├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── SHA256 ├── SHA256.sig ├── man └── snap.8 ├── old_pubkeys ├── snap.pub └── snap.pub.old ├── snap └── snap.pub /.gitignore: -------------------------------------------------------------------------------- 1 | .todo 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012-2016, Aaron Bieber 2 | 3 | Permission to use, copy, modify, and/or distribute this software for any 4 | purpose with or without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # $OpenBSD$ 2 | 3 | PREFIX ?= /usr/local 4 | SCRIPT = snap 5 | MAN = man/snap.8 6 | MANDIR ?= ${PREFIX}/man/man 7 | BINDIR ?= ${PREFIX}/bin 8 | 9 | README.md: man/snap.8 10 | mandoc -T lint man/snap.8 11 | mandoc -T markdown man/snap.8 >$@ 12 | 13 | sign: 14 | @sha256 snap > SHA256 15 | @signify -S -s ~/signify/snap.sec -m SHA256 -x SHA256.sig 16 | @cat SHA256 >> SHA256.sig 17 | 18 | verify: 19 | @signify -C -p /etc/signify/snap.pub -x SHA256.sig snap 20 | 21 | bump: 22 | @vi ./snap 23 | 24 | release: bump sign 25 | VERSION=$$(awk -F= '/^version/ {print $$2}' snap); \ 26 | git add snap SHA256 SHA256.sig; \ 27 | git commit -m "$${VERSION}"; \ 28 | git tag $${VERSION}; \ 29 | git push --tags 30 | 31 | realinstall: 32 | ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} \ 33 | ${.CURDIR}/${SCRIPT} ${DESTDIR}${BINDIR}/snap 34 | 35 | .PHONY: release bump verify sign 36 | 37 | .include 38 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | SNAP(8) - System Manager's Manual 2 | 3 | # NAME 4 | 5 | **snap** - snapshot upgrade tool 6 | 7 | # SYNOPSIS 8 | 9 | **snap** 10 | \[**-bBcdDehiIkKmMnrRsSuUvWx**] 11 | \[**-b** \[boot device]] 12 | \[**-c** \[config\_file]] 13 | \[**-D** \[destination]] 14 | \[**-m** \[machine]] 15 | \[**-M** \[mirror]] 16 | \[**-V** \[version]] 17 | \[**-s** \[pubkey]] 18 | 19 | # DESCRIPTION 20 | 21 | **snap** 22 | is a 23 | ksh(1) 24 | script designed to upgrade an 25 | OpenBSD 26 | machine to the latest snapshot available. 27 | Upgrading from release to release is not supported. 28 | 29 | **snap** 30 | checks the \`BUILDINFO\` file located on the remote mirror, and will 31 | warn you if the snapshot is not newer than the currently running 32 | version. 33 | 34 | By default 35 | **snap** 36 | verifies signatures for the set files it downloads. 37 | This can be prevented by specifying the 38 | **-S** 39 | option, however, skipping verification is very much not recommended! 40 | 41 | The options are as follows: 42 | 43 | **-D** *destination* 44 | 45 | > Destination directory to place the \`.tgz\` files. 46 | 47 | **-S** 48 | 49 | > Skip signature verification. 50 | > This is not recommended! 51 | 52 | **-c** *config\_file* 53 | 54 | > Location of configuration file (default is 55 | > */etc/snap.conf* 56 | > or 57 | > *$HOME/.snaprc* 58 | > ). 59 | 60 | **-e** 61 | 62 | > Extract sets into destination directory and exit. 63 | > The destination directory can be overwritten by the 64 | > **-D** 65 | > option, or by setting the DST line in 66 | > *config\_file*. 67 | 68 | **-d** 69 | 70 | > Download sets to the destination directory, verify ( 71 | > **-S** 72 | > prevents signature verification) and 73 | > exit. 74 | > By default the destination directory is set to 75 | > */tmp/upgrade* 76 | 77 | **-m** *machine* 78 | 79 | > Use 80 | > **machine** 81 | > instead of what the \`machine\` command returns. 82 | 83 | **-V** *setversion* 84 | 85 | > Use to specify a specific version of sets. 86 | > This option will need to be used when there is a version jump, say from 6.0 to 6.1. 87 | 88 | **-r** 89 | 90 | > Run sysmerge after extracting {x}sets. 91 | > This option may cause issues if the newer snapshot introduces ABI changes. 92 | > Not recommended. 93 | 94 | **-x** 95 | 96 | > Do not extract x11 sets. 97 | 98 | **-M** *mirror* 99 | 100 | > Specify which mirror to use. 101 | 102 | **-I** *sigfile* 103 | 104 | > Verify integrity of the 105 | > **snap** 106 | > tool. 107 | > If 108 | > **sigfile** 109 | > is omitted, 110 | > **snap** 111 | > will pull a copy of SHA256.sig from the GitHub page. 112 | 113 | **-s** *pubkey* 114 | 115 | > Signify pub key to do verification with. 116 | 117 | **-i** 118 | 119 | > Run in interactive mode (has colors). 120 | 121 | **-n** 122 | 123 | > Force snap to install 124 | > **bsd.mp** 125 | > as 126 | > */bsd* 127 | 128 | **-k** 129 | 130 | > Only install the kernels and exit. 131 | 132 | **-B** 133 | 134 | > Prevent 135 | > **snap** 136 | > from making a backup of the kernel files. 137 | 138 | **-u** 139 | 140 | > Check for update to the 141 | > **snap** 142 | > script. 143 | 144 | **-U** 145 | 146 | > Download and install the latest version of 147 | > **snap** 148 | > (will overwrite currently installed version). 149 | > Signature verification is also done. 150 | 151 | **-b** *device* 152 | 153 | > Tells 154 | > **snap** 155 | > which 156 | > **device** 157 | > to install bootstrap on. 158 | 159 | **-R** 160 | 161 | > Reboot after running 162 | > **snap** 163 | 164 | **-h** 165 | 166 | > Help. 167 | 168 | # FILES 169 | 170 | *$HOME/.last\_snap* 171 | 172 | > Contains timestamp of the previous snapshot. 173 | 174 | */etc/snap.conf* 175 | 176 | > Global configuration options. 177 | > See 178 | > *SNAPRC* 179 | > for more information on these options. 180 | 181 | *$HOME/.snaprc* 182 | 183 | > User specific configuration options. 184 | 185 | # SNAPRC 186 | 187 | **snap** 188 | supports the following configuration options via 189 | */etc/snap.conf* 190 | or 191 | *$HOME/.snaprc* 192 | file: 193 | 194 | **INTERACTIVE bool** 195 | 196 | > If true, 197 | > **snap** 198 | > will operate as if 199 | > **-i** 200 | > was specified. 201 | > Defaults to false. 202 | 203 | **DST directory** 204 | 205 | > Tells 206 | > **snap** 207 | > where to download the snapshot sets and signature files. 208 | > Defaults to 209 | > */tmp/upgrade* 210 | 211 | **EXTRACT\_ONLY bool** 212 | 213 | > Tells 214 | > **snap** 215 | > to exit after extracting the sets. 216 | > Defaults to false. 217 | 218 | **FTP\_OPTS string** 219 | 220 | > Lets you overwrite the options passed to 221 | > ftp(1). 222 | > This can be handy if your mirror supports file continuation! 223 | > Defaults to: " -V ". 224 | 225 | > See 226 | > ftp(1) 227 | > for options. 228 | 229 | **MERGE bool** 230 | 231 | > Tells 232 | > **snap** 233 | > to merge files in 234 | > */etc* 235 | > using the 236 | > sysmerge(8) 237 | > utility. 238 | > Defaults to false. 239 | 240 | **NO\_X11 bool** 241 | 242 | > Tells 243 | > **snap** 244 | > to forgo download and extraction of xsets. 245 | > Defaults to false. 246 | 247 | **REBOOT bool** 248 | 249 | > Setting this to \`true\` will cause 250 | > **snap** 251 | > to reboot the system after successful extraction of sets. 252 | > Defaults to false. 253 | 254 | **AFTER script** 255 | 256 | > Specifies a script to be copied to 257 | > */etc/rc.firsttime*. 258 | > The script will then be executed upon successful reboot. 259 | > Default is not set. 260 | 261 | **MIRROR string** 262 | 263 | > Defaults to \`cdn.openbsd.org\`. 264 | 265 | # EXAMPLES 266 | 267 | ## EXAMPLE USAGE 268 | 269 | To upgrade to the latest snapshot: 270 | 271 | $ doas snap 272 | 273 | To upgrade to the latest snapshot using an explicit mirror region: 274 | 275 | $ doas snap -M cdn.openbsd.org 276 | 277 | To upgrade to a snapshot without updating xsets: 278 | 279 | $ doas snap -x 280 | 281 | ## EXAMPLE SNAPRC 282 | 283 | A typical 284 | *~/.snaprc* 285 | would look something like this: 286 | 287 | INTERACTIVE:true 288 | MERGE:true 289 | AFTER:/etc/after_snap 290 | MIRROR:cdn.openbsd.org 291 | FTP_OPTS:-C -V 292 | 293 | ## EXAMPLE AFTER SCRIPT 294 | 295 | Here is an \`AFTER\` script that makes sure we have the latest devices 296 | in 297 | */dev*, 298 | upgrades all the firmware currently installed and upgrades currently 299 | installed packages: 300 | 301 | #!/bin/sh 302 | ( 303 | cd /dev && sh MAKEDEV all 304 | /usr/sbin/fw_update -v 305 | /usr/sbin/pkg_add -uVm # -m is needed to see progress in this context 306 | ) 307 | 308 | # SIGNATURE VERIFICATION 309 | 310 | **snap** 311 | can be verified using the 312 | **signify** 313 | utility. 314 | 315 | ## Public key 316 | 317 | untrusted comment: github.com/qbit/snap public key 318 | RWQVGN6sUjQQA5uYpANGLLKQMAERZ43otLePFSVqNFGGtf/qBez7G1WU 319 | 320 | ## SIGNATURE URL 321 | 322 | https://raw.githubusercontent.com/qbit/snap/master/SHA256.sig 323 | 324 | After installing the above public key in 325 | */etc/signify/snap.pub* 326 | and downloading the 327 | *SHA256.sig* 328 | file, you can verify 329 | **snap** 330 | by running one the following: 331 | 332 | Have snap download the 333 | *SHA256.sig* 334 | file and run verification: 335 | 336 | $ snap -I 337 | 338 | Have snap verify a pre-downloaded 339 | *SHA256.sig* 340 | file: 341 | 342 | $ snap -I SHA256.sig 343 | 344 | Manual verification with the 345 | **signify** 346 | utility: 347 | 348 | $ signify -C -p /etc/signify/snap.pub -x SHA256.sig snap 349 | 350 | # SEE ALSO 351 | 352 | ftp(1), 353 | signify(1), 354 | installboot(8), 355 | rc(8), 356 | release(8), 357 | sysmerge(8) 358 | 359 | # HISTORY 360 | 361 | The first version of 362 | **snap** 363 | was released in September of 2012. 364 | 365 | # AUTHORS 366 | 367 | **snap** 368 | was written by 369 | Aaron Bieber <[aaron@bolddaemon.com](mailto:aaron@bolddaemon.com)>. 370 | 371 | OpenBSD 6.4 - September 19, 2012 372 | -------------------------------------------------------------------------------- /SHA256: -------------------------------------------------------------------------------- 1 | SHA256 (snap) = 11a32c307dc7a57412b3cd13ae93d9f9f9abf3201a620081b1207077868b54fb 2 | -------------------------------------------------------------------------------- /SHA256.sig: -------------------------------------------------------------------------------- 1 | untrusted comment: verify with snap.pub 2 | RWQVGN6sUjQQA0wVb3+MLAB7X70kF7t6xq2DQo1GwHcj6nns0DLcq/+JjH+ksnodn99hhkQnITJYTKAEVrRdLhaCC2lp9XHMewY= 3 | SHA256 (snap) = 11a32c307dc7a57412b3cd13ae93d9f9f9abf3201a620081b1207077868b54fb 4 | -------------------------------------------------------------------------------- /man/snap.8: -------------------------------------------------------------------------------- 1 | .\" $OpenBSD$ 2 | .\" 3 | .\" Copyright (c) 2012-17 Aaron Bieber 4 | .\" 5 | .\" Permission to use, copy, modify, and distribute this software for any 6 | .\" purpose with or without fee is hereby granted, provided that the above 7 | .\" copyright notice and this permission notice appear in all copies. 8 | .\" 9 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | .\" 17 | .Dd $Mdocdate: September 19 2012 $ 18 | .Dt SNAP 8 19 | .Os 20 | .Sh NAME 21 | .Nm snap 22 | .Nd snapshot upgrade tool 23 | .Sh SYNOPSIS 24 | .Nm snap 25 | .Op Fl bBcdDehiIkKmMnrRsSuUvWx 26 | .Op Fl b Op boot device 27 | .Op Fl c Op config_file 28 | .Op Fl D Op destination 29 | .Op Fl m Op machine 30 | .Op Fl M Op mirror 31 | .Op Fl V Op version 32 | .Op Fl s Op pubkey 33 | .Sh DESCRIPTION 34 | .Nm 35 | is a 36 | .Xr ksh 1 37 | script designed to upgrade an 38 | .Ox 39 | machine to the latest snapshot available. 40 | Upgrading from release to release is not supported. 41 | .Pp 42 | .Nm 43 | checks the `BUILDINFO` file located on the remote mirror, and will 44 | warn you if the snapshot is not newer than the currently running 45 | version. 46 | .Pp 47 | By default 48 | .Nm 49 | verifies signatures for the set files it downloads. 50 | This can be prevented by specifying the 51 | .Fl S 52 | option, however, skipping verification is very much not recommended! 53 | .Pp 54 | The options are as follows: 55 | .Bl -tag -width Ds 56 | .It Fl D Ar destination 57 | Destination directory to place the `.tgz` files. 58 | .It Fl S 59 | Skip signature verification. 60 | This is not recommended! 61 | .It Fl c Ar config_file 62 | Location of configuration file (default is 63 | .Pa /etc/snap.conf 64 | or 65 | .Pa $HOME/.snaprc 66 | ). 67 | .It Fl e 68 | Extract sets into destination directory and exit. 69 | The destination directory can be overwritten by the 70 | .Fl D 71 | option, or by setting the DST line in 72 | .Pa config_file . 73 | .It Fl d 74 | Download sets to the destination directory, verify ( 75 | .Fl S 76 | prevents signature verification) and 77 | exit. 78 | By default the destination directory is set to 79 | .Pa /tmp/upgrade 80 | .It Fl m Ar machine 81 | Use 82 | .Nm machine 83 | instead of what the `machine` command returns. 84 | .It Fl V Ar setversion 85 | Use to specify a specific version of sets. 86 | This option will need to be used when there is a version jump, say from 6.0 to 6.1. 87 | .It Fl r 88 | Run sysmerge after extracting {x}sets. 89 | This option may cause issues if the newer snapshot introduces ABI changes. 90 | Not recommended. 91 | .It Fl x 92 | Do not extract x11 sets. 93 | .It Fl M Ar mirror 94 | Specify which mirror to use. 95 | .It Fl I Ar sigfile 96 | Verify integrity of the 97 | .Nm 98 | tool. 99 | If 100 | .Nm sigfile 101 | is omitted, 102 | .Nm 103 | will pull a copy of SHA256.sig from the GitHub page. 104 | .It Fl s Ar pubkey 105 | Signify pub key to do verification with. 106 | .It Fl i 107 | Run in interactive mode (has colors). 108 | .It Fl n 109 | Force snap to install 110 | .Nm bsd.mp 111 | as 112 | .Pa /bsd 113 | .It Fl k 114 | Only install the kernels and exit. 115 | .It Fl B 116 | Prevent 117 | .Nm 118 | from making a backup of the kernel files. 119 | .It Fl u 120 | Check for update to the 121 | .Nm 122 | script. 123 | .It Fl U 124 | Download and install the latest version of 125 | .Nm 126 | (will overwrite currently installed version). 127 | Signature verification is also done. 128 | .It Fl b Ar device 129 | Tells 130 | .Nm 131 | which 132 | .Nm device 133 | to install bootstrap on. 134 | .It Fl R 135 | Reboot after running 136 | .Nm 137 | .It Fl h 138 | Help. 139 | .El 140 | .Sh FILES 141 | .Bl -tag -width "$HOME/.last_snap" 142 | .It Pa $HOME/.last_snap 143 | Contains timestamp of the previous snapshot. 144 | .It Pa /etc/snap.conf 145 | Global configuration options. 146 | See 147 | .Sx SNAPRC 148 | for more information on these options. 149 | .It Pa $HOME/.snaprc 150 | User specific configuration options. 151 | .El 152 | .Sh SNAPRC 153 | .Nm 154 | supports the following configuration options via 155 | .Pa /etc/snap.conf 156 | or 157 | .Pa $HOME/.snaprc 158 | file: 159 | .Bl -tag -width Ds 160 | .It Cm INTERACTIVE bool 161 | If true, 162 | .Nm 163 | will operate as if 164 | .Fl i 165 | was specified. 166 | Defaults to false. 167 | .It Cm DST directory 168 | Tells 169 | .Nm 170 | where to download the snapshot sets and signature files. 171 | Defaults to 172 | .Pa /tmp/upgrade 173 | .It Cm EXTRACT_ONLY bool 174 | Tells 175 | .Nm 176 | to exit after extracting the sets. 177 | Defaults to false. 178 | .It Cm FTP_OPTS string 179 | Lets you overwrite the options passed to 180 | .Xr ftp 1 . 181 | This can be handy if your mirror supports file continuation! 182 | Defaults to: " -V ". 183 | .Pp 184 | See 185 | .Xr ftp 1 186 | for options. 187 | .It Cm MERGE bool 188 | Tells 189 | .Nm 190 | to merge files in 191 | .Pa /etc 192 | using the 193 | .Xr sysmerge 8 194 | utility. 195 | Defaults to false. 196 | .It Cm NO_X11 bool 197 | Tells 198 | .Nm 199 | to forgo download and extraction of xsets. 200 | Defaults to false. 201 | .It Cm REBOOT bool 202 | Setting this to `true` will cause 203 | .Nm 204 | to reboot the system after successful extraction of sets. 205 | Defaults to false. 206 | .It Cm AFTER script 207 | Specifies a script to be copied to 208 | .Pa /etc/rc.firsttime . 209 | The script will then be executed upon successful reboot. 210 | Default is not set. 211 | .It Cm MIRROR string 212 | Defaults to `cdn.openbsd.org`. 213 | .El 214 | .Sh EXAMPLES 215 | .Ss EXAMPLE USAGE 216 | To upgrade to the latest snapshot: 217 | .Bd -literal -offset indent 218 | $ doas snap 219 | .Ed 220 | .Pp 221 | To upgrade to the latest snapshot using an explicit mirror region: 222 | .Bd -literal -offset indent 223 | $ doas snap -M cdn.openbsd.org 224 | .Ed 225 | .Pp 226 | To upgrade to a snapshot without updating xsets: 227 | .Bd -literal -offset indent 228 | $ doas snap -x 229 | .Ed 230 | .Ss EXAMPLE SNAPRC 231 | A typical 232 | .Pa ~/.snaprc 233 | would look something like this: 234 | .Bd -literal -offset indent 235 | INTERACTIVE:true 236 | MERGE:true 237 | AFTER:/etc/after_snap 238 | MIRROR:cdn.openbsd.org 239 | FTP_OPTS:-C -V 240 | .Ed 241 | .Ss EXAMPLE AFTER SCRIPT 242 | Here is an `AFTER` script that makes sure we have the latest devices 243 | in 244 | .Pa /dev , 245 | upgrades all the firmware currently installed and upgrades currently 246 | installed packages: 247 | .Bd -literal -offset indent 248 | #!/bin/sh 249 | ( 250 | cd /dev && sh MAKEDEV all 251 | /usr/sbin/fw_update -v 252 | /usr/sbin/pkg_add -uVm # -m is needed to see progress in this context 253 | ) 254 | .Ed 255 | .Sh SIGNATURE VERIFICATION 256 | .Nm 257 | can be verified using the 258 | .Nm signify 259 | utility. 260 | .Ss Public key 261 | .Bd -literal 262 | untrusted comment: github.com/qbit/snap public key 263 | RWQVGN6sUjQQA5uYpANGLLKQMAERZ43otLePFSVqNFGGtf/qBez7G1WU 264 | .Ed 265 | .Ss SIGNATURE URL 266 | .Bd -literal 267 | https://raw.githubusercontent.com/qbit/snap/master/SHA256.sig 268 | .Ed 269 | .Pp 270 | After installing the above public key in 271 | .Pa /etc/signify/snap.pub 272 | and downloading the 273 | .Pa SHA256.sig 274 | file, you can verify 275 | .Nm 276 | by running one the following: 277 | .Pp 278 | Have snap download the 279 | .Pa SHA256.sig 280 | file and run verification: 281 | .Bd -literal -offset indent 282 | $ snap -I 283 | .Ed 284 | .Pp 285 | Have snap verify a pre-downloaded 286 | .Pa SHA256.sig 287 | file: 288 | .Bd -literal -offset indent 289 | $ snap -I SHA256.sig 290 | .Ed 291 | .Pp 292 | Manual verification with the 293 | .Nm signify 294 | utility: 295 | .Bd -literal -offset indent 296 | $ signify -C -p /etc/signify/snap.pub -x SHA256.sig snap 297 | .Ed 298 | .Sh SEE ALSO 299 | .Xr ftp 1 , 300 | .Xr signify 1 , 301 | .Xr installboot 8 , 302 | .Xr rc 8 , 303 | .Xr release 8 , 304 | .Xr sysmerge 8 305 | .Sh HISTORY 306 | The first version of 307 | .Nm 308 | was released in September of 2012. 309 | .Sh AUTHORS 310 | .An -nosplit 311 | .Nm snap 312 | was written by 313 | .An Aaron Bieber Aq Mt aaron@bolddaemon.com . 314 | -------------------------------------------------------------------------------- /old_pubkeys/snap.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: github.com/qbit/snap public key 2 | RWTKOAnI3kqGqY/1ungBemfzkDj4ImXuybf4sDZcCrNJywffIRDkK1qF 3 | -------------------------------------------------------------------------------- /old_pubkeys/snap.pub.old: -------------------------------------------------------------------------------- 1 | untrusted comment: github.com/qbit/snap public key 2 | RWQkqrbMjoywaLwJQf45TjtCLgtFPSEO7v/TBf01WRZjvl8NSy6rJ6Fe 3 | -------------------------------------------------------------------------------- /snap: -------------------------------------------------------------------------------- 1 | #!/bin/ksh 2 | 3 | set -eu 4 | 5 | # 1.1.4 6 | version=master 7 | 8 | red="\\033[01;31m" 9 | yellow="\\033[01;33m" 10 | green="\\033[01;32m" 11 | bold="\\033[01;39m" 12 | white="\\033[0m" 13 | 14 | COLOR=true 15 | 16 | tmp_template="snap.XXXXXXXXXX" 17 | 18 | sets="" 19 | xsets="" 20 | bsds="" 21 | 22 | set -A sets 'comp' 'game' 'man' 'base' 23 | set -A xsets 'xbase' 'xfont' 'xserv' 'xshare' 24 | base_sig='SHA256.sig' 25 | build_info='BUILDINFO' 26 | 27 | spath=$(dirname -- "$(command -v -- "$0")") 28 | sname="${0##*/}" 29 | 30 | usage() { 31 | cat < use instead of what 'machine' returns. 41 | -V used to force snap to use for sets (example: -V 5.3). Note: this will only append 53 to sets, ie base53.tgz. 42 | -r run sysmerge after extracting {x}sets. (May dump core if the snapshots have introduced ABI changes. Not recommended.) 43 | -x do not extract x11 sets. 44 | -M specify a mirror to use (example: " -M cdn.openbsd.org") 45 | -I [full path to SHA256.sig file] verify integrity of snap. 46 | -s [signify pub key] pub key to do verification with. 47 | -i interactive with colors. 48 | -n force using bsd.mp as bsd. 49 | -k only install kernels and exit. 50 | -K install only the sets without the kernel. 51 | -B do not backup current kernel. 52 | -u check for update to snap script. 53 | -U download new snap script (will replace currently installed version). 54 | -b device to install bootstrap to. 55 | -R reboot after installation. 56 | -W exit on warn 57 | -h help. 58 | 59 | Examples: 60 | 61 | To upgrade to the latest snapshots: 62 | 63 | $ doas snap 64 | 65 | To update to the latest snapshot using an explicit mirror 66 | region: 67 | 68 | $ doas snap -M cdn.openbsd.org 69 | 70 | To update to the snapshot without updating xsets: 71 | 72 | $ doas snap -x 73 | 74 | When a new beta is cut, the system version jumps from X.Y to X.Z. 75 | When this happens, snap will need to be told what the new version 76 | is: 77 | 78 | $ doas snap -V 6.1 79 | 80 | Example ~/.snaprc 81 | 82 | INTERACTIVE:true 83 | DST:/tmp/upgrade 84 | MERGE:true 85 | MIRROR:cdn.openbsd.org 86 | NO_X11:true 87 | 88 | EOF 89 | exit 0 90 | } 91 | 92 | get_conf_var() { 93 | RET='' 94 | if [ -e $CONF_FILE ]; then 95 | RET=$( grep $1 $CONF_FILE | awk -F : '{if ($1 !~ /^#/) {print $2}}' ) 96 | fi 97 | 98 | if [ "${RET}X" == "X" ]; then 99 | return 1 100 | else 101 | echo $RET 102 | fi 103 | } 104 | 105 | msg() { 106 | if [ $INTERACTIVE == true ]; then 107 | echo "${green}${1}${white}" 108 | fi 109 | } 110 | 111 | warn() { 112 | if [[ $INTERACTIVE == true ]] || [[ $WEXIT == true ]]; then 113 | echo "${yellow}${1}${white}" 114 | if [ $WEXIT == true ]; then 115 | exit 1 116 | fi 117 | fi 118 | } 119 | 120 | error() { 121 | if [[ $INTERACTIVE == true ]]; then 122 | >&2 echo "${red}${1}${white}" 123 | else 124 | >&2 echo "${sname}: $1" 125 | fi 126 | 127 | if [[ $2 == true ]]; then 128 | rollback 129 | fi 130 | 131 | exit 1 132 | } 133 | 134 | check_update() { 135 | if [ "${version}" != "master" ]; then 136 | R="https://api.github.com/repos/qbit/snap/releases/latest" 137 | LATEST=$(/usr/bin/ftp -o - $R | \ 138 | awk -F , '{for(i=1;i /obsd 186 | /bsd.rd => /obsd.rd 187 | /sbin/reboot => /sbin/oreboot" 188 | fi 189 | } 190 | 191 | rollback() { 192 | FAIL=0 193 | cp /obsd /bsd || FAIL=1 194 | cp /obsd.rd /bsd.rd || FAIL=1 195 | 196 | if [ -e /obsd.sp ]; then 197 | cp /obsd.sp /bsd.sp || FAIL=1 198 | fi 199 | 200 | cp /sbin/oreboot /sbin/reboot || FAIL=1 201 | 202 | if [ $FAIL == 1 ]; then 203 | error "Failed to rollback" false 204 | else 205 | msg "Restored the old files for the following: 206 | /bsd => /obsd 207 | /bsd.rd => /obsd.rd 208 | /sbin/reboot => /sbin/oreboot" 209 | fi 210 | 211 | } 212 | 213 | check_integ() { 214 | key=${key:-/etc/signify/snap.pub} 215 | file=${sname} 216 | 217 | # signify doesn't like leading ./'s 218 | #file=${file:S/\.\///} 219 | 220 | if [ ! -f "${key}" ]; then 221 | error "No public key (${key}).\nSee https://github.com/qbit/snap for more info!" false 222 | fi 223 | 224 | if [ ! -f "${INTEG_SIG_FILE}" ]; then 225 | tmp_file=$(mktemp) 226 | /usr/bin/ftp $FTP_OPTS -o "$tmp_file" \ 227 | "https://raw.githubusercontent.com/qbit/snap/${version}/SHA256.sig" 228 | INTEG_SIG_FILE=${tmp_file} 229 | fi 230 | 231 | ( 232 | # we need to be in the same directory as snap to verify, as that is what 233 | # is in SHA256.sig 234 | cd $spath && \ 235 | signify -C -p "${key}" -x "${INTEG_SIG_FILE}" "${file}" 236 | ) 237 | } 238 | 239 | verisigs() { 240 | KEY=${KEY:-/etc/signify/openbsd-${SETVER}-base.pub} 241 | VALID=true 242 | 243 | if [ -f "$KEY" ]; then 244 | for i in "$@"; do 245 | signify -V -e -p ${KEY} -x SHA256.sig -m - | sha256 -C - ${i} \ 246 | || VALID=false 247 | done 248 | 249 | if [ $VALID == false ]; then 250 | error "Invalid signature found! They are after you!" true 251 | fi 252 | else 253 | error "No pub key found for this release! (${KEY})" false 254 | fi 255 | } 256 | 257 | update_kernel() { 258 | FAIL=0 259 | if [ $SKIP_SIGN == false ]; then 260 | verisigs "bsd*" 261 | fi 262 | cp ${KERNEL} /bsd || FAIL=1 263 | cp ${RD} /bsd.rd || FAIL=1 264 | 265 | (umask 077; sha256 /bsd > /var/db/kernel.SHA256) 266 | 267 | if [ "${KERNEL}" == "bsd.mp" ]; then 268 | cp bsd /bsd.sp || FAIL=1 269 | fi 270 | 271 | if [ $FAIL == 1 ]; then 272 | error "Failed to copy new kernel" false 273 | else 274 | msg "Set primary kernel to ${KERNEL}: 275 | ${KERNEL} => /bsd" 276 | fi 277 | } 278 | 279 | fetch() { 280 | DF=$(echo $1 | awk -F/ '{print $NF}') 281 | TDF="${DF}.out" 282 | R=0 283 | 284 | # this check may cause signature issues.. if old files exist in 285 | # the DEST directory. 286 | if [ ! -e $DF ]; then 287 | su -s/bin/sh _pkgfetch -c "/usr/bin/ftp $FTP_OPTS -o $TDF $1" 288 | R=$? 289 | 290 | # move the tmp file to actual file name so we can use -C 291 | mv "$TDF" "$DF" 292 | chown root:wheel "$DF" 293 | fi 294 | 295 | return $R 296 | } 297 | 298 | extract() { 299 | ftp -D Extracting -Vmo - "file://${1}" | tar -C / -xzphf - \ 300 | || error "Failed to extract ${1}" false 301 | } 302 | 303 | CONF_FILE="/etc/snap.conf" 304 | if [ -e ~/.snaprc ]; then 305 | CONF_FILE=~/.snaprc 306 | fi 307 | 308 | COLOR=$(get_conf_var 'COLOR' || echo 'true') 309 | SKIP_SIGN=false 310 | USE_BUILDINFO=true 311 | CPUS=$(sysctl -n hw.ncpu) 312 | INTERACTIVE=$(get_conf_var 'INTERACTIVE' || echo 'false') 313 | DST=$(get_conf_var 'DST' || mktemp -d -t ${tmp_template}) 314 | EXTRACT_ONLY=$(get_conf_var 'EXTRACT_ONLY' || echo 'false') 315 | KERNEL_ONLY=false 316 | SETS_ONLY=false 317 | FTP_OPTS=$(get_conf_var 'FTP_OPTS' || echo " -V ") 318 | MACHINE=$(machine) 319 | MERGE=$(get_conf_var 'MERGE' || echo 'false') 320 | NO_X11=$(get_conf_var 'NO_X11' || echo 'false') 321 | SETVER=$(uname -r | tr -d \.) 322 | CHK_INTEG=false 323 | CHK_UPDATE=$(get_conf_var 'CHK_UPDATE' || echo 'false') 324 | INS_UPDATE=$(get_conf_var 'INS_UPDATE' || echo 'false') 325 | INSTBOOT=$(get_conf_var 'INSTBOOT' || echo 'false') 326 | REBOOT=$(get_conf_var 'REBOOT' || echo 'false') 327 | AFTER=$(get_conf_var 'AFTER' || echo 'false') 328 | DOWNLOAD_ONLY=false 329 | WEXIT=$(get_conf_var 'WEXIT' || echo 'false') 330 | CLEAN_ONLY=false 331 | 332 | if [ $COLOR == false ]; then 333 | green=$white 334 | red=$white 335 | yellow=$white 336 | bold=$white 337 | fi 338 | 339 | MIRROR=$(get_conf_var 'MIRROR' || \ 340 | awk -F/ 'match($3, /[a-z]/) {print $3}' /etc/installurl 2> /dev/null || \ 341 | echo "cdn.openbsd.org") 342 | 343 | while getopts "b:BCc:dD:ehiIkKm:M:nrRSs:uUV:Wx" arg; do 344 | case $arg in 345 | b) 346 | INSTBOOT=$OPTARG 347 | ;; 348 | B) 349 | NO_KBACKUPS=true 350 | ;; 351 | C) CLEAN_ONLY=true 352 | ;; 353 | c) 354 | CONF_FILE=$OPTARG 355 | ;; 356 | D) 357 | DST=$OPTARG 358 | ;; 359 | d) 360 | DOWNLOAD_ONLY=true 361 | ;; 362 | e) 363 | EXTRACT_ONLY=true 364 | ;; 365 | h) 366 | usage 367 | ;; 368 | i) 369 | INTERACTIVE=true 370 | ;; 371 | I) 372 | CHK_INTEG=true 373 | shift $((${OPTIND}-1)) 374 | INTEG_SIG_FILE=$* 375 | INTEG_SIG_FILE=${INTEG_SIG_FILE:-SHA256.sig} 376 | OPTIND=1 377 | ;; 378 | k) 379 | KERNEL_ONLY=true 380 | ;; 381 | K) 382 | SETS_ONLY=true 383 | ;; 384 | m) 385 | MACHINE=$OPTARG 386 | ;; 387 | M) 388 | MIRROR=$OPTARG 389 | ;; 390 | n) 391 | FORCE_MP=true 392 | ;; 393 | r) 394 | MERGE=true 395 | ;; 396 | R) 397 | REBOOT=true 398 | ;; 399 | S) 400 | SKIP_SIGN=true 401 | ;; 402 | s) 403 | KEY=$OPTARG 404 | ;; 405 | u) 406 | CHK_UPDATE=true 407 | ;; 408 | U) 409 | CHK_UPDATE=true 410 | INS_UPDATE=true 411 | ;; 412 | V) 413 | SETVER=$(echo $OPTARG | tr -d \.) 414 | ;; 415 | W) 416 | WEXIT=true 417 | ;; 418 | x) 419 | NO_X11=true 420 | ;; 421 | *) 422 | exit 1 423 | esac 424 | done 425 | 426 | if [ $CLEAN_ONLY == true ]; then 427 | qtmp=$(echo $tmp_template | sed 's/X/\?/g') 428 | 429 | msg "${white}Cleaning: ${green}${DST}" 430 | # Only remove files from DST, someone might have set it to / 431 | rm -fv $DST/*.{tgz,rd,mp,sig} 432 | rm -fv $DST/{BUILDINFO,bsd} 433 | 434 | msg "${white}Purging: ${green}/tmp/${qtmp}" 435 | for d in /tmp/${qtmp}; do 436 | # Check if the dir exists before rm'ing 437 | # - this prevents echoing of a ???? dir that doesn't exist 438 | [ -d "${d}" ] && rm -rfv "$d" 439 | done 440 | exit 0 441 | fi 442 | 443 | if [ $KERNEL_ONLY == true ] && [ $SETS_ONLY == true ]; then 444 | echo 'The options -k and -K are mutually exclusive.' 445 | exit 1 446 | fi 447 | 448 | if [ $CHK_INTEG == true ]; then 449 | check_integ 450 | exit 0 451 | fi 452 | 453 | if [ $CHK_UPDATE == true ]; then 454 | check_update 455 | exit 0 456 | fi 457 | 458 | [[ $(id -u) -ne 0 ]] && error "need root privileges" false 459 | 460 | mkdir -p -- "$DST" || exit 1 461 | chown -R root:_pkgfetch "$DST" 462 | chmod -R g+rwx "$DST" 463 | 464 | case "${MIRROR}" in 465 | http://* | ftp://* | https://*) 466 | URL="${MIRROR}/pub/OpenBSD/snapshots/${MACHINE}" 467 | ;; 468 | *) 469 | URL="http://${MIRROR}/pub/OpenBSD/snapshots/${MACHINE}" 470 | ;; 471 | esac 472 | 473 | if [ ! $EXTRACT_ONLY ]; then 474 | msg "${white}Fetching from: ${green}${URL}" 475 | fi 476 | 477 | ( 478 | cd -- "$DST" || exit 1 479 | 480 | # first element should be bsd, second should be mp for given kernel names. 481 | if [[ "${MACHINE}" == armv7 ]] || [[ "${MACHINE}" == loongson ]]; then 482 | # Currently there is no bsd.mp 483 | set -A bsds "bsd" "" "bsd.rd" 484 | else 485 | set -A bsds 'bsd' 'bsd.mp' 'bsd.rd' 486 | fi 487 | 488 | RD=${bsds[2]} 489 | 490 | if [ $SKIP_SIGN == false ]; then 491 | fetch "${URL}/${base_sig}" || error "Can't fetch signature file!" false 492 | fi 493 | 494 | fetch "${URL}/${build_info}" || USE_BUILDINFO=false 495 | 496 | if [ -e ~/.last_snap ]; then 497 | last_snap=$(cat ~/.last_snap) 498 | msg "last snap: ${white}${last_snap}" 499 | if [ $USE_BUILDINFO ]; then 500 | current_snap=$(awk -F- '{print $2}' "$build_info" | sed 's/^ //') 501 | if [ "${last_snap}" == "$current_snap" ]; then 502 | warn "No new snaps available, mirror has: ${current_snap}!" 503 | fi 504 | fi 505 | fi 506 | 507 | if [ $EXTRACT_ONLY == false ]; then 508 | if [ $SETS_ONLY == false ]; then 509 | msg "Fetching bsds" 510 | for bsd in "${bsds[@]}"; do 511 | fetch "${URL}/${bsd}" || error "Can't find bsds at ${URL}" false 512 | done 513 | 514 | if [ "${CPUS}" == "1" ] && [ "${FORCE_MP:=false}" != true ]; then 515 | msg "${white}Using ${green}bsd.." 516 | KERNEL=${bsds[0]} 517 | else 518 | msg "${white}Using ${green}bsd.mp.." 519 | KERNEL=${bsds[1]} 520 | fi 521 | 522 | if [ "${NO_KBACKUPS:=false}" == false ]; then 523 | if [ $DOWNLOAD_ONLY == false ]; then 524 | backup 525 | fi 526 | fi 527 | 528 | if [ $DOWNLOAD_ONLY == false ]; then 529 | update_kernel 530 | fi 531 | 532 | if [ $KERNEL_ONLY == true ]; then 533 | exit 0 534 | fi 535 | fi # SETS_ONLY 536 | 537 | msg "Fetching sets" 538 | for set in "${sets[@]}"; do 539 | fetch "${URL}/${set}${SETVER}.tgz" || \ 540 | error "Perhaps you need to specify -V to set version. Example 5.2" true 541 | done 542 | 543 | if [ "${NO_X11}" == "false" ]; then 544 | msg "Fetching xsets" 545 | for set in "${xsets[@]}"; do 546 | fetch "${URL}/${set}${SETVER}.tgz" || \ 547 | error "Perhaps you need to specify -V to set version. Example -V 5.2" true 548 | done 549 | fi 550 | fi 551 | 552 | if [ $SKIP_SIGN == false ]; then 553 | verisigs "*.tgz" 554 | fi 555 | 556 | if [ $DOWNLOAD_ONLY == true ]; then 557 | exit 0 558 | fi 559 | 560 | msg "Extracting sets" 561 | for set in "${sets[@]}"; do 562 | extract "${DST}/${set}${SETVER}.tgz" 563 | 564 | if [ "${set}" == "man" ] && [ "${NO_X11}" == "false" ]; then 565 | msg "Extracting xsets ${white}will continue with sets after. ${green}" 566 | 567 | for xset in "${xsets[@]}"; do 568 | extract "${DST}/${xset}${SETVER}.tgz" 569 | done 570 | fi 571 | done 572 | 573 | if [ $MERGE == true ]; then 574 | msg "Running sysmerge" 575 | sysmerge || error "Failed to sysmerge!" false 576 | else 577 | echo "/usr/sbin/sysmerge -b" >>/etc/rc.sysmerge 578 | chmod +x /etc/rc.sysmerge 579 | echo "Don't forget to run sysmerge!" 580 | fi 581 | 582 | echo -n "Relinking to create unique kernel..." 583 | /usr/libexec/reorder_kernel && echo "done." || echo "failed." 584 | 585 | if [ $INSTBOOT != false ]; then 586 | msg "Installing bootstrap on ${INSTBOOT}" 587 | installboot -v $INSTBOOT || \ 588 | error "Something bad happened - check your boot disk!" false 589 | fi 590 | 591 | if [ $USE_BUILDINFO ]; then 592 | awk -F- '{print $2}' "$build_info" | sed 's/^ //' > ~/.last_snap 593 | else 594 | date > ~/.last_snap 595 | fi 596 | 597 | if [ "$AFTER" != false ]; then 598 | cp $AFTER /etc/rc.firsttime 599 | chmod +x /etc/rc.firsttime 600 | else 601 | echo 'cd /dev && sh MAKEDEV all' >>/etc/rc.firsttime 602 | echo "/usr/sbin/fw_update -v" >>/etc/rc.firsttime 603 | chmod +x /etc/rc.firsttime 604 | fi 605 | 606 | if [ $REBOOT == true ]; then 607 | msg "Rebooting" 608 | /sbin/oreboot || error "Something really bad happened - Can't reboot!" false 609 | fi 610 | ) 611 | -------------------------------------------------------------------------------- /snap.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: github.com/qbit/snap public key 2 | RWQVGN6sUjQQA5uYpANGLLKQMAERZ43otLePFSVqNFGGtf/qBez7G1WU 3 | --------------------------------------------------------------------------------