===================================================================
RCS file: /cvs/openbsd/fw_update/fw_install.sh,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143
--- openbsd/fw_update/fw_install.sh	2022/01/07 00:38:06	1.142
+++ openbsd/fw_update/fw_install.sh	2022/01/07 01:47:24	1.143
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: fw_install.sh,v 1.142 2022/01/07 00:38:06 afresh1 Exp $
+#	$OpenBSD: fw_install.sh,v 1.143 2022/01/07 01:47:24 afresh1 Exp $
 #
 # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
 #
@@ -37,7 +37,7 @@
 DRYRUN=false
 VERBOSE=0
 DELETE=false
-DOWNLOAD=true
+DOWNLOAD=
 INSTALL=true
 LOCALSRC=
 
@@ -322,6 +322,7 @@
 
 # "Download only" means local dir and don't install
 if [ "$OPT_F" ]; then
+	DOWNLOAD=true
 	INSTALL=false
 	LOCALSRC="${LOCALSRC:-.}"
 elif [ "$LOCALSRC" ]; then
@@ -387,8 +388,6 @@
     REMOVE_LOCALSRC=true
 fi
 
-CFILE="$LOCALSRC/$CFILE"
-
 if [ "${devices[*]:-}" ]; then
 	"$ALL" && usage 22
 else
@@ -400,16 +399,35 @@
 
 [ "${devices[*]:-}" ] || exit
 
-if "$DOWNLOAD"; then
-	set +o noclobber # we want to get the latest CFILE
-	fetch "$CFILE"
-	set -o noclobber
-	! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
-	    echo "Signature check of SHA256.sig failed" >&2 && exit 1
-elif [ ! -e "$CFILE" ]; then
-	# TODO: We shouldn't need a CFILE if all arguments are files.
-	echo "${0##*/}: $CFILE: No such file or directory" >&2
-	exit 2
+# Only need the CFILE to verify what has been downloaded
+# or to convert a device to a filename.
+NEED_CFILE="${DOWNLOAD:-false}"
+if ! "$NEED_CFILE"; then
+	for f in "${devices[@]}"; do
+		if [ "$( firmware_devicename "$f" )" = "$f" ]; then
+			NEED_CFILE=true
+			break
+		fi
+	done
+fi
+
+# Only need to download if we already decided we did,
+# or the same decision as if we NEED_CFILE.
+DOWNLOAD="${DOWNLOAD:-$NEED_CFILE}"
+
+if "$NEED_CFILE"; then
+	CFILE="$LOCALSRC/$CFILE"
+
+	if "$DOWNLOAD"; then
+		set +o noclobber # we want to get the latest CFILE
+		fetch "$CFILE"
+		set -o noclobber
+		! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+		    echo "Signature check of SHA256.sig failed" >&2 && exit 1
+	elif [ ! -e "$CFILE" ]; then
+		echo "${0##*/}: $CFILE: No such file or directory" >&2
+		exit 2
+	fi
 fi
 
 added=''