commit eb923e4925604fbe93a13b7b969cb55f20908e49 from: vincent delft date: Sun Feb 8 09:38:46 2026 UTC initial import commit - /dev/null commit + eb923e4925604fbe93a13b7b969cb55f20908e49 blob - /dev/null blob + 2d43261a6998070dffdd21993bafc414f28a7238 (mode 644) --- /dev/null +++ LICENSE @@ -0,0 +1,22 @@ +# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback +# Copyright (c) 2015 Robert Peichaer +# Copyright (c) 2016, 2017 Antoine Jacoutot +# Copyright (c) 2019 Christian Weisgerber +# Copyright (c) 2019 Florian Obser +# Copyright (c) 2019 Vincent Delft initial release +# Copyright (c) 2020 Vincent Delft for OpenBSD 6.8 +# Copyright (c) 2024 Vincent Delft for OpenBSD 7.6 +# Copyright (c) 2025 Vincent Delft for OpenBSD 7.8 +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + blob - /dev/null blob + 3913270370c73853bd05e67786c9c938f5194661 (mode 644) --- /dev/null +++ README.md @@ -0,0 +1,91 @@ +# -*- coding: utf-8 -*- + + +# Introduction + +For several years, I've been using a customized version of [sysupgrade](https://man.openbsd.org/sysupgrade) to avoid deploying all OpenBSD sets across my different machines. This adapted script has been working flawlessly since several years now for my needs. I hope it will be useful for you too. + +Here’s an example of `/etc/sysupgrade_sets` on my OpenBSD system, which is connected to my Hi-Fi system which runs on a very small machine having limited memory and disk space: + + obsd:~# cat /etc/sysupgrade_sets + -game* # Exclude game sets + -xs* # Exclude X server and X share sets, but keep xbase + -xf* # Exclude X font sets + +As shown, comments are allowed, and the syntax is similar to the installation process. This file specifies which sets to download and install. + +# My sysupgrade Script + +You can download [my custom sysupgrade script here](https://repo.vincentdelft.be/mysysupgrade.git/) or use the following commands: + + obsd:~# TODO ftp https://vincentdelft.be/static/post/post_20241101/mysysupgrade.ksh + obsd:~# ksh mysysupgrade.ksh + +Like the default version, this script needs to be run with `ksh`. + + +# Using My sysupgrade Script + +Here’s a walkthrough of using the script to upgrade an OpenBSD 7.5 server. You can see the steps it performs: + + obsd: ~ # ksh mysysupgrade.ksh + Fetching from https://cdn.openbsd.org/pub/OpenBSD/7.6/amd64/ + SHA256.sig 100% |*************************************************************************| 2324 00:00 + Signature Verified + BUILDINFO 100% |*************************************************************************| 54 00:00 + Verifying old sets. + The following files will be downloaded: INSTALL.amd64 base76.tgz bsd bsd.mp bsd.rd comp76.tgz man76.tgz xbase76.tgz + old file: INSTALL.amd64 base75.tgz bsd bsd.mp bsd.rd comp75.tgz man75.tgz xbase75.tgz + INSTALL.amd64 100% |************************************************************************| 44889 00:00 + base76.tgz 100% |*************************************************************************| 414 MB 00:38 + bsd 100% |*************************************************************************| 28007 KB 00:03 + bsd.mp 100% |*************************************************************************| 28139 KB 00:03 + bsd.rd 100% |*************************************************************************| 4600 KB 00:02 + comp76.tgz 100% |*************************************************************************| 81512 KB 00:08 + man76.tgz 100% |*************************************************************************| 8039 KB 00:04 + xbase76.tgz 100% |*************************************************************************| 60681 KB 00:10 + Verifying sets. + Fetching updated firmware. + fw_update: add none; update intel,inteldrm,vmm| + Reboot now ?(Y/n) n + obsd: ~ # + +The script creates an `/auto_upgrade.conf` file, simulating the manual input you would typically provide during an upgrade. Here’s a look: + + Location of sets = disk + Pathname to the sets = /mnt/home/_sysupgrade/ + Set name(s) = -game* + Set name(s) = -xs* + Set name(s) = -xf* + Directory does not contain SHA256.sig. Continue without verification = yes + +This configuration specifies the sets’ location and excludes game, xs, and xf sets based on `/etc/sysupgrade_sets`. The installation script installs only what is in `/mnt/home/_sysupgrade`. + +The script also ensures that `/bsd.upgrade` is prepared and protected with the `700` permission: + + obsd:~# ls -al /bsd.upgrade + -rwx------ 1 root wheel 4710411 Oct 31 14:42 /bsd.upgrade + +To complete the upgrade, reboot the machine: + + obsd:~# reboot + +If you have console access, you can monitor the process. Otherwise, wait a few minutes for the upgrade and a final reboot. + + +# Final Steps for usual upgrade process + +After rebooting, complete the upgrade by running usual commands : + + obsd:~# sysmerge + obsd:~# pkg_add -u + +Although the upgrade script includes a first-boot `sysmerge`, it might not cover all changes to customized files. Package updates can take longer depending on your internet speed and the number of installed packages. Once everything is up-to-date, reboot the system again: + + obsd:~# reboot + + +My customized `sysupgrade` has suited my needs perfectly, and I hope it does the same for you! + + +""" blob - /dev/null blob + 143c025c2fb986c4209fd963dda15800a57cde03 (mode 644) --- /dev/null +++ mysysupgrade.sh @@ -0,0 +1,325 @@ +#!/bin/ksh +# +# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback +# Copyright (c) 2015 Robert Peichaer +# Copyright (c) 2016, 2017 Antoine Jacoutot +# Copyright (c) 2019 Christian Weisgerber +# Copyright (c) 2019 Florian Obser +# Copyright (c) 2019 Vincent Delft +# Copyright (c) 2020 Vincent Delft for OpenBSD 6.8 +# Copyright (c) 2024 Vincent Delft for OpenBSD 7.6 +# Copyright (c) 2025 Vincent Delft for OpenBSD 7.8 +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +set -e +umask 0022 +export PATH=/usr/bin:/bin:/usr/sbin:/sbin + +ARCH=$(uname -m) +SETSDIR=/home/_sysupgrade + +err() +{ + echo "${0##*/}: ${1}" 1>&2 + return ${2:-1} +} + +usage() +{ + echo "usage: ${0##*/} [-fkns] [-b base-directory] [-R version] [installurl | path]" 1>&2 + return 1 +} + +unpriv() +{ + local _file _rc=0 _user=_syspatch + + if [[ $1 == -f ]]; then + _file=$2 + shift 2 + fi + if [[ -n ${_file} ]]; then + >${_file} + chown "${_user}" "${_file}" + fi + (($# >= 1)) + + eval su -s /bin/sh ${_user} -c "'$@'" || _rc=$? + + [[ -n ${_file} ]] && chown root "${_file}" + + return ${_rc} +} + +# Remove all occurrences of first argument from list formed by the remaining +# arguments. +rmel() { + local _a=$1 _b _c + + shift + for _b; do + [[ $_a != "$_b" ]] && _c="${_c:+$_c }$_b" + done + echo -n "$_c" +} + +### start +# Test the first argument against the remaining ones, return success on a match. +isin() { + local _a=$1 _b + + shift + for _b; do + [[ $_a == "$_b" ]] && return 0 + done + return 1 +} + +# Add first argument to list formed by the remaining arguments. +# Adds to the tail if the element does not already exist. +addel() { + local _a=$1 + + shift + isin "$_a" $* && echo -n "$*" || echo -n "${*:+$* }$_a" + + +} +### end + +SNAP=false +FILE=false +FORCE=false +FORCE_VERSION=false +KEEP=false +REBOOT=true +WHAT='release' + +VERSION=$(uname -r) +NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc) + +while getopts b:fknrR:s arg; do + case ${arg} in + b) SETSDIR=${OPTARG}/_sysupgrade;; + f) FORCE=true;; + k) KEEP=true;; + n) REBOOT=false;; + r) ;; + R) FORCE_VERSION=true + [[ ${OPTARG} == @([0-9]|[0-9][0-9]).[0-9] ]] || + err "invalid version: ${OPTARG}" + NEXT_VERSION=${OPTARG};; + s) SNAP=true;; + *) usage;; + esac +done + +(($(id -u) != 0)) && err "need root privileges" + +### start +if [ -f /auto_upgrade.conf ]; then + echo "You already have a file /auto_upgrade.conf" + echo "Please backup it and remove it, $0 will over-write it" + exit 1 +fi +### end + +shift $(( OPTIND -1 )) + +### start +REQSETS=$(sed 's/#.*//;/^$/d' /etc/sysupgrade_sets) 2>/dev/null || + REQSETS= +### end + +case $# in +0) MIRROR=$(sed 's/#.*//;/^$/d' /etc/installurl) 2>/dev/null || + MIRROR=https://cdn.openbsd.org/pub/OpenBSD + ;; +1) MIRROR=$1 + ;; +*) usage +esac +[[ $MIRROR == @(file|ftp|http|https)://* ]] || + FILE=true +$FORCE_VERSION && $SNAP && + err "incompatible options: -s -R $NEXT_VERSION" +$FORCE && ! $SNAP && + err "incompatible options: -f without -s" + +if $SNAP; then + WHAT='snapshot' + URL=${MIRROR}/snapshots/${ARCH}/ +else + URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/ + $FORCE_VERSION || ALT_URL=${MIRROR}/${VERSION}/${ARCH}/ +fi + +# Oh wait, this is a path install +if $FILE; then + URL=file://$MIRROR/ + ALT_URL= +fi + +install -d -o 0 -g 0 -m 0755 ${SETSDIR} +cd ${SETSDIR} + +echo "Fetching from ${URL}" +if ! unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig; then + if [[ -n ${ALT_URL} ]]; then + echo "Fetching from ${ALT_URL}" + unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${ALT_URL}SHA256.sig + URL=${ALT_URL} + NEXT_VERSION=${VERSION} + else + exit 1 + fi +fi + +# The key extracted from SHA256.sig must precisely match a pattern +KEY=$(head -1 < SHA256.sig | cut -d' ' -f5 | \ + egrep '^openbsd-[[:digit:]]{2,3}-base.pub$' || true) +if [[ -z $KEY ]]; then + echo "Invalid SHA256.sig file" + exit 1 +fi + +# If required key is not in the system, get it from a signed bundle +if ! [[ -r /etc/signify/$KEY ]]; then + HAVEKEY=$(cd /etc/signify && ls -1 openbsd-*-base.pub | \ + tail -2 | head -1 | cut -d- -f2) + BUNDLE=sigbundle-${HAVEKEY}.tgz + FWKEY=$(echo $KEY | sed -e 's/base/fw/') + echo "Adding missing keys from bundle $BUNDLE" + unpriv -f ${BUNDLE} ftp -N sysupgrade -Vmo $BUNDLE https://ftp.openbsd.org/pub/OpenBSD/signify/$BUNDLE + signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY $FWKEY) + rm $BUNDLE +fi + +unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256 +rm SHA256.sig + +if cmp -s /var/db/installed.SHA256 SHA256 && ! $FORCE; then + echo "Already on latest ${WHAT}." + exit 0 +fi + +unpriv -f BUILDINFO ftp -N sysupgrade -Vmo BUILDINFO ${URL}BUILDINFO +unpriv cksum -qC SHA256 BUILDINFO + +if [[ -e /var/db/installed.BUILDINFO ]]; then + installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO) + build_ts=$(cut -f3 -d' ' BUILDINFO) + if (( $build_ts <= $installed_build_ts )) && ! $FORCE; then + echo "Downloaded ${WHAT} is older than installed system. Use -f to force downgrade." + exit 1 + fi +fi + +# INSTALL.*, bsd*, *.tgz +SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \ + -e '/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256) + +OLD_FILES=$(ls) +OLD_FILES=$(rmel SHA256 $OLD_FILES) +DL=$SETS + +### start +set -o noglob +for resp in $REQSETS +do + case $resp in + -*) _action=rmel;; + *) _action=addel;; + esac + resp=${resp#[+-]} + for _f in $SETS; do + [[ $_f == $resp ]] && DL=$($_action $_f $DL) + done +done +set +o noglob +### end + +[[ -n ${OLD_FILES} ]] && echo Verifying old sets. +for f in ${OLD_FILES}; do + if cksum -C SHA256 $f >/dev/null 2>&1; then + DL=$(rmel $f ${DL}) + OLD_FILES=$(rmel $f ${OLD_FILES}) + fi +done + +### start +[[ -n $DL ]] && echo "The following files will be downloaded: $DL" + +echo "old file: $OLD_FILES" +### end +[[ -n ${OLD_FILES} ]] && rm ${OLD_FILES} +for f in ${DL}; do + unpriv -f $f ftp -N sysupgrade -Vmo ${f} ${URL}${f} +done + +if [[ -n ${DL} ]]; then + echo Verifying sets. + unpriv cksum -qC SHA256 ${DL} +fi + +cat <<__EOT >/auto_upgrade.conf +Location of sets = disk +### start +Pathname to the sets = /mnt${SETSDIR}/ + +__EOT +for _elem in $REQSETS +do + echo "Set name(s) = $_elem" >> /auto_upgrade.conf +done +cat <<__EOT >>/auto_upgrade.conf +### end +Directory does not contain SHA256.sig. Continue without verification = yes +__EOT + +if ! ${KEEP}; then + CLEAN=$(echo BUILDINFO SHA256 ${SETS} | sed -e 's/ /,/g') + cat <<__EOT > /etc/rc.firsttime +rm -f ${SETSDIR}/{${CLEAN}} +__EOT +fi + +echo Fetching updated firmware. +set -A _NEXTKERNV -- $(what bsd | + sed -n '2s/^[[:blank:]]OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\).*/\1 \2/p') + +if [[ ${_NEXTKERNV[1]} == '-current' ]]; then + FW_URL=http://firmware.openbsd.org/firmware/snapshots/ +else + FW_URL=http://firmware.openbsd.org/firmware/${_NEXTKERNV[0]}/ +fi +VNAME="${_NEXTKERNV[0]}" fw_update -p ${FW_URL} || true + +install -F -m 700 bsd.rd /bsd.upgrade +logger -t sysupgrade -p kern.info "installed new /bsd.upgrade. Old kernel version: $(sysctl -n kern.version)" +sync + +if ${REBOOT}; then + ### start + echo "Reboot now ?(Y/n)" + read answer + case $answer in + no|n) echo "Will upgrade on next reboot" + exit 0 ;; + esac + ### end + exec reboot +else + echo "Will upgrade on next reboot" +fi blob - /dev/null blob + 604fbabd8ed4ed79990563edf744eb48e98de607 (mode 755) --- /dev/null +++ sysupgrade @@ -0,0 +1,249 @@ +#!/bin/ksh +# +# $OpenBSD: sysupgrade.sh,v 1.58 2025/02/03 18:55:55 florian Exp $ +# +# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback +# Copyright (c) 2015 Robert Peichaer +# Copyright (c) 2016, 2017 Antoine Jacoutot +# Copyright (c) 2019 Christian Weisgerber +# Copyright (c) 2019 Florian Obser +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +set -e +umask 0022 +export PATH=/usr/bin:/bin:/usr/sbin:/sbin + +ARCH=$(uname -m) +SETSDIR=/home/_sysupgrade + +err() +{ + echo "${0##*/}: ${1}" 1>&2 + return ${2:-1} +} + +usage() +{ + echo "usage: ${0##*/} [-fkns] [-b base-directory] [-R version] [installurl | path]" 1>&2 + return 1 +} + +unpriv() +{ + local _file _rc=0 _user=_syspatch + + if [[ $1 == -f ]]; then + _file=$2 + shift 2 + fi + if [[ -n ${_file} ]]; then + >${_file} + chown "${_user}" "${_file}" + fi + (($# >= 1)) + + eval su -s /bin/sh ${_user} -c "'$@'" || _rc=$? + + [[ -n ${_file} ]] && chown root "${_file}" + + return ${_rc} +} + +# Remove all occurrences of first argument from list formed by the remaining +# arguments. +rmel() { + local _a=$1 _b _c + + shift + for _b; do + [[ $_a != "$_b" ]] && _c="${_c:+$_c }$_b" + done + echo -n "$_c" +} + +SNAP=false +FILE=false +FORCE=false +FORCE_VERSION=false +KEEP=false +REBOOT=true +WHAT='release' + +VERSION=$(uname -r) +NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc) + +while getopts b:fknrR:s arg; do + case ${arg} in + b) SETSDIR=${OPTARG}/_sysupgrade;; + f) FORCE=true;; + k) KEEP=true;; + n) REBOOT=false;; + r) ;; + R) FORCE_VERSION=true + [[ ${OPTARG} == @([0-9]|[0-9][0-9]).[0-9] ]] || + err "invalid version: ${OPTARG}" + NEXT_VERSION=${OPTARG};; + s) SNAP=true;; + *) usage;; + esac +done + +(($(id -u) != 0)) && err "need root privileges" + +shift $(( OPTIND -1 )) + +case $# in +0) MIRROR=$(sed 's/#.*//;/^$/d' /etc/installurl) 2>/dev/null || + MIRROR=https://cdn.openbsd.org/pub/OpenBSD + ;; +1) MIRROR=$1 + ;; +*) usage +esac +[[ $MIRROR == @(file|ftp|http|https)://* ]] || + FILE=true +$FORCE_VERSION && $SNAP && + err "incompatible options: -s -R $NEXT_VERSION" +$FORCE && ! $SNAP && + err "incompatible options: -f without -s" + +if $SNAP; then + WHAT='snapshot' + URL=${MIRROR}/snapshots/${ARCH}/ +else + URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/ + $FORCE_VERSION || ALT_URL=${MIRROR}/${VERSION}/${ARCH}/ +fi + +# Oh wait, this is a path install +if $FILE; then + URL=file://$MIRROR/ + ALT_URL= +fi + +install -d -o 0 -g 0 -m 0755 ${SETSDIR} +cd ${SETSDIR} + +echo "Fetching from ${URL}" +if ! unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig; then + if [[ -n ${ALT_URL} ]]; then + echo "Fetching from ${ALT_URL}" + unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${ALT_URL}SHA256.sig + URL=${ALT_URL} + NEXT_VERSION=${VERSION} + else + exit 1 + fi +fi + +# The key extracted from SHA256.sig must precisely match a pattern +KEY=$(head -1 < SHA256.sig | cut -d' ' -f5 | \ + egrep '^openbsd-[[:digit:]]{2,3}-base.pub$' || true) +if [[ -z $KEY ]]; then + echo "Invalid SHA256.sig file" + exit 1 +fi + +# If required key is not in the system, get it from a signed bundle +if ! [[ -r /etc/signify/$KEY ]]; then + HAVEKEY=$(cd /etc/signify && ls -1 openbsd-*-base.pub | \ + tail -2 | head -1 | cut -d- -f2) + BUNDLE=sigbundle-${HAVEKEY}.tgz + FWKEY=$(echo $KEY | sed -e 's/base/fw/') + echo "Adding missing keys from bundle $BUNDLE" + unpriv -f ${BUNDLE} ftp -N sysupgrade -Vmo $BUNDLE https://ftp.openbsd.org/pub/OpenBSD/signify/$BUNDLE + signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY $FWKEY) + rm $BUNDLE +fi + +unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256 +rm SHA256.sig + +if cmp -s /var/db/installed.SHA256 SHA256 && ! $FORCE; then + echo "Already on latest ${WHAT}." + exit 0 +fi + +unpriv -f BUILDINFO ftp -N sysupgrade -Vmo BUILDINFO ${URL}BUILDINFO +unpriv cksum -qC SHA256 BUILDINFO + +if [[ -e /var/db/installed.BUILDINFO ]]; then + installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO) + build_ts=$(cut -f3 -d' ' BUILDINFO) + if (( $build_ts <= $installed_build_ts )) && ! $FORCE; then + echo "Downloaded ${WHAT} is older than installed system. Use -f to force downgrade." + exit 1 + fi +fi + +# INSTALL.*, bsd*, *.tgz +SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \ + -e '/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256) + +OLD_FILES=$(ls) +OLD_FILES=$(rmel SHA256 $OLD_FILES) +DL=$SETS + +[[ -n ${OLD_FILES} ]] && echo Verifying old sets. +for f in ${OLD_FILES}; do + if cksum -C SHA256 $f >/dev/null 2>&1; then + DL=$(rmel $f ${DL}) + OLD_FILES=$(rmel $f ${OLD_FILES}) + fi +done + +[[ -n ${OLD_FILES} ]] && rm ${OLD_FILES} +for f in ${DL}; do + unpriv -f $f ftp -N sysupgrade -Vmo ${f} ${URL}${f} +done + +if [[ -n ${DL} ]]; then + echo Verifying sets. + unpriv cksum -qC SHA256 ${DL} +fi + +cat <<__EOT >/auto_upgrade.conf +Location of sets = disk +Pathname to the sets = ${SETSDIR}/ +Directory does not contain SHA256.sig. Continue without verification = yes +__EOT + +if ! ${KEEP}; then + CLEAN=$(echo BUILDINFO SHA256 ${SETS} | sed -e 's/ /,/g') + cat <<__EOT > /etc/rc.firsttime +rm -f ${SETSDIR}/{${CLEAN}} +__EOT +fi + +echo Fetching updated firmware. +set -A _NEXTKERNV -- $(what bsd | + sed -n '2s/^[[:blank:]]OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\).*/\1 \2/p') + +if [[ ${_NEXTKERNV[1]} == '-current' ]]; then + FW_URL=http://firmware.openbsd.org/firmware/snapshots/ +else + FW_URL=http://firmware.openbsd.org/firmware/${_NEXTKERNV[0]}/ +fi +VNAME="${_NEXTKERNV[0]}" fw_update -p ${FW_URL} || true + +install -F -m 700 bsd.rd /bsd.upgrade +logger -t sysupgrade -p kern.info "installed new /bsd.upgrade. Old kernel version: $(sysctl -n kern.version)" +sync + +if ${REBOOT}; then + echo Upgrading. + exec reboot +else + echo "Will upgrade on next reboot" +fi blob - /dev/null blob + 0fdb4cf591648668c9bf0e210c1f3d98a49f0d70 (mode 644) --- /dev/null +++ sysupgrade_sets @@ -0,0 +1,5 @@ +-game* # +# thus we keep xbase +-xs* # for xserver and xshare +-xf* # for xfont +