summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/syspatch/syspatch.814
-rw-r--r--usr.sbin/syspatch/syspatch.sh163
2 files changed, 93 insertions, 84 deletions
diff --git a/usr.sbin/syspatch/syspatch.8 b/usr.sbin/syspatch/syspatch.8
index 95e77663a1c..58a3b5e7fd6 100644
--- a/usr.sbin/syspatch/syspatch.8
+++ b/usr.sbin/syspatch/syspatch.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: syspatch.8,v 1.11 2016/11/29 09:00:05 ajacoutot Exp $
+.\" $OpenBSD: syspatch.8,v 1.12 2016/11/30 12:58:28 ajacoutot Exp $
.\"
.\" Copyright (c) 2016 Antoine Jacoutot <ajacoutot@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 29 2016 $
+.Dd $Mdocdate: November 30 2016 $
.Dt SYSPATCH 8
.Os
.Sh NAME
@@ -46,15 +46,15 @@ List installed patches.
Revert the most recently installed patch.
.El
.Sh FILES
-.Bl -tag -width "/var/syspatch/${OSREV}/*.tgz" -compact
+.Bl -tag -width "/bsd.syspatch${OSrev}" -compact
.It Pa /bsd.syspatch${OSrev}
Backup of the original
.Pa /bsd
release kernel.
-.It Pa /var/syspatch/${OSREV}/*.sig
-Information on installed patches.
-.It Pa /var/syspatch/${OSREV}/*.tgz
-Rollback tarballs for reverting patches.
+.It Pa /var/syspatch/*
+Directories containing the rollback tarball and original signed
+.Xr diff 1
+of installed patches.
.El
.Sh SEE ALSO
.Xr signify 1 ,
diff --git a/usr.sbin/syspatch/syspatch.sh b/usr.sbin/syspatch/syspatch.sh
index 78653c987ae..4406389bcff 100644
--- a/usr.sbin/syspatch/syspatch.sh
+++ b/usr.sbin/syspatch/syspatch.sh
@@ -1,6 +1,6 @@
#!/bin/ksh
#
-# $OpenBSD: syspatch.sh,v 1.63 2016/11/27 11:38:50 ajacoutot Exp $
+# $OpenBSD: syspatch.sh,v 1.64 2016/11/30 12:58:28 ajacoutot Exp $
#
# Copyright (c) 2016 Antoine Jacoutot <ajacoutot@openbsd.org>
#
@@ -37,9 +37,11 @@ apply_patch()
_explodir=${_TMP}/${_patch}
install -d ${_explodir}
- _files="$(tar xvzphf ${_TMP}/${_patch}.tgz -C ${_explodir})"
+ _files="$(tar xvzphf ${_TMP}/syspatch${_patch}.tgz -C ${_explodir})"
checkfs ${_files}
+ install -d -m 0755 ${_PDIR}/${_patch}
+
create_rollback ${_patch} "${_files}"
for _file in ${_files}; do
@@ -52,7 +54,7 @@ apply_patch()
done
if [[ ${_ret} != 0 ]]; then
- sp_err "Failed to apply ${_patch} (/${_file})" 0
+ sp_err "Failed to apply patch ${_patch##${_OSrev}-}" 0
rollback_patch; return ${_ret}
fi
}
@@ -62,9 +64,10 @@ apply_patches()
local _patch
for _patch in $(ls_missing); do
- fetch_and_verify "${_patch}"
+ echo "Applying patch ${_patch}"
+ fetch_and_verify "syspatch${_OSrev}-${_patch}.tgz"
trap '' INT
- apply_patch "${_patch}"
+ apply_patch "${_OSrev}-${_patch}"
trap exit INT
done
@@ -84,7 +87,7 @@ checkfs()
[[ -n ${_files} ]]
if echo "${_files}" | grep -qw bsd; then
- ${_BSDMP} || [[ ! -f /bsd.syspatch${_RELINT} ]] &&
+ ${_BSDMP} || [[ ! -f /bsd.syspatch${_OSrev} ]] &&
_files="bsd ${_files}"
fi
@@ -106,18 +109,15 @@ create_rollback()
{
local _file _patch=$1 _rbfiles
[[ -n ${_patch} ]]
- local _rbpatch=${_patch#syspatch${_RELINT}-}.rollback.tgz
shift
local _files="${@}"
[[ -n ${_files} ]]
- [[ -d ${_PDIR}/${_REL} ]] || install -d -m 0755 ${_PDIR}/${_REL}
-
for _file in ${_files}; do
[[ -f /${_file} ]] || continue
# only save the original release kernel once
- if [[ ${_file} == bsd && ! -f /bsd.syspatch${_RELINT} ]]; then
- install -FSp /bsd /bsd.syspatch${_RELINT}
+ if [[ ${_file} == bsd && ! -f /bsd.syspatch${_OSrev} ]]; then
+ install -FSp /bsd /bsd.syspatch${_OSrev}
fi
_rbfiles="${_rbfiles} ${_file}"
done
@@ -125,30 +125,35 @@ create_rollback()
if ! (cd / &&
# GENERIC.MP: substitute bsd.mp->bsd and bsd.sp->bsd
if ${_BSDMP} &&
- tar -tzf ${_TMP}/${_patch}.tgz bsd >/dev/null 2>&1; then
- tar -czf ${_PDIR}/${_REL}/${_rbpatch} \
+ tar -tzf ${_TMP}/syspatch${_patch}.tgz bsd >/dev/null \
+ 2>&1; then
+ tar -czf ${_PDIR}/${_patch}/rollback.tgz \
-s '/^bsd.mp$//' -s '/^bsd$/bsd.mp/' \
-s '/^bsd.sp$/bsd/' bsd.sp ${_rbfiles}
else
- tar -czf ${_PDIR}/${_REL}/${_rbpatch} ${_rbfiles}
+ tar -czf ${_PDIR}/${_patch}/rollback.tgz \
+ ${_rbfiles}
fi
); then
- rm ${_PDIR}/${_REL}/${_rbpatch}
- sp_err "Failed to create rollback for ${_patch}"
+ rm -r ${_PDIR}/${_patch}
+ sp_err "Failed to create rollback patch ${_patch##${_OSrev}-}"
fi
}
fetch_and_verify()
{
- local _patch=$1 _sig=${_TMP}/SHA256.sig
- [[ -n ${_patch} ]]
+ local _sig=${_TMP}/SHA256.sig _tgz=$1
+ [[ -n ${_tgz} ]]
+
+ [[ -f ${_sig} ]] || \
+ unpriv -f "${_sig}" ${_FETCH} -o "${_sig}" "${PATCH_PATH}/SHA256.sig"
+
+ unpriv -f "${_TMP}/${_tgz}" ${_FETCH} -mD "Get/Verify" -o \
+ "${_TMP}/${_tgz}" "${PATCH_PATH}/${_tgz}"
- unpriv -f "${_sig}" ${_FETCH} -o "${_sig}" "${PATCH_PATH}/SHA256.sig"
- unpriv -f "${_TMP}/${_patch}.tgz" ${_FETCH} -mD "Applying" -o \
- "${_TMP}/${_patch}.tgz" "${PATCH_PATH}/${_patch}.tgz"
(cd ${_TMP} && unpriv signify -qC -p \
- /etc/signify/openbsd-${_RELINT}-syspatch.pub -x SHA256.sig \
- ${_patch}.tgz)
+ /etc/signify/openbsd-${_OSrev}-syspatch.pub -x SHA256.sig \
+ ${_tgz})
}
install_file()
@@ -179,72 +184,80 @@ install_kernel()
ls_installed()
{
local _p
- ### XXX temporary quirks; remove before 6.1
- local _r _s _t
- if [[ ! -d ${_PDIR}/${_REL} ]]; then
+ ### XXX temporary quirks; remove before 6.1 ############################
+ local _r _s _t _u _v
+ if [[ -f /bsd.rollback${_OSrev} ]]; then
[[ $(id -u) -ne 0 ]] && sp_err "${0##*/}: need root privileges"
- install -d -m 0755 ${_PDIR}/${_REL}
+ mv /bsd.rollback${_OSrev} /bsd.syspatch${_OSrev}
fi
- if [[ -f /bsd.rollback${_RELINT} ]]; then
- [[ $(id -u) -ne 0 ]] && sp_err "${0##*/}: need root privileges"
- mv /bsd.rollback${_RELINT} /bsd.syspatch${_RELINT}
+ if [[ -d ${_PDIR}/${_KERNV[0]} ]]; then
+ ( cd ${_PDIR}/${_KERNV[0]} && for _r in *; do
+ if [[ ${_r} == rollback-syspatch-${_OSrev}-*.tgz ]]; then
+ [[ $(id -u) -ne 0 ]] &&
+ sp_err "${0##*/}: need root privileges"
+ mv ${_r} rollback${_OSrev}${_r#*-syspatch-${_OSrev}}
+ fi
+ done )
+ ( cd ${_PDIR}/${_KERNV[0]} && for _s in *; do
+ if [[ ${_s} == rollback${_OSrev}-*.tgz ]]; then
+ [[ $(id -u) -ne 0 ]] &&
+ sp_err "${0##*/}: need root privileges"
+ _t=${_s#rollback${_OSrev}-}
+ _t=${_t%.tgz}
+ mv ${_s} ${_t}.rollback.tgz
+ fi
+ done )
+ ( cd ${_PDIR}/${_KERNV[0]} && for _u in *; do
+ if [[ ${_u} == *.rollback.tgz ]]; then
+ [[ $(id -u) -ne 0 ]] &&
+ sp_err "${0##*/}: need root privileges"
+ _v=${_u%.rollback.tgz}
+ install -d ${_PDIR}/${_OSrev}-${_v}
+ mv ${_u} ${_PDIR}/${_OSrev}-${_v}/rollback.tgz
+ mv ${_v}.patch.sig ${_PDIR}/${_OSrev}-${_v}/
+ fi
+ done )
+ rmdir ${_PDIR}/${_KERNV[0]}
fi
- ( cd ${_PDIR}/${_REL} && for _r in *; do
- if [[ ${_r} == rollback-syspatch-${_RELINT}-*.tgz ]]; then
- [[ $(id -u) -ne 0 ]] && \
- sp_err "${0##*/}: need root privileges"
- mv ${_r} rollback${_RELINT}${_r#*-syspatch-${_RELINT}}
- fi
- done )
- ( cd ${_PDIR}/${_REL} && for _s in *; do
- if [[ ${_s} == rollback${_RELINT}-*.tgz ]]; then
- [[ $(id -u) -ne 0 ]] && \
- sp_err "${0##*/}: need root privileges"
- _t=${_s#rollback${_RELINT}-}
- _t=${_t%.tgz}
- mv ${_s} ${_t}.rollback.tgz
- fi
- done )
- ###
- for _p in ${_PDIR}/${_REL}/*.rollback.tgz; do
- [[ -f ${_p} ]] && _p=${_p##*/} &&
- echo syspatch${_RELINT}-${_p%%.*}
+ ########################################################################
+ for _p in ${_PDIR}/*; do
+ [[ -f ${_p}/rollback.tgz ]] && echo ${_p##*/${_OSrev}-}
done | sort -V
}
ls_missing()
{
# XXX match with installed sets (comp, x...)?
- local _a _index=${_TMP}/index.txt _installed
+ local _index=${_TMP}/index.txt _installed _p
_installed="$(ls_installed)"
-
+
unpriv -f "${_index}" ${_FETCH} -o "${_index}" "${PATCH_PATH}/index.txt"
- for _a in $(sed 's/^.* //;s/^M//;s/.tgz$//' ${_index} |
- grep "^syspatch${_RELINT}-.*$" | sort -V); do
+ for _p in $(grep -o "syspatch${_OSrev}-[0-9][0-9][0-9]_.*" ${_index} |
+ sed "s/^syspatch${_OSrev}-//;s/.tgz$//"| sort -V); do
if [[ -n ${_installed} ]]; then
- echo ${_a} | grep -qw -- "${_installed}" || echo ${_a}
+ echo ${_p} | grep -qw -- "${_installed}" || echo ${_p}
else
- echo ${_a}
+ echo ${_p}
fi
done
}
rollback_patch()
{
- local _explodir _file _files _patch _rbpatch _ret=0
+ local _explodir _file _files _patch _ret=0
_patch="$(ls_installed | sort -V | tail -1)"
[[ -n ${_patch} ]]
- _rbpatch=${_patch#syspatch${_RELINT}-}.rollback.tgz
- _explodir=${_TMP}/${_rbpatch%.tgz}
+ _explodir=${_TMP}/${_patch}-rollback
+ _patch=${_OSrev}-${_patch}
- echo "Reverting ${_patch}"
+ echo "Reverting patch ${_patch##${_OSrev}-}"
install -d ${_explodir}
- _files="$(tar xvzphf ${_PDIR}/${_REL}/${_rbpatch} -C ${_explodir})"
- checkfs ${_files} ${_PDIR}/${_REL} # check for ro /var/syspatch/${OSREV}
+ _files="$(tar xvzphf ${_PDIR}/${_patch}/rollback.tgz -C ${_explodir})"
+ checkfs ${_files} ${_PDIR} # check for read-only /var/syspatch
for _file in ${_files}; do
[[ ${_ret} == 0 ]] || break
@@ -252,18 +265,15 @@ rollback_patch()
install_kernel ${_explodir}/${_file} || _ret=$?
# remove the backup kernel if all kernel syspatches have
# been reverted; non-fatal (`-f')
- cmp -s /bsd /bsd.syspatch${_RELINT} &&
- rm -f /bsd.syspatch${_RELINT}
+ cmp -s /bsd /bsd.syspatch${_OSrev} &&
+ rm -f /bsd.syspatch${_OSrev}
else
install_file ${_explodir}/${_file} /${_file} || _ret=$?
fi
done
- # `-f' in case we failed to install *.patch.sig
- rm -f ${_PDIR}/${_REL}/${_patch#syspatch${_RELINT}-}.patch.sig
-
- rm ${_PDIR}/${_REL}/${_rbpatch} && [[ ${_ret} == 0 ]] ||
- sp_err "Failed to revert ${_patch}" ${_ret}
+ rm -r ${_PDIR}/${_patch} && [[ ${_ret} == 0 ]] ||
+ sp_err "Failed to revert patch ${_patch##${_OSrev}-}" ${_ret}
}
sp_cleanup()
@@ -273,19 +283,19 @@ sp_cleanup()
# remove non matching release /var/syspatch/ content
for _d in ${_PDIR}/*; do
[[ -e ${_d} ]] || continue
- [[ ${_d##*/} == ${_REL} ]] || rm -r ${_d}
+ [[ ${_d##*/} == ${_OSrev}-@([0-9][0-9][0-9])_* ]] || rm -r ${_d}
done
# remove non matching release backup kernel
for _k in /bsd.syspatch*; do
[[ -f ${_k} ]] || continue
- [[ ${_k} == /bsd.syspatch${_RELINT} ]] || rm ${_k}
+ [[ ${_k} == /bsd.syspatch${_OSrev} ]] || rm ${_k}
done
# in case a patch added a new directory (install -D);
# non-fatal in case some mount point is read-only or remote
- for _m in 4.4BSD BSD.x11; do
- mtree -qdef /etc/mtree/${_m}.dist -p / -U >/dev/null || true
+ for _m in /etc/mtree/{4.4BSD,BSD.x11}.dist; do
+ [[ -f ${_m} ]] && mtree -qdef ${_m} -p / -U >/dev/null || true
done
}
@@ -321,16 +331,15 @@ set -A _KERNV -- $(sysctl -n kern.version |
[[ $(sysctl -n hw.ncpufound) -gt 1 ]] && _BSDMP=true || _BSDMP=false
_FETCH="ftp -MVk ${FTP_KEEPALIVE-0}"
+_OSrev=${_KERNV[0]%\.*}${_KERNV[0]#*\.}
_PDIR="/var/syspatch"
-_REL=${_KERNV[0]}
-_RELINT=${_REL%\.*}${_REL#*\.}
_TMP=$(mktemp -d -p /tmp syspatch.XXXXXXXXXX)
-readonly _BSDMP _FETCH _PDIR _REL _RELINT _TMP
+readonly _BSDMP _FETCH _OSrev _PDIR _REL _TMP
trap 'set +e; rm -rf "${_TMP}"' EXIT
trap exit HUP INT TERM
-[[ -n ${_REL} && -n ${_RELINT} ]]
+[[ -n ${_OSrev} ]]
while getopts clr arg; do
case ${arg} in