On Mon, Oct 09, 2023 at 08:01:14PM -0700, Andrew Hewus Fresh wrote:
> On Sun, Oct 08, 2023 at 02:36:16PM +0200, Thomas wrote:
> > Hello,
> >
> > I am installing OpenBSD on an old xps13 9380. The WiFi is not
> > supported and so I am using a usb dongle for which I need the
> > athn-firmware. I get it to work and now wanting to prep a USB disk
> > with all necessary firmware. I'm following the FAQ#4 on the website
> > (I suppose it works with more firmware than just the WiFi).
<SNIP>
>
> fw_update does download and verify the signature on the SHA256.sig,
> however it does then overwrite the one with the signature with one
> without the signature.
I think this is as simple has having signify write the output to
/dev/null. It seems to work in my testing.
Index: fw_update.sh
===================================================================
RCS file: /cvs/src/usr.sbin/fw_update/fw_update.sh,v
retrieving revision 1.50
diff -u -p -r1.50 fw_update.sh
--- fw_update.sh 28 Sep 2023 01:18:52 -0000 1.50
+++ fw_update.sh 11 Oct 2023 02:37:24 -0000
@@ -180,7 +180,7 @@ fetch_cfile() {
set +o noclobber # we want to get the latest CFILE
fetch "$CFILE" || return 1
set -o noclobber
- ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m "$CFILE" &&
+ ! signify -qVep "$FWPUB_KEY" -x "$CFILE" -m /dev/null &&
warn "Signature check of SHA256.sig failed" &&
rm -f "$CFILE" && return 1
elif [ ! -e "$CFILE" ]; then
