Don't let signify mess up our status line

While not verbose the status line is built as we go, so save errors from
signify until after we've finished the status line.  This should exit and print
the error immediately, since this happens when fetching the SHA256.sig and
fw_update exits early in that case.

1 files changed, 7 insertions, 4 deletions

diff --git a/usr.sbin/fw_update/fw_update.sh b/usr.sbin/fw_update/fw_update.sh
index 408f8ac2819..4be63c8a351 100644
--- a/usr.sbin/fw_update/fw_update.sh
+++ b/usr.sbin/fw_update/fw_update.sh
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: fw_update.sh,v 1.54 2023/11/15 02:03:49 afresh1 Exp $
+#	$OpenBSD: fw_update.sh,v 1.55 2023/11/15 02:07:43 afresh1 Exp $
 #
 # Copyright (c) 2021,2023 Andrew Hewus Fresh <afresh1@openbsd.org>
 #
@@ -205,9 +205,12 @@ fetch_cfile() {
 		set +o noclobber # we want to get the latest CFILE
 		fetch "$CFILE" || return 1
 		set -o noclobber
-		! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null &&
-		    warn "Signature check of SHA256.sig failed" &&
-		    rm -f "$CFILE" && return 1
+		signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null \
+		    2>&"$WARN_FD" || {
+		        warn "Signature check of SHA256.sig failed"
+		        rm -f "$CFILE"
+			return 1
+		    }
 	elif [ ! -e "$CFILE" ]; then
 		warn "${0##*/}: $CFILE: No such file or directory"
 		return 1