On 2019-05-03, Christian Weisgerber <[email protected]> wrote:
> * For "unpriv -f file", chown file back to root once the command
> finishes, like install.sub does.
>
> I think it's desirable that these behave in the same way. It also
> means that we don't have to worry that later unpriv commands could
> have modified the file. This has consequences:
>
> * Only verify the signature once.
>
> * Only checksum the newly downloaded files.
Adapt to running under -e.
Index: sysupgrade.sh
===================================================================
RCS file: /cvs/src/usr.sbin/sysupgrade/sysupgrade.sh,v
retrieving revision 1.12
diff -u -p -r1.12 sysupgrade.sh
--- sysupgrade.sh 3 May 2019 15:18:14 -0000 1.12
+++ sysupgrade.sh 3 May 2019 19:11:46 -0000
@@ -38,7 +38,7 @@ usage()
unpriv()
{
- local _file=$2 _user=_syspatch
+ local _file=$2 _rc=0 _user=_syspatch
if [[ $1 == -f && -n ${_file} ]]; then
>${_file}
@@ -47,7 +47,11 @@ unpriv()
fi
(($# >= 1))
- eval su -s /bin/sh ${_user} -c "'$@'"
+ eval su -s /bin/sh ${_user} -c "'$@'" || _rc=$?
+
+ [[ -n ${_file} ]] && chown root "${_file}"
+
+ return ${_rc}
}
# Remove all occurrences of first argument from list formed by the remaining
@@ -139,7 +143,7 @@ esac
[[ -f ${SIGNIFY_KEY} ]] || ug_err "cannot find ${SIGNIFY_KEY}"
-unpriv -f SHA256 signify -Veq -p "${SIGNIFY_KEY}" -x SHA256.sig -m SHA256
+unpriv -f SHA256 signify -Ve -p "${SIGNIFY_KEY}" -x SHA256.sig -m SHA256
# INSTALL.*, bsd*, *.tgz
SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \
@@ -162,9 +166,8 @@ for f in ${DL}; do
unpriv -f $f ftp -Vmo ${f} ${URL}${f}
done
-# re-check signature after downloads
echo Verifying sets.
-unpriv signify -qC -p "${SIGNIFY_KEY}" -x SHA256.sig ${SETS}
+[[ -n ${DL} ]] && unpriv cksum -qC SHA256 ${DL}
cp bsd.rd /nbsd.upgrade
ln -f /nbsd.upgrade /bsd.upgrade
--
Christian "naddy" Weisgerber [email protected]
