[BACK]Return to fw_install.sh CVS log [TXT][DIR] Up to [local] / openbsd / fw_update

Diff for /openbsd/fw_update/fw_install.sh between version 1.47 and 1.82

version 1.47, 2021/12/02 03:48:13 version 1.82, 2021/12/12 20:24:53
Line 1 
Line 1 
 #!/bin/ksh  #!/bin/ksh
 #       $OpenBSD$  #       $OpenBSD$
 set -e  #
   
 # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>  # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
 #  #
 # Permission to use, copy, modify, and distribute this software for any  # Permission to use, copy, modify, and distribute this software for any
Line 16 
Line 15 
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF  # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.  # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   
 # Fake up some things from install.sub that we don't need to actually do  set -o errexit -o pipefail -o nounset
 prefetcharea_fs_list() {  export PATH=/usr/bin:/bin:/usr/sbin:/sbin
         echo "${DESTDIR}/tmp"  
 }  
   
 # tmpdir, do_as, and unpriv are from install.sub  CFILE=SHA256.sig
 # modified to use su(1) when not in the installer.  DESTDIR=${DESTDIR:-}
 # modified to use mktemp(1) when not in the installer.  FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns"
   
 # Create a temporary directory based on the supplied directory name prefix.  VNAME=${VNAME:-$(sysctl -n kern.osrelease)}
   VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"}
   
   HTTP_FWDIR="$VNAME"
   VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" \
       /var/run/dmesg.boot | sed '$!d' )
   [[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots
   
   FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
   FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
   
   LOCALSRC=
   
 tmpdir() {  tmpdir() {
         local _i=1 _dir          local _i=1 _dir
         if [[ -z $1 ]]; then  
                 echo No tmpdir >&2  
                 exit 1  
         fi  
   
         if [[ -e /usr/bin/mktemp ]]; then          # If we're not in the installer,
                 _dir=$( /usr/bin/mktemp -d $1 )          # we have mktemp and a more hostile environment.
                 chown _sndio "$_dir"          if [ -x /usr/bin/mktemp ]; then
                   _dir=$( mktemp -d "${1}-XXXXXXXXX" )
         else          else
                 until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do                  until _dir="${1}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
                     ((++_i < 10000)) || return 1                      ((++_i < 10000)) || return 1
                 done                  done
         fi          fi
   
         echo "$_dir"          echo "$_dir"
 }  }
   
 # Run a command ($2+) as unprivileged user ($1).  fetch() {
 # Take extra care that after "cmd" no "user" processes exist.          local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _exit
 #  
 # Optionally:  
 #       - create "file" and chown it to "user"  
 #       - after "cmd", chown "file" back to root  
 #  
 # Usage: do_as user [-f file] cmd  
 do_as() {  
         (( $# >= 2 )) || return  
   
         local _file _rc _user=$1          # If we're not in the installer,
         shift          # we have su(1) and doas(1) is unlikely to be configured.
           if [ -x /usr/bin/su ]; then
         if [[ $1 == -f ]]; then                  /usr/bin/su -s /bin/ksh "$_user" -c \
                 _file=$2                      "/usr/bin/ftp -D 'Get/Verify' -Vm -o- '$_src'" > "$_dst"
                 shift 2                  _exit="$?"
           else
                   /usr/bin/doas -u "$_user" \
                       /usr/bin/ftp -D 'Get/Verify' -Vm -o- "$_src" > "$_dst"
                   _exit="$?"
         fi          fi
   
         if [[ -n $_file ]]; then          if [ "$_exit" -ne 0 ]; then
                 >$_file                  rm -f "$_dst"
                 chown "$_user" "$_file"                  echo "Cannot fetch $_src" >&2
                   return 1
         fi          fi
   }
   
         if [[ -x /usr/bin/su ]]; then  verify() {
                 /usr/bin/su -s /bin/ksh "$_user" -c "$*"          # On the installer we don't get sha256 -C, so fake it.
         else          if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
                 doas -u "$_user" "$@"                  echo "Checksum test for ${1##*/} failed." >&2
                   return 1
         fi          fi
         _rc=$?  }
   
         while doas -u "$_user" kill -9 -1 2>/dev/null; do  devices_needing_firmware() {
                 echo "Processes still running for user $_user after: $@"          local _d _m _grep _dmesgtail _last=''
                 sleep 1  
         done  
   
         [[ -n $_file ]] && chown root "$_file"          # When we're not in the installer, the dmesg.boot can
           # contain multiple boots, so only look in the last one
           _dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )
   
         return $_rc          grep -v '^[[:space:]]*#' "$FWPATTERNS" |
               while read -r _d _m; do
                   _grep="grep"
                   [ "$_last" = "$_d" ] && continue
                   [ "$_m" ] || _m="^${_d}[0-9][0-9]* at "
                   [ "$_m" = "${_m#^}" ] && _grep="fgrep"
   
                   echo "$_dmesgtail" | $_grep -q "$_m" || continue
                   echo "$_d"
                   _last="$_d"
           done
 }  }
   
 unpriv() {  firmware_filename() {
         do_as _sndio "$@"          local _f
           _f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )"
           ! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1
           echo "$_f"
 }  }
   
 VNAME=${VNAME:-$(sysctl -n kern.osrelease)}  firmware_devicename() {
 VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"}          local _d="${1##*/}"
 FWDIR=${FWDIR:-$VNAME}          _d="${_d%-firmware-*}"
           echo "$_d"
   }
   
 # TODO: We need the firmware for the system we just installed  installed_firmware() {
 #       not the one we booted from.  For example:          for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do
 #       * booting from a snapshot bsd.rd that thinks it is the 7.0 release                  [ -e "$fw" ] || continue
 #         will install the firmware from the 7.0 directory instead of                  echo "${fw##*/}"
 #         from the snapshots dir.          done
 #       If they're using sysupgrade, then the installer kernel will be correct.  }
 #       If we're doing this in the installer we can check what they picked  
 #       for downloading sets and use that value.  
 #       Otherwise, the fw_update after first boot will fix it up for us.  
   
 HTTP_FWDIR=$FWDIR  add_firmware () {
 set -- sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot          local _f="${1##*/}"
 [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots          local _pkgdir="${DESTDIR}/var/db/pkg/${_f%.tgz}"
           ftp -D "Install" -Vmo- "file:${1}" |
                   tar -s ",^\+,${_pkgdir}/+," \
                       -s ",^firmware,${DESTDIR}/etc/firmware," \
                       -C / -zxphf - "+*" "firmware/*"
   
 FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}          # TODO: Should we mark these so real fw_update can -Drepair?
 FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub          ed -s "${_pkgdir}/+CONTENTS" <<EOL
 FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns"  /^@comment pkgpath/ -1a
   @option manual-installation
   @option firmware
   @comment install-script
   .
   w
   EOL
   }
   
 # TODO: support srclocal installation of firmware somehow  delete_firmware() {
 fw_install() {          local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg"
         local _src=$1 _tmpfs_list _tmpfs _tmpsrc \  
                 _t=Get _cfile="/tmp/SHA256" _pkgdir=${DESTDIR}/var/db/pkg \  
                 _f _r _remove _i _installed  
         local _srclocal=false _unpriv=unpriv  
   
         local _d _drivers=$(          # TODO: Check hash for files before deleting
                 last=''          echo "Uninstalling $_pkg"
                 while read _d _m; do          _cwd="${_pkgdir}/$_pkg"
                         grep=grep  
                         [ "$last" = "$_d" ] && continue  
                         [ "$_m" ] || _m="^$_d[0-9][0-9]* at "  
                         [ "$_m" = "${_m#^}" ] && grep=fgrep  
                         $grep -q "$_m" /var/run/dmesg.boot || continue  
                         echo $_d  
                         last=$_d  
                 done < $FWPATTERNS  
         )  
   
         if [ -z "$_drivers" ]; then          set -A _remove -- "${_cwd}/+CONTENTS" "${_cwd}"
                 echo "No devices found which need firmware files to be downloaded."  
                 return  
         fi  
   
         ! _tmpfs_list=$(prefetcharea_fs_list) &&          while read -r c g; do
                 echo "Cannot determine prefetch area" >&2 && return                  case $c in
                   @cwd) _cwd="${DESTDIR}$g"
                     ;;
                   @*) continue
                     ;;
                   *) set -A _remove -- "$_cwd/$c" "${_remove[@]}"
                     ;;
                   esac
           done < "${_pkgdir}/${_pkg}/+CONTENTS"
   
         for _tmpfs in $_tmpfs_list; do          # We specifically rm -f here because not removing files/dirs
                 # Try to clean up from previous runs, assuming          # is probably not worth failing over.
                 # the _tmpfs selection yields the same mount          for _r in "${_remove[@]}" ; do
                 # point.                  if [ -d "$_r" ]; then
                 for _tmpsrc in $_tmpfs/firmware.+([0-9]).+([0-9]); do                          # Try hard not to actually remove recursively
                         [[ -d $_tmpsrc ]] && rm -r $_tmpsrc                          # without rmdir on the install media.
                 done                          [ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r"
                   else
                 # Create a download directory for the firmware and                          rm -f "$_r"
                 # check that the _sndio user can read files from  
                 # it. Otherwise cleanup and skip the filesystem.  
                 if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then  
                         (  
                         >$_tmpsrc/t &&  
                         $_unpriv cat $_tmpsrc/t  
                         ) >/dev/null 2>&1 && break ||  
                                 rm -r $_tmpsrc  
                 fi                  fi
         done          done
   }
   
         [[ ! -d $_tmpsrc ]] &&  usage() {
                 echo "Cannot create prefetch area" >&2 && return 1          echo "usage: fw_install [-DL] [driver | file [...]]"
           exit 2
   }
   
         # Cleanup from previous runs.  INSTALL=true
         rm -f $_cfile $_cfile.sig  DOWNLOAD=true
   
         _t=Get/Verify  while getopts DL name
   do
          case "$name" in
          # "download only" means local dir and don't install
          D) LOCALSRC=. INSTALL=false ;;
          L) LOCALSRC=. ;;
          ?) usage 2 ;;
          esac
   done
   shift $((OPTIND - 1))
   
         ! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&  # If we're installing from a local dir
             echo "Cannot fetch SHA256.sig" >&2 && return 1  # we don't want to download anything
   [ "$LOCALSRC" ] && "$INSTALL" && DOWNLOAD=false
   [ "$LOCALSRC" ] || LOCALSRC="$( tmpdir "${DESTDIR}/tmp/fw_install" )"
   
         # Verify signature file with public keys.  CFILE="$LOCALSRC/$CFILE"
         ! signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&  
             echo "Signature check of SHA256.sig failed" >&2 && return 1  
   
         for _d in $_drivers; do  set -A devices -- "$@"
                 _f=$( sed -n "s/.*(\($_d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" | sed '$!d' )  
                 _installed=$(  
                 for fw in "${_pkgdir}/$_d-firmware"*; do  
                         [ -e "$fw" ] || continue  
                         echo ${fw##*/}  
                 done  
                 )  
   
                 for _i in $_installed; do  [ "${devices[*]:-}" ] ||
                         if [ "$_f" = "$_i.tgz" ]; then      set -A devices -- $( devices_needing_firmware )
                                 echo "$_i already installed"  
                                 continue 2  
                         fi  
                 done  
   
                 rm -f /tmp/h /tmp/fail  if [ ! "${devices[*]:-}" ]; then
           echo "No devices found which need firmware files to be downloaded."
           exit
   fi
   
                 # Fetch firmware file and create a checksum by piping through  if "$DOWNLOAD"; then
                 # sha256. Create a flag file in case ftp failed. Firmware          fetch "$CFILE"
                 # from net is written to the prefetch area.          ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
                 ( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |              echo "Signature check of SHA256.sig failed" >&2 && exit 1
                 ( $_srclocal && sha256 -b >/tmp/h ||  fi
                     sha256 -bph /tmp/h >"$_tmpsrc/$_f" )  
   
                 # Handle failed transfer.  for f in "${devices[@]}"; do
                 if [[ -f /tmp/fail ]]; then          d="$( firmware_devicename "$f" )"
                         rm -f "$_tmpsrc/$_f"  
                         echo "Fetching of $_f failed!" >&2  
                         continue  
                 fi  
   
                 # Verify firmware by comparing its checksum with SHA256.          if [ "$f" = "$d" ]; then
                 if ! fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then                  f=$( firmware_filename "$d" || true )
                         [[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"                  [ "$f" ] || continue
                         echo "Checksum test for $_f failed." >&2                  f="$LOCALSRC/$f"
                         continue          elif ! "$INSTALL" && ! grep -Fq "($f)" "$CFILE" ; then
                 fi                  echo "Cannot download local file $f" >&2
                   exit 2
           fi
   
                 # TODO: Check hash for files before deleting          set -A installed -- $( installed_firmware "$d" )
                 if [ "$_installed" ] && [ -e "${_pkgdir}/$_installed/+CONTENTS" ]; then  
                         echo "Uninstalling $_installed"  
                         cwd=${_pkgdir}/$_installed  
   
                         set -A _remove -- "${cwd}/+CONTENTS" "${cwd}"          if "$INSTALL" && [ "${installed[*]:-}" ]; then
                   for i in "${installed[@]}"; do
                           if [ "${f##*/}" = "$i.tgz" ]; then
                                   echo "$i already installed"
                                   continue 2
                           fi
                   done
           fi
   
                         while read c g; do          if [ -e "$f" ]; then
                                 case $c in                  if "$DOWNLOAD"; then
                                 @cwd) cwd="${DESTDIR}/$g"                          echo "Verify existing ${f##*/}"
                                   ;;                          verify "$f" || continue
                                 @*) continue                  # else assume it was verified when downloaded
                                   ;;  
                                 *)  set -A _remove -- "$cwd/$c" "${_remove[@]}"  
                                   ;;  
                                 esac  
                         done < "${_pkgdir}/$_installed/+CONTENTS"  
   
                         # We specifically rm -f here because not removing files/dirs  
                         # is probably not worth failing over.  
                         for _r in "${_remove[@]}" ; do  
                                 if [ -d "$_r" ]; then  
                                         # Try hard not to actually remove recursively  
                                         # without rmdir on the install media.  
                                         [ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r"  
                                 else  
                                         rm -f "$_r"  
                                 fi  
                         done  
                 fi                  fi
           elif "$DOWNLOAD"; then
                   fetch  "$f" || continue
                   verify "$f" || continue
           elif "$INSTALL"; then
                   echo "Cannot install ${f##*/}, not found" >&2
                   continue
           fi
   
                 # TODO: Should we mark these so real fw_update can -Drepair?          "$INSTALL" || continue
                 ftp -D "Install" -Vmo- "file:$_tmpsrc/$_f" |  
                         tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \  
                         -s ",^firmware,${DESTDIR}/etc/firmware," \  
                         -C / -zxphf - "+*" "firmware/*"  
   
                 ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL          if [ "${installed[*]:-}" ]; then
 /^@comment pkgpath/ -1a                  for i in "${installed[@]}"; do
 @option manual-installation                          delete_firmware "$i"
 @option firmware                  done
 @comment install-script          fi
 .  
 w  
 EOL  
         done  
 }  
   
 fw_install "$FWURL"          add_firmware "$f"
   done
   

Legend:
Removed from v.1.47  
changed lines
  Added in v.1.82

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>