-.\" $OpenBSD: sysupgrade.8,v 1.14 2024/09/05 06:39:54 jmc Exp $
+.\" $OpenBSD: sysupgrade.8,v 1.15 2024/09/24 07:33:35 florian Exp $
.\"
.\" Copyright (c) 2019 Florian Obser <florian@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 5 2024 $
+.Dd $Mdocdate: September 24 2024 $
.Dt SYSUPGRADE 8
.Os
.Sh NAME
.Nd upgrade system to the next release or a new snapshot
.Sh SYNOPSIS
.Nm
-.Op Fl fkn
-.Op Fl r | s
+.Op Fl fkns
.Op Fl b Ar base-directory
.Op Ar installurl
.Sh DESCRIPTION
Fetch and verify the files and create
.Pa /bsd.upgrade
but do not reboot.
-.It Fl r
-Upgrade to the next release.
-This is the default if the system is currently running a release.
.It Fl s
Upgrade to a snapshot.
-This is the default if the system is currently running a snapshot.
+The default is to upgrade to the next release.
.El
.Pp
See
#!/bin/ksh
#
-# $OpenBSD: sysupgrade.sh,v 1.52 2024/06/19 05:22:33 otto Exp $
+# $OpenBSD: sysupgrade.sh,v 1.53 2024/09/24 07:33:35 florian Exp $
#
# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
# Copyright (c) 2015 Robert Peichaer <rpe@openbsd.org>
usage()
{
- echo "usage: ${0##*/} [-fkn] [-r | -s] [-b base-directory] [installurl]" 1>&2
+ echo "usage: ${0##*/} [-fkns] [-b base-directory] [installurl]" 1>&2
return 1
}
echo -n "$_c"
}
-RELEASE=false
SNAP=false
FORCE=false
KEEP=false
REBOOT=true
+WHAT='release'
while getopts b:fknrs arg; do
case ${arg} in
f) FORCE=true;;
k) KEEP=true;;
n) REBOOT=false;;
- r) RELEASE=true;;
+ r) ;;
s) SNAP=true;;
*) usage;;
esac
(($(id -u) != 0)) && err "need root privileges"
-if $RELEASE && $SNAP; then
- usage
-fi
-
-set -A _KERNV -- $(sysctl -n kern.version |
- sed 's/^OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\).*/\1 \2/;q')
-
shift $(( OPTIND -1 ))
case $# in
[[ $MIRROR == @(file|ftp|http|https)://* ]] ||
err "invalid installurl: $MIRROR"
-if ! $RELEASE && [[ ${#_KERNV[*]} == 2 ]]; then
- if [[ ${_KERNV[1]} != '-stable' ]]; then
- SNAP=true
- fi
+if $SNAP; then
+ WHAT='snapshot'
fi
-if $RELEASE && [[ ${_KERNV[1]} == '-beta' ]]; then
- NEXT_VERSION=${_KERNV[0]}
-else
- NEXT_VERSION=$(echo ${_KERNV[0]} + 0.1 | bc)
-fi
+VERSION=$(uname -r)
+NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc)
if $SNAP; then
URL=${MIRROR}/snapshots/${ARCH}/
else
URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/
+ ALT_URL=${MIRROR}/${VERSION}/${ARCH}/
fi
install -d -o 0 -g 0 -m 0755 ${SETSDIR}
cd ${SETSDIR}
echo "Fetching from ${URL}"
-unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig
-
-_KEY=openbsd-${_KERNV[0]%.*}${_KERNV[0]#*.}-base.pub
-_NEXTKEY=openbsd-${NEXT_VERSION%.*}${NEXT_VERSION#*.}-base.pub
-
-if $SNAP; then
- unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256
+if ! $SNAP; then
+ if ! unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig; then
+ echo "Fetching from ${ALT_URL}"
+ unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${ALT_URL}SHA256.sig
+ URL=${ALT_URL}
+ fi
else
- read _LINE <SHA256.sig
- case ${_LINE} in
- *\ ${_KEY}) SIGNIFY_KEY=/etc/signify/${_KEY} ;;
- *\ ${_NEXTKEY}) SIGNIFY_KEY=/etc/signify/${_NEXTKEY} ;;
- *) err "invalid signing key" ;;
- esac
-
- [[ -f ${SIGNIFY_KEY} ]] || err "cannot find ${SIGNIFY_KEY}"
-
- unpriv -f SHA256 signify -Ve -p "${SIGNIFY_KEY}" -x SHA256.sig -m SHA256
+ unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig
fi
+unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256
rm SHA256.sig
if cmp -s /var/db/installed.SHA256 SHA256 && ! $FORCE; then
- echo "Already on latest snapshot."
+ echo "Already on latest ${WHAT}."
exit 0
fi
-# BUILDINFO INSTALL.*, bsd*, *.tgz
+unpriv -f BUILDINFO ftp -N sysupgrade -Vmo BUILDINFO ${URL}BUILDINFO
+unpriv cksum -qC SHA256 BUILDINFO
+
+if [[ -e /var/db/installed.BUILDINFO ]]; then
+ installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO)
+ build_ts=$(cut -f3 -d' ' BUILDINFO)
+ if (( $build_ts <= $installed_build_ts )) && ! $FORCE; then
+ echo "Downloaded ${WHAT} is older than installed system. Use -f to force downgrade."
+ exit 1
+ fi
+fi
+
+# INSTALL.*, bsd*, *.tgz
SETS=$(sed -n -e 's/^SHA256 (\(.*\)) .*/\1/' \
- -e '/^BUILDINFO$/p;/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256)
+ -e '/^INSTALL\./p;/^bsd/p;/\.tgz$/p' SHA256)
OLD_FILES=$(ls)
OLD_FILES=$(rmel SHA256 $OLD_FILES)
unpriv cksum -qC SHA256 ${DL}
fi
-if [[ -e /var/db/installed.BUILDINFO && -e BUILDINFO ]]; then
- installed_build_ts=$(cut -f3 -d' ' /var/db/installed.BUILDINFO)
- build_ts=$(cut -f3 -d' ' BUILDINFO)
- if (( $build_ts < $installed_build_ts )) && ! $FORCE; then
- echo "Downloaded snapshot is older than installed snapshot. Use -f to force downgrade."
- exit 1
- fi
-fi
-
cat <<__EOT >/auto_upgrade.conf
Location of sets = disk
Pathname to the sets = ${SETSDIR}/