===================================================================
RCS file: /cvs/openbsd/fw_update/fw_install.sh,v
retrieving revision 1.9
retrieving revision 1.14
diff -u -r1.9 -r1.14
--- openbsd/fw_update/fw_install.sh	2021/10/16 19:42:43	1.9
+++ openbsd/fw_update/fw_install.sh	2021/10/17 23:25:14	1.14
@@ -80,6 +80,16 @@
 VERSION="${VNAME%.*}${VNAME#*.}"
 FWDIR="$VNAME"
 
+# TODO: We need the firmware for the system we just installed
+#       not the one we booted from.  For example:
+#       * booting from a snapshot bsd.rd that thinks it is the 7.0 release
+#         will install the firmware from the 7.0 directory instead of
+#         from the snapshots dir.
+#       If they're using sysupgrade, then the installer kernel will be correct.
+#       If we're doing this in the installer we can check what they picked
+#       for downloading sets and use that value.
+#       Otherwise, the fw_update after first boot will fix it up for us.
+
 HTTP_FWDIR=$FWDIR
 set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p")
 [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots
@@ -89,125 +99,121 @@
 PKGDIR=${DESTDIR}/var/db/pkg
 PATTERNS="file:${0%/*}/firmware_patterns"
 
-drivers=$(
-	last=''
-	ftp -D "Detecting" -Vmo- $PATTERNS |
-	while read d m; do
-		grep=grep
-		[ "$last" = "$d" ] && continue
-		[ "$m" ] || m="^$d[0-9][0-9]* at "
-		[ "$m" = "${m#^}" ] && grep=fgrep
-		$grep -q "$m" /var/run/dmesg.boot || continue
-		echo $d
-		last=$d
-	done
-)
+fw_update() {
+	local _tmpsrc _f _remove _r
+	local _src=$FWURL _t=Get _cfile="/tmp/SHA256" _srclocal=false
+	local _drivers=$(
+		last=''
+		ftp -D "Detecting" -Vmo- $PATTERNS |
+		while read d m; do
+			grep=grep
+			[ "$last" = "$d" ] && continue
+			[ "$m" ] || m="^$d[0-9][0-9]* at "
+			[ "$m" = "${m#^}" ] && grep=fgrep
+			$grep -q "$m" /var/run/dmesg.boot || continue
+			echo $d
+			last=$d
+		done
+	)
 
-if [ -z "$drivers" ]; then
-	echo "No devices found which need firmware files to be downloaded." >&2
-	exit 0
-fi
+	if [ -z "$_drivers" ]; then
+		echo "No devices found which need firmware files to be downloaded." >&2
+		return
+	fi
 
-_src=$FWURL
-if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then
-	(
-	>$_tmpsrc/t &&
-	$_unpriv cat $_tmpsrc/t
-	) >/dev/null 2>&1 ||
-	    rm -r $_tmpsrc
-fi
+	if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then
+		(
+		>$_tmpsrc/t &&
+		$_unpriv cat $_tmpsrc/t
+		) >/dev/null 2>&1 ||
+		    rm -r $_tmpsrc
+	fi
 
-[[ ! -d $_tmpsrc ]] &&
-	_issue="Cannot create prefetch area" && fail
+	[[ ! -d $_tmpsrc ]] &&
+		_issue="Cannot create prefetch area" && fail
 
-cd "$_tmpsrc"
+	! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&
+	    _issue="Cannot fetch SHA256.sig" && fail
 
-_t=Get
-_cfile="$_tmpsrc/SHA256"
-_srclocal=false
+	# Verify signature file with public keys.
+	! unpriv -f "$_cfile" \
+	    signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&
+	    _issue="Signature check of SHA256.sig failed" && fail
 
-! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&
-    _issue="Cannot fetch SHA256.sig" && fail
+	for d in $_drivers; do
+		_f=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" )
+		installed=$( installed_firmware "$d" )
 
-# Verify signature file with public keys.
-! unpriv -f "$_cfile" \
-    signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&
-    _issue="Signature check of SHA256.sig failed" && fail
+		for i in $installed; do
+			if [ "$_f" = "$i.tgz" ]; then
+				echo "Firmware for $d already installed ($installed)"
+				continue 2
+			fi
+		done
 
-for d in $drivers; do
-	_f=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" )
-	installed=$( installed_firmware "$d" )
+		rm -f /tmp/h /tmp/fail
 
-	for i in $installed; do
-		if [ "$_f" = "$i.tgz" ]; then
-			echo "Firmware for $d already installed ($installed)"
-			continue 2
+		_t=Get/Verify
+		# Fetch firmware file and create a checksum by piping through
+		# sha256. Create a flag file in case ftp failed. Firmware
+		# from net is written to the prefetch area.
+		( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |
+		( $_srclocal && unpriv2 sha256 -b >/tmp/h ||
+		    unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" )
+
+		# Handle failed transfer.
+		if [[ -f /tmp/fail ]]; then
+			rm -f "$_tmpsrc/$_f"
+			_issue="Fetching of $_f failed!"
+			fail
 		fi
-	done
 
-	rm -f /tmp/h /tmp/fail
+		# Verify firmware by comparing its checksum with SHA256.
+		if fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then
+			#_unver=$(rmel $_f $_unver)
+			true
+		else
+			[[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"
+			_issue="Checksum test for $_f failed."
+			fail
+		fi
 
-	_t=Get/Verify
-	# Fetch firmware file and create a checksum by piping through
-	# sha256. Create a flag file in case ftp failed. Firmware
-	# from net is written to the prefetch area.
-	( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |
-	( $_srclocal && unpriv2 sha256 -b >/tmp/h ||
-	    unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" )
+		# TODO: Check hash for files before deleting
+		if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then
+			echo "Uninstalling $installed"
+			cwd=${PKGDIR}/$installed
 
-	# Handle failed transfer.
-	if [[ -f /tmp/fail ]]; then
-		rm -f "$_tmpsrc/$_f"
-		_issue="Fetching of $_f failed!"
-		fail
-	fi
+			set -A _remove -- "${cwd}/+CONTENTS" "${cwd}"
 
-	# Verify firmware by comparing its checksum with SHA256.
-	if fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then
-		#_unver=$(rmel $_f $_unver)
-		true
-	else
-		[[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"
-		_issue="Checksum test for $_f failed."
-		fail
-	fi
+			while read c g; do
+				case $c in
+				@cwd) cwd="${DESTDIR}/$g"
+				  ;;
+				@*) continue
+				  ;;
+				*)  set -A _remove -- "$cwd/$c" "${_remove[@]}"
+				  ;;
+				esac
+			done < "${PKGDIR}/$installed/+CONTENTS"
 
-	# TODO: Check hash for files before deleting
-	if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then
-		echo "Uninstalling $installed"
-		cwd=${PKGDIR}/$installed
+			for _r in "${_remove[@]}" ; do
+				if [ -d "$_r" ]; then
+					# Try hard not to actually remove recursively
+					# without rmdir on the install media.
+					[ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r"
+				else
+					rm -f "$_r"
+				fi
+			done
+		fi
 
-		remove="${cwd}/+CONTENTS ${cwd}"
-
-		while read c g; do
-			case $c in
-			@cwd) cwd=$g
-			  ;;
-			@*) continue
-			  ;;
-			*)  remove="$cwd/$c $remove"
-			  ;;
-			esac
-		done < "${PKGDIR}/$installed/+CONTENTS"
-
-		for r in $remove ; do
-			if [ -d "$r" ]; then
-				# Try hard not to actually remove recursively
-				# without rmdir on the install media.
-				[ "$r/*" = $( echo "$r"/* ) ] && rm -rf "$r"
-			else
-				rm -f "$r"
-			fi
-		done
-	fi
-
-	# TODO: Add some details about the install to +CONTENTS like pkg_add
-	# TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall
-	echo "Installing $_f"
-	tar -zxphf "$_f" -C /etc "firmware/*"
-	mkdir -p ${PKGDIR}/${_f%.tgz}/
-	tar -zxphf "$_f" -C "${PKGDIR}/${_f%.tgz}" "+*"
-	ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <<EOL
+        # TODO: Add some details about the install to +CONTENTS like pkg_add
+        # TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall
+		echo "Installing $_f"
+		tar -zxphf "$_tmpsrc/$_f" -C "${DESTDIR}/etc" "firmware/*"
+		mkdir -p ${PKGDIR}/${_f%.tgz}/
+		tar -zxphf "$_tmpsrc/$_f" -C "${PKGDIR}/${_f%.tgz}" "+*"
+		ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <<EOL
 /^@comment pkgpath/ -1a
 @option manual-installation
 @option firmware
@@ -215,5 +221,7 @@
 .
 w
 EOL
-done
+	done
+}
 
+fw_update