit in a series of two patches. The first is a fix and the second fixes an incompatibility with the external uuu utility. I concede that you can decide either way whether this patch is backport material or not. The impact on a user not affected by this issue is nonetheless minimal. > But those look like dependencies of a bugfix. Fixes are occasionally split for master (next release) and next (release after next), when the change is too involved. Recent example is that TF-A v2.14 broke backwards compatibility for its consumers: https://lore.barebox.org/barebox/20260325113711.2163037-1-a.fatoum@pengutronix.de/ https://lore.barebox.org/barebox/20260325114753.2249763-1-a.fatoum@pengutronix.de/ No one size fits all. >> I appreciate that the stable branch was picked up, so many thanks for that! > > Globally, I lean towards taking the upgrade. We will see if there are > other point of views. > > And by the way, thank you for creating and maintaining a stable branch > :) This has been a pain point I heard at conferences in the past and I am happy to get feedback on how we can improve the process. The LTS and the migration guides are inspired by Yocto and we see it as an important part of making sure that barebox is a reliable bootloader in secure boot contexts. I think there's generally a lot to improve[1] the status quo of embedded bootloader security and I see making bootloader updates easier as important as shiny new features like barebox security policies (coming hopefully soon to an OE-core near you!), even if the former is admittedly not as fun.. [1]: https://osseu2025.sched.com/event/25VqL/bootloaders-under-fire-real-world-threats-and-practical-defenses-ahmad-fatoum-pengutronix Thanks, Ahmad > >> >> Cheers, >> Ahmad >> >>> >>>> --- >>>> meta/recipes-bsp/barebox/barebox-common.inc | 4 ++-- >>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/meta/recipes-bsp/barebox/barebox-common.inc b/meta/recipes-bsp/barebox/barebox-common.inc >>>> index e41d0858fd..91865b4d44 100644 >>>> --- a/meta/recipes-bsp/barebox/barebox-common.inc >>>> +++ b/meta/recipes-bsp/barebox/barebox-common.inc >>>> @@ -3,6 +3,6 @@ SECTION = "bootloaders" >>>> >>>> LIC_FILES_CHKSUM = "file://COPYING;md5=f5125d13e000b9ca1f0d3364286c4192" >>>> >>>> -PV = "2025.09.0" >>>> +PV = "2025.09.3" >>>> SRC_URI = "https://barebox.org/download/barebox-${PV}.tar.bz2" >>>> -SRC_URI[sha256sum] = "7df1aa47bb7bf1763a729137ac773e69a4052812af094475d739fc63a9295f0d" >>>> +SRC_URI[sha256sum] = "e87eb863cbe45e4f5af8930825c8f6e20c02b82451e9e1125ea1c73c1fb49a87" >>> >>> >>> >>> >>> -=-=-=-=-=-=-=-=-=-=-=- >>> Links: You receive all messages sent to this group. >>> View/Reply Online (#235329): https://lists.openembedded.org/g/openembedded-core/message/235329 >>> Mute This Topic: https://lists.openembedded.org/mt/118717996/4830399 >>> Group Owner: openembedded-core+owner@lists.openembedded.org >>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [a.fatoum@pengutronix.de] >>> -=-=-=-=-=-=-=-=-=-=-=- >>> > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-04-16 15:45 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-04-08 0:09 [OE-core][whinlatter][PATCH] barebox/barebox-tools: upgrade 2025.09.0 -> 2025.09.3 ankur.tyagi85 2026-04-15 21:05 ` Yoann Congal 2026-04-16 11:34 ` Ahmad Fatoum 2026-04-16 13:40 ` Yoann Congal 2026-04-16 15:45 ` Ahmad Fatoum
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox