fw_update(8) Redownload files that fail validation

[Andrew Hewus Fresh]

That last patch I committed made it so that if you specify a local path
to install from with -p, while it will look in the SHA256.sig file for
the filename it didn't actually verify the checksum.

In any case, this patch means we verify the checksum unless someone
specified a local filename on the command line.  If we translate a
driver name into a filename we verify the checksum.

This also adjusts so that if the existing file fails the checksum and
we're downloading (with -F for example) it will rm the file and
re-download it.

It _doesn't_ try again for a file that is downloaded and fails
validation, either right after having rm'd a file that failed or if it
didn't previously exist and it does leave the successfully downloaded
(but failed validation) file on disk.  I haven't decided if that's the
right choice yet.

Comments, OK?


Index: fw_update.sh
===================================================================
RCS file: /cvs/src/usr.sbin/fw_update/fw_update.sh,v
retrieving revision 1.28
diff -u -p -r1.28 fw_update.sh
--- fw_update.sh        8 Jan 2022 22:32:00 -0000       1.28
+++ fw_update.sh        9 Jan 2022 04:21:09 -0000
@@ -424,7 +424,7 @@ kept=''
 for f in "${devices[@]}"; do
        d="$( firmware_devicename "$f" )"
 
-       verify_existing="$DOWNLOAD"
+       verify_existing=true
        if [ "$f" = "$d" ]; then
                f=$( firmware_filename "$d" || true )
                [ "$f" ] || continue
@@ -450,19 +450,24 @@ for f in "${devices[@]}"; do
                done
        fi
 
+       if "$verify_existing" && [ -e "$f" ]; then
+               msg="Keep/Verify"
+               "$INSTALL" && msg="Verify"
+               "$VERBOSE" && ! "$INSTALL" &&
+                   echo "$msg ${f##*/}"
+
+               if "$DRYRUN" || verify "$f"; then
+                       "$INSTALL" || kept="$kept,$d"
+               elif "$DOWNLOAD"; then
+                       "$VERBOSE" && echo "Refetching $f"
+                       rm -f $f
+               else
+                       continue
+               fi
+       fi
+
        if [ -e "$f" ]; then
-               if "$DOWNLOAD"; then
-                       if "$verify_existing" && ! "$DRYRUN"; then
-                               "$VERBOSE" && ! "$INSTALL" &&
-                                   echo "Keep/Verify ${f##*/}"
-                               verify "$f" || continue
-                       else
-                               "$VERBOSE" && ! "$INSTALL" &&
-                                   echo "Keep ${f##*/}"
-                       fi
-                       "$INSTALL" || kept="$kept,$d"
-               # else assume it was verified when downloaded
-               fi
+               true # verified above
        elif "$DOWNLOAD"; then
                if "$DRYRUN"; then
                        "$VERBOSE" && echo "Get/Verify ${f##*/}"