| version 1.7, 2021/10/14 03:00:02 |
version 1.18, 2021/10/18 00:33:07 |
|
|
| done |
done |
| } |
} |
| |
|
| # do_as, unpriv, and unpriv2 are from install.sub |
# tmpdir, do_as, unpriv, and unpriv2 are from install.sub |
| |
|
| |
# Create a temporary directory based on the supplied directory name prefix. |
| |
tmpdir() { |
| |
local _i=1 _dir |
| |
|
| |
until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do |
| |
((++_i < 10000)) || return 1 |
| |
done |
| |
echo "$_dir" |
| |
} |
| |
|
| # Run a command ($2+) as unprivileged user ($1). |
# Run a command ($2+) as unprivileged user ($1). |
| # Take extra care that after "cmd" no "user" processes exist. |
# Take extra care that after "cmd" no "user" processes exist. |
| # |
# |
|
|
| do_as _file "$@" |
do_as _file "$@" |
| } |
} |
| |
|
| |
_issue= |
| |
fail() { |
| |
echo $_issue >&2 |
| |
exit 1 |
| |
} |
| |
|
| VNAME=$(sysctl -n kern.osrelease) |
VNAME=$(sysctl -n kern.osrelease) |
| VERSION="${VNAME%.*}${VNAME#*.}" |
VERSION="${VNAME%.*}${VNAME#*.}" |
| FWDIR="$VNAME" |
FWDIR="$VNAME" |
| |
|
| |
# TODO: We need the firmware for the system we just installed |
| |
# not the one we booted from. For example: |
| |
# * booting from a snapshot bsd.rd that thinks it is the 7.0 release |
| |
# will install the firmware from the 7.0 directory instead of |
| |
# from the snapshots dir. |
| |
# If they're using sysupgrade, then the installer kernel will be correct. |
| |
# If we're doing this in the installer we can check what they picked |
| |
# for downloading sets and use that value. |
| |
# Otherwise, the fw_update after first boot will fix it up for us. |
| |
|
| HTTP_FWDIR=$FWDIR |
HTTP_FWDIR=$FWDIR |
| set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p") |
set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p") |
| [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots |
[[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots |
|
|
| PKGDIR=${DESTDIR}/var/db/pkg |
PKGDIR=${DESTDIR}/var/db/pkg |
| PATTERNS="file:${0%/*}/firmware_patterns" |
PATTERNS="file:${0%/*}/firmware_patterns" |
| |
|
| drivers=$( |
fw_update() { |
| last='' |
local _tmpsrc _f _r _remove _i _installed |
| ftp -D "Detecting" -Vmo- $PATTERNS | |
local _src=$FWURL _t=Get _cfile="/tmp/SHA256" _srclocal=false |
| while read d m; do |
local _d _drivers=$( |
| grep=grep |
last='' |
| [ "$last" = "$d" ] && continue |
ftp -D "Detecting" -Vmo- $PATTERNS | |
| [ "$m" ] || m="^$d[0-9][0-9]* at " |
while read _d _m; do |
| [ "$m" = "${m#^}" ] && grep=fgrep |
grep=grep |
| $grep -q "$m" /var/run/dmesg.boot || continue |
[ "$last" = "$_d" ] && continue |
| echo $d |
[ "$_m" ] || _m="^$_d[0-9][0-9]* at " |
| last=$d |
[ "$_m" = "${_m#^}" ] && grep=fgrep |
| done |
$grep -q "$_m" /var/run/dmesg.boot || continue |
| ) |
echo $_d |
| |
last=$_d |
| |
done |
| |
) |
| |
|
| if [ -z "$drivers" ]; then |
if [ -z "$_drivers" ]; then |
| echo "No devices found which need firmware files to be downloaded." >&2 |
echo "No devices found which need firmware files to be downloaded." >&2 |
| exit 0 |
return |
| fi |
fi |
| |
|
| tmpdir=${DESTDIR}/tmp/fw_update |
if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then |
| [ -e "$tmpdir" ] && rm -rf "$tmpdir" |
( |
| mkdir -p "$tmpdir" |
>$_tmpsrc/t && |
| cd "$tmpdir" |
$_unpriv cat $_tmpsrc/t |
| |
) >/dev/null 2>&1 || |
| |
rm -r $_tmpsrc |
| |
fi |
| |
|
| # TODO: Drop privs during fetch and verify |
[[ ! -d $_tmpsrc ]] && |
| ftp -D Get -Vm "$FWURL/SHA256.sig" |
_issue="Cannot create prefetch area" && fail |
| |
|
| # Probably should bundle the firmware sigfile on the installer, |
# Cleanup from previous runs. |
| # although we can just get it from the recently installed system. |
rm -f $_cfile $_cfile.sig |
| if [ "$DESTDIR" ]; then |
|
| sigfile=$( sed -n '/^untrusted comment: verify with \(.*\)$/ { s//\1/p; q; }' SHA256.sig ) |
|
| if [ ! -e "/etc/signify/$sigfile" ] \ |
|
| && [ -e "${DESTDIR}/etc/signify/$sigfile" ]; then |
|
| cp -a "${DESTDIR}/etc/signify/$sigfile" "/etc/signify/$sigfile" |
|
| fi |
|
| fi |
|
| |
|
| signify -Ve -x SHA256.sig -m - < SHA256.sig > SHA256 |
_t=Get/Verify |
| |
|
| for d in $drivers; do |
! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" && |
| firmware=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" SHA256 ) |
_issue="Cannot fetch SHA256.sig" && fail |
| installed=$( installed_firmware $d ) |
|
| |
|
| for i in $installed; do |
# Verify signature file with public keys. |
| if [ "$firmware" = "$i.tgz" ]; then |
! unpriv -f "$_cfile" \ |
| echo "Firmware for $d already installed ($installed)" |
signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && |
| continue 2 |
_issue="Signature check of SHA256.sig failed" && fail |
| fi |
|
| done |
|
| |
|
| mkdir $d |
for _d in $_drivers; do |
| |
_f=$( sed -n "s/.*(\($_d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" ) |
| |
_installed=$( installed_firmware "$_d" ) |
| |
|
| # TODO: Drop privs during fetch and verify |
for _i in $_installed; do |
| ftp -D "Get/Verify" -Vmo- "$FWURL/$firmware" | sha256 -bph "$d/h" > "$firmware" |
if [ "$_f" = "$_i.tgz" ]; then |
| fgrep -qx "SHA256 ($firmware) = $(<$d/h)" SHA256 |
echo "Firmware for $_d already installed ($_installed)" |
| |
continue 2 |
| |
fi |
| |
done |
| |
|
| # TODO: Check hash for files before deleting |
rm -f /tmp/h /tmp/fail |
| if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then |
|
| echo "Uninstalling $installed" |
|
| cwd=${PKGDIR}/$installed |
|
| |
|
| remove="${cwd}/+CONTENTS ${cwd}" |
# Fetch firmware file and create a checksum by piping through |
| |
# sha256. Create a flag file in case ftp failed. Firmware |
| |
# from net is written to the prefetch area. |
| |
( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | |
| |
( $_srclocal && unpriv2 sha256 -b >/tmp/h || |
| |
unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) |
| |
|
| while read c g; do |
# Handle failed transfer. |
| case $c in |
if [[ -f /tmp/fail ]]; then |
| @cwd) cwd=$g |
rm -f "$_tmpsrc/$_f" |
| ;; |
_issue="Fetching of $_f failed!" |
| @*) continue |
fail |
| ;; |
fi |
| *) remove="$cwd/$c $remove" |
|
| ;; |
|
| esac |
|
| done < "${PKGDIR}/$installed/+CONTENTS" |
|
| |
|
| for r in $remove ; do |
# Verify firmware by comparing its checksum with SHA256. |
| if [ -d "$r" ]; then |
if fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then |
| # Try hard not to actually remove recursively |
#_unver=$(rmel $_f $_unver) |
| # without rmdir on the install media. |
true |
| [ "$r/*" = $( echo "$r"/* ) ] && rm -rf "$r" |
else |
| else |
[[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc" |
| rm -f "$r" |
_issue="Checksum test for $_f failed." |
| fi |
fail |
| done |
fi |
| fi |
|
| |
|
| # TODO: Add some details about the install to +CONTENTS like pkg_add |
# TODO: Check hash for files before deleting |
| # TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall |
if [ "$_installed" ] && [ -e "${PKGDIR}/$_installed/+CONTENTS" ]; then |
| echo "Installing $firmware" |
echo "Uninstalling $_installed" |
| tar -zxphf "$firmware" -C /etc "firmware/*" |
cwd=${PKGDIR}/$_installed |
| mkdir -p ${PKGDIR}/${firmware%.tgz}/ |
|
| tar -zxphf "$firmware" -C "${PKGDIR}/${firmware%.tgz}" "+*" |
set -A _remove -- "${cwd}/+CONTENTS" "${cwd}" |
| ed -s "${PKGDIR}/${firmware%.tgz}/+CONTENTS" <<EOL |
|
| |
while read c g; do |
| |
case $c in |
| |
@cwd) cwd="${DESTDIR}/$g" |
| |
;; |
| |
@*) continue |
| |
;; |
| |
*) set -A _remove -- "$cwd/$c" "${_remove[@]}" |
| |
;; |
| |
esac |
| |
done < "${PKGDIR}/$_installed/+CONTENTS" |
| |
|
| |
for _r in "${_remove[@]}" ; do |
| |
if [ -d "$_r" ]; then |
| |
# Try hard not to actually remove recursively |
| |
# without rmdir on the install media. |
| |
[ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r" |
| |
else |
| |
rm -f "$_r" |
| |
fi |
| |
done |
| |
fi |
| |
|
| |
# TODO: Add some details about the install to +CONTENTS like pkg_add |
| |
# TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall |
| |
echo "Installing $_f" |
| |
tar -zxphf "$_tmpsrc/$_f" -C "${DESTDIR}/etc" "firmware/*" |
| |
mkdir -p ${PKGDIR}/${_f%.tgz}/ |
| |
tar -zxphf "$_tmpsrc/$_f" -C "${PKGDIR}/${_f%.tgz}" "+*" |
| |
ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <<EOL |
| /^@comment pkgpath/ -1a |
/^@comment pkgpath/ -1a |
| @option manual-installation |
@option manual-installation |
| @option firmware |
@option firmware |
|
|
| . |
. |
| w |
w |
| EOL |
EOL |
| done |
done |
| |
} |
| |
|
| |
fw_update |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to fw_install.sh CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [local] / openbsd / fw_update