[BACK]Return to fw_install.sh CVS log [TXT][DIR] Up to [local] / openbsd / fw_update

Diff for /openbsd/fw_update/fw_install.sh between version 1.2 and 1.51

version 1.2, 2021/10/05 01:39:05 version 1.51, 2021/12/07 02:42:01
Line 1 
Line 1 
 #!/bin/ksh  #!/bin/ksh
 set -e  #       $OpenBSD$
   #
   # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
   #
   # Permission to use, copy, modify, and distribute this software for any
   # purpose with or without fee is hereby granted, provided that the above
   # copyright notice and this permission notice appear in all copies.
   #
   # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   
 scan_dmesg() {  set -o errexit -o pipefail -o nounset
         # no bsort for now  
         sed -n "$1" /var/run/dmesg.boot  
 }  
   
 installed_firmware() {  CFILE=SHA256.sig
         for fw in ${PKGDIR}/$1-firmware*; do  DESTDIR=${DESTDIR:-}
                 [ -e "$fw" ] || continue  FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns"
                 echo ${fw##*/}  
         done  
 }  
   
 set -A _KERNV -- $( scan_dmesg '/^OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\) .*/ { s//\1 \2/p; q; }' )  VNAME=${VNAME:-$(sysctl -n kern.osrelease)}
 VNAME=${_KERNV[0]}  VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"}
 OSDIR=$VNAME  
 if ((${#_KERNV[*]} > 1)) && [ "$_KERNV[1]" = "-current" -o "$_KERNV[1]" = "-beta" ]; then  
         OSDIR=snapshots  
 fi  
   
 FWURL=http://firmware.openbsd.org/firmware/${OSDIR}  HTTP_FWDIR="$VNAME"
 PKGDIR=${DESTDIR}/var/db/pkg  VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot | sed '$!d' )
 PATTERNS="file:${0%/*}/firmware_patterns"  [[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots
   
 drivers=$(  FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
         last=''  FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
         ftp -D "Detecting" -Vmo- $PATTERNS |  
         while read d m; do  
                 [ "$last" = "$d" ] && continue  
                 [ "$m" ] || m="^$d[0-9][0-9]* at "  
                 grep -q "$m" /var/run/dmesg.boot || continue  
                 echo $d  
                 last=$d  
         done  
 )  
   
 if [ -z "$drivers" ]; then  tmpdir() {
         echo "No devices found which need firmware files to be downloaded." >&2          local _i=1 _dir
         exit 0  
 fi  
   
 tmpdir=${DESTDIR}/tmp/fw_update          # If we're not in the installer,
 [ -e "$tmpdir" ] && rm -rf "$tmpdir"          # we have mktemp and a more hostile environment
 mkdir -p "$tmpdir"          if [ -x /usr/bin/mktemp ]; then
 cd "$tmpdir"                  _dir=$( mktemp -d "${1}-XXXXXXXXX" )
           else
                   until _dir="${1}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
                       ((++_i < 10000)) || return 1
                   done
           fi
   
 # TODO: Drop privs during fetch and verify          echo "$_dir"
 ftp -D Get -Vm "$FWURL/SHA256.sig"  }
   
 # Probably should bundle the firmware sigfile on the installer,  fetch() {
 # although we can just get it from the recently installed system.          local _file=$1 _user=_file _exit
 if [ "$DESTDIR" ]; then  
         sigfile=$( sed -n '/^untrusted comment: verify with \(.*\)$/ { s//\1/p; q; }' SHA256.sig )          >"$_file"
         if [ ! -e "/etc/signify/$sigfile" ] \          chown "$_user" "$_file"
           && [ -e "${DESTDIR}/etc/signify/$sigfile" ]; then  
                 cp -a "${DESTDIR}/etc/signify/$sigfile" "/etc/signify/$sigfile"          # If we're not in the installer, we have su(1)
           # and doas(1) is unlikely to be configured.
           if [ -x /usr/bin/sh ]; then
                   /usr/bin/su -s /bin/ksh "$_user" -c \
                       "/usr/bin/ftp -D 'Get/Verify' -Vm \
                           -o '$_file' '${FWURL}/${_file}'"
                   _exit="$?"
           else
                   /usr/bin/doas -u "$_user" \
                       ftp -D 'Get/Verify' -Vm \
                           -o "$_file" "${FWURL}/${_file}"
                   _exit="$?"
         fi          fi
 fi  
   
 signify -Ve -x SHA256.sig -m - < SHA256.sig > SHA256          if [ "$_exit" -ne 0 ]; then
                   rm -f "$_file"
                   echo "Cannot fetch $_file" >&2
                   return 1
           fi
   
 for d in $drivers; do          chown root "$_file"
         firmware=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" SHA256 )  }
         installed=$( installed_firmware $d )  
   
         for i in $installed; do  verify() {
                 if [ "$firmware" = "$i.tgz" ]; then          # On the installer we don't get sha256 -C, so fake it.
                         echo "Firmware for $d already installed ($installed)"          if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
                         continue 2                  echo "Checksum test for $1 failed." >&2
                 fi                  return 1
         done          fi
   }
   
         mkdir $d  devices_needing_firmware() {
           local _d _m _grep _dmesgtail _last=''
   
         # TODO: Drop privs during fetch and verify          # When we're not in the installer, the dmesg.boot can
         ftp -D "Get/Verify" -Vmo- "$FWURL/$firmware" | sha256 -bph "$d/h" > "$firmware"          # contain multiple boots, so only look in the last one
         fgrep -qx "SHA256 ($firmware) = $(<$d/h)" SHA256          _dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )
   
         # TODO: Check hash for files before deleting          grep -v '^[[:space:]]*#' "$FWPATTERNS" |
         if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then              while read -r _d _m; do
                 echo "Uninstalling $installed"                  _grep="grep"
                 cwd=${PKGDIR}/$installed                  [ "$_last" = "$_d" ] && continue
                   [ "$_m" ] || _m="^${_d}[0-9][0-9]* at "
                   [ "$_m" = "${_m#^}" ] && _grep="fgrep"
   
                 remove="${cwd}/+CONTENTS ${cwd}"                  echo "$_dmesgtail" | $_grep -q "$_m" || continue
                   echo "$_d"
                   _last="$_d"
           done
   }
   
                 while read c g; do  firmware_filename() {
                         case $c in          sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d'
                         @cwd) cwd=$g  }
                           ;;  
                         @*) continue  
                           ;;  
                         *)  remove="$cwd/$c $remove"  
                           ;;  
                         esac  
                 done < "${PKGDIR}/$installed/+CONTENTS"  
   
                 for r in $remove ; do  installed_firmware() {
                         if [ -d "$r" ]; then          for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do
                                 # Try hard not to actually remove recursively                  [ -e "$fw" ] || continue
                                 # without rmdir on the install media.                  echo "${fw##*/}"
                                 [ "$r/*" = $( echo "$r"/* ) ] && rm -rf "$r"          done
                         else  }
                                 rm -f "$r"  
                         fi  
                 done  
         fi  
   
         # TODO: Add some details about the install to +CONTENTS like pkg_add  add_firmware () {
         # TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall          local _f="$1" _pkgdir="${DESTDIR}/var/db/pkg"
         echo "Installing $firmware"          ftp -D "Install" -Vmo- "file:${1}" |
         tar -zxphf "$firmware" -C /etc "firmware/*"                  tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \
         mkdir -p ${PKGDIR}/${firmware%.tgz}/                  -s ",^firmware,${DESTDIR}/etc/firmware," \
         tar -zxphf "$firmware" -C "${PKGDIR}/${firmware%.tgz}" "+*"                  -C / -zxphf - "+*" "firmware/*"
     ed -s "${PKGDIR}/${firmware%.tgz}/+CONTENTS" <<EOL  
           # TODO: Should we mark these so real fw_update can -Drepair?
           ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL
 /^@comment pkgpath/ -1a  /^@comment pkgpath/ -1a
 @option manual-installation  @option manual-installation
 @option firmware  @option firmware
Line 121 
Line 131 
 .  .
 w  w
 EOL  EOL
   }
   
   delete_firmware() {
           local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg"
   
           # TODO: Check hash for files before deleting
           echo "Uninstalling $_pkg"
           _cwd="${_pkgdir}/$_pkg"
   
           set -A _remove -- "${_cwd}/+CONTENTS" "${_cwd}"
   
           while read -r c g; do
                   case $c in
                   @cwd) _cwd="${DESTDIR}$g"
                     ;;
                   @*) continue
                     ;;
                   *)  set -A _remove -- "$_cwd/$c" "${_remove[@]}"
                     ;;
                   esac
           done < "${_pkgdir}/${_pkg}/+CONTENTS"
   
           # We specifically rm -f here because not removing files/dirs
           # is probably not worth failing over.
           for _r in "${_remove[@]}" ; do
                   if [ -d "$_r" ]; then
                           # Try hard not to actually remove recursively
                           # without rmdir on the install media.
                           [ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r"
                   else
                           rm -f "$_r"
                   fi
           done
   }
   
   set -A devices -- $( devices_needing_firmware )
   
   if [ ! "${devices:-}" ]; then
           echo "No devices found which need firmware files to be downloaded."
           exit
   fi
   
   TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" )
   cd "$TMPDIR"
   
   # To unpriv we need to let the unpriv user into this dir
   chmod go+x .
   
   fetch "$CFILE"
   ! signify -Vep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
       echo "Signature check of SHA256.sig failed" >&2 && exit 1
   
   for d in "${devices[@]}"; do
           f=$( firmware_filename "$d" )
           [ "$f" ] || continue
           set -A installed -- $( installed_firmware "$d" )
   
           if [ "${installed:-}" ]; then
                   for i in "${installed[@]:-}"; do
                           if [ "$f" = "$i.tgz" ]; then
                                   echo "$i already installed"
                                   continue 2
                           fi
                   done
           fi
   
           fetch  "$f" || continue
           verify "$f" || continue
   
           if [ "${installed:-}" ]; then
                   for i in "${installed[@]}"; do
                           delete_firmware "$i"
                   done
           fi
   
           add_firmware "$f"
 done  done
   
Legend:
Removed from v.1.2  
changed lines
  Added in v.1.51
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>