=================================================================== RCS file: /cvs/openbsd/fw_update/fw_install.sh,v retrieving revision 1.61 retrieving revision 1.68 diff -u -r1.61 -r1.68 --- openbsd/fw_update/fw_install.sh 2021/12/09 02:17:15 1.61 +++ openbsd/fw_update/fw_install.sh 2021/12/11 03:56:35 1.68 @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: fw_install.sh,v 1.61 2021/12/09 02:17:15 afresh1 Exp $ +# $OpenBSD: fw_install.sh,v 1.68 2021/12/11 03:56:35 afresh1 Exp $ # # Copyright (c) 2021 Andrew Hewus Fresh # @@ -61,20 +61,17 @@ fetch() { local _file=$1 _user=_file _exit - >"$_file" - chown "$_user" "$_file" - # If we're not in the installer, we have su(1) # and doas(1) is unlikely to be configured. if [ -x /usr/bin/su ]; then /usr/bin/su -s /bin/ksh "$_user" -c \ "/usr/bin/ftp -D 'Get/Verify' -Vm \ - -o '$_file' '${FWURL}/${_file}'" + -o- '${FWURL}/${_file}'" > "$_file" _exit="$?" else /usr/bin/doas -u "$_user" \ ftp -D 'Get/Verify' -Vm \ - -o "$_file" "${FWURL}/${_file}" + -o- "${FWURL}/${_file}" > "$_file" _exit="$?" fi @@ -83,8 +80,6 @@ echo "Cannot fetch $_file" >&2 return 1 fi - - chown root "$_file" } verify() { @@ -187,26 +182,35 @@ } usage() { - echo "Usage: fw_install [ -d dir ] [ driver | file [ ... ] ]" + echo "usage: fw_install [-d dir | -L dir] [driver | file [...]]" exit 2 } -DOWNLOADDIR= -while getopts d: name +INSTALL=true +DOWNLOAD=true +LOCALDIR=false + +while getopts dL name do case "$name" in - d) DOWNLOADDIR=$OPTARG ;; + # "download only" means local dir and don't install + d) LOCALDIR=true INSTALL=false ;; + L) LOCALDIR=true ;; ?) usage 2 ;; esac done shift $((OPTIND - 1)) +# If we're installing from a local dir +# we don't want to download anything +"$LOCALDIR" && "$INSTALL" && DOWNLOAD=false + set -A devices -- "$@" [ "${devices[*]:-}" ] || set -A devices -- $( devices_needing_firmware ) -if [ ! "${devices:-}" ]; then +if [ ! "${devices[*]:-}" ]; then echo "No devices found which need firmware files to be downloaded." exit fi @@ -217,9 +221,8 @@ while (( i < "${#devices[@]}" )); do f="${devices[$i]}" d=$( firmware_devicename "$f" ) - [ "$f" = "$d" ] && f="$( echo "$f"-firmware-*.tgz | sed '$!d' )" if [ -e "$f" ]; then - if [ "${DOWNLOADDIR:-}" ]; then + if "$DOWNLOAD"; then echo "Cannot download local file $f" >&2 exit 2 fi @@ -228,36 +231,29 @@ i=$((i + 1)) done -if [ "$DOWNLOADDIR" ]; then - if ! cd "$DOWNLOADDIR"; then - echo "Unable to use $DOWNLOADDIR, make sure it is a directory" - exit 2 - fi -else - TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" ) - cd "$TMPDIR" +if ! "$LOCALDIR"; then + cd "$( tmpdir "${DESTDIR}/tmp/fw_install" )" fi -# To unpriv we need to let the unpriv user into this dir -chmod go+x . +if "$DOWNLOAD" && ! [[ -e "$CFILE" ]]; then + fetch "$CFILE" + ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && + echo "Signature check of SHA256.sig failed" >&2 && exit 1 +fi -fetch "$CFILE" -! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && - echo "Signature check of SHA256.sig failed" >&2 && exit 1 - for d in "${devices[@]}"; do f="${d##*:}" if [ "$f" = "$d" ]; then f=$( firmware_filename "$d" || true ) [ "$f" ] || continue else - d="${d%:*}" + d="${d%:*}" fi set -A installed -- $( installed_firmware "$d" ) - if [ ! "${DOWNLOADDIR:-}" ] && [ "${installed:-}" ]; then - for i in "${installed[@]:-}"; do + if "$INSTALL" && [ "${installed[*]:-}" ]; then + for i in "${installed[@]}"; do if [ "${f##*/}" = "$i.tgz" ]; then echo "$i already installed" continue 2 @@ -266,16 +262,18 @@ fi if [ ! -e "$f" ]; then + "$INSTALL" && ! "$DOWNLOAD" && + echo "Cannot install $f, not found" >&2 && continue fetch "$f" || continue verify "$f" || continue - elif [ "${DOWNLOADDIR:-}" ]; then + elif $DOWNLOAD; then echo "Already have $f" verify "$f" || continue fi - [ "${DOWNLOADDIR:-}" ] && continue + "$INSTALL" || continue - if [ "${installed:-}" ]; then + if [ "${installed[*]:-}" ]; then for i in "${installed[@]}"; do delete_firmware "$i" done