===================================================================
RCS file: /cvs/openbsd/fw_update/fw_install.sh,v
retrieving revision 1.51
retrieving revision 1.105
diff -u -r1.51 -r1.105
--- openbsd/fw_update/fw_install.sh	2021/12/07 02:42:01	1.51
+++ openbsd/fw_update/fw_install.sh	2021/12/22 17:53:53	1.105
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: fw_install.sh,v 1.51 2021/12/07 02:42:01 afresh1 Exp $
+#	$OpenBSD: fw_install.sh,v 1.105 2021/12/22 17:53:53 afresh1 Exp $
 #
 # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
 #
@@ -15,7 +15,9 @@
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-set -o errexit -o pipefail -o nounset
+set -o errexit -o pipefail -o nounset -o noclobber -o noglob
+set +o monitor
+export PATH=/usr/bin:/bin:/usr/sbin:/sbin
 
 CFILE=SHA256.sig
 DESTDIR=${DESTDIR:-}
@@ -25,17 +27,23 @@
 VERSION=${VERSION:-"${VNAME%.*}${VNAME#*.}"}
 
 HTTP_FWDIR="$VNAME"
-VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot | sed '$!d' )
+VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" \
+    /var/run/dmesg.boot | sed '$!d' )
 [[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots
 
 FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
 FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
 
+VERBOSE=false
+DOWNLOAD=true
+INSTALL=true
+LOCALSRC=
+
 tmpdir() {
 	local _i=1 _dir
 
 	# If we're not in the installer,
-	# we have mktemp and a more hostile environment
+	# we have mktemp and a more hostile environment.
 	if [ -x /usr/bin/mktemp ]; then
 		_dir=$( mktemp -d "${1}-XXXXXXXXX" )
 	else
@@ -48,82 +56,121 @@
 }
 
 fetch() {
-	local _file=$1 _user=_file _exit
+	local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _pid _exit _error=''
 
-	>"$_file"
-	chown "$_user" "$_file"
-
-	# If we're not in the installer, we have su(1)
-	# and doas(1) is unlikely to be configured.
-	if [ -x /usr/bin/sh ]; then
-		/usr/bin/su -s /bin/ksh "$_user" -c \
-		    "/usr/bin/ftp -D 'Get/Verify' -Vm \
-		        -o '$_file' '${FWURL}/${_file}'"
-		_exit="$?"
+	# If we're not in the installer,
+	# we have su(1) and doas(1) is unlikely to be configured.
+	set -o monitor # make sure ftp gets its own process group
+	(
+	flags=-VM
+	"$VERBOSE" && flags=-vm
+	if [ -x /usr/bin/su ]; then
+		exec /usr/bin/su -s /bin/ksh "$_user" -c \
+		    "/usr/bin/ftp -D 'Get/Verify' $flags -o- '$_src'" > "$_dst"
 	else
-		/usr/bin/doas -u "$_user" \
-		    ftp -D 'Get/Verify' -Vm \
-		        -o "$_file" "${FWURL}/${_file}"
-		_exit="$?"
+		exec /usr/bin/doas -u "$_user" \
+		    /usr/bin/ftp -D 'Get/Verify' $flags -o- "$_src" > "$_dst"
 	fi
+	) & _pid=$!
+	set +o monitor
 
+	trap "kill -TERM '-$_pid' 2>/dev/null; exit 1" EXIT INT QUIT ABRT TERM
+
+	SECONDS=0
+	_last=0
+	while kill -0 -"$_pid" 2>/dev/null; do
+		if [[ $SECONDS -gt 12 ]]; then
+			set -- $( ls -ln "$_dst" 2>/dev/null )
+			if [[ $_last -ne $5 ]]; then
+				_last=$5
+				SECONDS=0
+				sleep 1
+			else
+				kill -INT -"$_pid"
+				_error=" (timed out)"
+			fi
+		else
+			sleep 1
+		fi
+	done
+
+	set +o errexit
+	wait "$_pid"
+	_exit=$?
+	set -o errexit
+
+	trap "" EXIT INT QUIT ABRT TERM
+
 	if [ "$_exit" -ne 0 ]; then
-		rm -f "$_file"
-		echo "Cannot fetch $_file" >&2
+		rm -f "$_dst"
+		echo "Cannot fetch $_src$_error" >&2
 		return 1
 	fi
-
-	chown root "$_file"
 }
 
 verify() {
 	# On the installer we don't get sha256 -C, so fake it.
-	if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
-		echo "Checksum test for $1 failed." >&2
+	if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
+		echo "Checksum test for ${1##*/} failed." >&2
 		return 1
 	fi
 }
 
 devices_needing_firmware() {
-	local _d _m _grep _dmesgtail _last=''
+	local _d _m _line _dmesgtail _last='' _nl=$( echo )
 
 	# When we're not in the installer, the dmesg.boot can
 	# contain multiple boots, so only look in the last one
-	_dmesgtail=$( sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot )
+	_dmesgtail="$( echo ; sed -n 'H;/^OpenBSD/h;${g;p;}' /var/run/dmesg.boot |
+	    grep -e "^[a-z][a-z]*[0-9]" -e " not configured " )"
 
 	grep -v '^[[:space:]]*#' "$FWPATTERNS" |
 	    while read -r _d _m; do
-		_grep="grep"
-		[ "$_last" = "$_d" ] && continue
-		[ "$_m" ] || _m="^${_d}[0-9][0-9]* at "
-		[ "$_m" = "${_m#^}" ] && _grep="fgrep"
+		[ "$_d" = "$_last" ] && continue
+		[ "$_m" ]             || _m="${_nl}${_d}[0-9] at "
+		[ "$_m" = "${_m#^}" ] || _m="${_nl}${_m#^}"
 
-		echo "$_dmesgtail" | $_grep -q "$_m" || continue
-		echo "$_d"
-		_last="$_d"
-	done
+		if [[ $_dmesgtail = *$_m* ]]; then
+			echo "$_d"
+			_last="$_d"
+		fi
+	    done
 }
 
 firmware_filename() {
-	sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d'
+	local _f
+	_f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )"
+	! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1
+	echo "$_f"
 }
 
+firmware_devicename() {
+	local _d="${1##*/}"
+	_d="${_d%-firmware-*}"
+	echo "$_d"
+}
+
 installed_firmware() {
+	set +o noglob
 	for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do
-		[ -e "$fw" ] || continue
+		[ -e "$fw/+CONTENTS" ] || continue
 		echo "${fw##*/}"
 	done
+	set -o noglob
 }
 
 add_firmware () {
-	local _f="$1" _pkgdir="${DESTDIR}/var/db/pkg"
-	ftp -D "Install" -Vmo- "file:${1}" |
-		tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \
-		-s ",^firmware,${DESTDIR}/etc/firmware," \
-		-C / -zxphf - "+*" "firmware/*"
+	local _f="${1##*/}"
+	local _pkgdir="${DESTDIR}/var/db/pkg/${_f%.tgz}"
+	local flags=-VM
+	"$VERBOSE" && flags=-vm
+	ftp -D "Install" "$flags" -o- "file:${1}" |
+		tar -s ",^\+,${_pkgdir}/+," \
+		    -s ",^firmware,${DESTDIR}/etc/firmware," \
+		    -C / -zxphf - "+*" "firmware/*"
 
 	# TODO: Should we mark these so real fw_update can -Drepair?
-	ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL
+	ed -s "${_pkgdir}/+CONTENTS" <<EOL
 /^@comment pkgpath/ -1a
 @option manual-installation
 @option firmware
@@ -137,7 +184,7 @@
 	local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg"
 
 	# TODO: Check hash for files before deleting
-	echo "Uninstalling $_pkg"
+	"$VERBOSE" && echo "Uninstalling $_pkg"
 	_cwd="${_pkgdir}/$_pkg"
 
 	set -A _remove -- "${_cwd}/+CONTENTS" "${_cwd}"
@@ -148,7 +195,7 @@
 		  ;;
 		@*) continue
 		  ;;
-		*)  set -A _remove -- "$_cwd/$c" "${_remove[@]}"
+		*) set -A _remove -- "$_cwd/$c" "${_remove[@]}"
 		  ;;
 		esac
 	done < "${_pkgdir}/${_pkg}/+CONTENTS"
@@ -159,53 +206,135 @@
 		if [ -d "$_r" ]; then
 			# Try hard not to actually remove recursively
 			# without rmdir on the install media.
+			set +o noglob
 			[ "$_r/*" = "$( echo "$_r"/* )" ] && rm -rf "$_r"
+			set -o noglob
 		else
 			rm -f "$_r"
 		fi
 	done
 }
 
-set -A devices -- $( devices_needing_firmware )
+usage() {
+	echo "usage:  ${0##*/} [-v] [-D | -L] [driver | file ...]"
+	exit 2
+}
 
-if [ ! "${devices:-}" ]; then
-	echo "No devices found which need firmware files to be downloaded."
-	exit
+OPT_D=
+OPT_L=
+while getopts :DLv name
+do
+       case "$name" in
+       D) OPT_D=true ;;
+       L) OPT_L=true ;;
+       v) VERBOSE=true ;;
+       ?) echo "${0##*/}: unknown option -- -$OPTARG"; usage 2 ;;
+       esac
+done
+shift $((OPTIND - 1))
+
+[ "$OPT_D" ] && [ "$OPT_L" ] && usage 1
+
+if [ "$OPT_D" ]; then
+	# "Download only" means local dir and don't install
+	INSTALL=false
+	LOCALSRC=.
+elif [ "$OPT_L" ]; then
+	# "Local" means don't download, install from local dir
+	DOWNLOAD=false
+	LOCALSRC=.
+else
+	LOCALSRC="$( tmpdir "${DESTDIR}/tmp/${0##*/}" )"
 fi
 
-TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" )
-cd "$TMPDIR"
+CFILE="$LOCALSRC/$CFILE"
 
-# To unpriv we need to let the unpriv user into this dir
-chmod go+x .
+if "$INSTALL" && [ -x /usr/bin/id ] && [ "$(/usr/bin/id -u)" != 0 ]; then
+	echo "need root privileges" >&2
+	exit 1
+fi
 
-fetch "$CFILE"
-! signify -Vep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
-    echo "Signature check of SHA256.sig failed" >&2 && exit 1
+set -A devices -- "$@"
 
-for d in "${devices[@]}"; do
-	f=$( firmware_filename "$d" )
-	[ "$f" ] || continue
+if [ ! "${devices[*]:-}" ]; then
+	"$VERBOSE" && echo -n "Detecting firmware ..."
+	set -A devices -- $( devices_needing_firmware )
+	"$VERBOSE" &&
+	    { [ "${devices[*]:-}" ] && echo " found." || echo " done." ; }
+fi
+
+[ "${devices[*]:-}" ] || exit
+
+if "$DOWNLOAD"; then
+	fetch "$CFILE"
+	! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+	    echo "Signature check of SHA256.sig failed" >&2 && exit 1
+fi
+
+added=''
+updated=''
+for f in "${devices[@]}"; do
+	d="$( firmware_devicename "$f" )"
+
+	if [ "$f" = "$d" ]; then
+		f=$( firmware_filename "$d" || true )
+		[ "$f" ] || continue
+		f="$LOCALSRC/$f"
+	elif ! "$INSTALL" && ! grep -Fq "($f)" "$CFILE" ; then
+		echo "Cannot download local file $f" >&2
+		exit 2
+	fi
+
 	set -A installed -- $( installed_firmware "$d" )
 
-	if [ "${installed:-}" ]; then
-		for i in "${installed[@]:-}"; do
-			if [ "$f" = "$i.tgz" ]; then
-				echo "$i already installed"
+	if "$INSTALL" && [ "${installed[*]:-}" ]; then
+		for i in "${installed[@]}"; do
+			if [ "${f##*/}" = "$i.tgz" ]; then
+				"$VERBOSE" && echo "$i already installed"
 				continue 2
 			fi
 		done
 	fi
 
-	fetch  "$f" || continue
-	verify "$f" || continue
+	if [ -e "$f" ]; then
+		if "$DOWNLOAD"; then
+			"$VERBOSE" && echo "Verify existing ${f##*/}"
+			verify "$f" || continue
+		# else assume it was verified when downloaded
+		fi
+	elif "$DOWNLOAD"; then
+		fetch  "$f" || continue
+		verify "$f" || continue
+	elif "$INSTALL"; then
+		echo "Cannot install ${f##*/}, not found" >&2
+		continue
+	fi
 
-	if [ "${installed:-}" ]; then
+	"$INSTALL" || continue
+
+	removed=false
+	if [ "${installed[*]:-}" ]; then
 		for i in "${installed[@]}"; do
 			delete_firmware "$i"
+			removed=true
 		done
 	fi
 
 	add_firmware "$f"
+
+	if "$removed"; then
+		[ "$updated" ] && updated="$updated,"
+		updated="$updated$d"
+	else
+		[ "$added" ] && added="$added,"
+		added="$added$d"
+	fi
 done
 
+if ! $VERBOSE && { [ "$added" ] || [ "$updated" ]; }; then
+	echo  "${0##*/}: $(
+	    [ "$added" ] && echo -n "added ${added}"
+	    [ "$added" ] && [ "$updated" ] && echo -n "; "
+	    [ "$updated" ] && echo -n "updated ${updated}"
+	)"
+fi