version 1.46, 2021/12/02 03:46:50 |
version 1.48, 2021/12/02 03:50:03 |
|
|
|
|
if [[ -e /usr/bin/mktemp ]]; then |
if [[ -e /usr/bin/mktemp ]]; then |
_dir=$( /usr/bin/mktemp -d $1 ) |
_dir=$( /usr/bin/mktemp -d $1 ) |
chown _sndio "$_dir" |
chown _file "$_dir" |
else |
else |
until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
((++_i < 10000)) || return 1 |
((++_i < 10000)) || return 1 |
|
|
} |
} |
|
|
unpriv() { |
unpriv() { |
do_as _sndio "$@" |
do_as _file "$@" |
} |
} |
|
|
VNAME=${VNAME:-$(sysctl -n kern.osrelease)} |
VNAME=${VNAME:-$(sysctl -n kern.osrelease)} |
|
|
done |
done |
|
|
# Create a download directory for the firmware and |
# Create a download directory for the firmware and |
# check that the _sndio user can read files from |
# check that the _file user can read files from |
# it. Otherwise cleanup and skip the filesystem. |
# it. Otherwise cleanup and skip the filesystem. |
if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then |
if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then |
( |
( |
|
|
echo "Cannot fetch SHA256.sig" >&2 && return 1 |
echo "Cannot fetch SHA256.sig" >&2 && return 1 |
|
|
# Verify signature file with public keys. |
# Verify signature file with public keys. |
! $_unpriv -f "$_cfile" \ |
! signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
|
echo "Signature check of SHA256.sig failed" >&2 && return 1 |
echo "Signature check of SHA256.sig failed" >&2 && return 1 |
|
|
for _d in $_drivers; do |
for _d in $_drivers; do |