Verify but don't overwrite SHA256.sig in fw_update(8)

Signify is happy to overwite the file with the signature stripped off.
However, if we do that, when downloading firmware we lose the ability
to check the signature before verifying checksums on the downloaded files.

Noticed by Thomas <exnihilo () fastmail ! org>
Right deraadt@

diff --git a/usr.sbin/fw_update/fw_update.sh b/usr.sbin/fw_update/fw_update.sh
index a379d74..ae31ce2 100644 (file)
--- a/usr.sbin/fw_update/fw_update.sh
+++ b/usr.sbin/fw_update/fw_update.sh
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#      $OpenBSD: fw_update.sh,v 1.50 2023/09/28 01:18:52 afresh1 Exp $
+#      $OpenBSD: fw_update.sh,v 1.51 2023/10/14 18:10:47 afresh1 Exp $
 #
 # Copyright (c) 2021,2023 Andrew Hewus Fresh <afresh1@openbsd.org>
 #
@@ -180,7 +180,7 @@ fetch_cfile() {
                set +o noclobber # we want to get the latest CFILE
                fetch "$CFILE" || return 1
                set -o noclobber
-               ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+               ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null &&
                    warn "Signature check of SHA256.sig failed" &&
                    rm -f "$CFILE" && return 1
        elif [ ! -e "$CFILE" ]; then