version 1.143, 2022/01/07 01:47:24 |
version 1.149, 2022/01/14 04:25:46 |
|
|
DRYRUN=false |
DRYRUN=false |
VERBOSE=0 |
VERBOSE=0 |
DELETE=false |
DELETE=false |
DOWNLOAD= |
DOWNLOAD=true |
INSTALL=true |
INSTALL=true |
LOCALSRC= |
LOCALSRC= |
|
|
|
|
tmpdir() { |
tmpdir() { |
local _i=1 _dir |
local _i=1 _dir |
|
|
# If we're not in the installer, |
# The installer lacks mktemp(1), do it by hand |
# we have mktemp and a more hostile environment. |
|
if [ -x /usr/bin/mktemp ]; then |
if [ -x /usr/bin/mktemp ]; then |
_dir=$( mktemp -d "${1}-XXXXXXXXX" ) |
_dir=$( mktemp -d "${1}-XXXXXXXXX" ) |
else |
else |
|
|
fetch() { |
fetch() { |
local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _exit _error='' |
local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _exit _error='' |
|
|
# If we're not in the installer, |
# The installer uses a limited doas(1) as a tiny su(1) |
# we have su(1) and doas(1) is unlikely to be configured. |
|
set -o monitor # make sure ftp gets its own process group |
set -o monitor # make sure ftp gets its own process group |
( |
( |
_flags=-vm |
_flags=-vm |
|
|
echo "Cannot fetch $_src$_error" >&2 |
echo "Cannot fetch $_src$_error" >&2 |
return 1 |
return 1 |
fi |
fi |
|
|
|
return 0 |
} |
} |
|
|
|
fetch_cfile() { |
|
if "$DOWNLOAD"; then |
|
set +o noclobber # we want to get the latest CFILE |
|
fetch "$CFILE" || return 1 |
|
set -o noclobber |
|
! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && |
|
echo "Signature check of SHA256.sig failed" >&2 && return 1 |
|
elif [ ! -e "$CFILE" ]; then |
|
echo "${0##*/}: $CFILE: No such file or directory" >&2 |
|
return 2 |
|
fi |
|
|
|
return 0 |
|
} |
|
|
verify() { |
verify() { |
# On the installer we don't get sha256 -C, so fake it. |
[ -e "$CFILE" ] || fetch_cfile || return 1 |
|
# The installer sha256 lacks -C, do it by hand |
if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then |
if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then |
echo "Checksum test for ${1##*/} failed." >&2 |
echo "Checksum test for ${1##*/} failed." >&2 |
return 1 |
return 1 |
fi |
fi |
|
|
|
return 0 |
} |
} |
|
|
firmware_in_dmesg() { |
firmware_in_dmesg() { |
local _d _m _line _dmesgtail _last='' _nl=$( echo ) |
local _d _m _line _dmesgtail _last='' _nl=$( echo ) |
|
|
# When we're not in the installer, the dmesg.boot can |
# The dmesg can contain multiple boots, only look in the last one |
# contain multiple boots, so only look in the last one |
|
_dmesgtail="$( echo ; sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )" |
_dmesgtail="$( echo ; sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )" |
|
|
grep -v '^[[:space:]]*#' "$FWPATTERNS" | |
grep -v '^[[:space:]]*#' "$FWPATTERNS" | |
|
|
|
|
firmware_filename() { |
firmware_filename() { |
local _f |
local _f |
|
[ -e "$CFILE" ] || fetch_cfile || return 1 |
_f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )" |
_f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )" |
! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1 |
! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1 |
echo "$_f" |
echo "$_f" |
|
|
return 1 |
return 1 |
fi |
fi |
|
|
# TODO: Should we mark these so real fw_update can -Drepair? |
|
ed -s "${FWPKGTMP}/+CONTENTS" <<EOL |
ed -s "${FWPKGTMP}/+CONTENTS" <<EOL |
/^@comment pkgpath/ -1a |
/^@comment pkgpath/ -1a |
@option manual-installation |
@option manual-installation |
|
|
esac |
esac |
done < "${_pkgdir}/${_pkg}/+CONTENTS" |
done < "${_pkgdir}/${_pkg}/+CONTENTS" |
|
|
# We specifically rm -f here because not removing files/dirs |
# Use rm -f, not removing files/dirs is probably not worth failing over |
# is probably not worth failing over. |
|
for _r in "${_remove[@]}" ; do |
for _r in "${_remove[@]}" ; do |
if [ -d "$_r" ]; then |
if [ -d "$_r" ]; then |
# Try hard not to actually remove recursively |
# The installer lacks rmdir, |
# without rmdir on the install media. |
# but we only want to remove empty directories. |
set +o noglob |
set +o noglob |
[ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r" |
[ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r" |
set -o noglob |
set -o noglob |
|
|
} |
} |
|
|
usage() { |
usage() { |
echo "usage: ${0##*/} [-d | -D] [-av] [-p path] [driver | file ...]" |
echo "usage: ${0##*/} [-d | -F] [-av] [-p path] [driver | file ...]" |
exit 2 |
exit 2 |
} |
} |
|
|
|
|
OPT_F= |
OPT_F= |
while getopts :adFnp:v name |
while getopts :adFnp:v name |
do |
do |
case "$name" in |
case "$name" in |
a) ALL=true ;; |
a) ALL=true ;; |
d) DELETE=true ;; |
d) DELETE=true ;; |
F) OPT_F=true ;; |
F) OPT_F=true ;; |
n) DRYRUN=true ;; |
n) DRYRUN=true ;; |
p) LOCALSRC="$OPTARG" ;; |
p) LOCALSRC="$OPTARG" ;; |
v) VERBOSE=$(( VERBOSE + 1 )) ;; |
v) VERBOSE=$(( VERBOSE + 1 )) ;; |
:) |
:) |
echo "${0##*/}: option requires an argument -- -$OPTARG" >&2 |
echo "${0##*/}: option requires an argument -- -$OPTARG" >&2 |
usage 2 |
usage 2 |
;; |
;; |
?) |
?) |
echo "${0##*/}: unknown option -- -$OPTARG" >&2 |
echo "${0##*/}: unknown option -- -$OPTARG" >&2 |
usage 2 |
usage 2 |
;; |
;; |
esac |
esac |
done |
done |
shift $((OPTIND - 1)) |
shift $((OPTIND - 1)) |
|
|
|
|
|
|
# "Download only" means local dir and don't install |
# "Download only" means local dir and don't install |
if [ "$OPT_F" ]; then |
if [ "$OPT_F" ]; then |
DOWNLOAD=true |
|
INSTALL=false |
INSTALL=false |
LOCALSRC="${LOCALSRC:-.}" |
LOCALSRC="${LOCALSRC:-.}" |
|
|
|
# Always check for latest CFILE and so latest firmware |
|
if [ -e "$LOCALSRC/$CFILE" ]; then |
|
mv "$LOCALSRC/$CFILE" "$LOCALSRC/$CFILE-OLD" |
|
if fetch_cfile; then |
|
rm -f "$LOCALSRC/$CFILE-OLD" |
|
else |
|
mv "$LOCALSRC/$CFILE-OLD" "$LOCALSRC/$CFILE" |
|
echo "Using existing $CFILE" >&2 |
|
fi |
|
fi |
elif [ "$LOCALSRC" ]; then |
elif [ "$LOCALSRC" ]; then |
DOWNLOAD=false |
DOWNLOAD=false |
fi |
fi |
|
|
fi |
fi |
|
|
if [ ! "$LOCALSRC" ]; then |
if [ ! "$LOCALSRC" ]; then |
LOCALSRC="$( tmpdir "${DESTDIR}/tmp/${0##*/}" )" |
LOCALSRC="$( tmpdir "${DESTDIR}/tmp/${0##*/}" )" |
REMOVE_LOCALSRC=true |
REMOVE_LOCALSRC=true |
fi |
fi |
|
|
|
CFILE="$LOCALSRC/$CFILE" |
|
|
if [ "${devices[*]:-}" ]; then |
if [ "${devices[*]:-}" ]; then |
"$ALL" && usage 22 |
"$ALL" && usage 22 |
else |
else |
|
|
|
|
[ "${devices[*]:-}" ] || exit |
[ "${devices[*]:-}" ] || exit |
|
|
# Only need the CFILE to verify what has been downloaded |
|
# or to convert a device to a filename. |
|
NEED_CFILE="${DOWNLOAD:-false}" |
|
if ! "$NEED_CFILE"; then |
|
for f in "${devices[@]}"; do |
|
if [ "$( firmware_devicename "$f" )" = "$f" ]; then |
|
NEED_CFILE=true |
|
break |
|
fi |
|
done |
|
fi |
|
|
|
# Only need to download if we already decided we did, |
|
# or the same decision as if we NEED_CFILE. |
|
DOWNLOAD="${DOWNLOAD:-$NEED_CFILE}" |
|
|
|
if "$NEED_CFILE"; then |
|
CFILE="$LOCALSRC/$CFILE" |
|
|
|
if "$DOWNLOAD"; then |
|
set +o noclobber # we want to get the latest CFILE |
|
fetch "$CFILE" |
|
set -o noclobber |
|
! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && |
|
echo "Signature check of SHA256.sig failed" >&2 && exit 1 |
|
elif [ ! -e "$CFILE" ]; then |
|
echo "${0##*/}: $CFILE: No such file or directory" >&2 |
|
exit 2 |
|
fi |
|
fi |
|
|
|
added='' |
added='' |
updated='' |
updated='' |
kept='' |
kept='' |
for f in "${devices[@]}"; do |
for f in "${devices[@]}"; do |
d="$( firmware_devicename "$f" )" |
d="$( firmware_devicename "$f" )" |
|
|
|
verify_existing=true |
if [ "$f" = "$d" ]; then |
if [ "$f" = "$d" ]; then |
f=$( firmware_filename "$d" || true ) |
f=$( firmware_filename "$d" || true ) |
[ "$f" ] || continue |
[ "$f" ] || continue |
|
|
elif ! "$INSTALL" && ! grep -Fq "($f)" "$CFILE" ; then |
elif ! "$INSTALL" && ! grep -Fq "($f)" "$CFILE" ; then |
echo "Cannot download local file $f" >&2 |
echo "Cannot download local file $f" >&2 |
exit 2 |
exit 2 |
|
else |
|
# Don't verify files specified on the command-line |
|
verify_existing=false |
fi |
fi |
|
|
set -A installed -- $( installed_firmware '' "$d-firmware-" '*' ) |
set -A installed -- $( installed_firmware '' "$d-firmware-" '*' ) |
|
|
done |
done |
fi |
fi |
|
|
if [ -e "$f" ]; then |
if "$verify_existing" && [ -e "$f" ]; then |
if "$DOWNLOAD"; then |
msg="Keep/Verify" |
[ "$VERBOSE" -gt 1 ] && ! "$INSTALL" && |
"$INSTALL" && msg="Verify" |
echo "Keep/Verify ${f##*/}" |
[ "$VERBOSE" -gt 1 ] && ! "$INSTALL" && |
"$DRYRUN" || verify "$f" || continue |
echo "$msg ${f##*/}" |
|
|
|
if "$DRYRUN" || verify "$f"; then |
"$INSTALL" || kept="$kept,$d" |
"$INSTALL" || kept="$kept,$d" |
# else assume it was verified when downloaded |
elif "$DOWNLOAD"; then |
|
[ "$VERBOSE" -gt 0 ] && echo "Refetching $f" |
|
rm -f $f |
|
else |
|
continue |
fi |
fi |
|
fi |
|
|
|
if [ -e "$f" ]; then |
|
true # verified above |
elif "$DOWNLOAD"; then |
elif "$DOWNLOAD"; then |
if "$DRYRUN"; then |
if "$DRYRUN"; then |
[ "$VERBOSE" -gt 0 ] && echo "Get/Verify ${f##*/}" |
[ "$VERBOSE" -gt 0 ] && echo "Get/Verify ${f##*/}" |