=================================================================== RCS file: /cvs/openbsd/fw_update/fw_install.sh,v retrieving revision 1.58 retrieving revision 1.67 diff -u -r1.58 -r1.67 --- openbsd/fw_update/fw_install.sh 2021/12/08 03:51:48 1.58 +++ openbsd/fw_update/fw_install.sh 2021/12/11 03:25:09 1.67 @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: fw_install.sh,v 1.58 2021/12/08 03:51:48 afresh1 Exp $ +# $OpenBSD: fw_install.sh,v 1.67 2021/12/11 03:25:09 afresh1 Exp $ # # Copyright (c) 2021 Andrew Hewus Fresh # @@ -61,20 +61,17 @@ fetch() { local _file=$1 _user=_file _exit - >"$_file" - chown "$_user" "$_file" - # If we're not in the installer, we have su(1) # and doas(1) is unlikely to be configured. if [ -x /usr/bin/su ]; then /usr/bin/su -s /bin/ksh "$_user" -c \ "/usr/bin/ftp -D 'Get/Verify' -Vm \ - -o '$_file' '${FWURL}/${_file}'" + -o- '${FWURL}/${_file}'" > "$_file" _exit="$?" else /usr/bin/doas -u "$_user" \ ftp -D 'Get/Verify' -Vm \ - -o "$_file" "${FWURL}/${_file}" + -o- "${FWURL}/${_file}" > "$_file" _exit="$?" fi @@ -83,8 +80,6 @@ echo "Cannot fetch $_file" >&2 return 1 fi - - chown root "$_file" } verify() { @@ -186,12 +181,34 @@ done } +usage() { + echo "usage: fw_install [-d dir | -L dir] [driver | file [...]]" + exit 2 +} + +DOWNLOADDIR= +LOCALDIR= +while getopts d:L: name +do + case "$name" in + d) DOWNLOADDIR=$OPTARG ;; + L) LOCALDIR=$OPTARG ;; + ?) usage 2 ;; + esac +done +shift $((OPTIND - 1)) + +if [[ -n "$DOWNLOADDIR" && -n "$LOCALDIR" ]]; then + echo "Cannot use -d and -L" >&2 + usage 2 +fi + set -A devices -- "$@" [ "${devices[*]:-}" ] || set -A devices -- $( devices_needing_firmware ) -if [ ! "${devices:-}" ]; then +if [ ! "${devices[*]:-}" ]; then echo "No devices found which need firmware files to be downloaded." exit fi @@ -202,36 +219,50 @@ while (( i < "${#devices[@]}" )); do f="${devices[$i]}" d=$( firmware_devicename "$f" ) - [ "$f" = "$d" ] && f="$( echo "$f"-firmware-*.tgz | sed '$!d' )" if [ -e "$f" ]; then + if [ "$DOWNLOADDIR" ]; then + echo "Cannot download local file $f" >&2 + exit 2 + fi devices[$i]="$d:$( realpath "$f" )" fi i=$((i + 1)) done -TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" ) -cd "$TMPDIR" +if [ "$DOWNLOADDIR" ]; then + if ! cd "$DOWNLOADDIR"; then + echo "Unable to use $DOWNLOADDIR, make sure it is a directory" + exit 2 + fi +elif [ "$LOCALDIR" ]; then + if ! cd "$LOCALDIR"; then + echo "Unable to use $LOCALDIR, make sure it is a directory" + exit 2 + fi +else + TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" ) + cd "$TMPDIR" +fi -# To unpriv we need to let the unpriv user into this dir -chmod go+x . +if ! [[ -n "$LOCALDIR" && -e "$CFILE" ]]; then + fetch "$CFILE" + ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && + echo "Signature check of SHA256.sig failed" >&2 && exit 1 +fi -fetch "$CFILE" -! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" && - echo "Signature check of SHA256.sig failed" >&2 && exit 1 - for d in "${devices[@]}"; do f="${d##*:}" if [ "$f" = "$d" ]; then f=$( firmware_filename "$d" || true ) [ "$f" ] || continue else - d="${d%:*}" + d="${d%:*}" fi set -A installed -- $( installed_firmware "$d" ) - if [ "${installed:-}" ]; then - for i in "${installed[@]:-}"; do + if [ ! "$DOWNLOADDIR" ] && [ "${installed[*]:-}" ]; then + for i in "${installed[@]}"; do if [ "${f##*/}" = "$i.tgz" ]; then echo "$i already installed" continue 2 @@ -240,11 +271,17 @@ fi if [ ! -e "$f" ]; then + [ "$LOCALDIR" ] && echo "Cannot install $f, not found" >&2 && continue fetch "$f" || continue verify "$f" || continue + elif [ "$DOWNLOADDIR" ]; then + echo "Already have $f" + verify "$f" || continue fi - if [ "${installed:-}" ]; then + [ "$DOWNLOADDIR" ] && continue + + if [ "${installed[*]:-}" ]; then for i in "${installed[@]}"; do delete_firmware "$i" done