version 1.60, 2021/12/09 02:09:52 |
version 1.63, 2021/12/09 02:23:15 |
|
|
fetch() { |
fetch() { |
local _file=$1 _user=_file _exit |
local _file=$1 _user=_file _exit |
|
|
>"$_file" |
|
chown "$_user" "$_file" |
|
|
|
# If we're not in the installer, we have su(1) |
# If we're not in the installer, we have su(1) |
# and doas(1) is unlikely to be configured. |
# and doas(1) is unlikely to be configured. |
if [ -x /usr/bin/su ]; then |
if [ -x /usr/bin/su ]; then |
/usr/bin/su -s /bin/ksh "$_user" -c \ |
/usr/bin/su -s /bin/ksh "$_user" -c \ |
"/usr/bin/ftp -D 'Get/Verify' -Vm \ |
"/usr/bin/ftp -D 'Get/Verify' -Vm \ |
-o '$_file' '${FWURL}/${_file}'" |
-o- '${FWURL}/${_file}'" > "$_file" |
_exit="$?" |
_exit="$?" |
else |
else |
/usr/bin/doas -u "$_user" \ |
/usr/bin/doas -u "$_user" \ |
ftp -D 'Get/Verify' -Vm \ |
ftp -D 'Get/Verify' -Vm \ |
-o "$_file" "${FWURL}/${_file}" |
-o- "${FWURL}/${_file}" > "$_file" |
_exit="$?" |
_exit="$?" |
fi |
fi |
|
|
|
|
echo "Cannot fetch $_file" >&2 |
echo "Cannot fetch $_file" >&2 |
return 1 |
return 1 |
fi |
fi |
|
|
chown root "$_file" |
|
} |
} |
|
|
verify() { |
verify() { |
|
|
cd "$TMPDIR" |
cd "$TMPDIR" |
fi |
fi |
|
|
# To unpriv we need to let the unpriv user into this dir |
|
chmod go+x . |
|
|
|
fetch "$CFILE" |
fetch "$CFILE" |
! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && |
! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && |
echo "Signature check of SHA256.sig failed" >&2 && exit 1 |
echo "Signature check of SHA256.sig failed" >&2 && exit 1 |
|
|
f=$( firmware_filename "$d" || true ) |
f=$( firmware_filename "$d" || true ) |
[ "$f" ] || continue |
[ "$f" ] || continue |
else |
else |
d="${d%:*}" |
d="${d%:*}" |
fi |
fi |
|
|
set -A installed -- $( installed_firmware "$d" ) |
set -A installed -- $( installed_firmware "$d" ) |
|
|
verify "$f" || continue |
verify "$f" || continue |
elif [ "${DOWNLOADDIR:-}" ]; then |
elif [ "${DOWNLOADDIR:-}" ]; then |
echo "Already have $f" |
echo "Already have $f" |
|
verify "$f" || continue |
fi |
fi |
|
|
[ "${DOWNLOADDIR:-}" ] && continue |
[ "${DOWNLOADDIR:-}" ] && continue |