===================================================================
RCS file: /cvs/openbsd/fw_update/fw_install.sh,v
retrieving revision 1.1
retrieving revision 1.33
diff -u -r1.1 -r1.33
--- openbsd/fw_update/fw_install.sh	2021/09/30 04:06:56	1.1
+++ openbsd/fw_update/fw_install.sh	2021/11/19 03:13:11	1.33
@@ -1,119 +1,234 @@
 #!/bin/ksh
 set -e
 
-scan_dmesg() {
-	# no bsort for now
-	sed -n "$1" /var/run/dmesg.boot
+# Fake up some things from install.sub that we don't need to actually do
+prefetcharea_fs_list() {
+	echo "${DESTDIR}/tmp"
 }
 
-installed_firmware() {
-	for fw in ${PKGDIR}/$1-firmware*; do
-		[ -e "$fw" ] || continue
-		echo ${fw##*/}
+# tmpdir, do_as, unpriv, and unpriv2 are from install.sub
+
+# Create a temporary directory based on the supplied directory name prefix.
+tmpdir() {
+	local _i=1 _dir
+
+	until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do
+		((++_i < 10000)) || return 1
 	done
+	echo "$_dir"
 }
 
-set -A _KERNV -- $( scan_dmesg '/^OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\) .*/ { s//\1 \2/p; q; }' )
-VNAME=${_KERNV[0]}
-OSDIR=$VNAME
-if ((${#_KERNV[*]} > 1)) && [ "$_KERNV[1]" = "-current" -o "$_KERNV[1]" = "-beta" ]; then
-	OSDIR=snapshots
-fi
+# Run a command ($2+) as unprivileged user ($1).
+# Take extra care that after "cmd" no "user" processes exist.
+#
+# Optionally:
+#	- create "file" and chown it to "user"
+#	- after "cmd", chown "file" back to root
+#
+# Usage: do_as user [-f file] cmd
+do_as() {
+	(( $# >= 2 )) || return
 
-FWURL=http://firmware.openbsd.org/firmware/${OSDIR}
-PKGDIR=${DESTDIR}/var/db/pkg
-PATTERNS="file:${0%/*}/firmware_patterns"
+	local _file _rc _user=$1
+	shift
 
-drivers=$(
-	last=''
-	ftp -D "Detecting" -Vmo- $PATTERNS |
-	while read d m; do
-		[ "$last" = "$d" ] && continue
-		[ "$m" ] || m="^$d[0-9][0-9]* at "
-		[ "$( scan_dmesg "/$m/ { p; q; }" )" ] || continue
-		echo $d
-		last=$d
+	if [[ $1 == -f ]]; then
+		_file=$2
+		shift 2
+	fi
+
+	if [[ -n $_file ]]; then
+		>$_file
+		chown "$_user" "$_file"
+	fi
+
+	doas -u "$_user" "$@"
+	_rc=$?
+
+	while doas -u "$_user" kill -9 -1 2>/dev/null; do
+		echo "Processes still running for user $_user after: $@"
+		sleep 1
 	done
-)
 
-if [ -z "$drivers" ]; then
-	echo "No devices found which need firmware files to be downloaded." >&2
-	exit 0
-fi
+	[[ -n $_file ]] && chown root "$_file"
 
-tmpdir=${DESTDIR}/tmp/fw_update
-[ -e "$tmpdir" ] && rm -rf "$tmpdir"
-mkdir -p "$tmpdir"
-cd "$tmpdir"
+	return $_rc
+}
 
-# TODO: Drop privs during fetch and verify
-ftp -D Get -Vm "$FWURL/SHA256.sig"
+unpriv() {
+	do_as _sndio "$@"
+}
 
-# Probably should bundle the firmware sigfile on the installer,
-# although we can just get it from the recently installed system.
-if [ "$DESTDIR" ]; then
-	sigfile=$( sed -n '/^untrusted comment: verify with \(.*\)$/ { s//\1/p; q; }' SHA256.sig )
-	if [ ! -e "/etc/signify/$sigfile" ] \
-	  && [ -e "${DESTDIR}/etc/signify/$sigfile" ]; then
-		cp -a "${DESTDIR}/etc/signify/$sigfile" "/etc/signify/$sigfile"
+unpriv2() {
+	do_as _file "$@"
+}
+
+VNAME=${VNAME:-$(sysctl -n kern.osrelease)}
+VERSION=${VERSION:"${VNAME%.*}${VNAME#*.}"}
+FWDIR=${FWDIR:-$VNAME}
+MODE=${MODE:-install}
+
+# TODO: We need the firmware for the system we just installed
+#       not the one we booted from.  For example:
+#       * booting from a snapshot bsd.rd that thinks it is the 7.0 release
+#         will install the firmware from the 7.0 directory instead of
+#         from the snapshots dir.
+#       If they're using sysupgrade, then the installer kernel will be correct.
+#       If we're doing this in the installer we can check what they picked
+#       for downloading sets and use that value.
+#       Otherwise, the fw_update after first boot will fix it up for us.
+
+HTTP_FWDIR=$FWDIR
+set -- sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot
+[[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots
+
+FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
+FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
+FWPATTERNS="file:${0%/*}/firmware_patterns"
+
+# TODO: support srclocal installation of firmware somehow
+fw_update() {
+	local _src=$1 _tmpfs_list _tmpfs _tmpsrc \
+		_t=Get _cfile="/tmp/SHA256" _pkgdir=${DESTDIR}/var/db/pkg \
+		_f _r _remove _i _installed
+	local _srclocal=false _unpriv=unpriv
+
+	echo "Let's $MODE firmware!"
+	local _d _drivers=$(
+		last=''
+		$_unpriv ftp -D "Detecting" -Vmo- $FWPATTERNS |
+		while read _d _m; do
+			grep=grep
+			[ "$last" = "$_d" ] && continue
+			[ "$_m" ] || _m="^$_d[0-9][0-9]* at "
+			[ "$_m" = "${_m#^}" ] && grep=fgrep
+			$grep -q "$_m" /var/run/dmesg.boot || continue
+			echo $_d
+			last=$_d
+		done
+	)
+
+	if [ -z "$_drivers" ]; then
+		echo "No devices found which need firmware files to be downloaded."
+		return
 	fi
-fi
 
-signify -Ve -x SHA256.sig -m - < SHA256.sig > SHA256
+	! _tmpfs_list=$(prefetcharea_fs_list) &&
+		echo "Cannot determine prefetch area" >&2 && return
 
-for d in $drivers; do
-	firmware=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" SHA256 )
-	installed=$( installed_firmware $d )
+	for _tmpfs in $_tmpfs_list; do
+		# Try to clean up from previous runs, assuming
+		# the _tmpfs selection yields the same mount
+		# point.
+		for _tmpsrc in $_tmpfs/firmware.+([0-9]).+([0-9]); do
+			[[ -d $_tmpsrc ]] && rm -r $_tmpsrc
+		done
 
-	for i in $installed; do
-		if [ "$firmware" = "$i.tgz" ]; then
-			echo "Firmware for $d already installed ($installed)"
-			continue 2
+		# Create a download directory for the firmware and
+		# check that the _sndio user can read files from
+		# it. Otherwise cleanup and skip the filesystem.
+		if _tmpsrc=$(tmpdir "$_tmpfs/firmware"); then
+			(
+			>$_tmpsrc/t &&
+			$_unpriv cat $_tmpsrc/t
+			) >/dev/null 2>&1 && break ||
+				rm -r $_tmpsrc
 		fi
 	done
 
-	mkdir $d
+	[[ ! -d $_tmpsrc ]] &&
+		echo "Cannot create prefetch area" >&2 && return 1
 
-	# TODO: Drop privs during fetch and verify
-	ftp -D "Get/Verify" -Vmo- "$FWURL/$firmware" | sha256 -bph "$d/h" > "$firmware"
-	fgrep -qx "SHA256 ($firmware) = $(<$d/h)" SHA256
+	# Cleanup from previous runs.
+	rm -f $_cfile $_cfile.sig
 
-	# TODO: Check hash for files before deleting
-	if [ "$installed" ] && [ -e "${PKGDIR}/$installed/+CONTENTS" ]; then
-		echo "Uninstalling $installed"
-		cwd=${PKGDIR}/$installed
+	_t=Get/Verify
 
-		remove="${cwd}/+CONTENTS ${cwd}"
+	! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" &&
+	    echo "Cannot fetch SHA256.sig" >&2 && return 1
 
-		while read c g; do
-			case $c in
-			@cwd) cwd=$g
-			  ;;
-			@*) continue
-			  ;;
-			*)  remove="$cwd/$c $remove"
-			  ;;
-			esac
-		done < "${PKGDIR}/$installed/+CONTENTS"
+	# Verify signature file with public keys.
+	! $_unpriv -f "$_cfile" \
+	    signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" &&
+	    echo "Signature check of SHA256.sig failed" >&2 && return 1
 
-		for r in $remove ; do
-			if [ -d "$r" ]; then
-				# Try hard not to actually remove recursively
-				# without rmdir on the install media.
-				[ "$r/*" = $( echo "$r"/* ) ] && rm -rf "$r"
-			else
-				rm -f "$r"
+	for _d in $_drivers; do
+		_f=$( sed -n "s/.*(\($_d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" )
+		_installed=$(
+	        for fw in "${_pkgdir}/$_d-firmware"*; do
+		        [ -e "$fw" ] || continue
+		        echo ${fw##*/}
+	        done
+		)
+
+		for _i in $_installed; do
+			if [ "$_f" = "$_i.tgz" ]; then
+				echo "$_i already installed"
+				continue 2
 			fi
 		done
-	fi
 
-	# TODO: Add some details about the install to +CONTENTS like pkg_add
-	# TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall
-	echo "Installing $firmware"
-	tar -zxphf "$firmware" -C /etc "firmware/*"
-	mkdir -p ${PKGDIR}/${firmware%.tgz}/
-	tar -zxphf "$firmware" -C "${PKGDIR}/${firmware%.tgz}" "+*"
-    ed -s "${PKGDIR}/${firmware%.tgz}/+CONTENTS" <<EOL
+		rm -f /tmp/h /tmp/fail
+
+		# Fetch firmware file and create a checksum by piping through
+		# sha256. Create a flag file in case ftp failed. Firmware
+		# from net is written to the prefetch area.
+		( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) |
+		( $_srclocal && unpriv2 sha256 -b >/tmp/h ||
+		    unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" )
+
+		# Handle failed transfer.
+		if [[ -f /tmp/fail ]]; then
+			rm -f "$_tmpsrc/$_f"
+			echo "Fetching of $_f failed!" >&2
+			continue
+		fi
+
+		# Verify firmware by comparing its checksum with SHA256.
+		if ! fgrep -qx "SHA256 ($_f) = $(</tmp/h)" "$_cfile"; then
+			[[ -d "$_tmpsrc" ]] && rm -rf "$_tmpsrc"
+			echo "Checksum test for $_f failed." >&2
+			continue
+		fi
+
+		# TODO: Check hash for files before deleting
+		if [ "$_installed" ] && [ -e "${_pkgdir}/$_installed/+CONTENTS" ]; then
+			echo "Uninstalling $_installed"
+			cwd=${_pkgdir}/$_installed
+
+			set -A _remove -- "${cwd}/+CONTENTS" "${cwd}"
+
+			while read c g; do
+				case $c in
+				@cwd) cwd="${DESTDIR}/$g"
+				  ;;
+				@*) continue
+				  ;;
+				*)  set -A _remove -- "$cwd/$c" "${_remove[@]}"
+				  ;;
+				esac
+			done < "${_pkgdir}/$_installed/+CONTENTS"
+
+			# We specifically rm -f here because not removing files/dirs
+			# is probably not worth failing over.
+			for _r in "${_remove[@]}" ; do
+				if [ -d "$_r" ]; then
+					# Try hard not to actually remove recursively
+					# without rmdir on the install media.
+					[ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r"
+				else
+					rm -f "$_r"
+				fi
+			done
+		fi
+
+		# TODO: Should we mark these so real fw_update can -Drepair?
+		ftp -D "Install" -Vmo- "file:$_tmpsrc/$_f" |
+			tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \
+			-s ",^firmware,${DESTDIR}/etc/firmware," \
+			-C / -zxphf - "+*" "firmware/*"
+
+		ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL
 /^@comment pkgpath/ -1a
 @option manual-installation
 @option firmware
@@ -121,5 +236,7 @@
 .
 w
 EOL
-done
+	done
+}
 
+fw_update "$FWURL"