===================================================================
RCS file: /cvs/openbsd/fw_update/fw_install.sh,v
retrieving revision 1.5
retrieving revision 1.7
diff -u -r1.5 -r1.7
--- openbsd/fw_update/fw_install.sh	2021/10/14 02:26:31	1.5
+++ openbsd/fw_update/fw_install.sh	2021/10/14 03:00:02	1.7
@@ -13,14 +13,63 @@
 	done
 }
 
-set -A _KERNV -- $( scan_dmesg '/^OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\) .*/ { s//\1 \2/p; q; }' )
-VNAME=${_KERNV[0]}
-OSDIR=$VNAME
-if ((${#_KERNV[*]} > 1)) && [ "$_KERNV[1]" = "-current" -o "$_KERNV[1]" = "-beta" ]; then
-	OSDIR=snapshots
-fi
+# do_as, unpriv, and unpriv2 are from install.sub
 
-FWURL=http://firmware.openbsd.org/firmware/${OSDIR}
+# Run a command ($2+) as unprivileged user ($1).
+# Take extra care that after "cmd" no "user" processes exist.
+#
+# Optionally:
+#	- create "file" and chown it to "user"
+#	- after "cmd", chown "file" back to root
+#
+# Usage: do_as user [-f file] cmd
+do_as() {
+	(( $# >= 2 )) || return
+
+	local _file _rc _user=$1
+	shift
+
+	if [[ $1 == -f ]]; then
+		_file=$2
+		shift 2
+	fi
+
+	if [[ -n $_file ]]; then
+		>$_file
+		chown "$_user" "$_file"
+	fi
+
+	doas -u "$_user" "$@"
+	_rc=$?
+
+	while doas -u "$_user" kill -9 -1 2>/dev/null; do
+		echo "Processes still running for user $_user after: $@"
+		sleep 1
+	done
+
+	[[ -n $_file ]] && chown root "$_file"
+
+	return $_rc
+}
+
+unpriv() {
+	do_as _sndio "$@"
+}
+
+unpriv2() {
+	do_as _file "$@"
+}
+
+VNAME=$(sysctl -n kern.osrelease)
+VERSION="${VNAME%.*}${VNAME#*.}"
+FWDIR="$VNAME"
+
+HTTP_FWDIR=$FWDIR
+set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p")
+[[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots
+
+FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
+FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
 PKGDIR=${DESTDIR}/var/db/pkg
 PATTERNS="file:${0%/*}/firmware_patterns"