Don't check for mirror availability but directly try to fetch SHA256.sig. That

check was not safe (index needed to be enabled, top URL may not be available
etc.).

based on a comment from tj@

1 files changed, 3 insertions, 10 deletions

diff --git a/usr.sbin/syspatch/syspatch.sh b/usr.sbin/syspatch/syspatch.sh
index 7efb47de5c7..d4f7af5e437 100644
--- a/usr.sbin/syspatch/syspatch.sh
+++ b/usr.sbin/syspatch/syspatch.sh
@@ -1,6 +1,6 @@
 #!/bin/ksh
 #
-# $OpenBSD: syspatch.sh,v 1.131 2017/10/12 15:52:44 ajacoutot Exp $
+# $OpenBSD: syspatch.sh,v 1.132 2017/10/13 06:16:27 ajacoutot Exp $
 #
 # Copyright (c) 2016, 2017 Antoine Jacoutot <ajacoutot@openbsd.org>
 #
@@ -157,16 +157,9 @@ ls_missing()
 {
 	local _c _d _f _cmd _l="$(ls_installed)" _p _r _sha=${_TMP}/SHA256
 
-	set +e # manually handle unpriv() errors
-	# return inmediately if we cannot reach the mirror server
-	_d="${_MIRROR#file://*}" && [[ -d ${_d%syspatch/*} ]] ||
-		unpriv ftp -MVo /dev/null ${_MIRROR%syspatch/*} >/dev/null ||
-		sp_err "Cannot access ${_MIRROR%syspatch/*}" || return
-	unpriv -f "${_sha}.sig" ftp -MVo "${_sha}.sig" "${_MIRROR}/SHA256.sig" \
-		>/dev/null 2>&1 || return 0 # nonexistent: no patch available
-	set -e
-
 	# don't output anything on stdout to prevent corrupting the patch list
+	unpriv -f "${_sha}.sig" ftp -MVo "${_sha}.sig" "${_MIRROR}/SHA256.sig" \
+		>/dev/null 2>&1 # hide stderr (nonexistent = no patch available)
 	unpriv -f "${_sha}" signify -Veq -x ${_sha}.sig -m ${_sha} -p \
 		/etc/signify/openbsd-${_OSrev}-syspatch.pub >/dev/null