===================================================================
RCS file: /cvs/openbsd/fw_update/fw_install.sh,v
retrieving revision 1.60
retrieving revision 1.64
diff -u -r1.60 -r1.64
--- openbsd/fw_update/fw_install.sh	2021/12/09 02:09:52	1.60
+++ openbsd/fw_update/fw_install.sh	2021/12/09 02:37:38	1.64
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: fw_install.sh,v 1.60 2021/12/09 02:09:52 afresh1 Exp $
+#	$OpenBSD: fw_install.sh,v 1.64 2021/12/09 02:37:38 afresh1 Exp $
 #
 # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
 #
@@ -61,20 +61,17 @@
 fetch() {
 	local _file=$1 _user=_file _exit
 
-	>"$_file"
-	chown "$_user" "$_file"
-
 	# If we're not in the installer, we have su(1)
 	# and doas(1) is unlikely to be configured.
 	if [ -x /usr/bin/su ]; then
 		/usr/bin/su -s /bin/ksh "$_user" -c \
 		    "/usr/bin/ftp -D 'Get/Verify' -Vm \
-		        -o '$_file' '${FWURL}/${_file}'"
+		        -o- '${FWURL}/${_file}'" > "$_file"
 		_exit="$?"
 	else
 		/usr/bin/doas -u "$_user" \
 		    ftp -D 'Get/Verify' -Vm \
-		        -o "$_file" "${FWURL}/${_file}"
+		        -o- "${FWURL}/${_file}" > "$_file"
 		_exit="$?"
 	fi
 
@@ -83,8 +80,6 @@
 		echo "Cannot fetch $_file" >&2
 		return 1
 	fi
-
-	chown root "$_file"
 }
 
 verify() {
@@ -187,20 +182,27 @@
 }
 
 usage() {
-	echo "Usage: fw_install [ -d dir ] [ driver | file [ ... ] ]"
+	echo "Usage: fw_install [ -d dir | -L dir ] [ driver | file [ ... ] ]"
 	exit 2
 }
 
 DOWNLOADDIR=
-while getopts d: name
+LOCALDIR=
+while getopts d:L: name
 do
        case "$name" in
        d) DOWNLOADDIR=$OPTARG ;;
+       L) LOCALDIR=$OPTARG    ;;
        ?) usage 2 ;;
        esac
 done
 shift $((OPTIND - 1))
 
+if [[ -n "${DOWNLOADDIR:-}" && -n "${LOCALDIR:-}" ]]; then
+	echo "Cannot use -d and -L" >&2
+	usage 2
+fi
+
 set -A devices -- "$@"
 
 [ "${devices[*]:-}" ] ||
@@ -233,25 +235,29 @@
 		echo "Unable to use $DOWNLOADDIR, make sure it is a directory"
 		exit 2
 	fi
+elif [ "$LOCALDIR" ]; then
+	if ! cd "$LOCALDIR"; then
+		echo "Unable to use $LOCALDIR, make sure it is a directory"
+		exit 2
+	fi
 else
 	TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" )
 	cd "$TMPDIR"
 fi
 
-# To unpriv we need to let the unpriv user into this dir
-chmod go+x .
+if ! [[ -n "$LOCALDIR" && -e "$CFILE" ]]; then
+	fetch "$CFILE"
+	! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+	    echo "Signature check of SHA256.sig failed" >&2 && exit 1
+fi
 
-fetch "$CFILE"
-! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
-    echo "Signature check of SHA256.sig failed" >&2 && exit 1
-
 for d in "${devices[@]}"; do
 	f="${d##*:}"
 	if [ "$f" = "$d" ]; then
 		f=$( firmware_filename "$d" || true )
 		[ "$f" ] || continue
 	else
-	    d="${d%:*}"
+		d="${d%:*}"
 	fi
 
 	set -A installed -- $( installed_firmware "$d" )
@@ -266,10 +272,12 @@
 	fi
 
 	if [ ! -e "$f" ]; then
+		[ "$LOCALDIR" ] && echo "Cannot install $f, not found" >&2 && continue
 		fetch  "$f" || continue
 		verify "$f" || continue
 	elif [ "${DOWNLOADDIR:-}" ]; then
 		echo "Already have $f"
+		verify "$f" || continue
 	fi
 
 	[ "${DOWNLOADDIR:-}" ] && continue