deraadt@ noticed that if you install a list of local files fw_update
still tries to download the SHA256.sig and will fail if it can't. That
doesn't make sense, so instead only download it if we're going to use
it and it doesn't exist. It does continue to attempt to update the
SHA256.sig if we're downloading firmware in case there is a new one and
possibly new firmware.
Comments, OK?
Index: fw_update.sh
===================================================================
RCS file: /cvs/src/usr.sbin/fw_update/fw_update.sh,v
retrieving revision 1.25
diff -u -p -r1.25 fw_update.sh
--- fw_update.sh 6 Jan 2022 19:27:01 -0000 1.25
+++ fw_update.sh 7 Jan 2022 02:08:34 -0000
@@ -119,7 +119,21 @@ fetch() {
fi
}
+fetch_cfile() {
+ if "$DOWNLOAD"; then
+ set +o noclobber # we want to get the latest CFILE
+ fetch "$CFILE" || return 1
+ set -o noclobber
+ ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+ echo "Signature check of SHA256.sig failed" >&2 && return 1
+ elif [ ! -e "$CFILE" ]; then
+ echo "${0##*/}: $CFILE: No such file or directory" >&2
+ return 2
+ fi
+}
+
verify() {
+ [ -e "$CFILE" ] || fetch_cfile
# On the installer we don't get sha256 -C, so fake it.
if ! fgrep -qx "SHA256 (${1##*/}) = $( /bin/sha256 -qb "$1" )"
"$CFILE"; then
echo "Checksum test for ${1##*/} failed." >&2
@@ -149,6 +163,7 @@ firmware_in_dmesg() {
firmware_filename() {
local _f
+ [ -e "$CFILE" ] || fetch_cfile
_f="$( sed -n "s/.*(\($1-firmware-.*\.tgz\)).*/\1/p" "$CFILE" | sed
'$!d' )"
! [ "$_f" ] && echo "Unable to find firmware for $1" >&2 && return 1
echo "$_f"
@@ -313,6 +328,17 @@ fi
if [ "$OPT_F" ]; then
INSTALL=false
LOCALSRC="${LOCALSRC:-.}"
+
+ # Always check for latest CFILE and so latest firmware
+ if [ -e "$LOCALSRC/$CFILE" ]; then
+ mv "$LOCALSRC/$CFILE" "$LOCALSRC/$CFILE-OLD"
+ if fetch_cfile; then
+ rm -f "$LOCALSRC/$CFILE-OLD"
+ else
+ mv "$LOCALSRC/$CFILE-OLD" "$LOCALSRC/$CFILE"
+ echo "Using existing $CFILE" >&2
+ fi
+ fi
elif [ "$LOCALSRC" ]; then
DOWNLOAD=false
fi
@@ -385,18 +411,6 @@ else
fi
[ "${devices[*]:-}" ] || exit
-
-if "$DOWNLOAD"; then
- set +o noclobber # we want to get the latest CFILE
- fetch "$CFILE"
- set -o noclobber
- ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
- echo "Signature check of SHA256.sig failed" >&2 && exit 1
-elif [ ! -e "$CFILE" ]; then
- # TODO: We shouldn't need a CFILE if all arguments are files.
- echo "${0##*/}: $CFILE: No such file or directory" >&2
- exit 2
-fi
added=''
updated=''
