=================================================================== RCS file: /cvs/openbsd/fw_update/fw_install.sh,v retrieving revision 1.46 retrieving revision 1.48 diff -u -r1.46 -r1.48 --- openbsd/fw_update/fw_install.sh 2021/12/02 03:46:50 1.46 +++ openbsd/fw_update/fw_install.sh 2021/12/02 03:50:03 1.48 @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: fw_install.sh,v 1.46 2021/12/02 03:46:50 afresh1 Exp $ +# $OpenBSD: fw_install.sh,v 1.48 2021/12/02 03:50:03 afresh1 Exp $ set -e # Copyright (c) 2021 Andrew Hewus Fresh @@ -35,7 +35,7 @@ if [[ -e /usr/bin/mktemp ]]; then _dir=$( /usr/bin/mktemp -d $1 ) - chown _sndio "$_dir" + chown _file "$_dir" else until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do ((++_i < 10000)) || return 1 @@ -86,7 +86,7 @@ } unpriv() { - do_as _sndio "$@" + do_as _file "$@" } VNAME=${VNAME:-$(sysctl -n kern.osrelease)} @@ -148,7 +148,7 @@ done # Create a download directory for the firmware and - # check that the _sndio user can read files from + # check that the _file user can read files from # it. Otherwise cleanup and skip the filesystem. if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then ( @@ -171,8 +171,7 @@ echo "Cannot fetch SHA256.sig" >&2 && return 1 # Verify signature file with public keys. - ! $_unpriv -f "$_cfile" \ - signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && + ! signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && echo "Signature check of SHA256.sig failed" >&2 && return 1 for _d in $_drivers; do