usr.sbin/syspatch/syspatch.sh at jcs

jcs.org / openbsd-src
fork atom
jcs's openbsd hax
openbsd
fork atom
openbsd-src / usr.sbin / syspatch / syspatch.sh
at jcs 334 lines 9.6 kB view raw
wrap content
deraadt Before installing files, the syspatch ksh script checkfs() tries to check if the partitions have enough space by looking at the original files. It converts via stat(1) calling stat(2) st_dev to a device name by calling devname(), and then compares this against the mounted filesystems, to see how much space is left. This conversion via devname() went very wrong because dev_mkdb(8) does not maintain a 1:1 relationship between dev_t and name! The addition of rootdisk and rrootdisk which are aliased to sd0a or wd0a (to ease the future crossover to 52-partition support) breaks the 1:1 relationship. This commit rewrites the file checks to use statfs(2) via df(1) so that the same device-names are compared. ok bluhm mlarkin beck afresh1 robert 5mo ago
abf9f467
  1#!/bin/ksh
  2#
  3# $OpenBSD: syspatch.sh,v 1.169 2025/10/27 16:30:24 deraadt Exp $
  4#
  5# Copyright (c) 2016, 2017 Antoine Jacoutot <ajacoutot@openbsd.org>
  6#
  7# Permission to use, copy, modify, and distribute this software for any
  8# purpose with or without fee is hereby granted, provided that the above
  9# copyright notice and this permission notice appear in all copies.
 10#
 11# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 12# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 13# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 14# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 15# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 16# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 17# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 18
 19set -e
 20umask 0022
 21export PATH=/usr/bin:/bin:/usr/sbin:/sbin
 22
 23err()
 24{
 25	echo "${0##*/}: ${1}" 1>&2
 26	return ${2:-1}
 27}
 28
 29usage()
 30{
 31	echo "usage: ${0##*/} [-c | -l | -R | -r]" 1>&2
 32	return 1
 33}
 34
 35apply_patch()
 36{
 37	local _edir _file _files _kernel _patch=$1 _rc=0 _s _upself=false
 38	[[ -n ${_patch} ]]
 39
 40	_edir=${_TMP}/${_patch}
 41
 42	fetch_and_verify "syspatch${_patch}.tgz"
 43
 44	trap '' INT
 45	echo "Installing patch ${_patch##${_OSrev}-}"
 46	install -d ${_edir} ${_PDIR}/${_patch}
 47
 48	_kernel=$(sysctl -n kern.osversion)
 49	[[ ${_kernel%#*} == "GENERIC.MP" ]] &&
 50		_s="-s @usr/share/relink/kernel/GENERIC/.*@@g" ||
 51		_s="-s @usr/share/relink/kernel/GENERIC.MP/.*@@g"
 52	_files="$(tar -xvzphf ${_TMP}/syspatch${_patch}.tgz -C ${_edir} \
 53		${_s})" || { rm -r ${_PDIR}/${_patch}; return 1; }
 54
 55	checkfs ${_files}
 56	create_rollback ${_patch} "${_files}"
 57
 58	for _file in ${_files}; do
 59		((_rc == 0)) || break
 60		[[ ${_file} == usr/sbin/syspatch ]] && _upself=true
 61		install_file ${_edir}/${_file} /${_file} || _rc=$?
 62	done
 63
 64	if ((_rc != 0)); then
 65		err "Failed to apply patch ${_patch##${_OSrev}-}" 0
 66		rollback_patch; return ${_rc}
 67	fi
 68	# don't fill up /tmp when installing multiple patches at once; non-fatal
 69	rm -rf ${_edir} ${_TMP}/syspatch${_patch}.tgz
 70	trap exit INT
 71
 72	echo ${_files} | grep -Eqv \
 73		'(^|[[:blank:]]+)usr/share/relink/kernel/GENERI(C|C.MP)/[[:print:]]+([[:blank:]]+|$)' ||
 74		_KARL=true
 75
 76	(! ${_upself} || err "updated itself, run it again to install \
 77missing patches" 2)
 78}
 79
 80# quick-and-dirty filesystem status and size checks:
 81# - assume old files are about the same size as new ones
 82# - ignore new (nonexistent) files
 83# - ignore rollback tarball: create_rollback() will handle the failure
 84# - compute total size of all files per fs, simpler and less margin for error
 85#   (instead of computing before installing each file)
 86checkfs()
 87{
 88	local _d _dev _df _files="${@}" _sz
 89	[[ -n ${_files} ]]
 90
 91	set +e # ignore errors due to:
 92	# - nonexistent files (i.e. syspatch is installing new files)
 93	# - broken interpolation due to bogus devices like remote filesystems
 94	for _f in ${_files}; do
 95		_fdev=$(df /${_f} 2>/dev/null | grep "^/dev/" | \
 96		    cut -d' ' -f1 | cut -d/ -f3)
 97		[[ -n ${_fdev} ]] || continue
 98		_dev="${_dev} ${_fdev}"
 99		eval $(stat -qf "local ${_fdev}=\$((\$${_fdev}+%Uz))" /${_f} ) \
100		    2>/dev/null
101
102	done
103	set -e
104
105	for _d in $(printf '%s\n' ${_dev} | sort -u); do
106		[[ ${_d} != "??" ]] || err "Unsupported filesystem, aborting"
107		mount | grep -v read-only | grep -q "^/dev/${_d} " ||
108			err "Read-only filesystem, aborting"
109		_df=$(df -Pk | grep "^/dev/${_d} " | tr -s ' ' | cut -d ' ' -f4)
110		_sz=$(($((_d))/1024))
111		((_df > _sz)) || err "No space left on ${_d}, aborting"
112	done
113}
114
115create_rollback()
116{
117	# XXX annotate new files so we can remove them if we rollback?
118	local _file _patch=$1 _rbfiles _rc=0
119	[[ -n ${_patch} ]]
120	shift
121	local _files="${@}"
122	[[ -n ${_files} ]]
123
124	for _file in ${_files}; do
125		[[ -f /${_file} ]] && _rbfiles="${_rbfiles} ${_file}"
126	done
127
128	tar -C / -czf ${_PDIR}/${_patch}/rollback.tgz ${_rbfiles} || _rc=$?
129
130	if ((_rc != 0)); then
131		err "Failed to create rollback patch ${_patch##${_OSrev}-}" 0
132		rm -r ${_PDIR}/${_patch}; return ${_rc}
133	fi
134}
135
136fetch_and_verify()
137{
138	local _tgz=$1 _title="Get/Verify"
139	[[ -n ${_tgz} ]]
140
141	[[ -t 0 ]] || echo "${_title} ${_tgz}"
142	unpriv -f "${_TMP}/${_tgz}" ftp -N syspatch -VD "${_title}" -o \
143		"${_TMP}/${_tgz}" "${_MIRROR}/${_tgz}"
144
145	(cd ${_TMP} && sha256 -qC ${_TMP}/SHA256 ${_tgz})
146}
147
148install_file()
149{
150	# XXX handle hard link, dir->file, file->dir?
151	local _dst=$2 _fgrp _fmode _fown _src=$1
152	[[ -f ${_src} && -f ${_dst} ]]
153
154	if [[ -h ${_src} ]]; then
155		ln -sf $(readlink ${_src}) ${_dst}
156	else
157		eval $(stat -f "_fmode=%OMp%OLp _fown=%Su _fgrp=%Sg" ${_src})
158		install -DFp -m ${_fmode} -o ${_fown} -g ${_fgrp} ${_src} \
159			${_dst}
160	fi
161}
162
163ls_installed()
164{
165	local _p
166	for _p in ${_PDIR}/${_OSrev}-+([[:digit:]])_+([[:alnum:]_-]); do
167		[[ -f ${_p}/rollback.tgz ]] && echo ${_p##*/${_OSrev}-}
168	done
169}
170
171ls_missing()
172{
173	local _c _f _cmd _l="$(ls_installed)" _p _sha=${_TMP}/SHA256
174
175	# don't output anything on stdout to prevent corrupting the patch list
176	unpriv -f "${_sha}.sig" ftp -N syspatch -MVo "${_sha}.sig" \
177		"${_MIRROR}/SHA256.sig" >/dev/null
178	unpriv -f "${_sha}" signify -Veq -x ${_sha}.sig -m ${_sha} -p \
179		/etc/signify/openbsd-${_OSrev}-syspatch.pub >/dev/null
180
181	# sig file less than 3 lines long doesn't list any patch (new release)
182	(($(grep -c ".*" ${_sha}.sig) < 3)) && return
183
184	set -o pipefail
185	grep -Eo "syspatch${_OSrev}-[[:digit:]]{3}_[[:alnum:]_-]+" ${_sha} |
186		while read _c; do _c=${_c##syspatch${_OSrev}-} &&
187		[[ -n ${_l} ]] && echo ${_c} | grep -qw -- "${_l}" || echo ${_c}
188	done | while read _p; do
189		_cmd="ftp -N syspatch -MVo - \
190			${_MIRROR}/syspatch${_OSrev}-${_p}.tgz"
191		unpriv "${_cmd}" | tar tzf - | while read _f; do
192			# no earlier version of _all_ files contained in the tgz
193			# exists on the system, it means a missing set: skip it
194			[[ -f /${_f} ]] || continue && echo ${_p} && pkill -u \
195				_syspatch -xf "${_cmd}" || true && break
196		done
197	done | sort -V # only used as a buffer to display all patches at once
198	set +o pipefail
199}
200
201rollback_patch()
202{
203	local _edir _file _files _patch _rc=0
204
205	_patch="$(ls_installed | tail -1)"
206	[[ -n ${_patch} ]] || return 0 # nothing to rollback
207
208	_edir=${_TMP}/${_patch}-rollback
209	_patch=${_OSrev}-${_patch}
210
211	trap '' INT
212	echo "Reverting patch ${_patch##${_OSrev}-}"
213	install -d ${_edir}
214
215	_files="$(tar xvzphf ${_PDIR}/${_patch}/rollback.tgz -C ${_edir})"
216	checkfs ${_files} ${_PDIR} # check for read-only /var/syspatch
217
218	for _file in ${_files}; do
219		((_rc == 0)) || break
220		install_file ${_edir}/${_file} /${_file} || _rc=$?
221	done
222
223	((_rc != 0)) || rm -r ${_PDIR}/${_patch} || _rc=$?
224	((_rc == 0)) ||
225		err "Failed to revert patch ${_patch##${_OSrev}-}" ${_rc}
226	rm -rf ${_edir} # don't fill up /tmp when using `-R'; non-fatal
227	trap exit INT
228
229	echo ${_files} | grep -Eqv \
230		'(^|[[:blank:]]+)usr/share/relink/kernel/GENERI(C|C.MP)/[[:print:]]+([[:blank:]]+|$)' ||
231		_KARL=true
232}
233
234trap_handler()
235{
236	set +e # we're trapped
237	rm -rf "${_TMP}"
238
239	# in case a patch added a new directory (install -D)
240	if [[ -n ${_PATCHES} ]]; then
241		mtree -qdef /etc/mtree/4.4BSD.dist -p / -U >/dev/null
242		[[ -f /var/sysmerge/xetc.tgz ]] &&
243			mtree -qdef /etc/mtree/BSD.x11.dist -p / -U >/dev/null
244	fi
245
246	if ${_KARL}; then
247		echo -n "Relinking to create unique kernel..."
248		if /usr/libexec/reorder_kernel; then
249			echo " done; reboot to load the new kernel"
250		else
251			echo " failed!\n!!! \"/usr/libexec/reorder_kernel\" \
252must be run manually to install the new kernel"
253			exit 1
254		fi
255	fi
256
257	${_PATCH_APPLIED} && echo "Errata can be reviewed under ${_PDIR}"
258}
259
260unpriv()
261{
262	local _file=$2 _rc=0 _user=_syspatch
263
264	if [[ $1 == -f && -n ${_file} ]]; then
265		>${_file}
266		chown "${_user}" "${_file}"
267		chmod 0711 ${_TMP}
268		shift 2
269	fi
270	(($# >= 1))
271
272	eval su -s /bin/sh ${_user} -c "'$@'" || _rc=$?
273
274	[[ -n ${_file} ]] && chown root "${_file}"
275
276	return ${_rc}
277}
278
279# only run on release (not -current nor -stable)
280set -A _KERNV -- $(sysctl -n kern.version |
281	sed 's/^OpenBSD \([1-9][0-9]*\.[0-9]\)\([^ ]*\).*/\1 \2/;q')
282((${#_KERNV[*]} > 1)) && err "Unsupported release: ${_KERNV[0]}${_KERNV[1]}"
283
284[[ $@ == @(|-[[:alpha:]]) ]] || usage; [[ $@ == @(|-(c|R|r)) ]] &&
285	(($(id -u) != 0)) && err "need root privileges"
286[[ $@ == @(|-(R|r)) ]] && pgrep -qxf '/bin/ksh .*reorder_kernel' &&
287	err "cannot apply patches while reorder_kernel is running"
288
289_OSrev=${_KERNV[0]%.*}${_KERNV[0]#*.}
290[[ -n ${_OSrev} ]]
291
292_MIRROR=$(while read _line; do _line=${_line%%#*}; [[ -n ${_line} ]] &&
293	print -r -- "${_line}"; done </etc/installurl | tail -1) 2>/dev/null
294[[ ${_MIRROR} == @(file|ftp|http|https)://* ]] ||
295	_MIRROR=https://cdn.openbsd.org/pub/OpenBSD
296_MIRROR="${_MIRROR}/syspatch/${_KERNV[0]}/$(machine)"
297
298_PATCH_APPLIED=false
299_PDIR="/var/syspatch"
300_TMP=$(mktemp -d -p ${TMPDIR:-/tmp} syspatch.XXXXXXXXXX)
301_KARL=false
302
303readonly _KERNV _MIRROR _OSrev _PDIR _TMP
304
305trap 'trap_handler' EXIT
306trap exit HUP INT TERM
307
308while getopts clRr arg; do
309	case ${arg} in
310		c) ls_missing ;;
311		l) ls_installed ;;
312		R) while [[ -n $(ls_installed) ]]; do rollback_patch; done ;;
313		r) rollback_patch ;;
314		*) usage ;;
315	esac
316done
317shift $((OPTIND - 1))
318(($# != 0)) && usage
319
320# default action: apply all patches
321if ((OPTIND == 1)); then
322	# remove non matching release /var/syspatch/ content
323	for _D in ${_PDIR}/{.[!.],}*; do
324		[[ -e ${_D} ]] || continue
325		[[ ${_D##*/} == ${_OSrev}-+([[:digit:]])_+([[:alnum:]_-]) ]] &&
326			[[ -f ${_D}/rollback.tgz ]] || rm -r ${_D}
327	done
328	_PATCHES=$(ls_missing) # can't use errexit in a for loop
329	[[ -n ${_PATCHES} ]] || exit 2
330	for _PATCH in ${_PATCHES}; do
331		apply_patch ${_OSrev}-${_PATCH}
332		_PATCH_APPLIED=true
333	done
334fi