openbsd/fw_update/fw_install.sh - diff

Return to fw_install.sh CVS log

Up to [local] / openbsd / fw_update

Diff for /openbsd/fw_update/fw_install.sh between version 1.13 and 1.68

-version 1.13, 2021/10/17 20:49:16
+version 1.68, 2021/12/11 03:56:35
 Line 1
 Line 1
 Line 1
  #!/bin/ksh
- set -e
+ #       $OpenBSD$
+ #
+ # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
+ #
+ # Permission to use, copy, modify, and distribute this software for any
+ # purpose with or without fee is hereby granted, provided that the above
+ # copyright notice and this permission notice appear in all copies.
+ #
+ # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- scan_dmesg() {
+ set -o errexit -o pipefail -o nounset
-         # no bsort for now
-         sed -n "$1" /var/run/dmesg.boot
- }
- installed_firmware() {
+ CFILE=SHA256.sig
-         for fw in ${PKGDIR}/$1-firmware*; do
+ DESTDIR=${DESTDIR:-}
-                 [ -e "$fw" ] || continue
+ FWPATTERNS="${DESTDIR}/usr/share/misc/firmware_patterns"
-                 echo ${fw##*/}
-         done
- }
- # tmpdir, do_as, unpriv, and unpriv2 are from install.sub
+ VNAME=${VNAME:-$(sysctl -n kern.osrelease)}
+ VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"}
- # Create a temporary directory based on the supplied directory name prefix.
+ HTTP_FWDIR="$VNAME"
+ VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" \
+     /var/run/dmesg.boot | sed '$!d' )
+ [[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots
+ FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
+ FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
  tmpdir() {
          local _i=1 _dir
-         until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
+         # If we're not in the installer,
-                 ((++_i < 10000)) || return 1
+         # we have mktemp and a more hostile environment
-         done
+         if [ -x /usr/bin/mktemp ]; then
+                 _dir=$( mktemp -d "${1}-XXXXXXXXX" )
+         else
+                 until _dir="${1}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
+                     ((++_i < 10000)) || return 1
+                 done
+         fi
          echo "$_dir"
  }
- # Run a command ($2+) as unprivileged user ($1).
+ realpath () {
- # Take extra care that after "cmd" no "user" processes exist.
+         if [ -x /usr/bin/realpath ]; then
- #
+                 /usr/bin/realpath "$1"
- # Optionally:
+         elif [ "$1" = "${1%/*}" ]; then
- #       - create "file" and chown it to "user"
+                 echo "${PWD}/$1"
- #       - after "cmd", chown "file" back to root
+         else
- #
+                 echo "$( cd "${1%/*}" && pwd )/${1##*/}"
- # Usage: do_as user [-f file] cmd
+         fi
- do_as() {
+ }
-         (( $# >= 2 )) || return
-         local _file _rc _user=$1
+ fetch() {
-         shift
+         local _file=$1 _user=_file _exit
-         if [[ $1 == -f ]]; then
+         # If we're not in the installer, we have su(1)
-                 _file=$2
+         # and doas(1) is unlikely to be configured.
-                 shift 2
+         if [ -x /usr/bin/su ]; then
+                 /usr/bin/su -s /bin/ksh "$_user" -c \
+                     "/usr/bin/ftp -D 'Get/Verify' -Vm \
+                         -o- '${FWURL}/${_file}'" > "$_file"
+                 _exit="$?"
+         else
+                 /usr/bin/doas -u "$_user" \
+                     ftp -D 'Get/Verify' -Vm \
+                         -o- "${FWURL}/${_file}" > "$_file"
+                 _exit="$?"
          fi
-         if [[ -n $_file ]]; then
+         if [ "$_exit" -ne 0 ]; then
-                 >$_file
+                 rm -f "$_file"
-                 chown "$_user" "$_file"
+                 echo "Cannot fetch $_file" >&2
+                 return 1
          fi
+ }
-         doas -u "$_user" "$@"
+ verify() {
-         _rc=$?
+         # On the installer we don't get sha256 -C, so fake it.
+         if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
+                 echo "Checksum test for $1 failed." >&2
+                 return 1
+         fi
+ }
-         while doas -u "$_user" kill -9 -1 2>/dev/null; do
+ devices_needing_firmware() {
-                 echo "Processes still running for user $_user after: $@"
+         local _d _m _grep _dmesgtail _last=''
-                 sleep 1
-         done
-         [[ -n $_file ]] && chown root "$_file"
+         # When we're not in the installer, the dmesg.boot can
+         # contain multiple boots, so only look in the last one
+         _dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )
-         return $_rc
+         grep -v '^[[:space:]]*#' "$FWPATTERNS" |
+             while read -r _d _m; do
+                 _grep="grep"
+                 [ "$_last" = "$_d" ] && continue
+                 [ "$_m" ] || _m="^${_d}[0-9][0-9]* at "
+                 [ "$_m" = "${_m#^}" ] && _grep="fgrep"
+                 echo "$_dmesgtail" | $_grep -q "$_m" || continue
+                 echo "$_d"
+                 _last="$_d"
+         done
  }
- unpriv() {
+ firmware_filename() {
-         do_as _sndio "$@"
+         local _f
+         _f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )"
+         ! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1
+         echo "$_f"
  }
- unpriv2() {
+ firmware_devicename() {
-         do_as _file "$@"
+         local _d="${1##*/}"
+         _d="${_d%-firmware-*}"
+         echo "$_d"
  }
- _issue=
+ installed_firmware() {
- fail() {
+         for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do
-         echo $_issue >&2
+                 [ -e "$fw" ] || continue
-         exit 1
+                 echo "${fw##*/}"
+         done
  }
- VNAME=$(sysctl -n kern.osrelease)
+ add_firmware () {
- VERSION="${VNAME%.*}${VNAME#*.}"
+         local _f="${1##*/}" _pkgdir="${DESTDIR}/var/db/pkg"
- FWDIR="$VNAME"
+         ftp -D "Install" -Vmo- "file:${1}" |
+                 tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \
+                 -s ",^firmware,${DESTDIR}/etc/firmware," \
+                 -C / -zxphf - "+*" "firmware/*"
- HTTP_FWDIR=$FWDIR
+         # TODO: Should we mark these so real fw_update can -Drepair?
- set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p")
+         ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL
- [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots
+ /^@comment pkgpath/ -1a
+ @option manual-installation
+ @option firmware
+ @comment install-script
+ .
+ w
+ EOL
+ }
- FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
+ delete_firmware() {
- FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
+         local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg"
- PKGDIR=${DESTDIR}/var/db/pkg
- PATTERNS="file:${0%/*}/firmware_patterns"
- fw_update() {
+         # TODO: Check hash for files before deleting
-         local _tmpsrc _f _remove _r
+         echo "Uninstalling $_pkg"
-         local _src=$FWURL _t=Get _cfile="/tmp/SHA256" _srclocal=false
+         _cwd="${_pkgdir}/$_pkg"
-         local _drivers=$(
-                 last=''
-                 ftp -D "Detecting" -Vmo- $PATTERNS |
-                 while read d m; do
-                         grep=grep
-                         [ "$last" = "$d" ] && continue
-                         [ "$m" ] || m="^$d[0-9][0-9]* at "
-                         [ "$m" = "${m#^}" ] && grep=fgrep
-                         $grep -q "$m" /var/run/dmesg.boot || continue
-                         echo $d
-                         last=$d
-                 done
-         )
-         if [ -z "$_drivers" ]; then
+         set -A _remove -- "${_cwd}/+CONTENTS" "${_cwd}"
-                 echo "No devices found which need firmware files to be downloaded." >&2
-                 return
-         fi
-         if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then
+         while read -r c g; do
-                 (
+                 case $c in
-                 >$_tmpsrc/t &&
+                 @cwd) _cwd="${DESTDIR}$g"
-                 $_unpriv cat $_tmpsrc/t
+                   ;;
-                 ) >/dev/null 2>&1 ||
+                 @*) continue
-                     rm -r $_tmpsrc
+                   ;;
-         fi
+                 *) set -A _remove -- "$_cwd/$c" "${_remove[@]}"
+                   ;;
+                 esac
+         done < "${_pkgdir}/${_pkg}/+CONTENTS"
-         [[ ! -d $_tmpsrc ]] &&
+         # We specifically rm -f here because not removing files/dirs
-                 _issue="Cannot create prefetch area" && fail
+         # is probably not worth failing over.
+         for _r in "${_remove[@]}" ; do
+                 if [ -d "$_r" ]; then
+                         # Try hard not to actually remove recursively
+                         # without rmdir on the install media.
+                         [ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r"
+                 else
+                         rm -f "$_r"
+                 fi
+         done
+ }
-         ! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&
+ usage() {
-             _issue="Cannot fetch SHA256.sig" && fail
+         echo "usage: fw_install [-d dir | -L dir] [driver | file [...]]"
+         exit 2
+ }
-         # Verify signature file with public keys.
+ INSTALL=true
-         ! unpriv -f "$_cfile" \
+ DOWNLOAD=true
-             signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&
+ LOCALDIR=false
-             _issue="Signature check of SHA256.sig failed" && fail
-         for d in $_drivers; do
+ while getopts dL name
-                 _f=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" )
+ do
-                 installed=$( installed_firmware "$d" )
+        case "$name" in
+        # "download only" means local dir and don't install
+        d) LOCALDIR=true INSTALL=false ;;
+        L) LOCALDIR=true ;;
+        ?) usage 2 ;;
+        esac
+ done
+ shift $((OPTIND - 1))
-                 for i in $installed; do
+ # If we're installing from a local dir
-                         if [ "$_f" = "$i.tgz" ]; then
+ # we don't want to download anything
-                                 echo "Firmware for $d already installed ($installed)"
+ "$LOCALDIR" && "$INSTALL" && DOWNLOAD=false
-                                 continue 2
-                         fi
-                 done
-                 rm -f /tmp/h /tmp/fail
+ set -A devices -- "$@"
-                 _t=Get/Verify
+ [ "${devices[*]:-}" ] ||
-                 # Fetch firmware file and create a checksum by piping through
+     set -A devices -- $( devices_needing_firmware )
-                 # sha256. Create a flag file in case ftp failed. Firmware
-                 # from net is written to the prefetch area.
-                 ( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |
-                 ( $_srclocal && unpriv2 sha256 -b >/tmp/h ||
-                     unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" )
-                 # Handle failed transfer.
+ if [ ! "${devices[*]:-}" ]; then
-                 if [[ -f /tmp/fail ]]; then
+         echo "No devices found which need firmware files to be downloaded."
-                         rm -f "$_tmpsrc/$_f"
+         exit
-                         _issue="Fetching of $_f failed!"
+ fi
-                         fail
-                 fi
-                 # Verify firmware by comparing its checksum with SHA256.
+ # Have to find the full path to firmware files
-                 if fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then
+ # so we can cd and still find them later.
-                         #_unver=$(rmel $_f $_unver)
+ i=0
-                         true
+ while (( i < "${#devices[@]}" )); do
-                 else
+         f="${devices[$i]}"
-                         [[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"
+         d=$( firmware_devicename "$f" )
-                         _issue="Checksum test for $_f failed."
+         if [ -e "$f" ]; then
-                         fail
+                 if "$DOWNLOAD"; then
+                         echo "Cannot download local file $f" >&2
+                         exit 2
                  fi
+                 devices[$i]="$d:$( realpath "$f" )"
+         fi
+         i=$((i + 1))
+ done
-                 # TODO: Check hash for files before deleting
+ if ! "$LOCALDIR"; then
-                 if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then
+         cd "$( tmpdir "${DESTDIR}/tmp/fw_install" )"
-                         echo "Uninstalling $installed"
+ fi
-                         cwd=${PKGDIR}/$installed
-                         set -A _remove -- "${cwd}/+CONTENTS" "${cwd}"
+ if "$DOWNLOAD" && ! [[ -e "$CFILE" ]]; then
+         fetch "$CFILE"
+         ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+             echo "Signature check of SHA256.sig failed" >&2 && exit 1
+ fi
-                         while read c g; do
+ for d in "${devices[@]}"; do
-                                 case $c in
+         f="${d##*:}"
-                                 @cwd) cwd="${DESTDIR}/$g"
+         if [ "$f" = "$d" ]; then
-                                   ;;
+                 f=$( firmware_filename "$d" || true )
-                                 @*) continue
+                 [ "$f" ] || continue
-                                   ;;
+         else
-                                 *)  set -A _remove -- "$cwd/$c" "${_remove[@]}"
+                 d="${d%:*}"
-                                   ;;
+         fi
-                                 esac
-                         done < "${PKGDIR}/$installed/+CONTENTS"
-                         for _r in "${_remove[@]}" ; do
+         set -A installed -- $( installed_firmware "$d" )
-                                 if [ -d "$_r" ]; then
-                                         # Try hard not to actually remove recursively
-                                         # without rmdir on the install media.
-                                         [ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r"
-                                 else
-                                         rm -f "$_r"
-                                 fi
-                         done
-                 fi
-         # TODO: Add some details about the install to +CONTENTS like pkg_add
+         if "$INSTALL" && [ "${installed[*]:-}" ]; then
-         # TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall
+                 for i in "${installed[@]}"; do
-                 echo "Installing $_f"
+                         if [ "${f##*/}" = "$i.tgz" ]; then
-                 tar -zxphf "$_tmpsrc/$_f" -C "${DESTDIR}/etc" "firmware/*"
+                                 echo "$i already installed"
-                 mkdir -p ${PKGDIR}/${_f%.tgz}/
+                                 continue 2
-                 tar -zxphf "$_tmpsrc/$_f" -C "${PKGDIR}/${_f%.tgz}" "+*"
+                         fi
-                 ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <<EOL
+                 done
- /^@comment pkgpath/ -1a
+         fi
- @option manual-installation
- @option firmware
- @comment install-script
- .
- w
- EOL
-         done
- }
- fw_update
+         if [ ! -e "$f" ]; then
+                 "$INSTALL" && ! "$DOWNLOAD" &&
+                     echo "Cannot install $f, not found" >&2 && continue
+                 fetch  "$f" || continue
+                 verify "$f" || continue
+         elif $DOWNLOAD; then
+                 echo "Already have $f"
+                 verify "$f" || continue
+         fi
+         "$INSTALL" || continue
+         if [ "${installed[*]:-}" ]; then
+                 for i in "${installed[@]}"; do
+                         delete_firmware "$i"
+                 done
+         fi
+         add_firmware "$f"
+ done

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>