[mirror_smartmontools-debian.git] / update-smart-drivedb.in

#! /bin/sh
#
# smartmontools drive database update script
#
# Home page of code is: http://www.smartmontools.org
#
# Copyright (C) 2010-17 Christian Franke
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# You should have received a copy of the GNU General Public License
# (for example COPYING); If not, see <http://www.gnu.org/licenses/>.
#
# $Id: update-smart-drivedb.in 4584 2017-11-03 22:43:32Z chrfranke $
#

set -e

# Set by config.status
@ENABLE_SCRIPTPATH_TRUE@export PATH="@scriptpath@"
PACKAGE="@PACKAGE@"
VERSION="@VERSION@"
prefix="@prefix@"
exec_prefix="@exec_prefix@"
sbindir="@sbindir@"
datarootdir="@datarootdir@"
datadir="@datadir@"
drivedbdir="@drivedbdir@"

# Download tools
os_dltools="@os_dltools@"

# drivedb.h update branch
BRANCH="@DRIVEDB_BRANCH@"

# Default drivedb location
DRIVEDB="$drivedbdir/drivedb.h"

# GnuPG used to verify signature (disabled if empty)
GPG="@gnupg@"

# Smartctl used for syntax check
SMARTCTL="$sbindir/smartctl"

myname=$0

usage()
{
  cat <<EOF
smartmontools $VERSION drive database update script

Usage: $myname [OPTIONS] [DESTFILE]

  -s SMARTCTL     Use SMARTCTL for syntax check ('-s -' to disable)
                  [default: $SMARTCTL]
  -t TOOL         Use TOOL for download: $os_dltools
                  [default: first one found in PATH]
  -u LOCATION     Use URL of LOCATION for download:
                    sf (Sourceforge code browser via HTTPS)
                    svn (SVN repository via HTTPS) [default]
                    svni (SVN repository via HTTP)
                    trac (Trac code browser via HTTPS)
  --trunk         Download from SVN trunk (may require '--no-verify')
  --cacert FILE   Use CA certificates from FILE to verify the peer
  --capath DIR    Use CA certificate files from DIR to verify the peer
  --insecure      Don't abort download if certificate verification fails
  --no-verify     Don't verify signature
  --export-key    Print the OpenPGP/GPG public key block
  --dryrun        Print download commands only
  -v              Verbose output

Updates $DRIVEDB
or DESTFILE from branches/$BRANCH of smartmontools
SVN repository.
EOF
  exit 1
}

error()
{
  echo "$myname: $*" >&2
  exit 1
}

warning()
{
  echo "$myname: (Warning) $*" >&2
}

selecturl()
{
  case $1 in
    sf)   url='https://sourceforge.net/p/smartmontools/code/HEAD/tree/trunk/smartmontools/drivedb.h?format=raw' ;;
    svn)  url='https://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
    svni) url='http://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
    trac) url='https://www.smartmontools.org/export/HEAD/trunk/smartmontools/drivedb.h' ;;
    *) usage ;;
  esac
}

inpath()
{
  local d rc save
  rc=1
  save=$IFS
  IFS=':'
  for d in $PATH; do
    test -f "$d/$1" || continue
    test -x "$d/$1" || continue
    rc=0
    break
  done
  IFS=$save
  return $rc
}

vecho()
{
  test -n "$q" || echo "$*"
}

# vrun COMMAND ARGS...
vrun()
{
  if [ -n "$dryrun" ]; then
    echo "$*"
  elif [ -n "$q" ]; then
    "$@" 2>/dev/null
  else
    echo "$*"
    "$@"
  fi
}

# vrun2 OUTFILE COMMAND ARGS...
vrun2()
{
  local f err rc
  f=$1; shift
  rc=0
  if [ -n "$dryrun" ]; then
    echo "$* > $f"
  else
    vecho "$* > $f"
    err=`"$@" 2>&1 > $f` || rc=$?
    if [ -n "$err" ]; then
      vecho "$err" >&2
      test $rc != 0 || rc=42
    fi
  fi
  return $rc
}

# download URL FILE
download()
{
  local f u rc
  u=$1; f=$2
  rc=0

  case $tool in
    curl)
      vrun curl ${q:+-s} -f --max-redirs 0 \
        ${cacert:+--cacert "$cacert"} \
        ${capath:+--capath "$capath"} \
        ${insecure:+--insecure} \
        -o "$f" "$u" || rc=$?
      ;;

    wget)
      vrun wget $q --max-redirect=0 \
        ${cacert:+--ca-certificate="$cacert"} \
        ${capath:+--ca-directory="$capath"} \
        ${insecure:+--no-check-certificate} \
        -O "$f" "$u" || rc=$?
      ;;

    lynx)
      test -z "$cacert" || vrun export SSL_CERT_FILE="$cacert"
      test -z "$capath" || vrun export SSL_CERT_DIR="$capath"
      # Check also stderr as lynx does not return != 0 on HTTP error
      vrun2 "$f" lynx -stderr -noredir -source "$u" || rc=$?
      ;;

    svn)
      vrun svn $q export \
        --non-interactive --no-auth-cache \
        ${cacert:+--config-option "servers:global:ssl-trust-default-ca=no"} \
        ${cacert:+--config-option "servers:global:ssl-authority-files=$cacert"} \
        ${insecure:+--trust-server-cert} \
        "$u" "$f" || rc=$?
      ;;

    fetch) # FreeBSD
      vrun fetch $q --no-redirect \
        ${cacert:+--ca-cert "$cacert"} \
        ${capath:+--ca-path "$capath"} \
        ${insecure:+--no-verify-hostname} \
        -o "$f" "$u" || rc=$?
      ;;

    ftp) # OpenBSD
      vrun ftp \
        ${cacert:+-S cafile="$cacert"} \
        ${capath:+-S capath="$capath"} \
        ${insecure:+-S dont} \
        -o "$f" "$u" || rc=$?
      ;;

    *) error "$tool: unknown (internal error)" ;;
  esac
  return $rc
}

# check_file FILE FIRST_CHAR MIN_SIZE MAX_SIZE
check_file()
{
  local firstchar f maxsize minsize size
  test -z "$dryrun" || return 0
  f=$1; firstchar=$2; minsize=$3; maxsize=$4

  # Check first chars
  case `dd if="$f" bs=1 count=1 2>/dev/null` in
    $firstchar) ;;
    \<) echo "HTML error message"; return 1 ;;
    *)   echo "unknown file contents"; return 1 ;;
  esac

  # Check file size
  size=`wc -c < "$f"`
  if test "$size" -lt $minsize; then
    echo "too small file size $size bytes"
    return 1
  fi
  if test "$size" -gt $maxsize; then
    echo "too large file size $size bytes"
    return 1
  fi
  return 0
}

# unexpand_svn_id < INFILE > OUTFILE
unexpand_svn_id()
{
  sed 's,\$''Id'': drivedb\.h [0-9][0-9]* 2[-0-9]* [012][:0-9]*Z [a-z][a-z]* \$,$''Id''$,'
}

# Smartmontools Signing Key (through 2018)
# <smartmontools-database@listi.jpberlin.de>
# Key ID DFD22559
public_key="\
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFgOYoEBCAC93841SlFmpp6640hKUvZ8PbZR6OGnZnMXD6QRVzpibXGZXUDB
f6unujun5Ql4ObAWt6QuRqz5Gk2gF8tcOfN6edR/uK5gyX2rlWVLoZKOV91a3aDI
iIDh018tLWOpHg3VxgHL6f0iMcFogUYnD5zhC5Z2GVhFb/cVpj+ocZWcxQLQGPVv
uZPUQWrvdpFEzcnxPMtJJDqXEChzhrdFTXGm69ERxULOro7yDmG1Y5xWmhdGnPPM
cuCXVVlADz/Gh1w+ay7RqFnzPjqjQmHAuggns467TJEcS0yiX4LJnEoKLyPGen9L
FH6z38xHCNt4Da05/OeRgXwVLH9M95lu8d6TABEBAAG0U1NtYXJ0bW9udG9vbHMg
U2lnbmluZyBLZXkgKHRocm91Z2ggMjAxOCkgPHNtYXJ0bW9udG9vbHMtZGF0YWJh
c2VAbGlzdGkuanBiZXJsaW4uZGU+iQFBBBMBAgArAhsDBQkEHA0ABgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAUCWe5KCQIZAQAKCRDzh2PO39IlWbM5CAC6GNFXkJEu
Beu1TV2e3N47IwZDsQXypn8DGBVh5VmhFGVHPO5dgBBGXEHBcpiFk6RGXOqyLQar
bZd0qmGaTCuakUU5MipCB/fPEpOm15CSPzJIAAHz0HiDgJc8YW+JfGUA6P4EHa+r
OyYcfCu66NNYTjBQJ/wHcwcuIY1xNzEMhb4TCEcM/Nex9zZ7d0+WTWsK4U8m3ui3
IDESRssCzTTjc5gH/tMz8KuEwY3v91mHc0/vNYVQZx9atWOuuj3JJKqdr8oll/qo
/33gIadY66dgArQhqybdPFCEKckhoHvlPxoqg7XPKSw6oyBxM/0wf/gM5MGsUImD
qu1djwVlKH7xiQEcBBMBAgAGBQJZ7kylAAoJEC/N7AvTrxqroQQH/jrZAGT5t8uy
zRTzJCf3Bco8FqwKcfw8hhpF1Uaypa+quxkpYz9PtP+3e9lGxl0XSEzOwHjfgGWX
ISUOM1ufVxo2hSLG87yO7naFAtylL8l0Zny8Fb6kmT9f3vMktbHdXHUTDNrCUkoE
lEwwDK3qaur8IPUaIKeSTC3C8E/DVnasLs9cpOs2LPIKr3ishbqbHNeWOgGyHbA4
KCtvQzBhun9drmtQJW6OyCC9FcIoqPSFM/bs2KHf7qATNu9kSMg/YWw7WLAD4GPq
H9us1GigQ0h6Y4KG5EgmkFvuQFPLHvT4rtqv51zzs1iwFh4+GIagFp+HJ2jnlp+G
cZcySlwfnem0V1NtYXJ0bW9udG9vbHMgU2lnbmluZyBLZXkgKHRocm91Z2ggMjAx
OCkgPHNtYXJ0bW9udG9vbHMtZGF0YWJhc2VAbGlzdHMuc291cmNlZm9yZ2UubmV0
PokBPgQTAQIAKAUCWA5igQIbAwUJBBwNAAYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
F4AACgkQ84djzt/SJVldMQf+MxE3PM70mnIr/Dcrubt8AA3JeMkThNV2xFe9Rdkl
4tJ1ogU8T5PCgMqJ4Gei9mUmbiQu1CKLSf9k/oxBRcLZK8Fav+BMj0+4YERfZx7J
Qzou3f0RX8u3pc/+pRXLE6lH/Luk453NzqM3tCFyWgw89dEzFlwYpWx7AfxiFwvH
ShEPNKZdEp+aBAu8oW9lSKiwLNFsembSGVh+5+3yMiKK02oOdC/NPKTnxxDgvzl4
Ulm3dNjI3uuBtFNFvs6qKk8CXV9AfM2993QxaCtRMph/ymqX4zXcecvJYpn3vulF
bAzDTzge7TVhkmaupzDNLeE8IS5sgUjSOM1x3+2SkBiVSYkBHAQTAQIABgUCWA5k
YwAKCRDfDxpJxKSQOp+/CADTlsgisoXI6b+0oohRaD4ZVl5eBtkvTrxNQf6EF7Z1
uPkVOqi1OLWFGyAmbeLcRmN6c4/DVcaa6GAG7GA+KQwVPRCyC+9Ibsn/+uG6ZFXA
ez+0eG9NxOfkCnYH8ZP8o2VH+9uKJlGGujh9o5r1SNGVifoLGTc8NkWCW+MAKj8d
w8WW+wDc80YrdCRrSyLrRU9NLTSE4pIJWKcHLwG63xkXHQPPR1lsJgzdAalfEv1T
QdIF3sM+GXp4lZ6buahFDiILBh1vj+5C9TdpWZAlqHDYFICa7Rv/MvQa4O9UUl3S
lN3sed8zwAmL3HeoXE5tBu8iatMaS9e3BmSsVYlhd/q+iQEcBBMBAgAGBQJYDmSW
AAoJEC/N7AvTrxqr8HsH+QGQuhHYt9Syccd8AF36psyT03mqgbGLMZL8H9ngoa9Z
qVMq7O8Aqz23SGTtuNuw6EyrcHo7Dy1311GftshI6arsFNJxE2ZNGIfGocRxu9m3
Ez+AysWT9sxz/haHE+d58NTg+/7R8YWS1q+Tk6m8dA0Xyf3tMBsIJfj0zJvuGMbC
Lmd93Yw4nk76qtSn9UHbnf76UJN5SctAd8+gK3uO6O4XDcZqC06xkWKl193lzcC8
sZJBdI15NszC3y/epnILDDMBUNQMBm/XlCYQUetyrJnAVzFGXurtjEXQ/DDnbfy2
Z8efoG8rtq7v3fxS1TC5jSVOIEqOE4TwzRz1Y/dfqSU=
=CNK4
-----END PGP PUBLIC KEY BLOCK-----
"

# gpg_verify FILE.asc FILE
gpg_verify()
{
  local gnupgtmp opts out rc
  opts="--quiet ${q:+--no-secmem-warnin} --batch --no-tty"

  # Create temp home dir
  gnupgtmp="$tmpdir/.gnupg.$$.tmp"
  rm -f -r "$gnupgtmp"
  mkdir "$gnupgtmp" || exit 1
  chmod 0700 "$gnupgtmp"

  # Import public key
  "$GPG" $opts --homedir="$gnupgtmp" --import <<EOF
$public_key
EOF
  test $? = 0 || exit 1

  # Verify
  rc=0
  out=`"$GPG" $opts --homedir="$gnupgtmp" --verify "$1" "$2" </dev/null 2>&1` || rc=1
  vecho "$out"

  rm -f -r "$gnupgtmp"
  return $rc
}

# mv_all PREFIX OLD NEW
mv_all()
{
  mv "${1}${2}"         "${1}${3}"
  mv "${1}${2}.raw"     "${1}${3}.raw"
  mv "${1}${2}.raw.asc" "${1}${3}.raw.asc"
}

# Parse options
smtctl=$SMARTCTL
tool=
url=
q="-q"
dryrun=
trunk=
cacert=
capath=
insecure=
no_verify=

while true; do case $1 in
  -s)
    shift; test -n "$1" || usage
    smtctl=$1 ;;

  -t)
    shift
    case $1 in *\ *) usage ;; esac
    case " $os_dltools " in *\ $1\ *) ;; *) usage ;; esac
    tool=$1 ;;

  -u)
    shift; selecturl "$1" ;;

  -v)
    q= ;;

  --dryrun)
    dryrun=t ;;

  --trunk)
    trunk=trunk ;;

  --cacert)
    shift; test -n "$1" || usage
    cacert=$1 ;;

  --capath)
    shift; test -n "$1" || usage
    capath=$1 ;;

  --insecure)
    insecure=t ;;

  --no-verify)
    no_verify=t ;;

  --export-key)
    cat <<EOF
$public_key
EOF
    exit 0 ;;

  -*)
    usage ;;

  *)
    break ;;
esac; shift; done

case $# in
  0) DEST=$DRIVEDB ;;
  1) DEST=$1 ;;
  *) usage ;;
esac

if [ -z "$tool" ]; then
  # Find download tool in PATH
  for t in $os_dltools; do
    if inpath "$t"; then
      tool=$t
      break
    fi
  done
  test -n "$tool" || error "found none of: $os_dltools"
fi

test -n "$url" || selecturl "svn"

# Check option compatibility
case "$tool:$url" in
  svn:http*://svn.code.sf.net*) ;;
  svn:*) error "'-t svn' requires '-u svn' or '-u svni'" ;;
esac
case "$tool:${capath:+set}" in
  svn:set) warning "'--capath' is ignored if '-t svn' is used" ;;
esac
case "${insecure:-f}:$url" in
  t:http:*) insecure= ;;
  ?:https:*) ;;
  *) error "'-u svni' requires '--insecure'" ;;
esac
case "$tool:$insecure" in
  lynx:t) warning "'--insecure' is ignored if '-t lynx' is used" ;;
esac

# Check for smartctl
if [ "$smtctl" != "-" ]; then
  "$smtctl" -V >/dev/null 2>&1 \
  || error "$smtctl: not found ('-s -' to ignore)"
fi

# Check for GnuPG
if [ -z "$no_verify" ]; then
  test -n "$GPG" \
  || error "GnuPG is not available ('--no-verify' to ignore)"
  "$GPG" --version >/dev/null 2>&1 \
  || error "$GPG: not found ('--no-verify' to ignore)"
fi

# Use destination directory as temp directory for gpg
tmpdir=`dirname "$DEST"`

# Adjust URLs
src=`echo "$url" | sed "s,/trunk/,/branches/$BRANCH/,"`
src_asc=`echo "$src" | sed "s,/drivedb\.h,/drivedb.h.raw.asc,"`
test -z "$trunk" || src=$url

# Download
test -n "$dryrun" || rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"

vecho "Download ${trunk:-branches/$BRANCH}/drivedb.h with $tool"
rc=0
download "$src" "$DEST.new" || rc=$?
if [ $rc != 0 ]; then
  rm -f "$DEST.new"
  error "${trunk:-$BRANCH}/drivedb.h: download failed ($tool: exit $rc)"
fi
if ! errmsg=`check_file "$DEST.new" '/' 10000 1000000`; then
  mv "$DEST.new" "$DEST.error"
  error "$DEST.error: $errmsg"
fi

vecho "Download branches/$BRANCH/drivedb.h.raw.asc with $tool"
rc=0
download "$src_asc" "$DEST.new.raw.asc" || rc=$?
if [ $rc != 0 ]; then
  rm -f "$DEST.new" "$DEST.new.raw.asc"
  error "$BRANCH/drivedb.h.raw.asc: download failed ($tool: exit $rc)"
fi
if ! errmsg=`check_file "$DEST.new.raw.asc" '-' 200 2000`; then
  rm -f "$DEST.new"
  mv "$DEST.new.raw.asc" "$DEST.error.raw.asc"
  error "$DEST.error.raw.asc: $errmsg"
fi

test -z "$dryrun" || exit 0

# Create raw file with unexpanded SVN Id
# (This assumes newlines are LF and not CR/LF)
unexpand_svn_id < "$DEST.new" > "$DEST.new.raw"

# Adjust timestamps and permissions
touch "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
chmod 0644 "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"

if [ -z "$no_verify" ]; then
  # Verify raw file
  if ! gpg_verify "$DEST.new.raw.asc" "$DEST.new.raw"; then
    mv_all "$DEST" ".new" ".error"
    test -n "$trunk" || error "$DEST.error.raw: *** BAD signature ***"
    error "$DEST.error.raw: signature from branch no longer valid ('--no-verify' to ignore)"
  fi
fi

if [ "$smtctl" != "-" ]; then
  # Check syntax
  if ! "$smtctl" -B "$DEST.new" -P showall >/dev/null; then
    mv_all "$DEST" ".new" ".error"
    error "$DEST.error: rejected by $smtctl, probably no longer compatible"
  fi
  vecho "$smtctl: syntax OK"
fi

# Keep old file if identical, ignore missing Id keyword expansion in new file
rm -f "$DEST.lastcheck"
if [ -f "$DEST" ]; then
  if [ -f "$DEST.raw" ] && [ -f "$DEST.raw.asc" ]; then
    if    cmp "$DEST.raw"     "$DEST.new.raw"     >/dev/null 2>&1 \
       && cmp "$DEST.raw.asc" "$DEST.new.raw.asc" >/dev/null 2>&1 \
       && {   cmp "$DEST"     "$DEST.new" >/dev/null 2>&1 \
           || cmp "$DEST.raw" "$DEST.new" >/dev/null 2>&1; }
    then
      rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
      touch "$DEST.lastcheck"
      echo "$DEST is already up to date"
      exit 0
    fi
    mv_all "$DEST" "" ".old"
  else
    mv "$DEST" "$DEST.old"
  fi
fi

mv_all "$DEST" ".new" ""

echo "$DEST updated from ${trunk:-branches/$BRANCH}${no_verify:+ (NOT VERIFIED)}"
Commit	Line	Data
7f0798ef GI	1	#! /bin/sh
	2	#
	3	# smartmontools drive database update script
	4	#
f9e10201 JD	5	# Home page of code is: http://www.smartmontools.org
	6	#
	7	# Copyright (C) 2010-17 Christian Franke
7f0798ef GI	8	#
	9	# This program is free software; you can redistribute it and/or modify
	10	# it under the terms of the GNU General Public License as published by
	11	# the Free Software Foundation; either version 2, or (at your option)
	12	# any later version.
	13	#
	14	# You should have received a copy of the GNU General Public License
	15	# (for example COPYING); If not, see <http://www.gnu.org/licenses/>.
	16	#
f9e10201	17	# $Id: update-smart-drivedb.in 4584 2017-11-03 22:43:32Z chrfranke $
7f0798ef GI	18	#
	19
	20	set -e
	21
	22	# Set by config.status
f9e10201	23	@ENABLE_SCRIPTPATH_TRUE@export PATH="@scriptpath@"
7f0798ef GI	24	PACKAGE="@PACKAGE@"
	25	VERSION="@VERSION@"
	26	prefix="@prefix@"
	27	exec_prefix="@exec_prefix@"
	28	sbindir="@sbindir@"
	29	datarootdir="@datarootdir@"
	30	datadir="@datadir@"
	31	drivedbdir="@drivedbdir@"
	32
cfbba5b9 GI	33	# Download tools
	34	os_dltools="@os_dltools@"
	35
	36	# drivedb.h update branch
	37	BRANCH="@DRIVEDB_BRANCH@"
	38
7f0798ef	39	# Default drivedb location
a86ec89e	40	DRIVEDB="$drivedbdir/drivedb.h"
7f0798ef	41
f9e10201 JD	42	# GnuPG used to verify signature (disabled if empty)
	43	GPG="@gnupg@"
	44
7f0798ef GI	45	# Smartctl used for syntax check
	46	SMARTCTL="$sbindir/smartctl"
	47
a86ec89e	48	myname=$0
7f0798ef	49
a86ec89e GI	50	usage()
	51	{
	52	cat <<EOF
7f0798ef GI	53	smartmontools $VERSION drive database update script
7f0798ef GI	54
a86ec89e	55	Usage: $myname [OPTIONS] [DESTFILE]
7f0798ef	56
a86ec89e GI	57	-s SMARTCTL Use SMARTCTL for syntax check ('-s -' to disable)
	58	[default: $SMARTCTL]
	59	-t TOOL Use TOOL for download: $os_dltools
	60	[default: first one found in PATH]
	61	-u LOCATION Use URL of LOCATION for download:
	62	sf (Sourceforge code browser via HTTPS)
	63	svn (SVN repository via HTTPS) [default]
	64	svni (SVN repository via HTTP)
	65	trac (Trac code browser via HTTPS)
f9e10201	66	--trunk Download from SVN trunk (may require '--no-verify')
a86ec89e GI	67	--cacert FILE Use CA certificates from FILE to verify the peer
	68	--capath DIR Use CA certificate files from DIR to verify the peer
	69	--insecure Don't abort download if certificate verification fails
f9e10201 JD	70	--no-verify Don't verify signature
f9e10201 JD	71	--export-key Print the OpenPGP/GPG public key block
a86ec89e GI	72	--dryrun Print download commands only
a86ec89e GI	73	-v Verbose output
7f0798ef	74
a86ec89e	75	Updates $DRIVEDB
f9e10201 JD	76	or DESTFILE from branches/$BRANCH of smartmontools
f9e10201 JD	77	SVN repository.
7f0798ef	78	EOF
a86ec89e GI	79	exit 1
a86ec89e GI	80	}
7f0798ef	81
a86ec89e GI	82	error()
	83	{
	84	echo "$myname: $*" >&2
	85	exit 1
	86	}
7f0798ef	87
a86ec89e GI	88	warning()
	89	{
	90	echo "$myname: (Warning) $*" >&2
	91	}
	92
	93	selecturl()
	94	{
	95	case $1 in
	96	sf) url='https://sourceforge.net/p/smartmontools/code/HEAD/tree/trunk/smartmontools/drivedb.h?format=raw' ;;
	97	svn) url='https://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
	98	svni) url='http://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
	99	trac) url='https://www.smartmontools.org/export/HEAD/trunk/smartmontools/drivedb.h' ;;
	100	*) usage ;;
	101	esac
	102	}
	103
	104	inpath()
	105	{
	106	local d rc save
	107	rc=1
	108	save=$IFS
	109	IFS=':'
	110	for d in $PATH; do
	111	test -f "$d/$1" \|\| continue
	112	test -x "$d/$1" \|\| continue
	113	rc=0
cfbba5b9	114	break
a86ec89e GI	115	done
	116	IFS=$save
	117	return $rc
	118	}
	119
	120	vecho()
	121	{
	122	test -n "$q" \|\| echo "$*"
	123	}
	124
	125	# vrun COMMAND ARGS...
	126	vrun()
	127	{
	128	if [ -n "$dryrun" ]; then
	129	echo "$*"
	130	elif [ -n "$q" ]; then
	131	"$@" 2>/dev/null
	132	else
	133	echo "$*"
	134	"$@"
cfbba5b9	135	fi
a86ec89e GI	136	}
	137
	138	# vrun2 OUTFILE COMMAND ARGS...
	139	vrun2()
	140	{
	141	local f err rc
	142	f=$1; shift
	143	rc=0
	144	if [ -n "$dryrun" ]; then
	145	echo "$* > $f"
	146	else
	147	vecho "$* > $f"
	148	err=`"$@" 2>&1 > $f` \|\| rc=$?
	149	if [ -n "$err" ]; then
	150	vecho "$err" >&2
	151	test $rc != 0 \|\| rc=42
	152	fi
	153	fi
	154	return $rc
	155	}
	156
	157	# download URL FILE
	158	download()
	159	{
f9e10201	160	local f u rc
a86ec89e GI	161	u=$1; f=$2
	162	rc=0
	163
	164	case $tool in
	165	curl)
	166	vrun curl ${q:+-s} -f --max-redirs 0 \
	167	${cacert:+--cacert "$cacert"} \
	168	${capath:+--capath "$capath"} \
	169	${insecure:+--insecure} \
	170	-o "$f" "$u" \|\| rc=$?
	171	;;
	172
	173	wget)
	174	vrun wget $q --max-redirect=0 \
	175	${cacert:+--ca-certificate="$cacert"} \
	176	${capath:+--ca-directory="$capath"} \
	177	${insecure:+--no-check-certificate} \
	178	-O "$f" "$u" \|\| rc=$?
	179	;;
	180
	181	lynx)
	182	test -z "$cacert" \|\| vrun export SSL_CERT_FILE="$cacert"
	183	test -z "$capath" \|\| vrun export SSL_CERT_DIR="$capath"
	184	# Check also stderr as lynx does not return != 0 on HTTP error
	185	vrun2 "$f" lynx -stderr -noredir -source "$u" \|\| rc=$?
	186	;;
	187
	188	svn)
	189	vrun svn $q export \
	190	--non-interactive --no-auth-cache \
	191	${cacert:+--config-option "servers:global:ssl-trust-default-ca=no"} \
	192	${cacert:+--config-option "servers:global:ssl-authority-files=$cacert"} \
	193	${insecure:+--trust-server-cert} \
	194	"$u" "$f" \|\| rc=$?
	195	;;
	196
	197	fetch) # FreeBSD
	198	vrun fetch $q --no-redirect \
	199	${cacert:+--ca-cert "$cacert"} \
	200	${capath:+--ca-path "$capath"} \
	201	${insecure:+--no-verify-hostname} \
	202	-o "$f" "$u" \|\| rc=$?
	203	;;
	204
	205	ftp) # OpenBSD
	206	vrun ftp \
	207	${cacert:+-S cafile="$cacert"} \
	208	${capath:+-S capath="$capath"} \
	209	${insecure:+-S dont} \
	210	-o "$f" "$u" \|\| rc=$?
	211	;;
	212
	213	*) error "$tool: unknown (internal error)" ;;
	214	esac
	215	return $rc
	216	}
	217
f9e10201 JD	218	# check_file FILE FIRST_CHAR MIN_SIZE MAX_SIZE
	219	check_file()
	220	{
	221	local firstchar f maxsize minsize size
	222	test -z "$dryrun" \|\| return 0
	223	f=$1; firstchar=$2; minsize=$3; maxsize=$4
	224
	225	# Check first chars
	226	case `dd if="$f" bs=1 count=1 2>/dev/null` in
	227	$firstchar) ;;
	228	\<) echo "HTML error message"; return 1 ;;
	229	*) echo "unknown file contents"; return 1 ;;
	230	esac
	231
	232	# Check file size
	233	size=`wc -c < "$f"`
	234	if test "$size" -lt $minsize; then
	235	echo "too small file size $size bytes"
	236	return 1
	237	fi
	238	if test "$size" -gt $maxsize; then
	239	echo "too large file size $size bytes"
	240	return 1
	241	fi
	242	return 0
	243	}
	244
	245	# unexpand_svn_id < INFILE > OUTFILE
	246	unexpand_svn_id()
	247	{
	248	sed 's,\$''Id'': drivedb\.h [0-9][0-9]* 2[-0-9]* [012][:0-9]Z [a-z][a-z] \$,$''Id''$,'
	249	}
	250
	251	# Smartmontools Signing Key (through 2018)
	252	# <smartmontools-database@listi.jpberlin.de>
	253	# Key ID DFD22559
	254	public_key="\
	255	-----BEGIN PGP PUBLIC KEY BLOCK-----
	256
	257	mQENBFgOYoEBCAC93841SlFmpp6640hKUvZ8PbZR6OGnZnMXD6QRVzpibXGZXUDB
	258	f6unujun5Ql4ObAWt6QuRqz5Gk2gF8tcOfN6edR/uK5gyX2rlWVLoZKOV91a3aDI
	259	iIDh018tLWOpHg3VxgHL6f0iMcFogUYnD5zhC5Z2GVhFb/cVpj+ocZWcxQLQGPVv
	260	uZPUQWrvdpFEzcnxPMtJJDqXEChzhrdFTXGm69ERxULOro7yDmG1Y5xWmhdGnPPM
	261	cuCXVVlADz/Gh1w+ay7RqFnzPjqjQmHAuggns467TJEcS0yiX4LJnEoKLyPGen9L
	262	FH6z38xHCNt4Da05/OeRgXwVLH9M95lu8d6TABEBAAG0U1NtYXJ0bW9udG9vbHMg
	263	U2lnbmluZyBLZXkgKHRocm91Z2ggMjAxOCkgPHNtYXJ0bW9udG9vbHMtZGF0YWJh
	264	c2VAbGlzdGkuanBiZXJsaW4uZGU+iQFBBBMBAgArAhsDBQkEHA0ABgsJCAcDAgYV
	265	CAIJCgsEFgIDAQIeAQIXgAUCWe5KCQIZAQAKCRDzh2PO39IlWbM5CAC6GNFXkJEu
	266	Beu1TV2e3N47IwZDsQXypn8DGBVh5VmhFGVHPO5dgBBGXEHBcpiFk6RGXOqyLQar
	267	bZd0qmGaTCuakUU5MipCB/fPEpOm15CSPzJIAAHz0HiDgJc8YW+JfGUA6P4EHa+r
	268	OyYcfCu66NNYTjBQJ/wHcwcuIY1xNzEMhb4TCEcM/Nex9zZ7d0+WTWsK4U8m3ui3
	269	IDESRssCzTTjc5gH/tMz8KuEwY3v91mHc0/vNYVQZx9atWOuuj3JJKqdr8oll/qo
	270	/33gIadY66dgArQhqybdPFCEKckhoHvlPxoqg7XPKSw6oyBxM/0wf/gM5MGsUImD
	271	qu1djwVlKH7xiQEcBBMBAgAGBQJZ7kylAAoJEC/N7AvTrxqroQQH/jrZAGT5t8uy
	272	zRTzJCf3Bco8FqwKcfw8hhpF1Uaypa+quxkpYz9PtP+3e9lGxl0XSEzOwHjfgGWX
	273	ISUOM1ufVxo2hSLG87yO7naFAtylL8l0Zny8Fb6kmT9f3vMktbHdXHUTDNrCUkoE
	274	lEwwDK3qaur8IPUaIKeSTC3C8E/DVnasLs9cpOs2LPIKr3ishbqbHNeWOgGyHbA4
	275	KCtvQzBhun9drmtQJW6OyCC9FcIoqPSFM/bs2KHf7qATNu9kSMg/YWw7WLAD4GPq
	276	H9us1GigQ0h6Y4KG5EgmkFvuQFPLHvT4rtqv51zzs1iwFh4+GIagFp+HJ2jnlp+G
	277	cZcySlwfnem0V1NtYXJ0bW9udG9vbHMgU2lnbmluZyBLZXkgKHRocm91Z2ggMjAx
	278	OCkgPHNtYXJ0bW9udG9vbHMtZGF0YWJhc2VAbGlzdHMuc291cmNlZm9yZ2UubmV0
	279	PokBPgQTAQIAKAUCWA5igQIbAwUJBBwNAAYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
	280	F4AACgkQ84djzt/SJVldMQf+MxE3PM70mnIr/Dcrubt8AA3JeMkThNV2xFe9Rdkl
	281	4tJ1ogU8T5PCgMqJ4Gei9mUmbiQu1CKLSf9k/oxBRcLZK8Fav+BMj0+4YERfZx7J
282	Qzou3f0RX8u3pc/+pRXLE6lH/Luk453NzqM3tCFyWgw89dEzFlwYpWx7AfxiFwvH
283	ShEPNKZdEp+aBAu8oW9lSKiwLNFsembSGVh+5+3yMiKK02oOdC/NPKTnxxDgvzl4
284	Ulm3dNjI3uuBtFNFvs6qKk8CXV9AfM2993QxaCtRMph/ymqX4zXcecvJYpn3vulF
285	bAzDTzge7TVhkmaupzDNLeE8IS5sgUjSOM1x3+2SkBiVSYkBHAQTAQIABgUCWA5k
286	YwAKCRDfDxpJxKSQOp+/CADTlsgisoXI6b+0oohRaD4ZVl5eBtkvTrxNQf6EF7Z1
287	uPkVOqi1OLWFGyAmbeLcRmN6c4/DVcaa6GAG7GA+KQwVPRCyC+9Ibsn/+uG6ZFXA
288	ez+0eG9NxOfkCnYH8ZP8o2VH+9uKJlGGujh9o5r1SNGVifoLGTc8NkWCW+MAKj8d
289	w8WW+wDc80YrdCRrSyLrRU9NLTSE4pIJWKcHLwG63xkXHQPPR1lsJgzdAalfEv1T
290	QdIF3sM+GXp4lZ6buahFDiILBh1vj+5C9TdpWZAlqHDYFICa7Rv/MvQa4O9UUl3S
291	lN3sed8zwAmL3HeoXE5tBu8iatMaS9e3BmSsVYlhd/q+iQEcBBMBAgAGBQJYDmSW
292	AAoJEC/N7AvTrxqr8HsH+QGQuhHYt9Syccd8AF36psyT03mqgbGLMZL8H9ngoa9Z
293	qVMq7O8Aqz23SGTtuNuw6EyrcHo7Dy1311GftshI6arsFNJxE2ZNGIfGocRxu9m3
294	Ez+AysWT9sxz/haHE+d58NTg+/7R8YWS1q+Tk6m8dA0Xyf3tMBsIJfj0zJvuGMbC
295	Lmd93Yw4nk76qtSn9UHbnf76UJN5SctAd8+gK3uO6O4XDcZqC06xkWKl193lzcC8
296	sZJBdI15NszC3y/epnILDDMBUNQMBm/XlCYQUetyrJnAVzFGXurtjEXQ/DDnbfy2
297	Z8efoG8rtq7v3fxS1TC5jSVOIEqOE4TwzRz1Y/dfqSU=
298	=CNK4
299	-----END PGP PUBLIC KEY BLOCK-----
300	"
301
302	# gpg_verify FILE.asc FILE
303	gpg_verify()
304	{
305	local gnupgtmp opts out rc
306	opts="--quiet ${q:+--no-secmem-warnin} --batch --no-tty"
307
308	# Create temp home dir
309	gnupgtmp="$tmpdir/.gnupg.$$.tmp"
310	rm -f -r "$gnupgtmp"
311	mkdir "$gnupgtmp" \|\| exit 1
312	chmod 0700 "$gnupgtmp"
313
314	# Import public key
315	"$GPG" $opts --homedir="$gnupgtmp" --import <<EOF
316	$public_key
317	EOF
318	test $? = 0 \|\| exit 1
319
320	# Verify
321	rc=0
322	out=`"$GPG" $opts --homedir="$gnupgtmp" --verify "$1" "$2" </dev/null 2>&1` \|\| rc=1
323	vecho "$out"
324
325	rm -f -r "$gnupgtmp"
326	return $rc
327	}
328
329	# mv_all PREFIX OLD NEW
330	mv_all()
331	{
332	mv "${1}${2}" "${1}${3}"
333	mv "${1}${2}.raw" "${1}${3}.raw"
334	mv "${1}${2}.raw.asc" "${1}${3}.raw.asc"
335	}
336
a86ec89e GI	337	# Parse options
	338	smtctl=$SMARTCTL
	339	tool=
	340	url=
	341	q="-q"
	342	dryrun=
f9e10201	343	trunk=
a86ec89e GI	344	cacert=
	345	capath=
	346	insecure=
f9e10201	347	no_verify=
a86ec89e GI	348
	349	while true; do case $1 in
	350	-s)
	351	shift; test -n "$1" \|\| usage
	352	smtctl=$1 ;;
	353
	354	-t)
	355	shift
	356	case $1 in \ ) usage ;; esac
	357	case " $os_dltools " in \ $1\ ) ;; *) usage ;; esac
	358	tool=$1 ;;
	359
	360	-u)
	361	shift; selecturl "$1" ;;
	362
	363	-v)
	364	q= ;;
	365
	366	--dryrun)
	367	dryrun=t ;;
	368
f9e10201 JD	369	--trunk)
	370	trunk=trunk ;;
	371
a86ec89e GI	372	--cacert)
	373	shift; test -n "$1" \|\| usage
	374	cacert=$1 ;;
	375
	376	--capath)
	377	shift; test -n "$1" \|\| usage
	378	capath=$1 ;;
	379
	380	--insecure)
	381	insecure=t ;;
	382
f9e10201 JD	383	--no-verify)
	384	no_verify=t ;;
	385
	386	--export-key)
	387	cat <<EOF
	388	$public_key
	389	EOF
	390	exit 0 ;;
	391
a86ec89e GI	392	-*)
	393	usage ;;
	394
	395	*)
	396	break ;;
	397	esac; shift; done
	398
	399	case $# in
	400	0) DEST=$DRIVEDB ;;
	401	1) DEST=$1 ;;
	402	*) usage ;;
	403	esac
	404
	405	if [ -z "$tool" ]; then
	406	# Find download tool in PATH
	407	for t in $os_dltools; do
	408	if inpath "$t"; then
	409	tool=$t
	410	break
	411	fi
	412	done
	413	test -n "$tool" \|\| error "found none of: $os_dltools"
7f0798ef GI	414	fi
7f0798ef GI	415
a86ec89e GI	416	test -n "$url" \|\| selecturl "svn"
	417
	418	# Check option compatibility
	419	case "$tool:$url" in
	420	svn:http://svn.code.sf.net) ;;
	421	svn:*) error "'-t svn' requires '-u svn' or '-u svni'" ;;
	422	esac
	423	case "$tool:${capath:+set}" in
	424	svn:set) warning "'--capath' is ignored if '-t svn' is used" ;;
	425	esac
	426	case "${insecure:-f}:$url" in
	427	t:http:*) insecure= ;;
	428	?:https:*) ;;
	429	*) error "'-u svni' requires '--insecure'" ;;
	430	esac
	431	case "$tool:$insecure" in
	432	lynx:t) warning "'--insecure' is ignored if '-t lynx' is used" ;;
	433	esac
	434
f9e10201 JD	435	# Check for smartctl
	436	if [ "$smtctl" != "-" ]; then
	437	"$smtctl" -V >/dev/null 2>&1 \
	438	\|\| error "$smtctl: not found ('-s -' to ignore)"
	439	fi
7f0798ef	440
f9e10201 JD	441	# Check for GnuPG
	442	if [ -z "$no_verify" ]; then
	443	test -n "$GPG" \
	444	\|\| error "GnuPG is not available ('--no-verify' to ignore)"
	445	"$GPG" --version >/dev/null 2>&1 \
	446	\|\| error "$GPG: not found ('--no-verify' to ignore)"
	447	fi
a86ec89e	448
f9e10201 JD	449	# Use destination directory as temp directory for gpg
f9e10201 JD	450	tmpdir=`dirname "$DEST"`
a86ec89e	451
f9e10201 JD	452	# Adjust URLs
	453	src=`echo "$url" \| sed "s,/trunk/,/branches/$BRANCH/,"`
	454	src_asc=`echo "$src" \| sed "s,/drivedb\.h,/drivedb.h.raw.asc,"`
	455	test -z "$trunk" \|\| src=$url
7f0798ef	456
f9e10201 JD	457	# Download
f9e10201 JD	458	test -n "$dryrun" \|\| rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
7f0798ef	459
f9e10201 JD	460	vecho "Download ${trunk:-branches/$BRANCH}/drivedb.h with $tool"
	461	rc=0
	462	download "$src" "$DEST.new" \|\| rc=$?
	463	if [ $rc != 0 ]; then
	464	rm -f "$DEST.new"
	465	error "${trunk:-$BRANCH}/drivedb.h: download failed ($tool: exit $rc)"
	466	fi
	467	if ! errmsg=`check_file "$DEST.new" '/' 10000 1000000`; then
	468	mv "$DEST.new" "$DEST.error"
	469	error "$DEST.error: $errmsg"
	470	fi
a86ec89e	471
f9e10201 JD	472	vecho "Download branches/$BRANCH/drivedb.h.raw.asc with $tool"
	473	rc=0
	474	download "$src_asc" "$DEST.new.raw.asc" \|\| rc=$?
	475	if [ $rc != 0 ]; then
	476	rm -f "$DEST.new" "$DEST.new.raw.asc"
	477	error "$BRANCH/drivedb.h.raw.asc: download failed ($tool: exit $rc)"
	478	fi
	479	if ! errmsg=`check_file "$DEST.new.raw.asc" '-' 200 2000`; then
7f0798ef	480	rm -f "$DEST.new"
f9e10201 JD	481	mv "$DEST.new.raw.asc" "$DEST.error.raw.asc"
f9e10201 JD	482	error "$DEST.error.raw.asc: $errmsg"
7f0798ef GI	483	fi
7f0798ef GI	484
f9e10201 JD	485	test -z "$dryrun" \|\| exit 0
	486
	487	# Create raw file with unexpanded SVN Id
	488	# (This assumes newlines are LF and not CR/LF)
	489	unexpand_svn_id < "$DEST.new" > "$DEST.new.raw"
	490
	491	# Adjust timestamps and permissions
	492	touch "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
	493	chmod 0644 "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
	494
	495	if [ -z "$no_verify" ]; then
	496	# Verify raw file
	497	if ! gpg_verify "$DEST.new.raw.asc" "$DEST.new.raw"; then
	498	mv_all "$DEST" ".new" ".error"
	499	test -n "$trunk" \|\| error "$DEST.error.raw: * BAD signature *"
	500	error "$DEST.error.raw: signature from branch no longer valid ('--no-verify' to ignore)"
	501	fi
	502	fi
7f0798ef	503
a86ec89e GI	504	if [ "$smtctl" != "-" ]; then
a86ec89e GI	505	# Check syntax
f9e10201 JD	506	if ! "$smtctl" -B "$DEST.new" -P showall >/dev/null; then
	507	mv_all "$DEST" ".new" ".error"
	508	error "$DEST.error: rejected by $smtctl, probably no longer compatible"
a86ec89e	509	fi
f9e10201	510	vecho "$smtctl: syntax OK"
7f0798ef GI	511	fi
7f0798ef GI	512
a86ec89e	513	# Keep old file if identical, ignore missing Id keyword expansion in new file
7f0798ef GI	514	rm -f "$DEST.lastcheck"
7f0798ef GI	515	if [ -f "$DEST" ]; then
f9e10201 JD	516	if [ -f "$DEST.raw" ] && [ -f "$DEST.raw.asc" ]; then
	517	if cmp "$DEST.raw" "$DEST.new.raw" >/dev/null 2>&1 \
	518	&& cmp "$DEST.raw.asc" "$DEST.new.raw.asc" >/dev/null 2>&1 \
	519	&& { cmp "$DEST" "$DEST.new" >/dev/null 2>&1 \
	520	\|\| cmp "$DEST.raw" "$DEST.new" >/dev/null 2>&1; }
	521	then
	522	rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
	523	touch "$DEST.lastcheck"
	524	echo "$DEST is already up to date"
	525	exit 0
	526	fi
	527	mv_all "$DEST" "" ".old"
	528	else
	529	mv "$DEST" "$DEST.old"
7f0798ef	530	fi
7f0798ef GI	531	fi
7f0798ef GI	532
f9e10201	533	mv_all "$DEST" ".new" ""
7f0798ef	534
f9e10201	535	echo "$DEST updated from ${trunk:-branches/$BRANCH}${no_verify:+ (NOT VERIFIED)}"