[BACK]Return to fw_install.sh CVS log [TXT][DIR] Up to [local] / openbsd / fw_update

Diff for /openbsd/fw_update/fw_install.sh between version 1.9 and 1.57

version 1.9, 2021/10/16 19:42:43 version 1.57, 2021/12/08 03:45:05
Line 1 
Line 1 
 #!/bin/ksh  #!/bin/ksh
 set -e  #       $OpenBSD$
   #
   # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
   #
   # Permission to use, copy, modify, and distribute this software for any
   # purpose with or without fee is hereby granted, provided that the above
   # copyright notice and this permission notice appear in all copies.
   #
   # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   
 scan_dmesg() {  set -o errexit -o pipefail -o nounset
         # no bsort for now  
         sed -n "$1" /var/run/dmesg.boot  
 }  
   
 installed_firmware() {  CFILE=SHA256.sig
         for fw in ${PKGDIR}/$1-firmware*; do  DESTDIR=${DESTDIR:-}
                 [ -e "$fw" ] || continue  FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns"
                 echo ${fw##*/}  
         done  
 }  
   
 # tmpdir, do_as, unpriv, and unpriv2 are from install.sub  VNAME=${VNAME:-$(sysctl -n kern.osrelease)}
   VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"}
   
 # Create a temporary directory based on the supplied directory name prefix.  HTTP_FWDIR="$VNAME"
   VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" \
       /var/run/dmesg.boot | sed '$!d' )
   [[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots
   
   FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
   FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
   
 tmpdir() {  tmpdir() {
         local _i=1 _dir          local _i=1 _dir
   
         until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do          # If we're not in the installer,
                 ((++_i < 10000)) || return 1          # we have mktemp and a more hostile environment
         done          if [ -x /usr/bin/mktemp ]; then
                   _dir=$( mktemp -d "${1}-XXXXXXXXX" )
           else
                   until _dir="${1}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
                       ((++_i < 10000)) || return 1
                   done
           fi
   
         echo "$_dir"          echo "$_dir"
 }  }
   
 # Run a command ($2+) as unprivileged user ($1).  realpath () {
 # Take extra care that after "cmd" no "user" processes exist.          if [ -x /usr/bin/realpath ]; then
 #                  /usr/bin/realpath "$1"
 # Optionally:          elif [ "$1" = "${1%/*}" ]; then
 #       - create "file" and chown it to "user"                  echo "${PWD}/$1"
 #       - after "cmd", chown "file" back to root          else
 #                  echo "$( cd "${1%/*}" && pwd )/${1##*/}"
 # Usage: do_as user [-f file] cmd          fi
 do_as() {  }
         (( $# >= 2 )) || return  
   
         local _file _rc _user=$1  fetch() {
         shift          local _file=$1 _user=_file _exit
   
         if [[ $1 == -f ]]; then          >"$_file"
                 _file=$2          chown "$_user" "$_file"
                 shift 2  
           # If we're not in the installer, we have su(1)
           # and doas(1) is unlikely to be configured.
           if [ -x /usr/bin/su ]; then
                   /usr/bin/su -s /bin/ksh "$_user" -c \
                       "/usr/bin/ftp -D 'Get/Verify' -Vm \
                           -o '$_file' '${FWURL}/${_file}'"
                   _exit="$?"
           else
                   /usr/bin/doas -u "$_user" \
                       ftp -D 'Get/Verify' -Vm \
                           -o "$_file" "${FWURL}/${_file}"
                   _exit="$?"
         fi          fi
   
         if [[ -n $_file ]]; then          if [ "$_exit" -ne 0 ]; then
                 >$_file                  rm -f "$_file"
                 chown "$_user" "$_file"                  echo "Cannot fetch $_file" >&2
                   return 1
         fi          fi
   
         doas -u "$_user" "$@"          chown root "$_file"
         _rc=$?  }
   
         while doas -u "$_user" kill -9 -1 2>/dev/null; do  verify() {
                 echo "Processes still running for user $_user after: $@"          # On the installer we don't get sha256 -C, so fake it.
                 sleep 1          if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
         done                  echo "Checksum test for $1 failed." >&2
                   return 1
           fi
   }
   
         [[ -n $_file ]] && chown root "$_file"  devices_needing_firmware() {
           local _d _m _grep _dmesgtail _last=''
   
         return $_rc          # When we're not in the installer, the dmesg.boot can
 }          # contain multiple boots, so only look in the last one
           _dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )
   
 unpriv() {          grep -v '^[[:space:]]*#' "$FWPATTERNS" |
         do_as _sndio "$@"              while read -r _d _m; do
                   _grep="grep"
                   [ "$_last" = "$_d" ] && continue
                   [ "$_m" ] || _m="^${_d}[0-9][0-9]* at "
                   [ "$_m" = "${_m#^}" ] && _grep="fgrep"
   
                   echo "$_dmesgtail" | $_grep -q "$_m" || continue
                   echo "$_d"
                   _last="$_d"
           done
 }  }
   
 unpriv2() {  firmware_filename() {
         do_as _file "$@"          local _f
           _f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )"
           ! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1
           echo "$_f"
 }  }
   
 _issue=  firmware_devicename() {
 fail() {          local _d="${1##*/}"
         echo $_issue >&2          _d="${_d%-firmware-*}"
         exit 1          echo "$_d"
 }  }
   
 VNAME=$(sysctl -n kern.osrelease)  installed_firmware() {
 VERSION="${VNAME%.*}${VNAME#*.}"          for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do
 FWDIR="$VNAME"                  [ -e "$fw" ] || continue
                   echo "${fw##*/}"
 HTTP_FWDIR=$FWDIR  
 set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p")  
 [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots  
   
 FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}  
 FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub  
 PKGDIR=${DESTDIR}/var/db/pkg  
 PATTERNS="file:${0%/*}/firmware_patterns"  
   
 drivers=$(  
         last=''  
         ftp -D "Detecting" -Vmo- $PATTERNS |  
         while read d m; do  
                 grep=grep  
                 [ "$last" = "$d" ] && continue  
                 [ "$m" ] || m="^$d[0-9][0-9]* at "  
                 [ "$m" = "${m#^}" ] && grep=fgrep  
                 $grep -q "$m" /var/run/dmesg.boot || continue  
                 echo $d  
                 last=$d  
         done          done
 )  }
   
 if [ -z "$drivers" ]; then  add_firmware () {
         echo "No devices found which need firmware files to be downloaded." >&2          local _f="$1" _pkgdir="${DESTDIR}/var/db/pkg"
         exit 0          ftp -D "Install" -Vmo- "file:${1}" |
 fi                  tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \
                   -s ",^firmware,${DESTDIR}/etc/firmware," \
                   -C / -zxphf - "+*" "firmware/*"
   
 _src=$FWURL          # TODO: Should we mark these so real fw_update can -Drepair?
 if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then          ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL
         (  /^@comment pkgpath/ -1a
         >$_tmpsrc/t &&  @option manual-installation
         $_unpriv cat $_tmpsrc/t  @option firmware
         ) >/dev/null 2>&1 ||  @comment install-script
             rm -r $_tmpsrc  .
 fi  w
   EOL
   }
   
 [[ ! -d $_tmpsrc ]] &&  delete_firmware() {
         _issue="Cannot create prefetch area" && fail          local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg"
   
 cd "$_tmpsrc"          # TODO: Check hash for files before deleting
           echo "Uninstalling $_pkg"
           _cwd="${_pkgdir}/$_pkg"
   
 _t=Get          set -A _remove -- "${_cwd}/+CONTENTS" "${_cwd}"
 _cfile="$_tmpsrc/SHA256"  
 _srclocal=false  
   
 ! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&          while read -r c g; do
     _issue="Cannot fetch SHA256.sig" && fail                  case $c in
                   @cwd) _cwd="${DESTDIR}$g"
                     ;;
                   @*) continue
                     ;;
                   *) set -A _remove -- "$_cwd/$c" "${_remove[@]}"
                     ;;
                   esac
           done < "${_pkgdir}/${_pkg}/+CONTENTS"
   
 # Verify signature file with public keys.          # We specifically rm -f here because not removing files/dirs
 ! unpriv -f "$_cfile" \          # is probably not worth failing over.
     signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&          for _r in "${_remove[@]}" ; do
     _issue="Signature check of SHA256.sig failed" && fail                  if [ -d "$_r" ]; then
                           # Try hard not to actually remove recursively
 for d in $drivers; do                          # without rmdir on the install media.
         _f=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" )                          [ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r"
         installed=$( installed_firmware "$d" )                  else
                           rm -f "$_r"
         for i in $installed; do  
                 if [ "$_f" = "$i.tgz" ]; then  
                         echo "Firmware for $d already installed ($installed)"  
                         continue 2  
                 fi                  fi
         done          done
   }
   
         rm -f /tmp/h /tmp/fail  set -A devices -- $( devices_needing_firmware )
   
         _t=Get/Verify  if [ ! "${devices:-}" ]; then
         # Fetch firmware file and create a checksum by piping through          echo "No devices found which need firmware files to be downloaded."
         # sha256. Create a flag file in case ftp failed. Firmware          exit
         # from net is written to the prefetch area.  fi
         ( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |  
         ( $_srclocal && unpriv2 sha256 -b >/tmp/h ||  
             unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" )  
   
         # Handle failed transfer.  TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" )
         if [[ -f /tmp/fail ]]; then  cd "$TMPDIR"
                 rm -f "$_tmpsrc/$_f"  
                 _issue="Fetching of $_f failed!"  
                 fail  
         fi  
   
         # Verify firmware by comparing its checksum with SHA256.  # To unpriv we need to let the unpriv user into this dir
         if fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then  chmod go+x .
                 #_unver=$(rmel $_f $_unver)  
                 true  
         else  
                 [[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"  
                 _issue="Checksum test for $_f failed."  
                 fail  
         fi  
   
         # TODO: Check hash for files before deleting  fetch "$CFILE"
         if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then  ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
                 echo "Uninstalling $installed"      echo "Signature check of SHA256.sig failed" >&2 && exit 1
                 cwd=${PKGDIR}/$installed  
   
                 remove="${cwd}/+CONTENTS ${cwd}"  for d in "${devices[@]}"; do
           f=$( firmware_filename "$d" || true )
           [ "$f" ] || continue
           set -A installed -- $( installed_firmware "$d" )
   
                 while read c g; do          if [ "${installed:-}" ]; then
                         case $c in                  for i in "${installed[@]:-}"; do
                         @cwd) cwd=$g                          if [ "$f" = "$i.tgz" ]; then
                           ;;                                  echo "$i already installed"
                         @*) continue                                  continue 2
                           ;;  
                         *)  remove="$cwd/$c $remove"  
                           ;;  
                         esac  
                 done < "${PKGDIR}/$installed/+CONTENTS"  
   
                 for r in $remove ; do  
                         if [ -d "$r" ]; then  
                                 # Try hard not to actually remove recursively  
                                 # without rmdir on the install media.  
                                 [ "$r/*" = $( echo "$r"/* ) ] && rm -rf "$r"  
                         else  
                                 rm -f "$r"  
                         fi                          fi
                 done                  done
         fi          fi
   
         # TODO: Add some details about the install to +CONTENTS like pkg_add          fetch  "$f" || continue
         # TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall          verify "$f" || continue
         echo "Installing $_f"  
         tar -zxphf "$_f" -C /etc "firmware/*"          if [ "${installed:-}" ]; then
         mkdir -p ${PKGDIR}/${_f%.tgz}/                  for i in "${installed[@]}"; do
         tar -zxphf "$_f" -C "${PKGDIR}/${_f%.tgz}" "+*"                          delete_firmware "$i"
         ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <<EOL                  done
 /^@comment pkgpath/ -1a          fi
 @option manual-installation  
 @option firmware          add_firmware "$f"
 @comment install-script  
 .  
 w  
 EOL  
 done  done
   
Legend:
Removed from v.1.9  
changed lines
  Added in v.1.57
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>