version 1.45, 2021/12/02 03:44:19 |
version 1.48, 2021/12/02 03:50:03 |
|
|
echo "${DESTDIR}/tmp" |
echo "${DESTDIR}/tmp" |
} |
} |
|
|
# tmpdir, do_as, unpriv, and unpriv2 are from install.sub |
# tmpdir, do_as, and unpriv are from install.sub |
# modified to use su(1) when not in the installer. |
# modified to use su(1) when not in the installer. |
# modified to use mktemp(1) when not in the installer. |
# modified to use mktemp(1) when not in the installer. |
|
|
|
|
|
|
if [[ -e /usr/bin/mktemp ]]; then |
if [[ -e /usr/bin/mktemp ]]; then |
_dir=$( /usr/bin/mktemp -d $1 ) |
_dir=$( /usr/bin/mktemp -d $1 ) |
chown _sndio "$_dir" |
chown _file "$_dir" |
else |
else |
until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
((++_i < 10000)) || return 1 |
((++_i < 10000)) || return 1 |
|
|
} |
} |
|
|
unpriv() { |
unpriv() { |
do_as _sndio "$@" |
|
} |
|
|
|
unpriv2() { |
|
do_as _file "$@" |
do_as _file "$@" |
} |
} |
|
|
|
|
done |
done |
|
|
# Create a download directory for the firmware and |
# Create a download directory for the firmware and |
# check that the _sndio user can read files from |
# check that the _file user can read files from |
# it. Otherwise cleanup and skip the filesystem. |
# it. Otherwise cleanup and skip the filesystem. |
if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then |
if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then |
( |
( |
|
|
echo "Cannot fetch SHA256.sig" >&2 && return 1 |
echo "Cannot fetch SHA256.sig" >&2 && return 1 |
|
|
# Verify signature file with public keys. |
# Verify signature file with public keys. |
! $_unpriv -f "$_cfile" \ |
! signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
|
echo "Signature check of SHA256.sig failed" >&2 && return 1 |
echo "Signature check of SHA256.sig failed" >&2 && return 1 |
|
|
for _d in $_drivers; do |
for _d in $_drivers; do |
|
|
# sha256. Create a flag file in case ftp failed. Firmware |
# sha256. Create a flag file in case ftp failed. Firmware |
# from net is written to the prefetch area. |
# from net is written to the prefetch area. |
( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | |
( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | |
( $_srclocal && unpriv2 sha256 -b >/tmp/h || |
( $_srclocal && sha256 -b >/tmp/h || |
unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) |
sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) |
|
|
# Handle failed transfer. |
# Handle failed transfer. |
if [[ -f /tmp/fail ]]; then |
if [[ -f /tmp/fail ]]; then |