GIF89a;
Direktori : /sbin/ |
Current File : //sbin/update-smart-drivedb |
#! /bin/sh # # smartmontools drive database update script # # Home page of code is: http://www.smartmontools.org # # Copyright (C) 2010-18 Christian Franke # # SPDX-License-Identifier: GPL-2.0-or-later # # $Id: update-smart-drivedb.in 4879 2018-12-28 22:05:12Z chrfranke $ # set -e # Set by config.status export PATH="/usr/local/bin:/usr/bin:/bin" PACKAGE="smartmontools" VERSION="7.0" prefix="/usr" exec_prefix="/usr" sbindir="/usr/sbin" datarootdir="${prefix}/share" datadir="/usr/share" drivedbdir="${datadir}/${PACKAGE}" # Download tools os_dltools="curl wget lynx svn" # drivedb.h update branch BRANCH="RELEASE_7_0_DRIVEDB" # Default drivedb location DRIVEDB="$drivedbdir/drivedb.h" # GnuPG used to verify signature (disabled if empty) GPG="gpg" # Smartctl used for syntax check SMARTCTL="$sbindir/smartctl" # PATH information for help and error messages #pathinfo='$PATH' pathinfo="'$PATH'" myname=$0 usage() { pathinfo=" $pathinfo" cat <<EOF smartmontools $VERSION drive database update script Usage: $myname [OPTIONS] [DESTFILE] -s SMARTCTL Use SMARTCTL for syntax check ('-s -' to disable) [default: $SMARTCTL] -t TOOL Use TOOL for download: $os_dltools [default: first one found in $pathinfo] -u LOCATION Use URL of LOCATION for download: github (GitHub mirror of SVN repository) sf (Sourceforge code browser) svn (SVN repository) [default] svni (SVN repository via HTTP instead of HTTPS) trac (Trac code browser) --trunk Download from SVN trunk (may require '--no-verify') --cacert FILE Use CA certificates from FILE to verify the peer --capath DIR Use CA certificate files from DIR to verify the peer --insecure Don't abort download if certificate verification fails --no-verify Don't verify signature --export-key Print the OpenPGP/GPG public key block --dryrun Print download commands only -v Verbose output Updates $DRIVEDB or DESTFILE from branches/$BRANCH of smartmontools SVN repository. EOF exit 1 } error() { echo "$myname: $*" >&2 exit 1 } err_notfound() { case $1 in */*) error "$1: not found $2" ;; *) error "$1: not found in $pathinfo $2" ;; esac } warning() { echo "$myname: (Warning) $*" >&2 } selecturl() { case $1 in github) # https://github.com/smartmontools/smartmontools/raw/origin/$BRANCH/smartmontools/drivedb.h # https://github.com/smartmontools/smartmontools/raw/master/smartmontools/drivedb.h # redirected to: url='https://raw.githubusercontent.com/smartmontools/smartmontools/master/smartmontools/drivedb.h' ;; sf) url='https://sourceforge.net/p/smartmontools/code/HEAD/tree/trunk/smartmontools/drivedb.h?format=raw' ;; svn) url='https://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;; svni) url='http://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;; trac) url='https://www.smartmontools.org/export/HEAD/trunk/smartmontools/drivedb.h' ;; *) usage ;; esac } inpath() { local d rc save rc=1 save=$IFS IFS=':' for d in $PATH; do test -f "$d/$1" || continue test -x "$d/$1" || continue rc=0 break done IFS=$save return $rc } vecho() { test -n "$q" || echo "$*" } # vrun COMMAND ARGS... vrun() { if [ -n "$dryrun" ]; then echo "$*" elif [ -n "$q" ]; then "$@" 2>/dev/null else echo "$*" "$@" fi } # vrun2 OUTFILE COMMAND ARGS... vrun2() { local f err rc f=$1; shift rc=0 if [ -n "$dryrun" ]; then echo "$* > $f" else vecho "$* > $f" err=`"$@" 2>&1 > $f` || rc=$? if [ -n "$err" ]; then vecho "$err" >&2 test $rc != 0 || rc=42 fi fi return $rc } # download URL FILE download() { local f u rc u=$1; f=$2 rc=0 case $tool in curl) vrun curl ${q:+-s} -f --max-redirs 0 \ ${cacert:+--cacert "$cacert"} \ ${capath:+--capath "$capath"} \ ${insecure:+--insecure} \ -o "$f" "$u" || rc=$? ;; wget) vrun wget $q --max-redirect=0 \ ${cacert:+--ca-certificate="$cacert"} \ ${capath:+--ca-directory="$capath"} \ ${insecure:+--no-check-certificate} \ -O "$f" "$u" || rc=$? ;; lynx) test -z "$cacert" || vrun export SSL_CERT_FILE="$cacert" test -z "$capath" || vrun export SSL_CERT_DIR="$capath" # Check also stderr as lynx does not return != 0 on HTTP error vrun2 "$f" lynx -stderr -noredir -source "$u" || rc=$? ;; svn) vrun svn $q export \ --non-interactive --no-auth-cache \ ${cacert:+--config-option "servers:global:ssl-trust-default-ca=no"} \ ${cacert:+--config-option "servers:global:ssl-authority-files=$cacert"} \ ${insecure:+--trust-server-cert} \ "$u" "$f" || rc=$? ;; fetch) # FreeBSD vrun fetch $q --no-redirect \ ${cacert:+--ca-cert "$cacert"} \ ${capath:+--ca-path "$capath"} \ ${insecure:+--no-verify-hostname} \ -o "$f" "$u" || rc=$? ;; ftp) # OpenBSD vrun ftp \ ${cacert:+-S cafile="$cacert"} \ ${capath:+-S capath="$capath"} \ ${insecure:+-S dont} \ -o "$f" "$u" || rc=$? ;; *) error "$tool: unknown (internal error)" ;; esac return $rc } # check_file FILE FIRST_CHAR MIN_SIZE MAX_SIZE check_file() { local firstchar f maxsize minsize size test -z "$dryrun" || return 0 f=$1; firstchar=$2; minsize=$3; maxsize=$4 # Check first chars case `dd if="$f" bs=1 count=1 2>/dev/null` in $firstchar) ;; \<) echo "HTML error message"; return 1 ;; *) echo "unknown file contents"; return 1 ;; esac # Check file size size=`wc -c < "$f"` if test "$size" -lt $minsize; then echo "too small file size $size bytes" return 1 fi if test "$size" -gt $maxsize; then echo "too large file size $size bytes" return 1 fi return 0 } # unexpand_svn_id < INFILE > OUTFILE unexpand_svn_id() { sed 's,\$''Id'': drivedb\.h [0-9][0-9]* 2[-0-9]* [012][:0-9]*Z [a-z][a-z0-9]* \$,$''Id''$,' } # Smartmontools Signing Key (through 2020) # <smartmontools-database@listi.jpberlin.de> # Key ID 721042C5 public_key="\ -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFwmhpUBEADRoOZaXq13MrqyAmbGe6FlHi6P9ujsT/SJGhTiAoN3W1X56Dbm KP21nO9ZAjdXnvA2OmzppfCUX7v5Q3/TG3vN3WwfyQIO/dgSaTrGa1E8odbHEGc7 rhzYA8ekAn3TmxhOrEUTcRIogumW0zlQewHOlTe0OYsxat6/N8l3Cqn28HwZUpRH MrJW3RgefFihQGEhXlnfzo+Tltl14IriURbwBZIDeZOk2AWLGweI0+zqTgYSbF5A tI5rXO1QDeoyBYZhSX3MtnncwPdCnxoRasizU5w3KoZWYyKAc5bxJBJgUUp9HDOu ATgNqekc8j28x/cUAWerXe183SBYQp0QkzMPbmE9TCGW3GjtW+Kk/NDbNe8ufj6O hk0r7EbGyBO0qvgzHLzSsQiSsgaMCkLc5Xt4NzB4g2DvnReFU2WwgRh031lHOVLm mvFqRtHzJb20dKufyjOmSMzNKRzURVmobECKARaBlGNP0wHYhq97n4OxM1o0eq7a 4ugaSp2q+6BSaAQhbZN8ULCF/oGA/376Sz7RNuoOmQwl9aFqnfl3YgopBIqKvnSP h4j0QynN45rUFOe/VywTmpWKj+DonGCupxe9VvyZ87NKRgKiHprXGDrhdB0GcNXM wV66WbjKBV7qlpSh/GH3oiHwlcYT8LNyZbxTJXcVF5ODtlZfc9zqRtUBWQARAQAB tFNTbWFydG1vbnRvb2xzIFNpZ25pbmcgS2V5ICh0aHJvdWdoIDIwMjApIDxzbWFy dG1vbnRvb2xzLWRhdGFiYXNlQGxpc3RpLmpwYmVybGluLmRlPokCPgQTAQIAKAUC XCaGlQIbAwUJA8etAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ6nSrJXIQ QsWXYQ/+IVHGQxDOg7lMX9iDbg/UDj/zrQfsJR2HQ2j0iI8TmsQLSK4pphwN0r9D g0BuKhQBe3wPphLjwD40HueKatIacE91PgLse/KWmEe4OoQCDxshiIGad3YoIF3X yrJg6pcMLOAnfT55Tg04EmWpT1LzWTJmH8RL2iftTM217Q2JnfQGKicTiD/GiYV1 oyFUvn+H5/u5O7UYhvWKBcccJtal2uhc6h8U2HugMV0SpNM5p83oGDZkV0YYSJ0C 044im1+axbz06Aeq7Uh3JFScCcbjl+SQ7gK0NJF39uI8HbwC7fcfySCj5JDuVeaq KjahWctKa/D6nauKA8+LIGOckkf2oN0sJBrES7Zn8ImHYN/1wLCff9oIDAlux6Jk BZ6+MqIJKHit4SSYPd3QnkdI1ehn+2EdxK9VSBU0W2ZPlZmoUSamWboloumhwYyN 86ohFVJWnN4YWlZiJNJlxj/F6d4GTEJBFqoK9yStdz8Dsg16sAwuNYFVFtCKaesA keuhcS3SfoFXwLsz+8cLfHVdsBHmm9/OCfNtOm3EPJqaD57lL5ocTWQeLaAqUCse rOCDoIUZul5e6kRytjjNIHFNufWTbuw4YlYM3+FU1nkgckmhw4M9kI/xGtVj7bvs tJKKN976kOoRZRIAL+9SlC+3Tqd9a4y4RRjYongvFzqpqRlQfS+JARwEEwECAAYF AlwmhpwACgkQL83sC9OvGqsVOggAqLB5eQrUv8E9ikD6kJCito827bzDWF29yD7P vfhjXaz5in54jOVpwg3o9CsqIjjRW0/1bBVswC8ZL0sAdZ+GDSDMw5F2IpkD77gj nFY79M/e6C9xYyxYzHC7emDPSz9IroOvdkkEgrB+OABKkaOCcS18P4Lk3WNHaPw5 c7aI0z1iJP52EmSfvB8r86mtUFJB+f15eD/4vaRfkZLFjF9FQ3kgEK1U+rV4s1O2 bCFfP3WPDcc83NgwRUvtXmcSOSOIoXnemJzyJr+JnqCWVET4XWF6i20mRFXVEpWt f5AkJYgR3z/jW0djELbBWA/35bAnpXy5pDHv9NbZsTkBZxK/kokBHAQTAQIABgUC XCaGnQAKCRAY7NpGy/a6xn4lB/90tXTnZsgmoftol9uivfQrPdR88WmOZLYmUeQA d1rqSFMxe+KzO/qLuU8s6OF4nznwL2cPfbGZxezM4PiYmAmbbEU/3gTONwjVBBA0 Gfimy/fITEezFtCigo1thkaJ195g/dqY+zE3Vt4rzC03j1vx8mUHRPU6kkvKj8cP 0j+XHX2xQDsTXTstfnom29wBmGnvSZ9HgcdL71e1VXJXwikmnO3P4J/1C2LeCOlW rGqWZ2c0WBLKdJnsYUx7Dm/OvkkB4lF+zWp98zS8jS/5h+1apVgEzrdTMvT8ydTk Ur7ObKGkIhK+L+Xo5BD+V9Qf6xKGYPwhhdj/E5/kyjULrm10iQEcBBMBAgAGBQJc JoadAAoJEPOHY87f0iVZfiUH/3yKS5wGvTeRInse8+W1WzKuto3XzqXLngb9QXWw 7nCwqmNS7PbzDnufQi2ThKrMfcK14WgNYABNZPU75I+6bcb0oCB5tlooIUEV/2Ut /5Hl/83zFFoNA/kQKVz8kIDqgRcxC+zY2VJ4eTKHyQDvXygVk8wnKTBae3gX+CIZ qJHPXiiygHlbl31Mi3G1Iaxu57dP6ocV0vX1dytKSwd4Rbviwwb4L76o/tVT9t3G wFM15uK1SqtnAaiaktEdMi3XI4d01H3VUVz/iR0XQbf13RZoEM6CJWmsQ/qvYlwk bKOdlahjoHrFlkhADSBaO9N1OZp3OYDjziIujMdt2IPKnmM= =0uFV -----END PGP PUBLIC KEY BLOCK----- " # gpg_verify FILE.asc FILE gpg_verify() { local gnupgtmp opts out rc opts="--quiet ${q:+--no-secmem-warnin} --batch --no-tty" # Create temp home dir gnupgtmp="$tmpdir/.gnupg.$$.tmp" rm -f -r "$gnupgtmp" mkdir "$gnupgtmp" || exit 1 chmod 0700 "$gnupgtmp" # Import public key "$GPG" $opts --homedir="$gnupgtmp" --import <<EOF $public_key EOF test $? = 0 || exit 1 # Verify rc=0 out=`"$GPG" $opts --homedir="$gnupgtmp" --verify "$1" "$2" </dev/null 2>&1` || rc=1 vecho "$out" rm -f -r "$gnupgtmp" return $rc } # mv_all PREFIX OLD NEW mv_all() { mv "${1}${2}" "${1}${3}" mv "${1}${2}.raw" "${1}${3}.raw" mv "${1}${2}.raw.asc" "${1}${3}.raw.asc" } # Parse options smtctl=$SMARTCTL tool= url= q="-q" dryrun= trunk= cacert= capath= insecure= no_verify= while true; do case $1 in -s) shift; test -n "$1" || usage smtctl=$1 ;; -t) shift case $1 in *\ *) usage ;; esac case " $os_dltools " in *\ $1\ *) ;; *) usage ;; esac tool=$1 ;; -u) shift; selecturl "$1" ;; -v) q= ;; --dryrun) dryrun=t ;; --trunk) trunk=trunk ;; --cacert) shift; test -n "$1" || usage cacert=$1 ;; --capath) shift; test -n "$1" || usage capath=$1 ;; --insecure) insecure=t ;; --no-verify) no_verify=t ;; --export-key) cat <<EOF $public_key EOF exit 0 ;; -*) usage ;; *) break ;; esac; shift; done case $# in 0) DEST=$DRIVEDB ;; 1) DEST=$1 ;; *) usage ;; esac if [ -z "$tool" ]; then # Find download tool in PATH for t in $os_dltools; do if inpath "$t"; then tool=$t break fi done test -n "$tool" || error "found none of '$os_dltools' in $pathinfo" fi test -n "$url" || selecturl "svn" # Check option compatibility case "$tool:$url" in svn:http*://svn.code.sf.net*) ;; svn:*) error "'-t svn' requires '-u svn' or '-u svni'" ;; esac case "$tool:${capath:+set}" in svn:set) warning "'--capath' is ignored if '-t svn' is used" ;; esac case "${insecure:-f}:$url" in t:http:*) insecure= ;; ?:https:*) ;; *) error "'-u svni' requires '--insecure'" ;; esac case "$tool:$insecure" in lynx:t) warning "'--insecure' is ignored if '-t lynx' is used" ;; esac # Check for smartctl if [ "$smtctl" != "-" ]; then "$smtctl" -V >/dev/null 2>&1 \ || err_notfound "$smtctl" "('-s -' to ignore)" fi # Check for GnuPG if [ -z "$no_verify" ]; then test -n "$GPG" \ || error "GnuPG is not available ('--no-verify' to ignore)" "$GPG" --version >/dev/null 2>&1 \ || err_notfound "$GPG" "('--no-verify' to ignore)" fi # Use destination directory as temp directory for gpg tmpdir=`dirname "$DEST"` # Adjust URLs src=`echo "$url" | sed -e "s,/trunk/,/branches/$BRANCH/," \ -e "s,/master/,/origin/$BRANCH/,"` src_asc=`echo "$src" | sed "s,/drivedb\.h,/drivedb.h.raw.asc,"` test -z "$trunk" || src=$url # Download test -n "$dryrun" || rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc" vecho "Download ${trunk:-branches/$BRANCH}/drivedb.h with $tool" rc=0 download "$src" "$DEST.new" || rc=$? if [ $rc != 0 ]; then rm -f "$DEST.new" error "${trunk:-$BRANCH}/drivedb.h: download failed ($tool: exit $rc)" fi if ! errmsg=`check_file "$DEST.new" '/' 10000 1000000`; then mv "$DEST.new" "$DEST.error" error "$DEST.error: $errmsg" fi vecho "Download branches/$BRANCH/drivedb.h.raw.asc with $tool" rc=0 download "$src_asc" "$DEST.new.raw.asc" || rc=$? if [ $rc != 0 ]; then rm -f "$DEST.new" "$DEST.new.raw.asc" error "$BRANCH/drivedb.h.raw.asc: download failed ($tool: exit $rc)" fi if ! errmsg=`check_file "$DEST.new.raw.asc" '-' 200 2000`; then rm -f "$DEST.new" mv "$DEST.new.raw.asc" "$DEST.error.raw.asc" error "$DEST.error.raw.asc: $errmsg" fi test -z "$dryrun" || exit 0 # Create raw file with unexpanded SVN Id # (This assumes newlines are LF and not CR/LF) unexpand_svn_id < "$DEST.new" > "$DEST.new.raw" # Adjust timestamps and permissions touch "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc" chmod 0644 "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc" if [ -z "$no_verify" ]; then # Verify raw file if ! gpg_verify "$DEST.new.raw.asc" "$DEST.new.raw"; then mv_all "$DEST" ".new" ".error" test -n "$trunk" || error "$DEST.error.raw: *** BAD signature ***" error "$DEST.error.raw: signature from branch no longer valid ('--no-verify' to ignore)" fi fi if [ "$smtctl" != "-" ]; then # Check syntax if ! "$smtctl" -B "$DEST.new" -P showall >/dev/null; then mv_all "$DEST" ".new" ".error" error "$DEST.error: rejected by $smtctl, probably no longer compatible" fi vecho "$smtctl: syntax OK" fi # Keep old file if identical, ignore missing Id keyword expansion in new file rm -f "$DEST.lastcheck" if [ -f "$DEST" ]; then if [ -f "$DEST.raw" ] && [ -f "$DEST.raw.asc" ]; then if cmp "$DEST.raw" "$DEST.new.raw" >/dev/null 2>&1 \ && cmp "$DEST.raw.asc" "$DEST.new.raw.asc" >/dev/null 2>&1 \ && { cmp "$DEST" "$DEST.new" >/dev/null 2>&1 \ || cmp "$DEST.raw" "$DEST.new" >/dev/null 2>&1; } then rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc" touch "$DEST.lastcheck" echo "$DEST is already up to date" exit 0 fi mv_all "$DEST" "" ".old" else mv "$DEST" "$DEST.old" fi fi mv_all "$DEST" ".new" "" echo "$DEST updated from ${trunk:-branches/$BRANCH}${no_verify:+ (NOT VERIFIED)}"