===================================================================
RCS file: /cvs/openbsd/fw_update/fw_install.sh,v
retrieving revision 1.54
retrieving revision 1.74
diff -u -r1.54 -r1.74
--- openbsd/fw_update/fw_install.sh	2021/12/07 04:29:18	1.54
+++ openbsd/fw_update/fw_install.sh	2021/12/11 20:57:51	1.74
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: fw_install.sh,v 1.54 2021/12/07 04:29:18 afresh1 Exp $
+#	$OpenBSD: fw_install.sh,v 1.74 2021/12/11 20:57:51 afresh1 Exp $
 #
 # Copyright (c) 2021 Andrew Hewus Fresh <afresh1@openbsd.org>
 #
@@ -32,6 +32,8 @@
 FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR}
 FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
 
+LOCALSRC=
+
 tmpdir() {
 	local _i=1 _dir
 
@@ -49,38 +51,31 @@
 }
 
 fetch() {
-	local _file=$1 _user=_file _exit
+	local _src="${FWURL}/${1##*/}" _dst=$1 _user=_file _exit
 
-	>"$_file"
-	chown "$_user" "$_file"
-
 	# If we're not in the installer, we have su(1)
 	# and doas(1) is unlikely to be configured.
 	if [ -x /usr/bin/su ]; then
 		/usr/bin/su -s /bin/ksh "$_user" -c \
-		    "/usr/bin/ftp -D 'Get/Verify' -Vm \
-		        -o '$_file' '${FWURL}/${_file}'"
+		    "/usr/bin/ftp -D 'Get/Verify' -Vm -o- '$_src'" > "$_dst"
 		_exit="$?"
 	else
 		/usr/bin/doas -u "$_user" \
-		    ftp -D 'Get/Verify' -Vm \
-		        -o "$_file" "${FWURL}/${_file}"
+		    /usr/bin/ftp -D 'Get/Verify' -Vm -o- "$_src" > "$_dst"
 		_exit="$?"
 	fi
 
 	if [ "$_exit" -ne 0 ]; then
-		rm -f "$_file"
-		echo "Cannot fetch $_file" >&2
+		rm -f "$_dst"
+		echo "Cannot fetch $_src" >&2
 		return 1
 	fi
-
-	chown root "$_file"
 }
 
 verify() {
 	# On the installer we don't get sha256 -C, so fake it.
-	if ! fgrep -qx "SHA256 ($1) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
-		echo "Checksum test for $1 failed." >&2
+	if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )" "$CFILE"; then
+		echo "Checksum test for ${1##*/} failed." >&2
 		return 1
 	fi
 }
@@ -106,9 +101,18 @@
 }
 
 firmware_filename() {
-	sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d'
+	local _f
+	_f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed '$!d' )"
+	! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1
+	echo "$_f"
 }
 
+firmware_devicename() {
+	local _d="${1##*/}"
+	_d="${_d%-firmware-*}"
+	echo "$_d"
+}
+
 installed_firmware() {
 	for fw in "${DESTDIR}/var/db/pkg/$1-firmware"*; do
 		[ -e "$fw" ] || continue
@@ -117,14 +121,15 @@
 }
 
 add_firmware () {
-	local _f="$1" _pkgdir="${DESTDIR}/var/db/pkg"
+	local _f="${1##*/}"
+	local _pkgdir="${DESTDIR}/var/db/pkg/${_f%.tgz}"
 	ftp -D "Install" -Vmo- "file:${1}" |
-		tar -s ",^\+,${_pkgdir}/${_f%.tgz}/+," \
-		-s ",^firmware,${DESTDIR}/etc/firmware," \
-		-C / -zxphf - "+*" "firmware/*"
+		tar -s ",^\+,${_pkgdir}/+," \
+		    -s ",^firmware,${DESTDIR}/etc/firmware," \
+		    -C / -zxphf - "+*" "firmware/*"
 
 	# TODO: Should we mark these so real fw_update can -Drepair?
-	ed -s "${_pkgdir}/${_f%.tgz}/+CONTENTS" <<EOL
+	ed -s "${_pkgdir}/+CONTENTS" <<EOL
 /^@comment pkgpath/ -1a
 @option manual-installation
 @option firmware
@@ -167,41 +172,86 @@
 	done
 }
 
-set -A devices -- $( devices_needing_firmware )
+usage() {
+	echo "usage: fw_install [-d dir | -L dir] [driver | file [...]]"
+	exit 2
+}
 
-if [ ! "${devices:-}" ]; then
+INSTALL=true
+DOWNLOAD=true
+
+while getopts dL name
+do
+       case "$name" in
+       # "download only" means local dir and don't install
+       d) LOCALSRC=. INSTALL=false ;;
+       L) LOCALSRC=. ;;
+       ?) usage 2 ;;
+       esac
+done
+shift $((OPTIND - 1))
+
+# If we're installing from a local dir
+# we don't want to download anything
+[ "$LOCALSRC" ] && "$INSTALL" && DOWNLOAD=false
+[ "$LOCALSRC" ] || LOCALSRC="$( tmpdir "${DESTDIR}/tmp/fw_install" )"
+
+set -A devices -- "$@"
+
+[ "${devices[*]:-}" ] ||
+    set -A devices -- $( devices_needing_firmware )
+
+if [ ! "${devices[*]:-}" ]; then
 	echo "No devices found which need firmware files to be downloaded."
 	exit
 fi
 
-TMPDIR=$( tmpdir "${DESTDIR}/tmp/fw_install" )
-cd "$TMPDIR"
+if "$DOWNLOAD"; then
+	fetch "$CFILE"
+	! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+	    echo "Signature check of SHA256.sig failed" >&2 && exit 1
+fi
 
-# To unpriv we need to let the unpriv user into this dir
-chmod go+x .
+for f in "${devices[@]}"; do
+	d="$( firmware_devicename "$f" )"
 
-fetch "$CFILE"
-! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
-    echo "Signature check of SHA256.sig failed" >&2 && exit 1
+	if [ "$f" = "$d" ]; then
+		f=$( firmware_filename "$d" || true )
+		[ "$f" ] || continue
+		f="$LOCALSRC/$f"
+	elif ! "$INSTALL" && ! grep -q "($f)" "$CFILE" ; then
+		echo "Cannot download local file $f" >&2
+		exit 2
+	fi
 
-for d in "${devices[@]}"; do
-	f=$( firmware_filename "$d" )
-	[ "$f" ] || continue
 	set -A installed -- $( installed_firmware "$d" )
 
-	if [ "${installed:-}" ]; then
-		for i in "${installed[@]:-}"; do
-			if [ "$f" = "$i.tgz" ]; then
+	if "$INSTALL" && [ "${installed[*]:-}" ]; then
+		for i in "${installed[@]}"; do
+			if [ "${f##*/}" = "$i.tgz" ]; then
 				echo "$i already installed"
 				continue 2
 			fi
 		done
 	fi
 
-	fetch  "$f" || continue
-	verify "$f" || continue
+	if [ -e "$f" ]; then
+		if "$DOWNLOAD"; then
+			echo "Verify existing ${f##*/}"
+			verify "$f" || continue
+		# else assume it was verified when downloaded
+		fi
+	elif "$INSTALL" && ! "$DOWNLOAD"; then
+		echo "Cannot install ${f##*/}, not found" >&2
+		continue
+	else
+		fetch  "$f" || continue
+		verify "$f" || continue
+	fi
 
-	if [ "${installed:-}" ]; then
+	"$INSTALL" || continue
+
+	if [ "${installed[*]:-}" ]; then
 		for i in "${installed[@]}"; do
 			delete_firmware "$i"
 		done