This repository has been archived by the owner on May 2, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 44
/
platform-upgrade
executable file
·293 lines (268 loc) · 9.92 KB
/
platform-upgrade
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
#!/bin/bash
# https://github.com/calmh/smartos-platform-upgrade
# Copyright (c) 2012-2016 Jakob Borg & Contributors
# Distributed under the MIT License
# us-east.manta.joyent.com currently use Let's Encrypt
# https://letsencrypt.org/certs/isrgrootx1.txt
# https://letsencrypt.org/certs/lets-encrypt-r3.txt
cert_file=$(mktemp)
function cleanup {
rm "$cert_file"
}
trap cleanup EXIT
cat >"$cert_file" <<EOF
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
EOF
function _curl {
curl -s --cacert "$cert_file" $@
}
function usage() {
cat <<- "USAGE"
$ platform-upgrade [-u URL -s MD5SUM_URL] [-f]
OPTIONS:
-u URL : Remote/local url of platform-version.tgz file
-s MD5SUM_URL : Remote/local url of md5 checksum file
-f : Force installation if version is already present
EXAMPLE:
# Use default Joyent URL for latest platform image
platform-upgrade
# Use local platform and checksum file
platform-upgrade -u file:///tmp/platform-20180510T153535Z.tgz -s file:///tmp/md5sum.txt
USAGE
}
force="false"
while getopts :fu:s: option; do
case "$option" in
u)
platform_url="$OPTARG"
;;
s)
md5sums_url="$OPTARG"
;;
f)
force="true"
;;
\?)
usage
exit -1
;;
esac
done
shift $((OPTIND-1))
if [[ -n $platform_url ]] && [[ ! -n $md5sums_url ]]; then
usage
exit -1
fi
if [[ ! -n $platform_url ]]; then
host=https://us-east.manta.joyent.com
latest_path="${host}$(_curl "$host/Joyent_Dev/public/SmartOS/latest")"
version="$(expr "$latest_path" : '.*\([0-9]\{8\}T[0-9]\{6\}Z\).*')"
latest_spec_path="$(_curl "$host/Joyent_Dev/public/SmartOS/$version")"
header="$(expr "$latest_spec_path" : '.*platform-release-\([0-9]\{8\}\)-.*')"
platform_url="$latest_path/platform-release-$header-$version.tgz"
if [[ ! -n $md5sums_url ]]; then
md5sums_url="$latest_path/md5sums.txt"
fi
else
header="$(expr "$platform_url" : '.*platform-release-\([0-9]\{8\}\)-.*')"
version="$(expr "$platform_url" : '.*\([0-9]\{8\}T[0-9]\{6\}Z\).*')"
fi
platform_file="platform-release-$header-$version.tgz"
platform_dir="platform-$version"
IFS=_ read brand kernel < <(uname -v)
if [[ $kernel == $version ]]; then
echo "Already on latest version ($kernel)."
$force || exit -1
fi
tmp=$(mktemp -d)
cd "$tmp" || exit -1
echo -n "Downloading $platform_file..."
if ! _curl -o "$platform_file" "$platform_url" ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Verifying checksum..."
_curl "$md5sums_url" \
| grep "$platform_file" \
| awk '{print $1}' > expected.md5
openssl md5 "$platform_file" | awk '{print $2}' > actual.md5
if ! cmp -s actual.md5 expected.md5 ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Extracting latest platform..."
if ! gtar zxf "$platform_file" ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Marking release version..."
if ! echo $version > $platform_dir/VERSION ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Checking current boot device..."
if [[ -z $1 ]] ; then
removables=($(diskinfo -cH | \
awk 'BEGIN { FS="\t" } $7~/\?\?R./ { print $2 }'))
echo -n " detected ${removables[@]}"
if [[ ${#removables[@]} -eq 0 ]]; then
echo
echo "Error: Unable to detect removable device."
diskinfo
echo "Specify correct device on the command line."
exit -1
elif [[ ${#removables[@]} -gt 1 ]]; then
echo
echo "Error: more than one removable device detected."
diskinfo -cH | awk 'BEGIN { FS="\t" } $7~/\?\?R./ { print }'
echo "Specify correct device on the command line."
exit -1
fi
# Look for a GPT/EFI VTOC; if there isn't one, then this is almost
# certainly an MBR-partitioned device. If it's a GPT label, then we
# want the slice that's of type 2 (ROOT).
if [[ -e "/dev/dsk/${removables[0]}" ]]; then
partition=$(/usr/sbin/prtvtoc -h "/dev/dsk/${removables[0]}" | \
awk ' $2 == 2 { print $1 }')
if [[ $? -eq 0 && -n "$partition" ]]; then
echo -n ", GPT label"
usb="/dev/dsk/${removables[0]}s${partition}"
fi
fi
if [[ -z "$usb" ]]; then
echo -n ", MBR label"
usb="/dev/dsk/${removables[0]}p1"
fi
else
usb="$1"
echo -n " using $usb"
fi
umount "$usb" 2>/dev/null
mkdir usb
if ! mount -F pcfs -o foldcase "$usb" "$tmp/usb" ; then
echo ", mount failed"
exit -1
else
echo -n ", mounted"
fi
if [[ ! -d usb/platform ]] ; then
echo ", missing platform dir"
exit -1
else
echo ", OK"
fi
echo -n "Updating platform on boot device..."
if ! rsync -rltD "$platform_dir/" usb/platform.new/ ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Remounting boot device..."
umount "$usb" 2>/dev/null
if ! mount -F pcfs -o foldcase "$usb" "$tmp/usb" ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Verifying kernel checksum on boot device..."
openssl dgst -sha1 "$platform_dir"/i86pc/kernel/amd64/unix | cut -d ' ' -f 2 > kernel.expected
openssl dgst -sha1 usb/platform.new/i86pc/kernel/amd64/unix | cut -d ' ' -f 2 > kernel.actual
if ! cmp -s kernel.actual kernel.expected ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Verifying boot_archive checksum on boot device..."
openssl dgst -sha1 usb/platform.new/i86pc/amd64/boot_archive | cut -d ' ' -f 2 > boot_archive.actual
if ! cmp -s boot_archive.actual usb/platform.new/i86pc/amd64/boot_archive.hash ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo -n "Activating new platform on $usb..."
rm -rf usb/old
mkdir usb/old
if ! ( mv usb/platform usb/old && mv usb/platform.new usb/platform ) ; then
echo " failed"
exit -1
else
echo " OK"
fi
echo
echo "Boot device upgraded. To do:"
echo
echo " 1) Sanity check the contents of $tmp/usb"
echo " 2) umount $usb"
echo " 3) reboot"