| version 1.42, 2021/12/01 03:11:43 |
version 1.65, 2021/12/09 02:51:25 |
|
|
| #!/bin/ksh |
#!/bin/ksh |
| # $OpenBSD$ |
# $OpenBSD$ |
| set -e |
# |
| |
|
| # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org> |
# Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org> |
| # |
# |
| # Permission to use, copy, modify, and distribute this software for any |
# Permission to use, copy, modify, and distribute this software for any |
|
|
| # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| |
|
| # Fake up some things from install.sub that we don't need to actually do |
set -o errexit -o pipefail -o nounset |
| prefetcharea_fs_list() { |
|
| echo "${DESTDIR}/tmp" |
|
| } |
|
| |
|
| # tmpdir, do_as, unpriv, and unpriv2 are from install.sub |
CFILE=SHA256.sig |
| |
DESTDIR=${DESTDIR:-} |
| |
FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns" |
| |
|
| # Create a temporary directory based on the supplied directory name prefix. |
VNAME=${VNAME:-$(sysctl -n kern.osrelease)} |
| |
VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"} |
| |
|
| |
HTTP_FWDIR="$VNAME" |
| |
VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" \ |
| |
/var/run/dmesg.boot | sed '$!d' ) |
| |
[[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots |
| |
|
| |
FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR} |
| |
FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub |
| |
|
| tmpdir() { |
tmpdir() { |
| local _i=1 _dir |
local _i=1 _dir |
| |
|
| until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
# If we're not in the installer, |
| ((++_i < 10000)) || return 1 |
# we have mktemp and a more hostile environment |
| done |
if [ -x /usr/bin/mktemp ]; then |
| |
_dir=$( mktemp -d "${1}-XXXXXXXXX" ) |
| |
else |
| |
until _dir="${1}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
| |
((++_i < 10000)) || return 1 |
| |
done |
| |
fi |
| |
|
| echo "$_dir" |
echo "$_dir" |
| } |
} |
| |
|
| # Run a command ($2+) as unprivileged user ($1). |
realpath () { |
| # Take extra care that after "cmd" no "user" processes exist. |
if [ -x /usr/bin/realpath ]; then |
| # |
/usr/bin/realpath "$1" |
| # Optionally: |
elif [ "$1" = "${1%/*}" ]; then |
| # - create "file" and chown it to "user" |
echo "${PWD}/$1" |
| # - after "cmd", chown "file" back to root |
else |
| # |
echo "$( cd "${1%/*}" && pwd )/${1##*/}" |
| # Usage: do_as user [-f file] cmd |
fi |
| do_as() { |
} |
| (( $# >= 2 )) || return |
|
| |
|
| local _file _rc _user=$1 |
fetch() { |
| shift |
local _file=$1 _user=_file _exit |
| |
|
| if [[ $1 == -f ]]; then |
# If we're not in the installer, we have su(1) |
| _file=$2 |
# and doas(1) is unlikely to be configured. |
| shift 2 |
if [ -x /usr/bin/su ]; then |
| |
/usr/bin/su -s /bin/ksh "$_user" -c \ |
| |
"/usr/bin/ftp -D 'Get/Verify' -Vm \ |
| |
-o- '${FWURL}/${_file}'" > "$_file" |
| |
_exit="$?" |
| |
else |
| |
/usr/bin/doas -u "$_user" \ |
| |
ftp -D 'Get/Verify' -Vm \ |
| |
-o- "${FWURL}/${_file}" > "$_file" |
| |
_exit="$?" |
| fi |
fi |
| |
|
| if [[ -n $_file ]]; then |
if [ "$_exit" -ne 0 ]; then |
| >$_file |
rm -f "$_file" |
| chown "$_user" "$_file" |
echo "Cannot fetch $_file" >&2 |
| |
return 1 |
| fi |
fi |
| |
} |
| |
|
| if [[ -x /usr/bin/su ]]; then |
verify() { |
| /usr/bin/su -s /bin/ksh "$_user" -c "$*" |
# On the installer we don't get sha256 -C, so fake it. |
| else |
if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then |
| doas -u "$_user" "$@" |
echo "Checksum test for $1 failed." >&2 |
| |
return 1 |
| fi |
fi |
| _rc=$? |
} |
| |
|
| while doas -u "$_user" kill -9 -1 2>/dev/null; do |
devices_needing_firmware() { |
| echo "Processes still running for user $_user after: $@" |
local _d _m _grep _dmesgtail _last='' |
| sleep 1 |
|
| done |
|
| |
|
| [[ -n $_file ]] && chown root "$_file" |
# When we're not in the installer, the dmesg.boot can |
| |
# contain multiple boots, so only look in the last one |
| |
_dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot ) |
| |
|
| return $_rc |
grep -v '^[[:space:]]*#' "$FWPATTERNS" | |
| |
while read -r _d _m; do |
| |
_grep="grep" |
| |
[ "$_last" = "$_d" ] && continue |
| |
[ "$_m" ] || _m="^${_d}[0-9][0-9]* at " |
| |
[ "$_m" = "${_m#^}" ] && _grep="fgrep" |
| |
|
| |
echo "$_dmesgtail" | $_grep -q "$_m" || continue |
| |
echo "$_d" |
| |
_last="$_d" |
| |
done |
| } |
} |
| |
|
| unpriv() { |
firmware_filename() { |
| do_as _sndio "$@" |
local _f |
| |
_f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )" |
| |
! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1 |
| |
echo "$_f" |
| } |
} |
| |
|
| unpriv2() { |
firmware_devicename() { |
| do_as _file "$@" |
local _d="${1##*/}" |
| |
_d="${_d%-firmware-*}" |
| |
echo "$_d" |
| } |
} |
| |
|
| VNAME=${VNAME:-$(sysctl -n kern.osrelease)} |
installed_firmware() { |
| VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"} |
for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do |
| FWDIR=${FWDIR:-$VNAME} |
[ -e "$fw" ] || continue |
| |
echo "${fw##*/}" |
| |
done |
| |
} |
| |
|
| # TODO: We need the firmware for the system we just installed |
add_firmware () { |
| # not the one we booted from. For example: |
local _f="${1##*/}" _pkgdir="${DESTDIR}/var/db/pkg" |
| # * booting from a snapshot bsd.rd that thinks it is the 7.0 release |
ftp -D "Install" -Vmo- "file:${1}" | |
| # will install the firmware from the 7.0 directory instead of |
tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \ |
| # from the snapshots dir. |
-s ",^firmware,${DESTDIR}/etc/firmware," \ |
| # If they're using sysupgrade, then the installer kernel will be correct. |
-C / -zxphf - "+*" "firmware/*" |
| # If we're doing this in the installer we can check what they picked |
|
| # for downloading sets and use that value. |
|
| # Otherwise, the fw_update after first boot will fix it up for us. |
|
| |
|
| HTTP_FWDIR=$FWDIR |
# TODO: Should we mark these so real fw_update can -Drepair? |
| set -- sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot |
ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL |
| [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots |
/^@comment pkgpath/ -1a |
| |
@option manual-installation |
| |
@option firmware |
| |
@comment install-script |
| |
. |
| |
w |
| |
EOL |
| |
} |
| |
|
| FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR} |
delete_firmware() { |
| FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub |
local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg" |
| FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns" |
|
| |
|
| # TODO: support srclocal installation of firmware somehow |
# TODO: Check hash for files before deleting |
| fw_install() { |
echo "Uninstalling $_pkg" |
| local _src=$1 _tmpfs_list _tmpfs _tmpsrc \ |
_cwd="${_pkgdir}/$_pkg" |
| _t=Get _cfile="/tmp/SHA256" _pkgdir=${DESTDIR}/var/db/pkg \ |
|
| _f _r _remove _i _installed |
|
| local _srclocal=false _unpriv=unpriv |
|
| |
|
| local _d _drivers=$( |
set -A _remove -- "${_cwd}/+CONTENTS" "${_cwd}" |
| last='' |
|
| while read _d _m; do |
|
| grep=grep |
|
| [ "$last" = "$_d" ] && continue |
|
| [ "$_m" ] || _m="^$_d[0-9][0-9]* at " |
|
| [ "$_m" = "${_m#^}" ] && grep=fgrep |
|
| $grep -q "$_m" /var/run/dmesg.boot || continue |
|
| echo $_d |
|
| last=$_d |
|
| done < $FWPATTERNS |
|
| ) |
|
| |
|
| if [ -z "$_drivers" ]; then |
while read -r c g; do |
| echo "No devices found which need firmware files to be downloaded." |
case $c in |
| return |
@cwd) _cwd="${DESTDIR}$g" |
| fi |
;; |
| |
@*) continue |
| |
;; |
| |
*) set -A _remove -- "$_cwd/$c" "${_remove[@]}" |
| |
;; |
| |
esac |
| |
done < "${_pkgdir}/${_pkg}/+CONTENTS" |
| |
|
| ! _tmpfs_list=$(prefetcharea_fs_list) && |
# We specifically rm -f here because not removing files/dirs |
| echo "Cannot determine prefetch area" >&2 && return |
# is probably not worth failing over. |
| |
for _r in "${_remove[@]}" ; do |
| for _tmpfs in $_tmpfs_list; do |
if [ -d "$_r" ]; then |
| # Try to clean up from previous runs, assuming |
# Try hard not to actually remove recursively |
| # the _tmpfs selection yields the same mount |
# without rmdir on the install media. |
| # point. |
[ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r" |
| for _tmpsrc in $_tmpfs/firmware.+([0-9]).+([0-9]); do |
else |
| [[ -d $_tmpsrc ]] && rm -r $_tmpsrc |
rm -f "$_r" |
| done |
|
| |
|
| # Create a download directory for the firmware and |
|
| # check that the _sndio user can read files from |
|
| # it. Otherwise cleanup and skip the filesystem. |
|
| if _tmpsrc=$(tmpdir "$_tmpfs/firmware"); then |
|
| ( |
|
| >$_tmpsrc/t && |
|
| $_unpriv cat $_tmpsrc/t |
|
| ) >/dev/null 2>&1 && break || |
|
| rm -r $_tmpsrc |
|
| fi |
fi |
| done |
done |
| |
} |
| |
|
| [[ ! -d $_tmpsrc ]] && |
usage() { |
| echo "Cannot create prefetch area" >&2 && return 1 |
echo "Usage: fw_install [ -d dir | -L dir ] [ driver | file [ ... ] ]" |
| |
exit 2 |
| |
} |
| |
|
| # Cleanup from previous runs. |
DOWNLOADDIR= |
| rm -f $_cfile $_cfile.sig |
LOCALDIR= |
| |
while getopts d:L: name |
| |
do |
| |
case "$name" in |
| |
d) DOWNLOADDIR=$OPTARG ;; |
| |
L) LOCALDIR=$OPTARG ;; |
| |
?) usage 2 ;; |
| |
esac |
| |
done |
| |
shift $((OPTIND - 1)) |
| |
|
| _t=Get/Verify |
if [[ -n "$DOWNLOADDIR" && -n "$LOCALDIR" ]]; then |
| |
echo "Cannot use -d and -L" >&2 |
| |
usage 2 |
| |
fi |
| |
|
| ! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" && |
set -A devices -- "$@" |
| echo "Cannot fetch SHA256.sig" >&2 && return 1 |
|
| |
|
| # Verify signature file with public keys. |
[ "${devices[*]:-}" ] || |
| ! $_unpriv -f "$_cfile" \ |
set -A devices -- $( devices_needing_firmware ) |
| signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
|
| echo "Signature check of SHA256.sig failed" >&2 && return 1 |
|
| |
|
| for _d in $_drivers; do |
if [ ! "${devices[*]:-}" ]; then |
| _f=$( sed -n "s/.*(\($_d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" | sed '$!d' ) |
echo "No devices found which need firmware files to be downloaded." |
| _installed=$( |
exit |
| for fw in "${_pkgdir}/$_d-firmware"*; do |
fi |
| [ -e "$fw" ] || continue |
|
| echo ${fw##*/} |
|
| done |
|
| ) |
|
| |
|
| for _i in $_installed; do |
# Have to find the full path to firmware files |
| if [ "$_f" = "$_i.tgz" ]; then |
# so we can cd and still find them later. |
| echo "$_i already installed" |
i=0 |
| continue 2 |
while (( i < "${#devices[@]}" )); do |
| fi |
f="${devices[$i]}" |
| done |
d=$( firmware_devicename "$f" ) |
| |
[ "$f" = "$d" ] && f="$( echo "$f"-firmware-*.tgz | sed '$!d' )" |
| |
if [ -e "$f" ]; then |
| |
if [ "$DOWNLOADDIR" ]; then |
| |
echo "Cannot download local file $f" >&2 |
| |
exit 2 |
| |
fi |
| |
devices[$i]="$d:$( realpath "$f" )" |
| |
fi |
| |
i=$((i + 1)) |
| |
done |
| |
|
| rm -f /tmp/h /tmp/fail |
if [ "$DOWNLOADDIR" ]; then |
| |
if ! cd "$DOWNLOADDIR"; then |
| |
echo "Unable to use $DOWNLOADDIR, make sure it is a directory" |
| |
exit 2 |
| |
fi |
| |
elif [ "$LOCALDIR" ]; then |
| |
if ! cd "$LOCALDIR"; then |
| |
echo "Unable to use $LOCALDIR, make sure it is a directory" |
| |
exit 2 |
| |
fi |
| |
else |
| |
TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" ) |
| |
cd "$TMPDIR" |
| |
fi |
| |
|
| # Fetch firmware file and create a checksum by piping through |
if ! [[ -n "$LOCALDIR" && -e "$CFILE" ]]; then |
| # sha256. Create a flag file in case ftp failed. Firmware |
fetch "$CFILE" |
| # from net is written to the prefetch area. |
! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && |
| ( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | |
echo "Signature check of SHA256.sig failed" >&2 && exit 1 |
| ( $_srclocal && unpriv2 sha256 -b >/tmp/h || |
fi |
| unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) |
|
| |
|
| # Handle failed transfer. |
for d in "${devices[@]}"; do |
| if [[ -f /tmp/fail ]]; then |
f="${d##*:}" |
| rm -f "$_tmpsrc/$_f" |
if [ "$f" = "$d" ]; then |
| echo "Fetching of $_f failed!" >&2 |
f=$( firmware_filename "$d" || true ) |
| continue |
[ "$f" ] || continue |
| fi |
else |
| |
d="${d%:*}" |
| |
fi |
| |
|
| # Verify firmware by comparing its checksum with SHA256. |
set -A installed -- $( installed_firmware "$d" ) |
| if ! fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then |
|
| [[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc" |
|
| echo "Checksum test for $_f failed." >&2 |
|
| continue |
|
| fi |
|
| |
|
| # TODO: Check hash for files before deleting |
if [ ! "$DOWNLOADDIR" ] && [ "${installed[*]:-}" ]; then |
| if [ "$_installed" ] && [ -e "${_pkgdir}/$_installed/+CONTENTS" ]; then |
for i in "${installed[@]}"; do |
| echo "Uninstalling $_installed" |
if [ "${f##*/}" = "$i.tgz" ]; then |
| cwd=${_pkgdir}/$_installed |
echo "$i already installed" |
| |
continue 2 |
| |
fi |
| |
done |
| |
fi |
| |
|
| set -A _remove -- "${cwd}/+CONTENTS" "${cwd}" |
if [ ! -e "$f" ]; then |
| |
[ "$LOCALDIR" ] && echo "Cannot install $f, not found" >&2 && continue |
| |
fetch "$f" || continue |
| |
verify "$f" || continue |
| |
elif [ "$DOWNLOADDIR" ]; then |
| |
echo "Already have $f" |
| |
verify "$f" || continue |
| |
fi |
| |
|
| while read c g; do |
[ "$DOWNLOADDIR" ] && continue |
| case $c in |
|
| @cwd) cwd="${DESTDIR}/$g" |
|
| ;; |
|
| @*) continue |
|
| ;; |
|
| *) set -A _remove -- "$cwd/$c" "${_remove[@]}" |
|
| ;; |
|
| esac |
|
| done < "${_pkgdir}/$_installed/+CONTENTS" |
|
| |
|
| # We specifically rm -f here because not removing files/dirs |
if [ "${installed[*]:-}" ]; then |
| # is probably not worth failing over. |
for i in "${installed[@]}"; do |
| for _r in "${_remove[@]}" ; do |
delete_firmware "$i" |
| if [ -d "$_r" ]; then |
done |
| # Try hard not to actually remove recursively |
fi |
| # without rmdir on the install media. |
|
| [ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r" |
|
| else |
|
| rm -f "$_r" |
|
| fi |
|
| done |
|
| fi |
|
| |
|
| # TODO: Should we mark these so real fw_update can -Drepair? |
add_firmware "$f" |
| ftp -D "Install" -Vmo- "file:$_tmpsrc/$_f" | |
done |
| tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \ |
|
| -s ",^firmware,${DESTDIR}/etc/firmware," \ |
|
| -C / -zxphf - "+*" "firmware/*" |
|
| |
|
| ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL |
|
| /^@comment pkgpath/ -1a |
|
| @option manual-installation |
|
| @option firmware |
|
| @comment install-script |
|
| . |
|
| w |
|
| EOL |
|
| done |
|
| } |
|
| |
|
| fw_install "$FWURL" |
|
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to fw_install.sh CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [local] / openbsd / fw_update