openbsd/fw_update/fw_install.sh - diff

Return to fw_install.sh CVS log

Up to [local] / openbsd / fw_update

Diff for /openbsd/fw_update/fw_install.sh between version 1.63 and 1.94

version 1.63, 2021/12/09 02:23:15

version 1.94, 2021/12/21 02:16:01

Line 16

# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

set -o errexit -o pipefail -o nounset

set +o monitor

export PATH=/usr/bin:/bin:/usr/sbin:/sbin

CFILE=SHA256.sig

DESTDIR=${DESTDIR:-}

Line 32

Line 34

FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}

FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub

DOWNLOAD=true

INSTALL=true

LOCALSRC=

tmpdir() {

local _i=1 _dir

# If we're not in the installer,

# we have mktemp and a more hostile environment

# we have mktemp and a more hostile environment.

if [ -x /usr/bin/mktemp ]; then

_dir=$( mktemp -d "${1}-XXXXXXXXX" )

else

Line 48

Line 54

echo "$_dir"

}

realpath () {

if [ -x /usr/bin/realpath ]; then

/usr/bin/realpath "$1"

elif [ "$1" = "${1%/*}" ]; then

echo "${PWD}/$1"

else

echo "$( cd "${1%/*}" && pwd )/${1##*/}"

}

fetch() {

local _file=$1 _user=_file _exit

local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _pid _exit _error=''

# If we're not in the installer, we have su(1)

# If we're not in the installer,

# and doas(1) is unlikely to be configured.

# we have su(1) and doas(1) is unlikely to be configured.

set -o monitor # make sure ftp gets its own process group

(

if [ -x /usr/bin/su ]; then

/usr/bin/su -s /bin/ksh "$_user" -c \

exec /usr/bin/su -s /bin/ksh "$_user" -c \

"/usr/bin/ftp -D 'Get/Verify' -Vm \

"/usr/bin/ftp -D 'Get/Verify' -Vm -o- '$_src'" > "$_dst"

-o- '${FWURL}/${_file}'" > "$_file"

_exit="$?"

else

/usr/bin/doas -u "$_user" \

exec /usr/bin/doas -u "$_user" \

ftp -D 'Get/Verify' -Vm \

/usr/bin/ftp -D 'Get/Verify' -Vm -o- "$_src" > "$_dst"

-o- "${FWURL}/${_file}" > "$_file"

_exit="$?"

) & _pid=$!

set +o monitor

trap "kill -TERM '-$_pid'; exit 1" EXIT INT QUIT ABRT TERM

SECONDS=0

_last=0

while kill -0 -"$_pid" 2>/dev/null; do

if [[ $SECONDS -gt 12 ]]; then

set -- $( ls -ln "$_dst" 2>/dev/null )

if [[ $_last -ne $5 ]]; then

_last=$5

SECONDS=0

sleep 1

else

kill -INT -"$_pid"

_error=" (timed out)"

else

sleep 1

done

set +o errexit

wait "$_pid"

_exit=$?

set -o errexit

trap "" EXIT INT QUIT ABRT TERM

if [ "$_exit" -ne 0 ]; then

rm -f "$_file"

rm -f "$_dst"

echo "Cannot fetch $_file" >&2

echo "Cannot fetch $_src$_error" >&2

return 1

}

verify() {

# On the installer we don't get sha256 -C, so fake it.

if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then

if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then

echo "Checksum test for $1 failed." >&2

echo "Checksum test for ${1##*/} failed." >&2

return 1

}

devices_needing_firmware() {

local _d _m _grep _dmesgtail _last=''

local _d _m _line _dmesgtail _last='' _nl=$( echo )

# When we're not in the installer, the dmesg.boot can

# contain multiple boots, so only look in the last one

_dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )

_dmesgtail="$( echo ; sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot |

grep -e "^[a-z][a-z]*[0-9]" -e " not configured " )"

grep -v '^[[:space:]]*#' "$FWPATTERNS" |

while read -r _d _m; do

_grep="grep"

[ "$_d" = "$_last" ] && continue

[ "$_last" = "$_d" ] && continue

[ "$_m" ] || _m="${_nl}${_d}[0-9] at "

[ "$_m" ] || _m="^${_d}[0-9][0-9]* at "

[ "$_m" = "${_m#^}" ] || _m="${_nl}${_m#^}"

[ "$_m" = "${_m#^}" ] && _grep="fgrep"

echo "$_dmesgtail" | $_grep -q "$_m" || continue

if [[ $_dmesgtail = *$_m* ]]; then

echo "$_d"

_last="$_d"

done

}

firmware_filename() {

Line 131

Line 155

}

add_firmware () {

local _f="${1##*/}" _pkgdir="${DESTDIR}/var/db/pkg"

local _f="${1##*/}"

local _pkgdir="${DESTDIR}/var/db/pkg/${_f%.tgz}"

ftp -D "Install" -Vmo- "file:${1}" |

tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \

tar -s ",^\+,${_pkgdir}/+," \

-s ",^firmware,${DESTDIR}/etc/firmware," \

-C / -zxphf - "+*" "firmware/*"

# TODO: Should we mark these so real fw_update can -Drepair?

ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL

ed -s "${_pkgdir}/+CONTENTS" <<EOL

/^@comment pkgpath/ -1a

@option manual-installation

@option firmware

Line 182

Line 207

}

usage() {

echo "Usage: fw_install [ -d dir ] [ driver | file [ ... ] ]"

echo "usage: ${0##*/} [-D | -L] [driver | file ...]"

exit 2

}

DOWNLOADDIR=

OPT_D=

while getopts d: name

OPT_L=

while getopts DL name

case "$name" in

d) DOWNLOADDIR=$OPTARG ;;

D) OPT_D=true ;;

L) OPT_L=true ;;

?) usage 2 ;;

esac

done

shift $((OPTIND - 1))

set -A devices -- "$@"

[ "$OPT_D" ] && [ "$OPT_L" ] && usage 1

[ "${devices[*]:-}" ] ||

if [ "$OPT_D" ]; then

set -A devices -- $( devices_needing_firmware )

# "Download only" means local dir and don't install

INSTALL=false

LOCALSRC=.

elif [ "$OPT_L" ]; then

# "Local" means don't download, install from local dir

DOWNLOAD=false

LOCALSRC=.

else

LOCALSRC="$( tmpdir "${DESTDIR}/tmp/fw_install" )"

if [ ! "${devices:-}" ]; then

CFILE="$LOCALSRC/$CFILE"

echo "No devices found which need firmware files to be downloaded."

exit

if "$INSTALL" && [ -x /usr/bin/id ] && [ $(/usr/bin/id -u) != 0 ]; then

echo "need root privileges" >&2

exit 1

# Have to find the full path to firmware files

set -A devices -- "$@"

# so we can cd and still find them later.

i=0

while (( i < "${#devices[@]}" )); do

f="${devices[$i]}"

d=$( firmware_devicename "$f" )

[ "$f" = "$d" ] && f="$( echo "$f"-firmware-*.tgz | sed '$!d' )"

if [ -e "$f" ]; then

if [ "${DOWNLOADDIR:-}" ]; then

echo "Cannot download local file $f" >&2

exit 2

devices[$i]="$d:$( realpath "$f" )"

i=$((i + 1))

done

if [ "$DOWNLOADDIR" ]; then

if [ ! "${devices[*]:-}" ]; then

if ! cd "$DOWNLOADDIR"; then

echo -n "Detecting firmware ..."

echo "Unable to use $DOWNLOADDIR, make sure it is a directory"

set -A devices -- $( devices_needing_firmware )

exit 2

[ "${devices[*]:-}" ] && echo " found." || echo " done."

else

TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" )

cd "$TMPDIR"

fetch "$CFILE"

[ "${devices[*]:-}" ] || exit

! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&

echo "Signature check of SHA256.sig failed" >&2 && exit 1

for d in "${devices[@]}"; do

if "$DOWNLOAD"; then

f="${d##*:}"

fetch "$CFILE"

! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&

echo "Signature check of SHA256.sig failed" >&2 && exit 1

for f in "${devices[@]}"; do

d="$( firmware_devicename "$f" )"

if [ "$f" = "$d" ]; then

f=$( firmware_filename "$d" || true )

[ "$f" ] || continue

else

f="$LOCALSRC/$f"

d="${d%:*}"

elif ! "$INSTALL" && ! grep -Fq "($f)" "$CFILE" ; then

echo "Cannot download local file $f" >&2

exit 2

set -A installed -- $( installed_firmware "$d" )

if [ ! "${DOWNLOADDIR:-}" ] && [ "${installed:-}" ]; then

if "$INSTALL" && [ "${installed[*]:-}" ]; then

for i in "${installed[@]:-}"; do

for i in "${installed[@]}"; do

if [ "${f##*/}" = "$i.tgz" ]; then

echo "$i already installed"

continue 2

Line 257

Line 283

done

if [ ! -e "$f" ]; then

if [ -e "$f" ]; then

if "$DOWNLOAD"; then

echo "Verify existing ${f##*/}"

verify "$f" || continue

# else assume it was verified when downloaded

elif "$DOWNLOAD"; then

fetch "$f" || continue

verify "$f" || continue

elif [ "${DOWNLOADDIR:-}" ]; then

elif "$INSTALL"; then

echo "Already have $f"

echo "Cannot install ${f##*/}, not found" >&2

verify "$f" || continue

continue

[ "${DOWNLOADDIR:-}" ] && continue

"$INSTALL" || continue

if [ "${installed:-}" ]; then

if [ "${installed[*]:-}" ]; then

for i in "${installed[@]}"; do

delete_firmware "$i"

done

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>