#!/bin/sh # $AFresh1: update_openbsd,v 1.112 2018/12/16 20:23:38 andrew Exp $ # # Copyright (c) 2012 Andrew Fresh # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # installed_sets() { local misc=/usr/share/doc/README local man=/usr/share/man/man1/intro.1 local comp=/usr/bin/cc local game=/usr/games/ local xbase=/usr/X11R6/ local xetc=/etc/X11/xinit/xinitrc local xfont=/usr/X11R6/lib/X11/fonts local xserv=/usr/X11R6/bin/X local xshare=/usr/X11R6/bin/startx local _nv=`echo $NEW_VER | sed -e 's/\.//'` local _c _d _e echo -n base [ $_nv -lt 57 ] && echo -n ' etc' for _d in misc man comp game xbase xetc xfont xserv xshare; do [ $_d = xetc -a $_nv -ge 57 ] && continue eval _e=\$${_d} _c=`ls $_e 2> /dev/null | wc -l` #echo $_c $_d $_e if [ $_c -ne 0 ]; then echo -n " $_d" fi done sendmail -d0.1 --badoption /dev/null | grep -q SASL if [ $? == 0 ]; then echo -n ' sendmail-smtp_auth' fi } kernel_file_version() { echo exit | config -e $1 | grep -A1 ^OpenBSD #what $1 | sed -ne 's/[[:blank:]]\{1,\}//p' } kernel_is_multiprocessor() { printf "find cpu*\nexit\n" | config -e $1 2>/dev/null | grep -q "cpu\* at " } version_in() { local _proto=${FTP%%://*} local _file if [ X"ftp" == X"${_proto}" ]; then local _list=`echo "ls base*.tgz" | ${FTP_CMD} ${FTP}/` _file=`echo ${_list} | awk '/base[0-9][0-9].tgz/ { print $9 }'` elif [ X"http" == X"${_proto}" -o X"https" == X"${_proto}" ]; then _file=`${FTP_CMD} -V -o - ${FTP}/index.txt | sed -ne 's/.*\(base[0-9][0-9].tgz\).*/\1/p'` elif [ X"scp" == X"${_proto}" ]; then echo SCP is not yet supported >&2 return 2 else echo Unsupported FTP ${FTP} >&2 return 2 fi local _v=${_file##*base} _v=${_v%.tgz*} echo $_v } set_boot_device() { BOOT_DEVICE=$( df -lnP /bsd | sed -ne 's! .*/$!!p' ) root_disk=$( echo $BOOT_DEVICE | sed -e 's,/dev/\([a-z]*[0-9]\)[a-z].*,\1,' ) msdos_partition=$( fdisk $root_disk | grep -q '^*.*FAT32' \ && \ disklabel $root_disk | sed -ne 's/:.*MSDOS//p' | tr -d ' ' ) [ "$msdos_partition" ] && BOOT_DEVICE="/dev/$root_disk$msdos_partition" } boot_device_mounted="" mount_boot_device() { [ "$boot_device_mounted" ] && return [ "$BOOT_DEVICE" ] || return local boot_mount=$( mount | sed -ne "s!^$BOOT_DEVICE on \([^ ]*\).*!\1!p" ) if [ ! "$boot_mount" ]; then mount $BOOT_DEVICE /mnt boot_device_mounted=1 fi } umount_boot_device() { [ "$boot_device_mounted" ] && umount $BOOT_DEVICE boot_device_mounted="" } find_boot_kernel() { local _k=$( ( \ echo bsd; \ [ -e boot.conf ] && sed -E '/^ *(set +image|boot) +/!d ; \ s///; s/^.*://; s/ .*$//' boot.conf \ ) | tail -1 ) _k=$( follow_symlink $_k ) local _d=$( dirname $_k ) [ "$_d" = "." ] && _d=$PWD if [ $_d = . -o $_d = $PWD ]; then basename $_k else echo $_k fi } set_version() { CUR_VER=`uname -r` NEW_VER=`dc -e "$CUR_VER 0.1 + p"` FILE_VER="" FTP="" local _cv=`echo $CUR_VER | sed -e 's/\.//'` local _nv=`echo $NEW_VER | sed -e 's/\.//'` local _v _d _pkr if [ X"No" != X"$FORCE_DIR" -a -d $FORCE_DIR ]; then _dir=$FORCE_DIR if [ -e ${_dir}/base${_nv}.tgz ]; then _v=$_nv elif [ -e ${_dir}/base${_cv}.tgz ]; then NEW_VER=$CUR_VER _v=$_cv fi elif [ -d $CUR_VER ]; then _dir=$CUR_VER NEW_VER=$CUR_VER if [ -e ${_dir}/base${_cv}.tgz ]; then _v=$_cv fi elif [ -d $NEW_VER ]; then _dir=$NEW_VER if [ -e ${_dir}/base${_nv}.tgz ]; then _v=$_nv fi fi if [ X"" != X"${MIRROR}" -a X"" == X"${_v}" ]; then if [ X"No" != X"${FORCE_DIR}" ]; then _dir=${FORCE_DIR} elif sysctl kern.version | grep -q -- '-current '; then _dir=snapshots FORCE_DIR=snapshots else _dir=${NEW_VER} fi FTP=${MIRROR}/${_dir}/`machine` _v=`version_in` if [ X"" == X"${_v}" ]; then if [ X"No" != X"$FORCE_DIR" ]; then echo No sets in forced [${FTP}] >&2 return 2 fi NEW_VER=$CUR_VER _dir=${NEW_VER} FTP=${MIRROR}/${_dir}/`machine` _v=`version_in` fi if [ X"" == X"${_v}" ]; then echo No sets in [${FTP}] >&2 return 2 elif [ X"${_cv}" == X"${_v}" ]; then NEW_VER=$CUR_VER elif [ X"${_nv}" == X"${_v}" ]; then NEW_VER=$NEW_VER else echo Invalid version [$_v] >&2 return 2 fi if [ X"No" == X"$FORCE_DIR" ]; then _dir=$NEW_VER fi fi if [ X"" == X"${_v}" ]; then if [ X"" == X"${MIRROR}" ]; then echo ERROR: No sets, and no MIRROR, unable to continue. >&2 else echo ERROR: Unable to determine FILE_VER, check your MIRROR. >&2 fi return 1 fi if [ X"" == X"$RELEASEDIR" ]; then RELEASEDIR=`pwd`/$_dir fi FILE_VER=$_v if [ X"" != X"${MIRROR}" ]; then FTP=${MIRROR}/${_dir}/`machine` fi KERNEL_ROOT="" [ -z "$BOOT_DEVICE" ] && set_boot_device mount_boot_device # _pkr == possible_kernel_roots _pkr=/ [ "$BOOT_DEVICE" ] && _pkr="/mnt/ $_pkr" for _d in $_pkr; do KERNEL_ROOT=$( df -lnP ${_d}bsd 2>/dev/null | sed -ne 's!/dev/.* !!p' ) [ "$KERNEL_ROOT" ] && break done if ! [ "$KERNEL_ROOT" ]; then echo "Unable to find KERNEL_ROOT, tried $_pkr" >&2 exit 2 fi cd $KERNEL_ROOT BOOT_KERNEL=$( find_boot_kernel ) BOOT_KERNEL_VERSION=$( kernel_file_version $BOOT_KERNEL ) if [ $(sysctl -n hw.ncpufound) -gt 1 ] || kernel_is_multiprocessor $BOOT_KERNEL; then BOOT_KERNEL=bsd.mp fi BOOTED_KERNEL_VERSION=`sysctl -n kern.version` NEW_KERNEL_VERSION="" # We want to default to what we had INSTALL_KERNELS="$BOOT_KERNEL" # if the boot kernel was our specially named bsd.sp, we install from bsd if [ X"$INSTALL_KERNELS" == X"bsd.sp" ]; then INSTALL_KERNELS="bsd" fi # We want to update all kernels that exist # either in the $KERNEL_ROOT or in / for b in bsd bsd.mp; do [ -e $b -o -e /$b ] || continue if [ X"${INSTALL_KERNELS% *}" != X"$b" ]; then INSTALL_KERNELS="$INSTALL_KERNELS $b" fi done cd $OLDPWD umount_boot_device BOOT_KERNELS=$INSTALL_KERNELS INSTALL_KERNELS="$INSTALL_KERNELS bsd.rd" } get_sets() { echo '==> GETTING SETS' if [ X"" == X"$FTP" ]; then echo ERROR: No FTP site set! >&2 return 1 fi mkdir -p ${RELEASEDIR} cd $RELEASEDIR local _v=$FILE_VER for _b in $INSTALL_KERNELS; do if [ ! -e ./${_b} ]; then echo "===> $FTP_CMD ${FTP}/${_b}" $FTP_CMD ${FTP}/${_b} else echo "===> Have ${_b}" fi kernel_file_version "${_b}" done for _s in $INSTALLED_SETS; do [ "$_v" -ge "57" -a "$_s" != "${_s%etc}" ] && continue local _file=${_s}${_v}.tgz if [ ${_s} == sendmail-smtp_auth ]; then _file=${_s}.gz fi if [ ! -e ./${_file} ]; then echo "===> $FTP_CMD ${FTP}/${_file}" $FTP_CMD ${FTP}/${_file} fi done local _type local _ftp for _type in $CHECKSUM_TYPES; do [ -e $_type ] && break _ftp=`echo "$FTP" | sed -e 's,://[^/]*/,://ftp.openbsd.org/,'` echo "===> $FTP_CMD ${_ftp}/$_type" $FTP_CMD ${_ftp}/$_type done } follow_symlink () { local _file=$1 # This could go circular, but I dunno how to fix that. if [ -h $_file ]; then follow_symlink $( readlink -f $_file ) else echo $_file fi } check_sum () { local _type=$1 echo "==> CHECKING $_type SUMS" cd $RELEASEDIR if [ ! -e $_type ]; then echo $_type File does not exist! return 1 fi local _nv=`echo $NEW_VER | sed -e 's/\.//'` local _signify=`which signify 2>/dev/null` local _keyfile=/etc/signify/openbsd-${_nv}-base.pub local _b _s ( for _b in $INSTALL_KERNELS; do echo "($_b)" ; done for _s in $INSTALLED_SETS; do echo "($_s$_nv.tgz)"; done ) > index if [ -n "$_signify" -a "$_type" != "${_type%.sig}" ]; then echo "===> Checking signature"; if [ ! -e $_keyfile ]; then echo "key [$_keyfile] does not exist, cannot check $_type" >&2 return 2 fi signify -V -e -p $_keyfile -x $_type -m - | grep -f index | sha256 -c - else grep -f index $_type | sha256 -c fi if [ $? -ne 0 ]; then echo ERROR: $_type does not match! >&2 return 1 fi } check_sets() { echo '==> CHECKING SETS' cd $RELEASEDIR local _missing_sets local _v=$FILE_VER mount_boot_device for _n in $INSTALL_KERNELS; do local _o=$_n [ X"bsd" == X"${_o}" -a -e ${KERNEL_ROOT}bsd.sp ] && _o=bsd.sp if [ -e ${KERNEL_ROOT}${_o} -a ! -e ./${_n} ]; then echo ${_o} does not exist on $BOOT_DEVICE _missing_sets=1 fi if [ X"${BOOT_KERNEL}" == X"${_o}" -a -e ./${_n} ]; then NEW_KERNEL_VERSION=`kernel_file_version ./${_n}` fi done umount_boot_device if [ X"$NEW_KERNEL_VERSION" == X"" ]; then echo Missing replacement for boot kernel $BOOT_KERNEL >&2 _missing_sets=1 fi for _s in $INSTALLED_SETS; do [ "$_v" -ge "57" -a "$_s" != "${_s%etc}" ] && continue local _file=${_s}${_v}.tgz if [ ${_s} == sendmail-smtp_auth ]; then _file=${_s}.gz fi if [ ! -e ./${_file} ]; then echo ${_file} does not exist _missing_sets=1 fi done if [ X"" == X"${_missing_sets}" ]; then echo 'All OK' fi local _type for _type in $CHECKSUM_TYPES; do [ -n "$NO_SIGNIFY" -a "$_type" != "${_type%.sig}" ] && continue if [ -e $_type ]; then check_sum $_type && break [ -z "$IGNORE_CHECKSUM_ERROR" ] && exit 1 fi done return 0 } install_kernels() { local _d="$1" local boot_mount local mount_is_msdos if [ "$_d" ]; then _d=$( readlink -nf "$_d" ) else mount_boot_device if [ "$KERNEL_ROOT" != "/" ]; then local _ik="$INSTALL_KERNELS" INSTALL_KERNELS="$BOOT_KERNEL bsd.rd" install_kernels $KERNEL_ROOT INSTALL_KERNELS="$_ik" fi umount_boot_device install_kernels / return fi echo "==> INSTALLING KERNEL to $_d" if [ X"" == X"$RELEASEDIR" ]; then echo ERROR: no source for new kernels! >&2 exit 1 fi [ $_d != / ] && _d=${_d%/}/ [ $_d != / ] && mount | grep -q " on ${_d%/} .* msdos" && mount_is_msdos=1 if [ X"$BOOT_KERNEL_VERSION" != X"$NEW_KERNEL_VERSION" ]; then echo "===> Backing up $BOOT_KERNEL to ${_d}obsd" if [ $mount_is_msdos ]; then cp ${_d}$BOOT_KERNEL ${_d}obsd else ln -f ${_d}$BOOT_KERNEL ${_d}obsd fi if [ $? -ne 0 ]; then echo "Error copying old kernel!" >&2 exit 1 fi fi cd $RELEASEDIR for _b in $INSTALL_KERNELS; do rm -f ${_d}nbsd local _bd=$_b [ X"${_b}" == X"bsd" ] && _bd="bsd.sp" local _is_boot="" [ X"$BOOT_KERNEL" == X"${_d}${_bd}" ] && _is_boot="# boot kernel" echo "Copying $_b to ${_d}$_bd $_is_boot" cp ${_b} ${_d}nbsd && mv ${_d}nbsd ${_d}${_bd} if [ $? -ne 0 ]; then echo ERROR: Could not copy new $_bd kernel! >&2 exit 1 fi done cd $OLDPWD if [ ! -h ${_d}bsd ]; then cd ${_d} for _b in $BOOT_KERNELS; do [ X"$_b" == X"bsd" ] && _b="bsd.sp" if [ -e $_b ]; then if [ "$mount_is_msdos" ]; then echo "===> Moving $_b ${_d}bsd (MSDOS)" mv -f ${_b} bsd else echo "===> symlinking $_b to ${_d}bsd" ln -sf $_b bsd fi break fi done cd $OLDPWD fi } install_sets() { echo '==> INSTALLING SETS' if [ X"" == X"$RELEASEDIR" ]; then echo ERROR: no source for sets! >&2 exit 1 else cd $RELEASEDIR fi local _v=$FILE_VER local _sets=`ls *${_v}.tgz | grep -v ^base ` for _f in ${_sets} base${_v}.tgz; do _path=$DESTDIR if [ X"etc${_v}.tgz" == X"$_f" \ -o X"xetc${_v}.tgz" == X"$_f" ]; then [ X"" != X"$SYSMERGE" ] && continue _path=/var/tmp/temproot fi echo "Extracting $_f to $_path" mkdir -p $_path tar -C $_path -xzphf ${RELEASEDIR}/${_f} if [ $? -ne 0 ]; then echo ERROR: Could not extract ${_f}! >&2 exit 1 fi done echo '===> Extracted all sets.' } install_sendmail_smtp_auth() { if [ -e ${RELEASEDIR}/sendmail-smtp_auth.gz ]; then gzcat ${RELEASEDIR}/sendmail-smtp_auth.gz > \ ${RELEASEDIR}/sendmail-smtp_auth fi if [ -e ${RELEASEDIR}/sendmail-smtp_auth ]; then if ! pkg_info -qe 'cyrus-sasl-*'; then pkg_add -i cyrus-sasl fi install -o root -g smmsp -m 2555 \ ${RELEASEDIR}/sendmail-smtp_auth \ /usr/libexec/sendmail/sendmail echo '===> Installed sendmail with smtp_auth' fi } update_etc() { echo '==> UPDATING ETC' if [ ! -e $SYSMERGE ]; then echo "ERROR: Can't find sysmerge!" >&2 exit 1; fi local _v=$FILE_VER local _args="" if [ ! -e /var/sysmerge/etc.tgz ]; then if [ X"" == X"$RELEASEDIR" ]; then echo "ERROR: no source for etc!" >&2 exit 1 fi cd $RELEASEDIR if [ -e etc${_v}.tgz ]; then _args="$_args -s ${RELEASEDIR}/etc${_v}.tgz" fi if [ -e xetc${_v}.tgz ]; then _args="$_args -x ${RELEASEDIR}/xetc${_v}.tgz" fi if [ X"" == X"$_args" ]; then echo ERROR: No upgrade sets found! >&2 exit 1 fi fi echo '==> RUNNING SYSMERGE' $SYSMERGE $_args cd $OLDPWD } if [ $(id -u) != 0 ]; then echo 'ERROR: need root privileges to run this script' >&2 exit 1 fi if [ -e /etc/update_openbsd.conf ]; then . /etc/update_openbsd.conf fi if [ -e ${HOME}/.update_openbsdrc ]; then . ${HOME}/.update_openbsdrc fi MIRROR=${MIRROR:=http://cdn.openbsd.org/pub/OpenBSD} FTP_CMD=${FTP_CMD:=ftp -V} DESTDIR=${DESTDIR:=/} SYSMERGE=${SYSMERGE:=/usr/sbin/sysmerge} FORCE_DIR=${FORCE_DIR:=No} export PKG_PATH TRUSTED_PKG_PATH set_version TRUSTED_PKG_PATH=${TRUSTED_PKG_PATH:=/usr/ports/packages/`machine -a`/all} if [ "$FORCE_DIR" = "No" ]; then PKG_PATH=${PKG_PATH:=${MIRROR}/$NEW_VER/packages/`machine -a`} else PKG_PATH=${PKG_PATH:=${MIRROR}/$FORCE_DIR/packages/`machine -a`} fi INSTALLED_SETS=${INSTALLED_SETS:=`installed_sets`} CHECKSUM_TYPES=${CHECKSUM_TYPES:=SHA256.sig SHA256} local _error=$? echo echo "-= update_openbsd - helper script to update OpenBSD =-" echo "------------------------------------------------------" echo echo " SYSMERGE: $SYSMERGE" echo " MIRROR: $FTP" echo " PKG_PATH: $PKG_PATH" echo "TRUSTED_PKG_PATH: $TRUSTED_PKG_PATH" echo " RELEASEDIR: $RELEASEDIR" echo " DESTDIR: $DESTDIR" echo " BOOT_DEVICE: $BOOT_DEVICE" echo " BOOT_KERNEL: $BOOT_KERNEL" echo " INSTALL_KERNELS: $INSTALL_KERNELS" echo " INSTALLED_SETS: $INSTALLED_SETS" echo echo " CUR_VER: $CUR_VER" echo " NEW_VER: $NEW_VER" #echo " FILE_VER: $FILE_VER" echo mount_boot_device for k in $INSTALL_KERNELS; do if [ -e $KERNEL_ROOT$k ]; then echo "Existing $BOOT_DEVICE:$k" kernel_file_version $KERNEL_ROOT$k fi done umount_boot_device if [ ${_error} -ne 0 ]; then exit ${_error} fi if [ X"" != X"${FTP}" ]; then get_sets fi check_sets || exit echo "===> Last booted:\n$BOOTED_KERNEL_VERSION" if [ X"$BOOT_KERNEL_VERSION" != X"$BOOTED_KERNEL_VERSION" \ -a X"$BOOT_KERNEL_VERSION" != X"$NEW_KERNEL_VERSION" ]; then echo "Next boot (unless replaced):\n$BOOT_KERNEL_VERSION" fi if [ -n "$NEW_KERNEL_VERSION" ]; then echo "===> New $BOOT_KERNEL:\n$NEW_KERNEL_VERSION"; else echo "\n!!! WARNING: Will not replace boot kernel $BOOT_KERNEL! !!!\n" >&2 echo "ctrl+C to cancel, enter to continue anyway" >&2 local _temp read _temp NEW_KERNEL_VERSION=$BOOT_KERNEL_VERSION fi if [ X"$NEW_KERNEL_VERSION" != X"$BOOTED_KERNEL_VERSION" ]; then echo >&2 echo "!!! You are upgrading the OpenBSD kernel. !!!" >&2 echo "!!! You will be given the opportunity to reboot !!!" >&2 echo "!!! at the end of the proces but it is safer to !!!" >&2 echo "!!! have a separate root shell open. !!!" >&2 echo "!!! It is needed in order to run /sbin/oreboot. !!!" >&2 echo "!!! doas MAY NOT WORK after sets are extracted. !!!" >&2 echo >&2 echo "enter to continue, ctrl+C to cancel" >&2 local _temp read _temp if [ ! -e /sbin/oreboot ]; then cp /sbin/reboot /sbin/oreboot if [ $? -ne 0 ]; then echo "Error copying old reboot command!" >&2 exit 1 fi echo "/sbin/reboot copied to /sbin/oreboot" fi fi install_kernels install_sets if [ X"$NEW_KERNEL_VERSION" == X"$BOOTED_KERNEL_VERSION" ]; then install_sendmail_smtp_auth if [ -e /sbin/oreboot ]; then echo Removing /sbin/oreboot rm -f /sbin/oreboot fi update_etc OPENUP=$( which openup 2>/dev/null ) if [ -n "$OPENUP" ]; then echo "==> UPDATING WITH $OPENUP" $OPENUP else echo '==> UPDATING PACKAGES' pkg_add -u fi echo '==> UPDATING FIRMWARE' fw_update else [ -e /etc/rc.sysmerge ] && grep -q $SYSMERGE /etc/rc.sysmerge || echo "$SYSMERGE -b" >>/etc/rc.sysmerge && echo "==> RUNNING $SYSMERGE -b ON REBOOT" echo Instructions for updating to the new version available from if [ X"snapshots" == X"$FORCE_DIR" ]; then echo " http://www.openbsd.org/faq/current.html" else echo " http://www.openbsd.org/faq/upgrade${FILE_VER}.html" fi fi echo Update complete. enter to reboot, ctrl+C to cancel read _temp if [ -e /sbin/oreboot ]; then echo using /sbin/oreboot /sbin/oreboot else /sbin/reboot fi