From 9ba7c5ccd9aae8daa36278664606f309eca0f2b8 Mon Sep 17 00:00:00 2001
From: afresh1 <afresh1@openbsd.org>
Date: Wed, 15 Nov 2023 02:07:43 +0000
Subject: [PATCH] Don't let signify mess up our status line

While not verbose the status line is built as we go, so save errors from
signify until after we've finished the status line.  This should exit and print
the error immediately, since this happens when fetching the SHA256.sig and
fw_update exits early in that case.
---
 usr.sbin/fw_update/fw_update.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/usr.sbin/fw_update/fw_update.sh b/usr.sbin/fw_update/fw_update.sh
index 408f8ac2819..4be63c8a351 100644
--- a/usr.sbin/fw_update/fw_update.sh
+++ b/usr.sbin/fw_update/fw_update.sh
@@ -1,5 +1,5 @@
 #!/bin/ksh
-#	$OpenBSD: fw_update.sh,v 1.54 2023/11/15 02:03:49 afresh1 Exp $
+#	$OpenBSD: fw_update.sh,v 1.55 2023/11/15 02:07:43 afresh1 Exp $
 #
 # Copyright (c) 2021,2023 Andrew Hewus Fresh <afresh1@openbsd.org>
 #
@@ -205,9 +205,12 @@ fetch_cfile() {
 		set +o noclobber # we want to get the latest CFILE
 		fetch "$CFILE" || return 1
 		set -o noclobber
-		! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null &&
-		    warn "Signature check of SHA256.sig failed" &&
-		    rm -f "$CFILE" && return 1
+		signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null \
+		    2>&"$WARN_FD" || {
+		        warn "Signature check of SHA256.sig failed"
+		        rm -f "$CFILE"
+			return 1
+		    }
 	elif [ ! -e "$CFILE" ]; then
 		warn "${0##*/}: $CFILE: No such file or directory"
 		return 1
-- 
2.20.1