commit - /dev/null
commit + eb923e4925604fbe93a13b7b969cb55f20908e49
blob - /dev/null
blob + 2d43261a6998070dffdd21993bafc414f28a7238 (mode 644)
--- /dev/null
+++ LICENSE
+# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
+# Copyright (c) 2015 Robert Peichaer <rpe@openbsd.org>
+# Copyright (c) 2016, 2017 Antoine Jacoutot <ajacoutot@openbsd.org>
+# Copyright (c) 2019 Christian Weisgerber <naddy@openbsd.org>
+# Copyright (c) 2019 Florian Obser <florian@openbsd.org>
+# Copyright (c) 2019 Vincent Delft <vincent.delft@gmail.com> initial release
+# Copyright (c) 2020 Vincent Delft <vincent.delft@gmail.com> for OpenBSD 6.8
+# Copyright (c) 2024 Vincent Delft <vincent.delft@gmail.com> for OpenBSD 7.6
+# Copyright (c) 2025 Vincent Delft <vincent.delft@gmail.com> for OpenBSD 7.8
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
blob - /dev/null
blob + 3913270370c73853bd05e67786c9c938f5194661 (mode 644)
--- /dev/null
+++ README.md
+# -*- coding: utf-8 -*-
+
+
+# Introduction
+
+For several years, I've been using a customized version of [sysupgrade](https://man.openbsd.org/sysupgrade) to avoid deploying all OpenBSD sets across my different machines. This adapted script has been working flawlessly since several years now for my needs. I hope it will be useful for you too.
+
+Here’s an example of `/etc/sysupgrade_sets` on my OpenBSD system, which is connected to my Hi-Fi system which runs on a very small machine having limited memory and disk space:
+
+ obsd:~# cat /etc/sysupgrade_sets
+ -game* # Exclude game sets
+ -xs* # Exclude X server and X share sets, but keep xbase
+ -xf* # Exclude X font sets
+
+As shown, comments are allowed, and the syntax is similar to the installation process. This file specifies which sets to download and install.
+
+# My sysupgrade Script
+
+You can download [my custom sysupgrade script here](https://repo.vincentdelft.be/mysysupgrade.git/) or use the following commands:
+
+ obsd:~# TODO ftp https://vincentdelft.be/static/post/post_20241101/mysysupgrade.ksh
+ obsd:~# ksh mysysupgrade.ksh
+
+Like the default version, this script needs to be run with `ksh`.
+
+
+# Using My sysupgrade Script
+
+Here’s a walkthrough of using the script to upgrade an OpenBSD 7.5 server. You can see the steps it performs:
+
+ obsd: ~ # ksh mysysupgrade.ksh
+ Fetching from https://cdn.openbsd.org/pub/OpenBSD/7.6/amd64/
+ SHA256.sig 100% |*************************************************************************| 2324 00:00
+ Signature Verified
+ BUILDINFO 100% |*************************************************************************| 54 00:00
+ Verifying old sets.
+ The following files will be downloaded: INSTALL.amd64 base76.tgz bsd bsd.mp bsd.rd comp76.tgz man76.tgz xbase76.tgz
+ old file: INSTALL.amd64 base75.tgz bsd bsd.mp bsd.rd comp75.tgz man75.tgz xbase75.tgz
+ INSTALL.amd64 100% |************************************************************************| 44889 00:00
+ base76.tgz 100% |*************************************************************************| 414 MB 00:38
+ bsd 100% |*************************************************************************| 28007 KB 00:03
+ bsd.mp 100% |*************************************************************************| 28139 KB 00:03
+ bsd.rd 100% |*************************************************************************| 4600 KB 00:02
+ comp76.tgz 100% |*************************************************************************| 81512 KB 00:08
+ man76.tgz 100% |*************************************************************************| 8039 KB 00:04
+ xbase76.tgz 100% |*************************************************************************| 60681 KB 00:10
+ Verifying sets.
+ Fetching updated firmware.
+ fw_update: add none; update intel,inteldrm,vmm|
+ Reboot now ?(Y/n) n
+ obsd: ~ #
+
+The script creates an `/auto_upgrade.conf` file, simulating the manual input you would typically provide during an upgrade. Here’s a look:
+
+ Location of sets = disk
+ Pathname to the sets = /mnt/home/_sysupgrade/
+ Set name(s) = -game*
+ Set name(s) = -xs*
+ Set name(s) = -xf*
+ Directory does not contain SHA256.sig. Continue without verification = yes
+
+This configuration specifies the sets’ location and excludes game, xs, and xf sets based on `/etc/sysupgrade_sets`. The installation script installs only what is in `/mnt/home/_sysupgrade`.
+
+The script also ensures that `/bsd.upgrade` is prepared and protected with the `700` permission:
+
+ obsd:~# ls -al /bsd.upgrade
+ -rwx------ 1 root wheel 4710411 Oct 31 14:42 /bsd.upgrade
+
+To complete the upgrade, reboot the machine:
+
+ obsd:~# reboot
+
+If you have console access, you can monitor the process. Otherwise, wait a few minutes for the upgrade and a final reboot.
+
+
+# Final Steps for usual upgrade process
+
+After rebooting, complete the upgrade by running usual commands :
+
+ obsd:~# sysmerge
+ obsd:~# pkg_add -u
+
+Although the upgrade script includes a first-boot `sysmerge`, it might not cover all changes to customized files. Package updates can take longer depending on your internet speed and the number of installed packages. Once everything is up-to-date, reboot the system again:
+
+ obsd:~# reboot
+
+
+My customized `sysupgrade` has suited my needs perfectly, and I hope it does the same for you!
+
+
+"""
blob - /dev/null
blob + 143c025c2fb986c4209fd963dda15800a57cde03 (mode 644)
--- /dev/null
+++ mysysupgrade.sh
+#!/bin/ksh
+#
+# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
+# Copyright (c) 2015 Robert Peichaer <rpe@openbsd.org>
+# Copyright (c) 2016, 2017 Antoine Jacoutot <ajacoutot@openbsd.org>
+# Copyright (c) 2019 Christian Weisgerber <naddy@openbsd.org>
+# Copyright (c) 2019 Florian Obser <florian@openbsd.org>
+# Copyright (c) 2019 Vincent Delft <vincent.delft@gmail.com>
+# Copyright (c) 2020 Vincent Delft <vincent.delft@gmail.com> for OpenBSD 6.8
+# Copyright (c) 2024 Vincent Delft <vincent.delft@gmail.com> for OpenBSD 7.6
+# Copyright (c) 2025 Vincent Delft <vincent.delft@gmail.com> for OpenBSD 7.8
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+set -e
+umask 0022
+export PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+ARCH=$(uname -m)
+SETSDIR=/home/_sysupgrade
+
+err()
+{
+ echo "${0##*/}: ${1}" 1>&2
+ return ${2:-1}
+}
+
+usage()
+{
+ echo "usage: ${0##*/} [-fkns] [-b base-directory] [-R version] [installurl | path]" 1>&2
+ return 1
+}
+
+unpriv()
+{
+ local _file _rc=0 _user=_syspatch
+
+ if [[ $1 == -f ]]; then
+ _file=$2
+ shift 2
+ fi
+ if [[ -n ${_file} ]]; then
+ >${_file}
+ chown "${_user}" "${_file}"
+ fi
+ (($# >= 1))
+
+ eval su -s /bin/sh ${_user} -c "'$@'" || _rc=$?
+
+ [[ -n ${_file} ]] && chown root "${_file}"
+
+ return ${_rc}
+}
+
+# Remove all occurrences of first argument from list formed by the remaining
+# arguments.
+rmel() {
+ local _a=$1 _b _c
+
+ shift
+ for _b; do
+ [[ $_a != "$_b" ]] && _c="${_c:+$_c }$_b"
+ done
+ echo -n "$_c"
+}
+
+### start
+# Test the first argument against the remaining ones, return success on a match.
+isin() {
+ local _a=$1 _b
+
+ shift
+ for _b; do
+ [[ $_a == "$_b" ]] && return 0
+ done
+ return 1
+}
+
+# Add first argument to list formed by the remaining arguments.
+# Adds to the tail if the element does not already exist.
+addel() {
+ local _a=$1
+
+ shift
+ isin "$_a" $* && echo -n "$*" || echo -n "${*:+$* }$_a"
+
+
+}
+### end
+
+SNAP=false
+FILE=false
+FORCE=false
+FORCE_VERSION=false
+KEEP=false
+REBOOT=true
+WHAT='release'
+
+VERSION=$(uname -r)
+NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc)
+
+while getopts b:fknrR:s arg; do
+ case ${arg} in
+ b) SETSDIR=${OPTARG}/_sysupgrade;;
+ f) FORCE=true;;
+ k) KEEP=true;;
+ n) REBOOT=false;;
+ r) ;;
+ R) FORCE_VERSION=true
+ [[ ${OPTARG} == @([0-9]|[0-9][0-9]).[0-9] ]] ||
+ err "invalid version: ${OPTARG}"
+ NEXT_VERSION=${OPTARG};;
+ s) SNAP=true;;
+ *) usage;;
+ esac
+done
+
+(($(id -u) != 0)) && err "need root privileges"
+
+### start
+if [ -f /auto_upgrade.conf ]; then
+ echo "You already have a file /auto_upgrade.conf"
+ echo "Please backup it and remove it, $0 will over-write it"
+ exit 1
+fi
+### end
+
+shift $(( OPTIND -1 ))
+
+### start
+REQSETS=$(sed 's/#.*//;/^$/d' /etc/sysupgrade_sets) 2>/dev/null ||
+ REQSETS=
+### end
+
+case $# in
+0) MIRROR=$(sed 's/#.*//;/^$/d' /etc/installurl) 2>/dev/null ||
+ MIRROR=https://cdn.openbsd.org/pub/OpenBSD
+ ;;
+1) MIRROR=$1
+ ;;
+*) usage
+esac
+[[ $MIRROR == @(file|ftp|http|https)://* ]] ||
+ FILE=true
+$FORCE_VERSION && $SNAP &&
+ err "incompatible options: -s -R $NEXT_VERSION"
+$FORCE && ! $SNAP &&
+ err "incompatible options: -f without -s"
+
+if $SNAP; then
+ WHAT='snapshot'
+ URL=${MIRROR}/snapshots/${ARCH}/
+else
+ URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/
+ $FORCE_VERSION || ALT_URL=${MIRROR}/${VERSION}/${ARCH}/
+fi
+
+# Oh wait, this is a path install
+if $FILE; then
+ URL=file://$MIRROR/
+ ALT_URL=
+fi
+
+install -d -o 0 -g 0 -m 0755 ${SETSDIR}
+cd ${SETSDIR}
+
+echo "Fetching from ${URL}"
+if ! unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig; then
+ if [[ -n ${ALT_URL} ]]; then
+ echo "Fetching from ${ALT_URL}"
+ unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${ALT_URL}SHA256.sig
+ URL=${ALT_URL}
+ NEXT_VERSION=${VERSION}
+ else
+ exit 1
+ fi
+fi
+
+# The key extracted from SHA256.sig must precisely match a pattern
+KEY=$(head -1 < SHA256.sig | cut -d' ' -f5 | \
+ egrep '^openbsd-[[:digit:]]{2,3}-base.pub$' || true)
+if [[ -z $KEY ]]; then
+ echo "Invalid SHA256.sig file"
+ exit 1
+fi
+
+# If required key is not in the system, get it from a signed bundle
+if ! [[ -r /etc/signify/$KEY ]]; then
+ HAVEKEY=$(cd /etc/signify && ls -1 openbsd-*-base.pub | \
+ tail -2 | head -1 | cut -d- -f2)
+ BUNDLE=sigbundle-${HAVEKEY}.tgz
+ FWKEY=$(echo $KEY | sed -e 's/base/fw/')
+ echo "Adding missing keys from bundle $BUNDLE"
+ unpriv -f ${BUNDLE} ftp -N sysupgrade -Vmo $BUNDLE https://ftp.openbsd.org/pub/OpenBSD/signify/$BUNDLE
+ signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY $FWKEY)
+ rm $BUNDLE
+fi
+
+unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256
+rm SHA256.sig
+
+if cmp -s /var/db/installed.SHA256 SHA256 && ! $FORCE; then
+ echo "Already on latest ${WHAT}."
+ exit 0
+fi
+
+unpriv -f BUILDINFO ftp -N sysupgrade -Vmo BUILDINFO ${URL}BUILDINFO
+unpriv cksum -qC SHA256 BUILDINFO
+
+if [[ -e /var/db/installed.BUILDINFO ]]; then
+ installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO)
+ build_ts=$(cut -f3 -d' ' BUILDINFO)
+ if (( $build_ts <= $installed_build_ts )) && ! $FORCE; then
+ echo "Downloaded ${WHAT} is older than installed system. Use -f to force downgrade."
+ exit 1
+ fi
+fi
+
+# INSTALL.*, bsd*, *.tgz
+SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \
+ -e '/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256)
+
+OLD_FILES=$(ls)
+OLD_FILES=$(rmel SHA256 $OLD_FILES)
+DL=$SETS
+
+### start
+set -o noglob
+for resp in $REQSETS
+do
+ case $resp in
+ -*) _action=rmel;;
+ *) _action=addel;;
+ esac
+ resp=${resp#[+-]}
+ for _f in $SETS; do
+ [[ $_f == $resp ]] && DL=$($_action $_f $DL)
+ done
+done
+set +o noglob
+### end
+
+[[ -n ${OLD_FILES} ]] && echo Verifying old sets.
+for f in ${OLD_FILES}; do
+ if cksum -C SHA256 $f >/dev/null 2>&1; then
+ DL=$(rmel $f ${DL})
+ OLD_FILES=$(rmel $f ${OLD_FILES})
+ fi
+done
+
+### start
+[[ -n $DL ]] && echo "The following files will be downloaded: $DL"
+
+echo "old file: $OLD_FILES"
+### end
+[[ -n ${OLD_FILES} ]] && rm ${OLD_FILES}
+for f in ${DL}; do
+ unpriv -f $f ftp -N sysupgrade -Vmo ${f} ${URL}${f}
+done
+
+if [[ -n ${DL} ]]; then
+ echo Verifying sets.
+ unpriv cksum -qC SHA256 ${DL}
+fi
+
+cat <<__EOT >/auto_upgrade.conf
+Location of sets = disk
+### start
+Pathname to the sets = /mnt${SETSDIR}/
+
+__EOT
+for _elem in $REQSETS
+do
+ echo "Set name(s) = $_elem" >> /auto_upgrade.conf
+done
+cat <<__EOT >>/auto_upgrade.conf
+### end
+Directory does not contain SHA256.sig. Continue without verification = yes
+__EOT
+
+if ! ${KEEP}; then
+ CLEAN=$(echo BUILDINFO SHA256 ${SETS} | sed -e 's/ /,/g')
+ cat <<__EOT > /etc/rc.firsttime
+rm -f ${SETSDIR}/{${CLEAN}}
+__EOT
+fi
+
+echo Fetching updated firmware.
+set -A _NEXTKERNV -- $(what bsd |
+ sed -n '2s/^[[:blank:]]OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\).*/\1 \2/p')
+
+if [[ ${_NEXTKERNV[1]} == '-current' ]]; then
+ FW_URL=http://firmware.openbsd.org/firmware/snapshots/
+else
+ FW_URL=http://firmware.openbsd.org/firmware/${_NEXTKERNV[0]}/
+fi
+VNAME="${_NEXTKERNV[0]}" fw_update -p ${FW_URL} || true
+
+install -F -m 700 bsd.rd /bsd.upgrade
+logger -t sysupgrade -p kern.info "installed new /bsd.upgrade. Old kernel version: $(sysctl -n kern.version)"
+sync
+
+if ${REBOOT}; then
+ ### start
+ echo "Reboot now ?(Y/n)"
+ read answer
+ case $answer in
+ no|n) echo "Will upgrade on next reboot"
+ exit 0 ;;
+ esac
+ ### end
+ exec reboot
+else
+ echo "Will upgrade on next reboot"
+fi
blob - /dev/null
blob + 604fbabd8ed4ed79990563edf744eb48e98de607 (mode 755)
--- /dev/null
+++ sysupgrade
+#!/bin/ksh
+#
+# $OpenBSD: sysupgrade.sh,v 1.58 2025/02/03 18:55:55 florian Exp $
+#
+# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
+# Copyright (c) 2015 Robert Peichaer <rpe@openbsd.org>
+# Copyright (c) 2016, 2017 Antoine Jacoutot <ajacoutot@openbsd.org>
+# Copyright (c) 2019 Christian Weisgerber <naddy@openbsd.org>
+# Copyright (c) 2019 Florian Obser <florian@openbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+set -e
+umask 0022
+export PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+ARCH=$(uname -m)
+SETSDIR=/home/_sysupgrade
+
+err()
+{
+ echo "${0##*/}: ${1}" 1>&2
+ return ${2:-1}
+}
+
+usage()
+{
+ echo "usage: ${0##*/} [-fkns] [-b base-directory] [-R version] [installurl | path]" 1>&2
+ return 1
+}
+
+unpriv()
+{
+ local _file _rc=0 _user=_syspatch
+
+ if [[ $1 == -f ]]; then
+ _file=$2
+ shift 2
+ fi
+ if [[ -n ${_file} ]]; then
+ >${_file}
+ chown "${_user}" "${_file}"
+ fi
+ (($# >= 1))
+
+ eval su -s /bin/sh ${_user} -c "'$@'" || _rc=$?
+
+ [[ -n ${_file} ]] && chown root "${_file}"
+
+ return ${_rc}
+}
+
+# Remove all occurrences of first argument from list formed by the remaining
+# arguments.
+rmel() {
+ local _a=$1 _b _c
+
+ shift
+ for _b; do
+ [[ $_a != "$_b" ]] && _c="${_c:+$_c }$_b"
+ done
+ echo -n "$_c"
+}
+
+SNAP=false
+FILE=false
+FORCE=false
+FORCE_VERSION=false
+KEEP=false
+REBOOT=true
+WHAT='release'
+
+VERSION=$(uname -r)
+NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc)
+
+while getopts b:fknrR:s arg; do
+ case ${arg} in
+ b) SETSDIR=${OPTARG}/_sysupgrade;;
+ f) FORCE=true;;
+ k) KEEP=true;;
+ n) REBOOT=false;;
+ r) ;;
+ R) FORCE_VERSION=true
+ [[ ${OPTARG} == @([0-9]|[0-9][0-9]).[0-9] ]] ||
+ err "invalid version: ${OPTARG}"
+ NEXT_VERSION=${OPTARG};;
+ s) SNAP=true;;
+ *) usage;;
+ esac
+done
+
+(($(id -u) != 0)) && err "need root privileges"
+
+shift $(( OPTIND -1 ))
+
+case $# in
+0) MIRROR=$(sed 's/#.*//;/^$/d' /etc/installurl) 2>/dev/null ||
+ MIRROR=https://cdn.openbsd.org/pub/OpenBSD
+ ;;
+1) MIRROR=$1
+ ;;
+*) usage
+esac
+[[ $MIRROR == @(file|ftp|http|https)://* ]] ||
+ FILE=true
+$FORCE_VERSION && $SNAP &&
+ err "incompatible options: -s -R $NEXT_VERSION"
+$FORCE && ! $SNAP &&
+ err "incompatible options: -f without -s"
+
+if $SNAP; then
+ WHAT='snapshot'
+ URL=${MIRROR}/snapshots/${ARCH}/
+else
+ URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/
+ $FORCE_VERSION || ALT_URL=${MIRROR}/${VERSION}/${ARCH}/
+fi
+
+# Oh wait, this is a path install
+if $FILE; then
+ URL=file://$MIRROR/
+ ALT_URL=
+fi
+
+install -d -o 0 -g 0 -m 0755 ${SETSDIR}
+cd ${SETSDIR}
+
+echo "Fetching from ${URL}"
+if ! unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig; then
+ if [[ -n ${ALT_URL} ]]; then
+ echo "Fetching from ${ALT_URL}"
+ unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${ALT_URL}SHA256.sig
+ URL=${ALT_URL}
+ NEXT_VERSION=${VERSION}
+ else
+ exit 1
+ fi
+fi
+
+# The key extracted from SHA256.sig must precisely match a pattern
+KEY=$(head -1 < SHA256.sig | cut -d' ' -f5 | \
+ egrep '^openbsd-[[:digit:]]{2,3}-base.pub$' || true)
+if [[ -z $KEY ]]; then
+ echo "Invalid SHA256.sig file"
+ exit 1
+fi
+
+# If required key is not in the system, get it from a signed bundle
+if ! [[ -r /etc/signify/$KEY ]]; then
+ HAVEKEY=$(cd /etc/signify && ls -1 openbsd-*-base.pub | \
+ tail -2 | head -1 | cut -d- -f2)
+ BUNDLE=sigbundle-${HAVEKEY}.tgz
+ FWKEY=$(echo $KEY | sed -e 's/base/fw/')
+ echo "Adding missing keys from bundle $BUNDLE"
+ unpriv -f ${BUNDLE} ftp -N sysupgrade -Vmo $BUNDLE https://ftp.openbsd.org/pub/OpenBSD/signify/$BUNDLE
+ signify -Vzq -m - -x $BUNDLE | (cd /etc/signify && tar xfz - $KEY $FWKEY)
+ rm $BUNDLE
+fi
+
+unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256
+rm SHA256.sig
+
+if cmp -s /var/db/installed.SHA256 SHA256 && ! $FORCE; then
+ echo "Already on latest ${WHAT}."
+ exit 0
+fi
+
+unpriv -f BUILDINFO ftp -N sysupgrade -Vmo BUILDINFO ${URL}BUILDINFO
+unpriv cksum -qC SHA256 BUILDINFO
+
+if [[ -e /var/db/installed.BUILDINFO ]]; then
+ installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO)
+ build_ts=$(cut -f3 -d' ' BUILDINFO)
+ if (( $build_ts <= $installed_build_ts )) && ! $FORCE; then
+ echo "Downloaded ${WHAT} is older than installed system. Use -f to force downgrade."
+ exit 1
+ fi
+fi
+
+# INSTALL.*, bsd*, *.tgz
+SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \
+ -e '/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256)
+
+OLD_FILES=$(ls)
+OLD_FILES=$(rmel SHA256 $OLD_FILES)
+DL=$SETS
+
+[[ -n ${OLD_FILES} ]] && echo Verifying old sets.
+for f in ${OLD_FILES}; do
+ if cksum -C SHA256 $f >/dev/null 2>&1; then
+ DL=$(rmel $f ${DL})
+ OLD_FILES=$(rmel $f ${OLD_FILES})
+ fi
+done
+
+[[ -n ${OLD_FILES} ]] && rm ${OLD_FILES}
+for f in ${DL}; do
+ unpriv -f $f ftp -N sysupgrade -Vmo ${f} ${URL}${f}
+done
+
+if [[ -n ${DL} ]]; then
+ echo Verifying sets.
+ unpriv cksum -qC SHA256 ${DL}
+fi
+
+cat <<__EOT >/auto_upgrade.conf
+Location of sets = disk
+Pathname to the sets = ${SETSDIR}/
+Directory does not contain SHA256.sig. Continue without verification = yes
+__EOT
+
+if ! ${KEEP}; then
+ CLEAN=$(echo BUILDINFO SHA256 ${SETS} | sed -e 's/ /,/g')
+ cat <<__EOT > /etc/rc.firsttime
+rm -f ${SETSDIR}/{${CLEAN}}
+__EOT
+fi
+
+echo Fetching updated firmware.
+set -A _NEXTKERNV -- $(what bsd |
+ sed -n '2s/^[[:blank:]]OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\).*/\1 \2/p')
+
+if [[ ${_NEXTKERNV[1]} == '-current' ]]; then
+ FW_URL=http://firmware.openbsd.org/firmware/snapshots/
+else
+ FW_URL=http://firmware.openbsd.org/firmware/${_NEXTKERNV[0]}/
+fi
+VNAME="${_NEXTKERNV[0]}" fw_update -p ${FW_URL} || true
+
+install -F -m 700 bsd.rd /bsd.upgrade
+logger -t sysupgrade -p kern.info "installed new /bsd.upgrade. Old kernel version: $(sysctl -n kern.version)"
+sync
+
+if ${REBOOT}; then
+ echo Upgrading.
+ exec reboot
+else
+ echo "Will upgrade on next reboot"
+fi
blob - /dev/null
blob + 0fdb4cf591648668c9bf0e210c1f3d98a49f0d70 (mode 644)
--- /dev/null
+++ sysupgrade_sets
+-game* #
+# thus we keep xbase
+-xs* # for xserver and xshare
+-xf* # for xfont
+
