version 1.42, 2021/12/01 03:11:43 |
version 1.49, 2021/12/02 04:00:37 |
|
|
echo "${DESTDIR}/tmp" |
echo "${DESTDIR}/tmp" |
} |
} |
|
|
# tmpdir, do_as, unpriv, and unpriv2 are from install.sub |
# tmpdir, do_as, and unpriv are from install.sub |
|
# modified to use su(1) when not in the installer. |
|
# modified to use mktemp(1) when not in the installer. |
|
|
# Create a temporary directory based on the supplied directory name prefix. |
# Create a temporary directory based on the supplied directory name prefix. |
tmpdir() { |
tmpdir() { |
local _i=1 _dir |
local _i=1 _dir |
|
if [[ -z $1 ]]; then |
|
echo No tmpdir >&2 |
|
exit 1 |
|
fi |
|
|
until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
if [[ -e /usr/bin/mktemp ]]; then |
((++_i < 10000)) || return 1 |
_dir=$( /usr/bin/mktemp -d $1 ) |
done |
chown _file "$_dir" |
|
else |
|
until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
|
((++_i < 10000)) || return 1 |
|
done |
|
fi |
echo "$_dir" |
echo "$_dir" |
} |
} |
|
|
|
|
} |
} |
|
|
unpriv() { |
unpriv() { |
do_as _sndio "$@" |
|
} |
|
|
|
unpriv2() { |
|
do_as _file "$@" |
do_as _file "$@" |
} |
} |
|
|
|
|
# Otherwise, the fw_update after first boot will fix it up for us. |
# Otherwise, the fw_update after first boot will fix it up for us. |
|
|
HTTP_FWDIR=$FWDIR |
HTTP_FWDIR=$FWDIR |
set -- sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot |
VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot | sed '$!d' ) |
[[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots |
[[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots |
|
|
FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR} |
FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR} |
FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub |
FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub |
|
|
done |
done |
|
|
# Create a download directory for the firmware and |
# Create a download directory for the firmware and |
# check that the _sndio user can read files from |
# check that the _file user can read files from |
# it. Otherwise cleanup and skip the filesystem. |
# it. Otherwise cleanup and skip the filesystem. |
if _tmpsrc=$(tmpdir "$_tmpfs/firmware"); then |
if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then |
( |
( |
>$_tmpsrc/t && |
>$_tmpsrc/t && |
$_unpriv cat $_tmpsrc/t |
$_unpriv cat $_tmpsrc/t |
|
|
echo "Cannot fetch SHA256.sig" >&2 && return 1 |
echo "Cannot fetch SHA256.sig" >&2 && return 1 |
|
|
# Verify signature file with public keys. |
# Verify signature file with public keys. |
! $_unpriv -f "$_cfile" \ |
! signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
|
echo "Signature check of SHA256.sig failed" >&2 && return 1 |
echo "Signature check of SHA256.sig failed" >&2 && return 1 |
|
|
for _d in $_drivers; do |
for _d in $_drivers; do |
|
|
# sha256. Create a flag file in case ftp failed. Firmware |
# sha256. Create a flag file in case ftp failed. Firmware |
# from net is written to the prefetch area. |
# from net is written to the prefetch area. |
( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | |
( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | |
( $_srclocal && unpriv2 sha256 -b >/tmp/h || |
( $_srclocal && sha256 -b >/tmp/h || |
unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) |
sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) |
|
|
# Handle failed transfer. |
# Handle failed transfer. |
if [[ -f /tmp/fail ]]; then |
if [[ -f /tmp/fail ]]; then |