* For "unpriv -f file", chown file back to root once the command
finishes, like install.sub does.
I think it's desirable that these behave in the same way. It also
means that we don't have to worry that later unpriv commands could
have modified the file. This has consequences:
* Only verify the signature once.
* Only checksum the newly downloaded files.
OK?
Index: sysupgrade.sh
===================================================================
RCS file: /cvs/src/usr.sbin/sysupgrade/sysupgrade.sh,v
retrieving revision 1.12
diff -u -p -r1.12 sysupgrade.sh
--- sysupgrade.sh 3 May 2019 15:18:14 -0000 1.12
+++ sysupgrade.sh 3 May 2019 15:30:08 -0000
@@ -38,7 +38,7 @@ usage()
unpriv()
{
- local _file=$2 _user=_syspatch
+ local _file=$2 _rc _user=_syspatch
if [[ $1 == -f && -n ${_file} ]]; then
>${_file}
@@ -48,6 +48,11 @@ unpriv()
(($# >= 1))
eval su -s /bin/sh ${_user} -c "'$@'"
+ _rc=$?
+
+ [[ -n ${_file} ]] && chown root "${_file}"
+
+ return ${_rc}
}
# Remove all occurrences of first argument from list formed by the remaining
@@ -139,7 +144,7 @@ esac
[[ -f ${SIGNIFY_KEY} ]] || ug_err "cannot find ${SIGNIFY_KEY}"
-unpriv -f SHA256 signify -Veq -p "${SIGNIFY_KEY}" -x SHA256.sig -m SHA256
+unpriv -f SHA256 signify -Ve -p "${SIGNIFY_KEY}" -x SHA256.sig -m SHA256
# INSTALL.*, bsd*, *.tgz
SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \
@@ -162,9 +167,8 @@ for f in ${DL}; do
unpriv -f $f ftp -Vmo ${f} ${URL}${f}
done
-# re-check signature after downloads
echo Verifying sets.
-unpriv signify -qC -p "${SIGNIFY_KEY}" -x SHA256.sig ${SETS}
+[[ -n ${DL} ]] && unpriv cksum -qC SHA256 ${DL}
cp bsd.rd /nbsd.upgrade
ln -f /nbsd.upgrade /bsd.upgrade
--
Christian "naddy" Weisgerber [email protected]
