From 2d63a5f7c18307d9a363847281216825476e18ac Mon Sep 17 00:00:00 2001 From: sthen Date: Wed, 25 Sep 2024 13:55:23 +0000 Subject: [PATCH] sysupgrade: add -R #.# to try to use a specific release version rather than the immediate +0.1. print an https://ftp.openbsd.org/... URL where the new signify pubkey can be found if not present. no guarantees: we only test +0.1, but jumping further does work quite often (and if tight on disk, can work better than multiple steps) - this avoids editing the script if you're going to do it anyway. "Only upgrades from one version to the next are tested. Skipping versions may work. Downgrading is unlikely to work." discussed with deraadt chris florian, ok deraadt --- usr.sbin/sysupgrade/sysupgrade.8 | 12 ++++++--- usr.sbin/sysupgrade/sysupgrade.sh | 42 ++++++++++++++++++++----------- 2 files changed, 37 insertions(+), 17 deletions(-) diff --git a/usr.sbin/sysupgrade/sysupgrade.8 b/usr.sbin/sysupgrade/sysupgrade.8 index 3f03b7ca626..6f5cb3605b8 100644 --- a/usr.sbin/sysupgrade/sysupgrade.8 +++ b/usr.sbin/sysupgrade/sysupgrade.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysupgrade.8,v 1.15 2024/09/24 07:33:35 florian Exp $ +.\" $OpenBSD: sysupgrade.8,v 1.16 2024/09/25 13:55:23 sthen Exp $ .\" .\" Copyright (c) 2019 Florian Obser .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 24 2024 $ +.Dd $Mdocdate: September 25 2024 $ .Dt SYSUPGRADE 8 .Os .Sh NAME @@ -24,12 +24,13 @@ .Nm .Op Fl fkns .Op Fl b Ar base-directory +.Op Fl R Ar version .Op Ar installurl .Sh DESCRIPTION .Nm is a utility to upgrade .Ox -to the next release or a new snapshot if available. +to a new release or snapshot if available. .Pp .Nm downloads the necessary files to @@ -65,6 +66,11 @@ By default they will be deleted after the upgrade. Fetch and verify the files and create .Pa /bsd.upgrade but do not reboot. +.It Fl R Op version +Upgrade to a specific release version. +Only upgrades from one version to the next are tested. +Skipping versions may work. +Downgrading is unlikely to work. .It Fl s Upgrade to a snapshot. The default is to upgrade to the next release. diff --git a/usr.sbin/sysupgrade/sysupgrade.sh b/usr.sbin/sysupgrade/sysupgrade.sh index 71aa32104a5..6dfd412bdcf 100644 --- a/usr.sbin/sysupgrade/sysupgrade.sh +++ b/usr.sbin/sysupgrade/sysupgrade.sh @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: sysupgrade.sh,v 1.53 2024/09/24 07:33:35 florian Exp $ +# $OpenBSD: sysupgrade.sh,v 1.54 2024/09/25 13:55:23 sthen Exp $ # # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 2015 Robert Peichaer @@ -35,7 +35,7 @@ err() usage() { - echo "usage: ${0##*/} [-fkns] [-b base-directory] [installurl]" 1>&2 + echo "usage: ${0##*/} [-fkns] [-b base-directory] [-R version] [installurl]" 1>&2 return 1 } @@ -74,17 +74,25 @@ rmel() { SNAP=false FORCE=false +FORCE_VERSION=false KEEP=false REBOOT=true WHAT='release' -while getopts b:fknrs arg; do +VERSION=$(uname -r) +NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc) + +while getopts b:fknrR:s arg; do case ${arg} in b) SETSDIR=${OPTARG}/_sysupgrade;; f) FORCE=true;; k) KEEP=true;; n) REBOOT=false;; r) ;; + R) FORCE_VERSION=true + [[ ${OPTARG} == @([0-9]|[0-9][0-9]).[0-9] ]] || + err "invalid version: ${OPTARG}" + NEXT_VERSION=${OPTARG};; s) SNAP=true;; *) usage;; esac @@ -104,33 +112,39 @@ case $# in esac [[ $MIRROR == @(file|ftp|http|https)://* ]] || err "invalid installurl: $MIRROR" +$FORCE_VERSION && $SNAP && + err "incompatible options: -s -R $NEXT_VERSION" +$FORCE && ! $SNAP && + err "incompatible options: -f without -s" if $SNAP; then WHAT='snapshot' -fi - -VERSION=$(uname -r) -NEXT_VERSION=$(echo ${VERSION} + 0.1 | bc) - -if $SNAP; then URL=${MIRROR}/snapshots/${ARCH}/ else URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/ - ALT_URL=${MIRROR}/${VERSION}/${ARCH}/ + $FORCE_VERSION || ALT_URL=${MIRROR}/${VERSION}/${ARCH}/ fi install -d -o 0 -g 0 -m 0755 ${SETSDIR} cd ${SETSDIR} echo "Fetching from ${URL}" -if ! $SNAP; then - if ! unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig; then +if ! unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig; then + if [[ -n ${ALT_URL} ]]; then echo "Fetching from ${ALT_URL}" unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${ALT_URL}SHA256.sig URL=${ALT_URL} + NEXT_VERSION=${VERSION} + else + exit 1 fi -else - unpriv -f SHA256.sig ftp -N sysupgrade -Vmo SHA256.sig ${URL}SHA256.sig +fi + +SHORT_VERSION=${NEXT_VERSION%.*}${NEXT_VERSION#*.} +if ! [[ -r /etc/signify/openbsd-${SHORT_VERSION}-base.pub ]]; then + echo "${0##*/}: signify key not found; download into /etc/signify from" 1>&2 + echo "https://ftp.openbsd.org/pub/OpenBSD/signify/openbsd-${SHORT_VERSION}-base.pub" 1>&2 + exit 1 fi unpriv -f SHA256 signify -Ve -x SHA256.sig -m SHA256 -- 2.20.1