=================================================================== RCS file: /cvs/openbsd/update_openbsd/update_openbsd,v retrieving revision 1.53 retrieving revision 1.60 diff -u -r1.53 -r1.60 --- openbsd/update_openbsd/update_openbsd 2013/11/09 21:58:26 1.53 +++ openbsd/update_openbsd/update_openbsd 2014/01/22 19:35:46 1.60 @@ -1,5 +1,5 @@ #!/bin/sh -# $AFresh1: update_openbsd,v 1.52 2013/10/20 00:26:35 andrew Exp $ +# $AFresh1: update_openbsd,v 1.59 2014/01/22 06:44:53 andrew Exp $ # # Copyright (c) 2012 Andrew Fresh # @@ -203,7 +203,7 @@ } get_sets() { - echo '### GETTING SETS ###' + echo '==> GETTING SETS' if [ X"" == X"$FTP" ]; then echo ERROR: No FTP site set! >&2 return 1 @@ -216,7 +216,7 @@ for _b in $INSTALL_KERNELS; do if [ ! -e ./${_b} ]; then - echo $FTP_CMD ${FTP}/${_b} + echo "===> $FTP_CMD ${FTP}/${_b}" $FTP_CMD ${FTP}/${_b} fi done @@ -228,16 +228,18 @@ fi if [ ! -e ./${_file} ]; then - echo $FTP_CMD ${FTP}/${_file} + echo "===> $FTP_CMD ${FTP}/${_file}" $FTP_CMD ${FTP}/${_file} fi done local _type + local _ftp for _type in $CHECKSUM_TYPES; do [ -e $_type ] && break - echo $FTP_CMD ${FTP}/$_type - $FTP_CMD ${FTP}/$_type + _ftp=`echo "$FTP" | sed -e 's,://[^/]*/,://ftp.openbsd.org/,'` + echo "===> $FTP_CMD ${_ftp}/$_type" + $FTP_CMD ${_ftp}/$_type done } @@ -255,7 +257,7 @@ check_sum () { local _type=$1 - echo "### CHECKING $_type SUMS ###" + echo "==> CHECKING $_type SUMS" cd $RELEASEDIR if [ ! -e $_type ]; then @@ -263,9 +265,28 @@ return 1 fi - ls bsd* *gz | sed -e 's/\(.*\)/(\1)/' > index - grep -f index $_type | sum -c + local _nv=`echo $NEW_VER | sed -e 's/\.//'` + local _signify=`which signify` + local _keyfile=/etc/signify/${_nv}base.pub + local _b _s + ( + for _b in $INSTALL_KERNELS; do echo "($_b)" ; done + for _s in $INSTALLED_SETS; do echo "($_s$_nv.tgz)"; done + ) > index + + + if [ -n "$_signify" -a "$_type" != "${_type%.sig}" ]; then + echo "===> Checking signature"; + if [ ! -e $_keyfile ]; then + echo "key [$_keyfile] does not exist, cannot check $_type" >&2 + return 2 + fi + signify -V -e -p $_keyfile -x $_type -m - | grep -f index | sum -c - + else + grep -f index $_type | sum -c + fi + if [ $? -ne 0 ]; then echo ERROR: $_type does not match! >&2 return 1 @@ -273,7 +294,7 @@ } check_sets() { - echo '### CHECKING SETS ###' + echo '==> CHECKING SETS' cd $RELEASEDIR local _missing_sets @@ -309,20 +330,23 @@ done if [ X"" == X"${_missing_sets}" ]; then - echo All OK + echo '===> All OK' fi local _type for _type in $CHECKSUM_TYPES; do if [ -e $_type ]; then - check_sum $_type + check_sum $_type && break + [ -z "$IGNORE_CHECKSUM_ERROR" ] || exit 1 fi done + + return 0 } install_kernels() { - echo '### INSTALLING KERNEL ###' + echo '==> INSTALLING KERNEL' if [ X"$USER" != X"root" -a X"$SUDO" == X"" ]; then echo ${0##*/} must be run as root or SUDO must be set! >&2 exit 1 @@ -334,7 +358,7 @@ fi if [ X"$BOOT_KERNEL_VERSION" != X"$NEW_KERNEL_VERSION" ]; then - echo "Backing up $BOOT_KERNEL to /obsd" + echo "===> Backing up $BOOT_KERNEL to /obsd" $SUDO ln -f $BOOT_KERNEL /obsd if [ $? -ne 0 ]; then echo "Error copying old kernel!" >&2 @@ -352,7 +376,7 @@ local _is_boot="" [ X"$BOOT_KERNEL" == X"/${_bd}" ] && _is_boot="# boot kernel" - echo "Copying $_b to /$_bd $_is_boot" + echo "===> Copying $_b to /$_bd $_is_boot" $SUDO cp ${_b} /nbsd && $SUDO mv /nbsd /${_bd} if [ $? -ne 0 ]; then echo ERROR: Could not copy new $_bd kernel! >&2 @@ -367,7 +391,7 @@ for _b in $BOOT_KERNELS; do [ X"$_b" == X"bsd" ] && _b="bsd.sp" if [ -e $_b ]; then - echo symlinking $_b to /bsd + echo "===> symlinking $_b to /bsd" $SUDO ln -sf $_b bsd if [ $? -ne 0 ]; then echo ERROR: Could not symlink new kernel! >&2 @@ -381,7 +405,7 @@ } install_sets() { - echo '### INSTALLING SETS ###' + echo '==> INSTALLING SETS' if [ X"$USER" != X"root" -a X"$SUDO" == X"" ]; then echo ${0##*/} must be run as root or SUDO must be set! >&2 exit 1 @@ -405,7 +429,7 @@ _path=/var/tmp/temproot fi - echo Extracting $_f to $_path + echo "===> Extracting $_f to $_path" $SUDO mkdir -p $_path $SUDO tar -C $_path -xzphf ${RELEASEDIR}/${_f} if [ $? -ne 0 ]; then @@ -414,7 +438,7 @@ fi done - echo Extracted all sets. + echo '===> Extracted all sets.' } install_sendmail_smtp_auth() { @@ -431,12 +455,12 @@ ${RELEASEDIR}/sendmail-smtp_auth \ /usr/libexec/sendmail/sendmail - echo Installed sendmail with smtp_auth + echo '===> Installed sendmail with smtp_auth' fi } update_etc() { - echo '### UPDATING ETC ###' + echo '==> UPDATING ETC' if [ ! -e $SYSMERGE ]; then echo "ERROR: Can't find sysmerge!" >&2 exit 1; @@ -452,15 +476,15 @@ local _v=$FILE_VER local _args="" if [ -e etc${_v}.tgz ]; then - _args="$_args -s etc${_v}.tgz" + _args="$_args -s ${RELEASEDIR}/etc${_v}.tgz" fi if [ -e xetc${_v}.tgz ]; then - _args="$_args -x xetc${_v}.tgz" + _args="$_args -x ${RELEASEDIR}/xetc${_v}.tgz" fi if [ X"" == X"$_args" ]; then echo ERROR: No upgrade sets found! >&2 else - echo '### RUNNING SYSMERGE ###' + echo '==> RUNNING SYSMERGE' $SUDO $SYSMERGE $_args fi @@ -486,7 +510,7 @@ INSTALLED_SETS=${INSTALLED_SETS:=`installed_sets`} -CHECKSUM_TYPES=${CHECKSUM_TYPES:=SHA256 MD5} +CHECKSUM_TYPES=${CHECKSUM_TYPES:=SHA256.sig SHA256} set_version local _error=$? @@ -519,13 +543,13 @@ check_sets || exit -echo "Last booted:\n$BOOTED_KERNEL_VERSION" +echo "===> Last booted:\n$BOOTED_KERNEL_VERSION" if [ X"$BOOT_KERNEL_VERSION" != X"$BOOTED_KERNEL_VERSION" \ -a X"$BOOT_KERNEL_VERSION" != X"$NEW_KERNEL_VERSION" ]; then echo "Next boot (unless replaced):\n$BOOT_KERNEL_VERSION" fi if [ -n "$NEW_KERNEL_VERSION" ]; then - echo "New $BOOT_KERNEL:\n$NEW_KERNEL_VERSION"; + echo "===> New $BOOT_KERNEL:\n$NEW_KERNEL_VERSION"; else echo "\n!!! WARNING: Will not replace boot kernel $BOOT_KERNEL! !!!\n" >&2 echo "ctrl+C to cancel, enter to continue anyway" >&2 @@ -574,7 +598,7 @@ fi update_etc - echo '### UPDATING PACKAGES ###' + echo '==> UPDATING PACKAGES' $SUDO pkg_add -ui -F update -F updatedepends else