diff options
-rw-r--r-- | usr.sbin/syspatch/syspatch.8 | 14 | ||||
-rw-r--r-- | usr.sbin/syspatch/syspatch.sh | 163 |
2 files changed, 93 insertions, 84 deletions
diff --git a/usr.sbin/syspatch/syspatch.8 b/usr.sbin/syspatch/syspatch.8 index 95e77663a1c..58a3b5e7fd6 100644 --- a/usr.sbin/syspatch/syspatch.8 +++ b/usr.sbin/syspatch/syspatch.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: syspatch.8,v 1.11 2016/11/29 09:00:05 ajacoutot Exp $ +.\" $OpenBSD: syspatch.8,v 1.12 2016/11/30 12:58:28 ajacoutot Exp $ .\" .\" Copyright (c) 2016 Antoine Jacoutot <ajacoutot@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 29 2016 $ +.Dd $Mdocdate: November 30 2016 $ .Dt SYSPATCH 8 .Os .Sh NAME @@ -46,15 +46,15 @@ List installed patches. Revert the most recently installed patch. .El .Sh FILES -.Bl -tag -width "/var/syspatch/${OSREV}/*.tgz" -compact +.Bl -tag -width "/bsd.syspatch${OSrev}" -compact .It Pa /bsd.syspatch${OSrev} Backup of the original .Pa /bsd release kernel. -.It Pa /var/syspatch/${OSREV}/*.sig -Information on installed patches. -.It Pa /var/syspatch/${OSREV}/*.tgz -Rollback tarballs for reverting patches. +.It Pa /var/syspatch/* +Directories containing the rollback tarball and original signed +.Xr diff 1 +of installed patches. .El .Sh SEE ALSO .Xr signify 1 , diff --git a/usr.sbin/syspatch/syspatch.sh b/usr.sbin/syspatch/syspatch.sh index 78653c987ae..4406389bcff 100644 --- a/usr.sbin/syspatch/syspatch.sh +++ b/usr.sbin/syspatch/syspatch.sh @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: syspatch.sh,v 1.63 2016/11/27 11:38:50 ajacoutot Exp $ +# $OpenBSD: syspatch.sh,v 1.64 2016/11/30 12:58:28 ajacoutot Exp $ # # Copyright (c) 2016 Antoine Jacoutot <ajacoutot@openbsd.org> # @@ -37,9 +37,11 @@ apply_patch() _explodir=${_TMP}/${_patch} install -d ${_explodir} - _files="$(tar xvzphf ${_TMP}/${_patch}.tgz -C ${_explodir})" + _files="$(tar xvzphf ${_TMP}/syspatch${_patch}.tgz -C ${_explodir})" checkfs ${_files} + install -d -m 0755 ${_PDIR}/${_patch} + create_rollback ${_patch} "${_files}" for _file in ${_files}; do @@ -52,7 +54,7 @@ apply_patch() done if [[ ${_ret} != 0 ]]; then - sp_err "Failed to apply ${_patch} (/${_file})" 0 + sp_err "Failed to apply patch ${_patch##${_OSrev}-}" 0 rollback_patch; return ${_ret} fi } @@ -62,9 +64,10 @@ apply_patches() local _patch for _patch in $(ls_missing); do - fetch_and_verify "${_patch}" + echo "Applying patch ${_patch}" + fetch_and_verify "syspatch${_OSrev}-${_patch}.tgz" trap '' INT - apply_patch "${_patch}" + apply_patch "${_OSrev}-${_patch}" trap exit INT done @@ -84,7 +87,7 @@ checkfs() [[ -n ${_files} ]] if echo "${_files}" | grep -qw bsd; then - ${_BSDMP} || [[ ! -f /bsd.syspatch${_RELINT} ]] && + ${_BSDMP} || [[ ! -f /bsd.syspatch${_OSrev} ]] && _files="bsd ${_files}" fi @@ -106,18 +109,15 @@ create_rollback() { local _file _patch=$1 _rbfiles [[ -n ${_patch} ]] - local _rbpatch=${_patch#syspatch${_RELINT}-}.rollback.tgz shift local _files="${@}" [[ -n ${_files} ]] - [[ -d ${_PDIR}/${_REL} ]] || install -d -m 0755 ${_PDIR}/${_REL} - for _file in ${_files}; do [[ -f /${_file} ]] || continue # only save the original release kernel once - if [[ ${_file} == bsd && ! -f /bsd.syspatch${_RELINT} ]]; then - install -FSp /bsd /bsd.syspatch${_RELINT} + if [[ ${_file} == bsd && ! -f /bsd.syspatch${_OSrev} ]]; then + install -FSp /bsd /bsd.syspatch${_OSrev} fi _rbfiles="${_rbfiles} ${_file}" done @@ -125,30 +125,35 @@ create_rollback() if ! (cd / && # GENERIC.MP: substitute bsd.mp->bsd and bsd.sp->bsd if ${_BSDMP} && - tar -tzf ${_TMP}/${_patch}.tgz bsd >/dev/null 2>&1; then - tar -czf ${_PDIR}/${_REL}/${_rbpatch} \ + tar -tzf ${_TMP}/syspatch${_patch}.tgz bsd >/dev/null \ + 2>&1; then + tar -czf ${_PDIR}/${_patch}/rollback.tgz \ -s '/^bsd.mp$//' -s '/^bsd$/bsd.mp/' \ -s '/^bsd.sp$/bsd/' bsd.sp ${_rbfiles} else - tar -czf ${_PDIR}/${_REL}/${_rbpatch} ${_rbfiles} + tar -czf ${_PDIR}/${_patch}/rollback.tgz \ + ${_rbfiles} fi ); then - rm ${_PDIR}/${_REL}/${_rbpatch} - sp_err "Failed to create rollback for ${_patch}" + rm -r ${_PDIR}/${_patch} + sp_err "Failed to create rollback patch ${_patch##${_OSrev}-}" fi } fetch_and_verify() { - local _patch=$1 _sig=${_TMP}/SHA256.sig - [[ -n ${_patch} ]] + local _sig=${_TMP}/SHA256.sig _tgz=$1 + [[ -n ${_tgz} ]] + + [[ -f ${_sig} ]] || \ + unpriv -f "${_sig}" ${_FETCH} -o "${_sig}" "${PATCH_PATH}/SHA256.sig" + + unpriv -f "${_TMP}/${_tgz}" ${_FETCH} -mD "Get/Verify" -o \ + "${_TMP}/${_tgz}" "${PATCH_PATH}/${_tgz}" - unpriv -f "${_sig}" ${_FETCH} -o "${_sig}" "${PATCH_PATH}/SHA256.sig" - unpriv -f "${_TMP}/${_patch}.tgz" ${_FETCH} -mD "Applying" -o \ - "${_TMP}/${_patch}.tgz" "${PATCH_PATH}/${_patch}.tgz" (cd ${_TMP} && unpriv signify -qC -p \ - /etc/signify/openbsd-${_RELINT}-syspatch.pub -x SHA256.sig \ - ${_patch}.tgz) + /etc/signify/openbsd-${_OSrev}-syspatch.pub -x SHA256.sig \ + ${_tgz}) } install_file() @@ -179,72 +184,80 @@ install_kernel() ls_installed() { local _p - ### XXX temporary quirks; remove before 6.1 - local _r _s _t - if [[ ! -d ${_PDIR}/${_REL} ]]; then + ### XXX temporary quirks; remove before 6.1 ############################ + local _r _s _t _u _v + if [[ -f /bsd.rollback${_OSrev} ]]; then [[ $(id -u) -ne 0 ]] && sp_err "${0##*/}: need root privileges" - install -d -m 0755 ${_PDIR}/${_REL} + mv /bsd.rollback${_OSrev} /bsd.syspatch${_OSrev} fi - if [[ -f /bsd.rollback${_RELINT} ]]; then - [[ $(id -u) -ne 0 ]] && sp_err "${0##*/}: need root privileges" - mv /bsd.rollback${_RELINT} /bsd.syspatch${_RELINT} + if [[ -d ${_PDIR}/${_KERNV[0]} ]]; then + ( cd ${_PDIR}/${_KERNV[0]} && for _r in *; do + if [[ ${_r} == rollback-syspatch-${_OSrev}-*.tgz ]]; then + [[ $(id -u) -ne 0 ]] && + sp_err "${0##*/}: need root privileges" + mv ${_r} rollback${_OSrev}${_r#*-syspatch-${_OSrev}} + fi + done ) + ( cd ${_PDIR}/${_KERNV[0]} && for _s in *; do + if [[ ${_s} == rollback${_OSrev}-*.tgz ]]; then + [[ $(id -u) -ne 0 ]] && + sp_err "${0##*/}: need root privileges" + _t=${_s#rollback${_OSrev}-} + _t=${_t%.tgz} + mv ${_s} ${_t}.rollback.tgz + fi + done ) + ( cd ${_PDIR}/${_KERNV[0]} && for _u in *; do + if [[ ${_u} == *.rollback.tgz ]]; then + [[ $(id -u) -ne 0 ]] && + sp_err "${0##*/}: need root privileges" + _v=${_u%.rollback.tgz} + install -d ${_PDIR}/${_OSrev}-${_v} + mv ${_u} ${_PDIR}/${_OSrev}-${_v}/rollback.tgz + mv ${_v}.patch.sig ${_PDIR}/${_OSrev}-${_v}/ + fi + done ) + rmdir ${_PDIR}/${_KERNV[0]} fi - ( cd ${_PDIR}/${_REL} && for _r in *; do - if [[ ${_r} == rollback-syspatch-${_RELINT}-*.tgz ]]; then - [[ $(id -u) -ne 0 ]] && \ - sp_err "${0##*/}: need root privileges" - mv ${_r} rollback${_RELINT}${_r#*-syspatch-${_RELINT}} - fi - done ) - ( cd ${_PDIR}/${_REL} && for _s in *; do - if [[ ${_s} == rollback${_RELINT}-*.tgz ]]; then - [[ $(id -u) -ne 0 ]] && \ - sp_err "${0##*/}: need root privileges" - _t=${_s#rollback${_RELINT}-} - _t=${_t%.tgz} - mv ${_s} ${_t}.rollback.tgz - fi - done ) - ### - for _p in ${_PDIR}/${_REL}/*.rollback.tgz; do - [[ -f ${_p} ]] && _p=${_p##*/} && - echo syspatch${_RELINT}-${_p%%.*} + ######################################################################## + for _p in ${_PDIR}/*; do + [[ -f ${_p}/rollback.tgz ]] && echo ${_p##*/${_OSrev}-} done | sort -V } ls_missing() { # XXX match with installed sets (comp, x...)? - local _a _index=${_TMP}/index.txt _installed + local _index=${_TMP}/index.txt _installed _p _installed="$(ls_installed)" - + unpriv -f "${_index}" ${_FETCH} -o "${_index}" "${PATCH_PATH}/index.txt" - for _a in $(sed 's/^.* //;s/^M//;s/.tgz$//' ${_index} | - grep "^syspatch${_RELINT}-.*$" | sort -V); do + for _p in $(grep -o "syspatch${_OSrev}-[0-9][0-9][0-9]_.*" ${_index} | + sed "s/^syspatch${_OSrev}-//;s/.tgz$//"| sort -V); do if [[ -n ${_installed} ]]; then - echo ${_a} | grep -qw -- "${_installed}" || echo ${_a} + echo ${_p} | grep -qw -- "${_installed}" || echo ${_p} else - echo ${_a} + echo ${_p} fi done } rollback_patch() { - local _explodir _file _files _patch _rbpatch _ret=0 + local _explodir _file _files _patch _ret=0 _patch="$(ls_installed | sort -V | tail -1)" [[ -n ${_patch} ]] - _rbpatch=${_patch#syspatch${_RELINT}-}.rollback.tgz - _explodir=${_TMP}/${_rbpatch%.tgz} + _explodir=${_TMP}/${_patch}-rollback + _patch=${_OSrev}-${_patch} - echo "Reverting ${_patch}" + echo "Reverting patch ${_patch##${_OSrev}-}" install -d ${_explodir} - _files="$(tar xvzphf ${_PDIR}/${_REL}/${_rbpatch} -C ${_explodir})" - checkfs ${_files} ${_PDIR}/${_REL} # check for ro /var/syspatch/${OSREV} + _files="$(tar xvzphf ${_PDIR}/${_patch}/rollback.tgz -C ${_explodir})" + checkfs ${_files} ${_PDIR} # check for read-only /var/syspatch for _file in ${_files}; do [[ ${_ret} == 0 ]] || break @@ -252,18 +265,15 @@ rollback_patch() install_kernel ${_explodir}/${_file} || _ret=$? # remove the backup kernel if all kernel syspatches have # been reverted; non-fatal (`-f') - cmp -s /bsd /bsd.syspatch${_RELINT} && - rm -f /bsd.syspatch${_RELINT} + cmp -s /bsd /bsd.syspatch${_OSrev} && + rm -f /bsd.syspatch${_OSrev} else install_file ${_explodir}/${_file} /${_file} || _ret=$? fi done - # `-f' in case we failed to install *.patch.sig - rm -f ${_PDIR}/${_REL}/${_patch#syspatch${_RELINT}-}.patch.sig - - rm ${_PDIR}/${_REL}/${_rbpatch} && [[ ${_ret} == 0 ]] || - sp_err "Failed to revert ${_patch}" ${_ret} + rm -r ${_PDIR}/${_patch} && [[ ${_ret} == 0 ]] || + sp_err "Failed to revert patch ${_patch##${_OSrev}-}" ${_ret} } sp_cleanup() @@ -273,19 +283,19 @@ sp_cleanup() # remove non matching release /var/syspatch/ content for _d in ${_PDIR}/*; do [[ -e ${_d} ]] || continue - [[ ${_d##*/} == ${_REL} ]] || rm -r ${_d} + [[ ${_d##*/} == ${_OSrev}-@([0-9][0-9][0-9])_* ]] || rm -r ${_d} done # remove non matching release backup kernel for _k in /bsd.syspatch*; do [[ -f ${_k} ]] || continue - [[ ${_k} == /bsd.syspatch${_RELINT} ]] || rm ${_k} + [[ ${_k} == /bsd.syspatch${_OSrev} ]] || rm ${_k} done # in case a patch added a new directory (install -D); # non-fatal in case some mount point is read-only or remote - for _m in 4.4BSD BSD.x11; do - mtree -qdef /etc/mtree/${_m}.dist -p / -U >/dev/null || true + for _m in /etc/mtree/{4.4BSD,BSD.x11}.dist; do + [[ -f ${_m} ]] && mtree -qdef ${_m} -p / -U >/dev/null || true done } @@ -321,16 +331,15 @@ set -A _KERNV -- $(sysctl -n kern.version | [[ $(sysctl -n hw.ncpufound) -gt 1 ]] && _BSDMP=true || _BSDMP=false _FETCH="ftp -MVk ${FTP_KEEPALIVE-0}" +_OSrev=${_KERNV[0]%\.*}${_KERNV[0]#*\.} _PDIR="/var/syspatch" -_REL=${_KERNV[0]} -_RELINT=${_REL%\.*}${_REL#*\.} _TMP=$(mktemp -d -p /tmp syspatch.XXXXXXXXXX) -readonly _BSDMP _FETCH _PDIR _REL _RELINT _TMP +readonly _BSDMP _FETCH _OSrev _PDIR _REL _TMP trap 'set +e; rm -rf "${_TMP}"' EXIT trap exit HUP INT TERM -[[ -n ${_REL} && -n ${_RELINT} ]] +[[ -n ${_OSrev} ]] while getopts clr arg; do case ${arg} in |