Add support for specifying patch level for freebsd-update.

Specify which tag you'd like by setting the environment variable TAG_OVERRIDE="sometag". You can grab the tag from an existing machine from /var/db/freebsd-update/tag, or, you can make one up, by reconciling the security/errata notices with the hashes available in: http://update.freebsd.org/${RELEASE}/${ARCH}/tag For example, you can upgrade a 10.3-RELEASE host to 11.1-RELEASE-p6 using: TAG_OVERRIDE="freebsd-update|amd64|11.1-RELEASE|6|74baebf65f282b9aef2e3076f4f5a8809cdfa7734ae04633e2dadcca2ed81162|1533081600" freebsd-update.sh -r 11.1-RELEASE upgrade freebsd-update.sh install ... Similarily, you can upgrade a 11.1-RELEASE-p6 host to -p7 (but not -p8) with: TAG_OVERRIDE="freebsd-update|amd64|11.1-RELEASE|7|3f873dc24c2495e9e8e1d955fd2f88e38d680094be9dadf45ccfc00c72c4a5ac|1533081600" freebsd-update.sh fetch freebsd-update.sh install ...
derekmarcotte · Mar 21, 2018 · 009015a · 009015a
1 parent d90e216
commit 009015a
Showing 1 changed file with 19 additions and 14 deletions.
diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh
@@ -1117,19 +1117,24 @@ fetch_key () {
 
 # Fetch metadata signature, aka "tag".
 fetch_tag () {
-	echo -n "Fetching metadata signature "
-	echo ${NDEBUG} "for ${RELNUM} from ${SERVERNAME}... "
-	rm -f latest.ssl
-	fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl	\
-	    2>${QUIETREDIR} || true
-	if ! [ -r latest.ssl ]; then
-		echo "failed."
-		return 1
-	fi
+	if [ -z "$1" ]; then
+		echo -n "Fetching metadata signature "
+		echo ${NDEBUG} "for ${RELNUM} from ${SERVERNAME}... "
+		rm -f latest.ssl
+		fetch ${QUIETFLAG} http://${SERVERNAME}/${FETCHDIR}/latest.ssl	\
+		    2>${QUIETREDIR} || true
+		if ! [ -r latest.ssl ]; then
+			echo "failed."
+			return 1
+		fi
 
-	openssl rsautl -pubin -inkey pub.ssl -verify		\
-	    < latest.ssl > tag.new 2>${QUIETREDIR} || true
-	rm latest.ssl
+		openssl rsautl -pubin -inkey pub.ssl -verify		\
+		    < latest.ssl > tag.new 2>${QUIETREDIR} || true
+		rm latest.ssl
+	else
+		echo "Using metadata signature from environment TAG_OVERRIDE."
+		echo "$1" > tag.new
+	fi
 
 	if ! [ `wc -l < tag.new` = 1 ] ||
 	    ! grep -qE	\
@@ -2073,7 +2078,7 @@ fetch_run () {
 
 	# Try to fetch the metadata index signature ("tag") until we run
 	# out of available servers; and sanity check the downloaded tag.
-	while ! fetch_tag; do
+	while ! fetch_tag "$TAG_OVERRIDE"; do
 		fetch_pick_server || return 1
 	done
 	fetch_tagsanity || return 1
@@ -2540,7 +2545,7 @@ upgrade_run () {
 
 	# Try to fetch the NEW metadata index signature ("tag") until we run
 	# out of available servers; and sanity check the downloaded tag.
-	while ! fetch_tag; do
+	while ! fetch_tag "$TAG_OVERRIDE"; do
 		fetch_pick_server || return 1
 	done