openbsd/fw_update/fw_install.sh - diff

Return to fw_install.sh CVS log

Up to [local] / openbsd / fw_update

Diff for /openbsd/fw_update/fw_install.sh between version 1.12 and 1.51

-version 1.12, 2021/10/17 20:29:01
+version 1.51, 2021/12/07 02:42:01
 Line 1
 Line 1
 Line 1
  #!/bin/ksh
- set -e
+ #       $OpenBSD$
+ #
+ # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
+ #
+ # Permission to use, copy, modify, and distribute this software for any
+ # purpose with or without fee is hereby granted, provided that the above
+ # copyright notice and this permission notice appear in all copies.
+ #
+ # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- scan_dmesg() {
+ set -o errexit -o pipefail -o nounset
-         # no bsort for now
-         sed -n "$1" /var/run/dmesg.boot
- }
- installed_firmware() {
+ CFILE=SHA256.sig
-         for fw in ${PKGDIR}/$1-firmware*; do
+ DESTDIR=${DESTDIR:-}
-                 [ -e "$fw" ] || continue
+ FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns"
-                 echo ${fw##*/}
-         done
- }
- # tmpdir, do_as, unpriv, and unpriv2 are from install.sub
+ VNAME=${VNAME:-$(sysctl -n kern.osrelease)}
+ VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"}
- # Create a temporary directory based on the supplied directory name prefix.
+ HTTP_FWDIR="$VNAME"
+ VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot | sed '$!d' )
+ [[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots
+ FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
+ FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
  tmpdir() {
          local _i=1 _dir
-         until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
+         # If we're not in the installer,
-                 ((++_i < 10000)) || return 1
+         # we have mktemp and a more hostile environment
-         done
+         if [ -x /usr/bin/mktemp ]; then
+                 _dir=$( mktemp -d "${1}-XXXXXXXXX" )
+         else
+                 until _dir="${1}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
+                     ((++_i < 10000)) || return 1
+                 done
+         fi
          echo "$_dir"
  }
- # Run a command ($2+) as unprivileged user ($1).
+ fetch() {
- # Take extra care that after "cmd" no "user" processes exist.
+         local _file=$1 _user=_file _exit
- #
- # Optionally:
- #       - create "file" and chown it to "user"
- #       - after "cmd", chown "file" back to root
- #
- # Usage: do_as user [-f file] cmd
- do_as() {
-         (( $# >= 2 )) || return
-         local _file _rc _user=$1
+         >"$_file"
-         shift
+         chown "$_user" "$_file"
-         if [[ $1 == -f ]]; then
+         # If we're not in the installer, we have su(1)
-                 _file=$2
+         # and doas(1) is unlikely to be configured.
-                 shift 2
+         if [ -x /usr/bin/sh ]; then
+                 /usr/bin/su -s /bin/ksh "$_user" -c \
+                     "/usr/bin/ftp -D 'Get/Verify' -Vm \
+                         -o '$_file' '${FWURL}/${_file}'"
+                 _exit="$?"
+         else
+                 /usr/bin/doas -u "$_user" \
+                     ftp -D 'Get/Verify' -Vm \
+                         -o "$_file" "${FWURL}/${_file}"
+                 _exit="$?"
          fi
-         if [[ -n $_file ]]; then
+         if [ "$_exit" -ne 0 ]; then
-                 >$_file
+                 rm -f "$_file"
-                 chown "$_user" "$_file"
+                 echo "Cannot fetch $_file" >&2
+                 return 1
          fi
-         doas -u "$_user" "$@"
+         chown root "$_file"
-         _rc=$?
+ }
-         while doas -u "$_user" kill -9 -1 2>/dev/null; do
+ verify() {
-                 echo "Processes still running for user $_user after: $@"
+         # On the installer we don't get sha256 -C, so fake it.
-                 sleep 1
+         if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
-         done
+                 echo "Checksum test for $1 failed." >&2
+                 return 1
+         fi
+ }
-         [[ -n $_file ]] && chown root "$_file"
+ devices_needing_firmware() {
+         local _d _m _grep _dmesgtail _last=''
-         return $_rc
+         # When we're not in the installer, the dmesg.boot can
+         # contain multiple boots, so only look in the last one
+         _dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )
+         grep -v '^[[:space:]]*#' "$FWPATTERNS" |
+             while read -r _d _m; do
+                 _grep="grep"
+                 [ "$_last" = "$_d" ] && continue
+                 [ "$_m" ] || _m="^${_d}[0-9][0-9]* at "
+                 [ "$_m" = "${_m#^}" ] && _grep="fgrep"
+                 echo "$_dmesgtail" | $_grep -q "$_m" || continue
+                 echo "$_d"
+                 _last="$_d"
+         done
  }
- unpriv() {
+ firmware_filename() {
-         do_as _sndio "$@"
+         sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d'
  }
- unpriv2() {
+ installed_firmware() {
-         do_as _file "$@"
+         for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do
+                 [ -e "$fw" ] || continue
+                 echo "${fw##*/}"
+         done
  }
- _issue=
+ add_firmware () {
- fail() {
+         local _f="$1" _pkgdir="${DESTDIR}/var/db/pkg"
-         echo $_issue >&2
+         ftp -D "Install" -Vmo- "file:${1}" |
-         exit 1
+                 tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \
+                 -s ",^firmware,${DESTDIR}/etc/firmware," \
+                 -C / -zxphf - "+*" "firmware/*"
+         # TODO: Should we mark these so real fw_update can -Drepair?
+         ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL
+ /^@comment pkgpath/ -1a
+ @option manual-installation
+ @option firmware
+ @comment install-script
+ .
+ w
+ EOL
  }
- VNAME=$(sysctl -n kern.osrelease)
+ delete_firmware() {
- VERSION="${VNAME%.*}${VNAME#*.}"
+         local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg"
- FWDIR="$VNAME"
- HTTP_FWDIR=$FWDIR
+         # TODO: Check hash for files before deleting
- set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p")
+         echo "Uninstalling $_pkg"
- [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots
+         _cwd="${_pkgdir}/$_pkg"
- FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
+         set -A _remove -- "${_cwd}/+CONTENTS" "${_cwd}"
- FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
- PKGDIR=${DESTDIR}/var/db/pkg
- PATTERNS="file:${0%/*}/firmware_patterns"
- fw_update() {
+         while read -r c g; do
-         local _tmpsrc _f _remove _r
+                 case $c in
-         local _src=$FWURL _t=Get _cfile="/tmp/SHA256" _srclocal=false
+                 @cwd) _cwd="${DESTDIR}$g"
-         local _drivers=$(
+                   ;;
-                 last=''
+                 @*) continue
-                 ftp -D "Detecting" -Vmo- $PATTERNS |
+                   ;;
-                 while read d m; do
+                 *)  set -A _remove -- "$_cwd/$c" "${_remove[@]}"
-                         grep=grep
+                   ;;
-                         [ "$last" = "$d" ] && continue
+                 esac
-                         [ "$m" ] || m="^$d[0-9][0-9]* at "
+         done < "${_pkgdir}/${_pkg}/+CONTENTS"
-                         [ "$m" = "${m#^}" ] && grep=fgrep
-                         $grep -q "$m" /var/run/dmesg.boot || continue
-                         echo $d
-                         last=$d
-                 done
-         )
-         if [ -z "$_drivers" ]; then
+         # We specifically rm -f here because not removing files/dirs
-                 echo "No devices found which need firmware files to be downloaded." >&2
+         # is probably not worth failing over.
-                 return
+         for _r in "${_remove[@]}" ; do
-         fi
+                 if [ -d "$_r" ]; then
+                         # Try hard not to actually remove recursively
+                         # without rmdir on the install media.
+                         [ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r"
+                 else
+                         rm -f "$_r"
+                 fi
+         done
+ }
-         if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then
+ set -A devices -- $( devices_needing_firmware )
-                 (
-                 >$_tmpsrc/t &&
-                 $_unpriv cat $_tmpsrc/t
-                 ) >/dev/null 2>&1 ||
-                     rm -r $_tmpsrc
-         fi
-         [[ ! -d $_tmpsrc ]] &&
+ if [ ! "${devices:-}" ]; then
-                 _issue="Cannot create prefetch area" && fail
+         echo "No devices found which need firmware files to be downloaded."
+         exit
+ fi
-         ! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&
+ TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" )
-             _issue="Cannot fetch SHA256.sig" && fail
+ cd "$TMPDIR"
-         # Verify signature file with public keys.
+ # To unpriv we need to let the unpriv user into this dir
-         ! unpriv -f "$_cfile" \
+ chmod go+x .
-             signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&
-             _issue="Signature check of SHA256.sig failed" && fail
-         for d in $_drivers; do
+ fetch "$CFILE"
-                 _f=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" )
+ ! signify -Vep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
-                 installed=$( installed_firmware "$d" )
+     echo "Signature check of SHA256.sig failed" >&2 && exit 1
-                 for i in $installed; do
+ for d in "${devices[@]}"; do
-                         if [ "$_f" = "$i.tgz" ]; then
+         f=$( firmware_filename "$d" )
-                                 echo "Firmware for $d already installed ($installed)"
+         [ "$f" ] || continue
+         set -A installed -- $( installed_firmware "$d" )
+         if [ "${installed:-}" ]; then
+                 for i in "${installed[@]:-}"; do
+                         if [ "$f" = "$i.tgz" ]; then
+                                 echo "$i already installed"
                                  continue 2
                          fi
                  done
+         fi
-                 rm -f /tmp/h /tmp/fail
+         fetch  "$f" || continue
+         verify "$f" || continue
-                 _t=Get/Verify
+         if [ "${installed:-}" ]; then
-                 # Fetch firmware file and create a checksum by piping through
+                 for i in "${installed[@]}"; do
-                 # sha256. Create a flag file in case ftp failed. Firmware
+                         delete_firmware "$i"
-                 # from net is written to the prefetch area.
+                 done
-                 ( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |
+         fi
-                 ( $_srclocal && unpriv2 sha256 -b >/tmp/h ||
-                     unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" )
-                 # Handle failed transfer.
+         add_firmware "$f"
-                 if [[ -f /tmp/fail ]]; then
+ done
-                         rm -f "$_tmpsrc/$_f"
-                         _issue="Fetching of $_f failed!"
-                         fail
-                 fi
-                 # Verify firmware by comparing its checksum with SHA256.
-                 if fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then
-                         #_unver=$(rmel $_f $_unver)
-                         true
-                 else
-                         [[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"
-                         _issue="Checksum test for $_f failed."
-                         fail
-                 fi
-                 # TODO: Check hash for files before deleting
-                 if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then
-                         echo "Uninstalling $installed"
-                         cwd=${PKGDIR}/$installed
-                         set -A _remove -- "${cwd}/+CONTENTS" "${cwd}"
-                         while read c g; do
-                                 case $c in
-                                 @cwd) cwd=$g
-                                   ;;
-                                 @*) continue
-                                   ;;
-                                 *)  set -A _remove -- "$cwd/$c" "${_remove[@]}"
-                                   ;;
-                                 esac
-                         done < "${PKGDIR}/$installed/+CONTENTS"
-                         for _r in "${_remove[@]}" ; do
-                                 if [ -d "$_r" ]; then
-                                         # Try hard not to actually remove recursively
-                                         # without rmdir on the install media.
-                                         [ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r"
-                                 else
-                                         rm -f "$_r"
-                                 fi
-                         done
-                 fi
-         # TODO: Add some details about the install to +CONTENTS like pkg_add
-         # TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall
-                 echo "Installing $_f"
-                 tar -zxphf "$_tmpsrc/$_f" -C /etc "firmware/*"
-                 mkdir -p ${PKGDIR}/${_f%.tgz}/
-                 tar -zxphf "$_tmpsrc/$_f" -C "${PKGDIR}/${_f%.tgz}" "+*"
-                 ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <<EOL
- /^@comment pkgpath/ -1a
- @option manual-installation
- @option firmware
- @comment install-script
- .
- w
- EOL
-         done
- }
- fw_update

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>