mirror of
https://github.com/openbsd/src.git
synced 2026-04-24 14:14:37 +00:00
The fw keys have been added to the signify key bundles. sysupgrade will
now extract the fw key also, so that pre-upgrade fw_update can fetch the most uptodate firmware. ok sthen
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: sysupgrade.8,v 1.20 2024/10/07 15:57:15 jmc Exp $
|
||||
.\" $OpenBSD: sysupgrade.8,v 1.21 2024/10/11 14:12:05 deraadt Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2019 Florian Obser <florian@openbsd.org>
|
||||
.\"
|
||||
@@ -14,7 +14,7 @@
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.Dd $Mdocdate: October 7 2024 $
|
||||
.Dd $Mdocdate: October 11 2024 $
|
||||
.Dt SYSUPGRADE 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -76,10 +76,10 @@ The default is to upgrade to the next release.
|
||||
.El
|
||||
.Pp
|
||||
When updating to a release or snapshot which lacks the required signify
|
||||
key in
|
||||
keys in
|
||||
.Pa /etc/signify ,
|
||||
the missing key will be downloaded in a secure way.
|
||||
In the usual case, the key will already be present because
|
||||
the missing keys will be downloaded in a secure way.
|
||||
In the usual case, the keys will already be present because
|
||||
.Ox
|
||||
releases ship with the current key, the next key, and a collection of
|
||||
older keys.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/bin/ksh
|
||||
#
|
||||
# $OpenBSD: sysupgrade.sh,v 1.55 2024/10/07 13:21:53 deraadt Exp $
|
||||
# $OpenBSD: sysupgrade.sh,v 1.56 2024/10/11 14:12:05 deraadt Exp $
|
||||
#
|
||||
# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
|
||||
# Copyright (c) 2015 Robert Peichaer <rpe@openbsd.org>
|
||||
@@ -153,9 +153,10 @@ if ! [[ -r /etc/signify/$KEY ]]; then
|
||||
HAVEKEY=$(cd /etc/signify && ls -1 openbsd-*-base.pub | \
|
||||
tail -2 | head -1 | cut -d- -f2)
|
||||
BUNDLE=sigbundle-${HAVEKEY}.tgz
|
||||
echo "Adding additional key $KEY from bundle $BUNDLE"
|
||||
FWKEY=$(echo $KEY | sed -e 's/base/fw/')
|
||||
echo "Adding missing keys from bundle $BUNDLE"
|
||||
unpriv -f ${BUNDLE} ftp -N sysupgrade -Vmo $BUNDLE https://ftp.openbsd.org/pub/OpenBSD/signify/$BUNDLE
|
||||
signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY)
|
||||
signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY $FWKEY)
|
||||
rm $BUNDLE
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user