=================================================================== RCS file: /cvs/openbsd/fw_update/fw_install.sh,v retrieving revision 1.10 retrieving revision 1.33 diff -u -r1.10 -r1.33 --- openbsd/fw_update/fw_install.sh 2021/10/17 03:05:29 1.10 +++ openbsd/fw_update/fw_install.sh 2021/11/19 03:13:11 1.33 @@ -1,18 +1,11 @@ #!/bin/ksh set -e -scan_dmesg() { - # no bsort for now - sed -n "$1" /var/run/dmesg.boot +# Fake up some things from install.sub that we don't need to actually do +prefetcharea_fs_list() { + echo "${DESTDIR}/tmp" } -installed_firmware() { - for fw in ${PKGDIR}/$1-firmware*; do - [ -e "$fw" ] || continue - echo ${fw##*/} - done -} - # tmpdir, do_as, unpriv, and unpriv2 are from install.sub # Create a temporary directory based on the supplied directory name prefix. @@ -70,144 +63,172 @@ do_as _file "$@" } -_issue= -fail() { - echo $_issue >&2 - exit 1 -} +VNAME=${VNAME:-$(sysctl -n kern.osrelease)} +VERSION=${VERSION:"${VNAME%.*}${VNAME#*.}"} +FWDIR=${FWDIR:-$VNAME} +MODE=${MODE:-install} -VNAME=$(sysctl -n kern.osrelease) -VERSION="${VNAME%.*}${VNAME#*.}" -FWDIR="$VNAME" +# TODO: We need the firmware for the system we just installed +# not the one we booted from. For example: +# * booting from a snapshot bsd.rd that thinks it is the 7.0 release +# will install the firmware from the 7.0 directory instead of +# from the snapshots dir. +# If they're using sysupgrade, then the installer kernel will be correct. +# If we're doing this in the installer we can check what they picked +# for downloading sets and use that value. +# Otherwise, the fw_update after first boot will fix it up for us. HTTP_FWDIR=$FWDIR -set -- $(scan_dmesg "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p") +set -- sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot [[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR} FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub -PKGDIR=${DESTDIR}/var/db/pkg -PATTERNS="file:${0%/*}/firmware_patterns" +FWPATTERNS="file:${0%/*}/firmware_patterns" -drivers=$( - last='' - ftp -D "Detecting" -Vmo- $PATTERNS | - while read d m; do - grep=grep - [ "$last" = "$d" ] && continue - [ "$m" ] || m="^$d[0-9][0-9]* at " - [ "$m" = "${m#^}" ] && grep=fgrep - $grep -q "$m" /var/run/dmesg.boot || continue - echo $d - last=$d - done -) +# TODO: support srclocal installation of firmware somehow +fw_update() { + local _src=$1 _tmpfs_list _tmpfs _tmpsrc \ + _t=Get _cfile="/tmp/SHA256" _pkgdir=${DESTDIR}/var/db/pkg \ + _f _r _remove _i _installed + local _srclocal=false _unpriv=unpriv -if [ -z "$drivers" ]; then - echo "No devices found which need firmware files to be downloaded." >&2 - exit 0 -fi + echo "Let's $MODE firmware!" + local _d _drivers=$( + last='' + $_unpriv ftp -D "Detecting" -Vmo- $FWPATTERNS | + while read _d _m; do + grep=grep + [ "$last" = "$_d" ] && continue + [ "$_m" ] || _m="^$_d[0-9][0-9]* at " + [ "$_m" = "${_m#^}" ] && grep=fgrep + $grep -q "$_m" /var/run/dmesg.boot || continue + echo $_d + last=$_d + done + ) -_src=$FWURL -if _tmpsrc=$( tmpdir "${DESTDIR}/tmp/fw_update" ); then - ( - >$_tmpsrc/t && - $_unpriv cat $_tmpsrc/t - ) >/dev/null 2>&1 || - rm -r $_tmpsrc -fi + if [ -z "$_drivers" ]; then + echo "No devices found which need firmware files to be downloaded." + return + fi -[[ ! -d $_tmpsrc ]] && - _issue="Cannot create prefetch area" && fail + ! _tmpfs_list=$(prefetcharea_fs_list) && + echo "Cannot determine prefetch area" >&2 && return -cd "$_tmpsrc" + for _tmpfs in $_tmpfs_list; do + # Try to clean up from previous runs, assuming + # the _tmpfs selection yields the same mount + # point. + for _tmpsrc in $_tmpfs/firmware.+([0-9]).+([0-9]); do + [[ -d $_tmpsrc ]] && rm -r $_tmpsrc + done -_t=Get -_cfile="$_tmpsrc/SHA256" -_srclocal=false + # Create a download directory for the firmware and + # check that the _sndio user can read files from + # it. Otherwise cleanup and skip the filesystem. + if _tmpsrc=$(tmpdir "$_tmpfs/firmware"); then + ( + >$_tmpsrc/t && + $_unpriv cat $_tmpsrc/t + ) >/dev/null 2>&1 && break || + rm -r $_tmpsrc + fi + done -! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" && - _issue="Cannot fetch SHA256.sig" && fail + [[ ! -d $_tmpsrc ]] && + echo "Cannot create prefetch area" >&2 && return 1 -# Verify signature file with public keys. -! unpriv -f "$_cfile" \ - signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && - _issue="Signature check of SHA256.sig failed" && fail + # Cleanup from previous runs. + rm -f $_cfile $_cfile.sig -for d in $drivers; do - _f=$( sed -n "s/.*(\($d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" ) - installed=$( installed_firmware "$d" ) + _t=Get/Verify - for i in $installed; do - if [ "$_f" = "$i.tgz" ]; then - echo "Firmware for $d already installed ($installed)" - continue 2 - fi - done + ! $_unpriv ftp -D "$_t" -Vmo - "$_src/SHA256.sig" >"$_cfile.sig" && + echo "Cannot fetch SHA256.sig" >&2 && return 1 - rm -f /tmp/h /tmp/fail + # Verify signature file with public keys. + ! $_unpriv -f "$_cfile" \ + signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && + echo "Signature check of SHA256.sig failed" >&2 && return 1 - _t=Get/Verify - # Fetch firmware file and create a checksum by piping through - # sha256. Create a flag file in case ftp failed. Firmware - # from net is written to the prefetch area. - ( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | - ( $_srclocal && unpriv2 sha256 -b >/tmp/h || - unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) + for _d in $_drivers; do + _f=$( sed -n "s/.*(\($_d-firmware-.*\.tgz\)).*/\1/p" "$_cfile" ) + _installed=$( + for fw in "${_pkgdir}/$_d-firmware"*; do + [ -e "$fw" ] || continue + echo ${fw##*/} + done + ) - # Handle failed transfer. - if [[ -f /tmp/fail ]]; then - rm -f "$_tmpsrc/$_f" - _issue="Fetching of $_f failed!" - fail - fi + for _i in $_installed; do + if [ "$_f" = "$_i.tgz" ]; then + echo "$_i already installed" + continue 2 + fi + done - # Verify firmware by comparing its checksum with SHA256. - if fgrep -qx "SHA256 ($_f) = $(/tmp/fail ) | + ( $_srclocal && unpriv2 sha256 -b >/tmp/h || + unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) - set -A _remove -- "${cwd}/+CONTENTS" "${cwd}" + # Handle failed transfer. + if [[ -f /tmp/fail ]]; then + rm -f "$_tmpsrc/$_f" + echo "Fetching of $_f failed!" >&2 + continue + fi - while read c g; do - case $c in - @cwd) cwd=$g - ;; - @*) continue - ;; - *) set -A _remove -- "$cwd/$c" "${_remove[@]}" - ;; - esac - done < "${PKGDIR}/$installed/+CONTENTS" + # Verify firmware by comparing its checksum with SHA256. + if ! fgrep -qx "SHA256 ($_f) = $(&2 + continue + fi - for _r in "${_remove[@]}"; do - if [ -d "$_r" ]; then - # Try hard not to actually remove recursively - # without rmdir on the install media. - [ "$_r/*" = $( echo "$_r"/* ) ] && rm -rf "$_r" - else - rm -f "$_r" - fi - done - fi + # TODO: Check hash for files before deleting + if [ "$_installed" ] && [ -e "${_pkgdir}/$_installed/+CONTENTS" ]; then + echo "Uninstalling $_installed" + cwd=${_pkgdir}/$_installed - # TODO: Add some details about the install to +CONTENTS like pkg_add - # TODO: Or, maybe we save the firmware someplace and make pkg_add reinstall - echo "Installing $_f" - tar -zxphf "$_f" -C /etc "firmware/*" - mkdir -p ${PKGDIR}/${_f%.tgz}/ - tar -zxphf "$_f" -C "${PKGDIR}/${_f%.tgz}" "+*" - ed -s "${PKGDIR}/${_f%.tgz}/+CONTENTS" <