openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-04-24 14:14:37 +00:00
Code Issues Projects Releases Wiki Activity

The fw keys have been added to the signify key bundles. sysupgrade will

Browse Source 
now extract the fw key also, so that pre-upgrade fw_update can fetch
the most uptodate firmware.
ok sthen
This commit is contained in:
deraadt
2024-10-11 14:12:05 +00:00
parent 21da56abf0
commit be53cb2d9a
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
usr.sbin/sysupgrade/sysupgrade.8
View File

@@ -1,4 +1,4 @@
.\" $OpenBSD: sysupgrade.8,v 1.20 2024/10/07 15:57:15 jmc Exp $
.\" $OpenBSD: sysupgrade.8,v 1.21 2024/10/11 14:12:05 deraadt Exp $
.\"
.\" Copyright (c) 2019 Florian Obser <florian@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 7 2024 $
.Dd $Mdocdate: October 11 2024 $
.Dt SYSUPGRADE 8
.Os
.Sh NAME
@@ -76,10 +76,10 @@ The default is to upgrade to the next release.
.El
.Pp
When updating to a release or snapshot which lacks the required signify
key in
keys in
.Pa /etc/signify ,
the missing key will be downloaded in a secure way.
In the usual case, the key will already be present because
the missing keys will be downloaded in a secure way.
In the usual case, the keys will already be present because
.Ox
releases ship with the current key, the next key, and a collection of
older keys.

7
usr.sbin/sysupgrade/sysupgrade.sh
View File

@@ -1,6 +1,6 @@
#!/bin/ksh
#
# $OpenBSD: sysupgrade.sh,v 1.55 2024/10/07 13:21:53 deraadt Exp $
# $OpenBSD: sysupgrade.sh,v 1.56 2024/10/11 14:12:05 deraadt Exp $
#
# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
# Copyright (c) 2015 Robert Peichaer <rpe@openbsd.org>
@@ -153,9 +153,10 @@ if ! [[ -r /etc/signify/$KEY ]]; then
HAVEKEY=$(cd /etc/signify && ls -1 openbsd-*-base.pub | \
tail -2 | head -1 | cut -d- -f2)
BUNDLE=sigbundle-${HAVEKEY}.tgz
echo "Adding additional key $KEY from bundle $BUNDLE"
FWKEY=$(echo $KEY | sed -e 's/base/fw/')
echo "Adding missing keys from bundle $BUNDLE"
unpriv -f ${BUNDLE} ftp -N sysupgrade -Vmo $BUNDLE https://ftp.openbsd.org/pub/OpenBSD/signify/$BUNDLE
signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY)
signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY $FWKEY)
rm $BUNDLE
fi