]> git.proxmox.com Git - mirror_smartmontools-debian.git/blob - update-smart-drivedb.in
projects / mirror_smartmontools-debian.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import smartmontools 7.0
[mirror_smartmontools-debian.git] / update-smart-drivedb.in
1 #! /bin/sh
2 #
3 # smartmontools drive database update script
4 #
5 # Home page of code is: http://www.smartmontools.org
6 #
7 # Copyright (C) 2010-18 Christian Franke
8 #
9 # SPDX-License-Identifier: GPL-2.0-or-later
10 #
11 # $Id: update-smart-drivedb.in 4879 2018-12-28 22:05:12Z chrfranke $
12 #
13
14 set -e
15
16 # Set by config.status
17 @ENABLE_SCRIPTPATH_TRUE@export PATH="@scriptpath@"
18 PACKAGE="@PACKAGE@"
19 VERSION="@VERSION@"
20 prefix="@prefix@"
21 exec_prefix="@exec_prefix@"
22 sbindir="@sbindir@"
23 datarootdir="@datarootdir@"
24 datadir="@datadir@"
25 drivedbdir="@drivedbdir@"
26
27 # Download tools
28 os_dltools="@os_dltools@"
29
30 # drivedb.h update branch
31 BRANCH="@DRIVEDB_BRANCH@"
32
33 # Default drivedb location
34 DRIVEDB="$drivedbdir/drivedb.h"
35
36 # GnuPG used to verify signature (disabled if empty)
37 GPG="@gnupg@"
38
39 # Smartctl used for syntax check
40 SMARTCTL="$sbindir/smartctl"
41
42 # PATH information for help and error messages
43 @ENABLE_SCRIPTPATH_FALSE@pathinfo='$PATH'
44 @ENABLE_SCRIPTPATH_TRUE@pathinfo="'$PATH'"
45
46 myname=$0
47
48 usage()
49 {
50 @ENABLE_SCRIPTPATH_TRUE@ pathinfo="
51 @ENABLE_SCRIPTPATH_TRUE@ $pathinfo"
52 cat <<EOF
53 smartmontools $VERSION drive database update script
54
55 Usage: $myname [OPTIONS] [DESTFILE]
56
57 -s SMARTCTL Use SMARTCTL for syntax check ('-s -' to disable)
58 [default: $SMARTCTL]
59 -t TOOL Use TOOL for download: $os_dltools
60 [default: first one found in $pathinfo]
61 -u LOCATION Use URL of LOCATION for download:
62 github (GitHub mirror of SVN repository)
63 sf (Sourceforge code browser)
64 svn (SVN repository) [default]
65 svni (SVN repository via HTTP instead of HTTPS)
66 trac (Trac code browser)
67 --trunk Download from SVN trunk (may require '--no-verify')
68 --cacert FILE Use CA certificates from FILE to verify the peer
69 --capath DIR Use CA certificate files from DIR to verify the peer
70 --insecure Don't abort download if certificate verification fails
71 --no-verify Don't verify signature
72 --export-key Print the OpenPGP/GPG public key block
73 --dryrun Print download commands only
74 -v Verbose output
75
76 Updates $DRIVEDB
77 or DESTFILE from branches/$BRANCH of smartmontools
78 SVN repository.
79 EOF
80 exit 1
81 }
82
83 error()
84 {
85 echo "$myname: $*" >&2
86 exit 1
87 }
88
89 err_notfound()
90 {
91 case $1 in
92 */*) error "$1: not found $2" ;;
93 *) error "$1: not found in $pathinfo $2" ;;
94 esac
95 }
96
97 warning()
98 {
99 echo "$myname: (Warning) $*" >&2
100 }
101
102 selecturl()
103 {
104 case $1 in
105 github) # https://github.com/smartmontools/smartmontools/raw/origin/$BRANCH/smartmontools/drivedb.h
106 # https://github.com/smartmontools/smartmontools/raw/master/smartmontools/drivedb.h
107 # redirected to:
108 url='https://raw.githubusercontent.com/smartmontools/smartmontools/master/smartmontools/drivedb.h' ;;
109 sf) url='https://sourceforge.net/p/smartmontools/code/HEAD/tree/trunk/smartmontools/drivedb.h?format=raw' ;;
110 svn) url='https://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
111 svni) url='http://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
112 trac) url='https://www.smartmontools.org/export/HEAD/trunk/smartmontools/drivedb.h' ;;
113 *) usage ;;
114 esac
115 }
116
117 inpath()
118 {
119 local d rc save
120 rc=1
121 save=$IFS
122 IFS=':'
123 for d in $PATH; do
124 test -f "$d/$1" || continue
125 test -x "$d/$1" || continue
126 rc=0
127 break
128 done
129 IFS=$save
130 return $rc
131 }
132
133 vecho()
134 {
135 test -n "$q" || echo "$*"
136 }
137
138 # vrun COMMAND ARGS...
139 vrun()
140 {
141 if [ -n "$dryrun" ]; then
142 echo "$*"
143 elif [ -n "$q" ]; then
144 "$@" 2>/dev/null
145 else
146 echo "$*"
147 "$@"
148 fi
149 }
150
151 # vrun2 OUTFILE COMMAND ARGS...
152 vrun2()
153 {
154 local f err rc
155 f=$1; shift
156 rc=0
157 if [ -n "$dryrun" ]; then
158 echo "$* > $f"
159 else
160 vecho "$* > $f"
161 err=`"$@" 2>&1 > $f` || rc=$?
162 if [ -n "$err" ]; then
163 vecho "$err" >&2
164 test $rc != 0 || rc=42
165 fi
166 fi
167 return $rc
168 }
169
170 # download URL FILE
171 download()
172 {
173 local f u rc
174 u=$1; f=$2
175 rc=0
176
177 case $tool in
178 curl)
179 vrun curl ${q:+-s} -f --max-redirs 0 \
180 ${cacert:+--cacert "$cacert"} \
181 ${capath:+--capath "$capath"} \
182 ${insecure:+--insecure} \
183 -o "$f" "$u" || rc=$?
184 ;;
185
186 wget)
187 vrun wget $q --max-redirect=0 \
188 ${cacert:+--ca-certificate="$cacert"} \
189 ${capath:+--ca-directory="$capath"} \
190 ${insecure:+--no-check-certificate} \
191 -O "$f" "$u" || rc=$?
192 ;;
193
194 lynx)
195 test -z "$cacert" || vrun export SSL_CERT_FILE="$cacert"
196 test -z "$capath" || vrun export SSL_CERT_DIR="$capath"
197 # Check also stderr as lynx does not return != 0 on HTTP error
198 vrun2 "$f" lynx -stderr -noredir -source "$u" || rc=$?
199 ;;
200
201 svn)
202 vrun svn $q export \
203 --non-interactive --no-auth-cache \
204 ${cacert:+--config-option "servers:global:ssl-trust-default-ca=no"} \
205 ${cacert:+--config-option "servers:global:ssl-authority-files=$cacert"} \
206 ${insecure:+--trust-server-cert} \
207 "$u" "$f" || rc=$?
208 ;;
209
210 fetch) # FreeBSD
211 vrun fetch $q --no-redirect \
212 ${cacert:+--ca-cert "$cacert"} \
213 ${capath:+--ca-path "$capath"} \
214 ${insecure:+--no-verify-hostname} \
215 -o "$f" "$u" || rc=$?
216 ;;
217
218 ftp) # OpenBSD
219 vrun ftp \
220 ${cacert:+-S cafile="$cacert"} \
221 ${capath:+-S capath="$capath"} \
222 ${insecure:+-S dont} \
223 -o "$f" "$u" || rc=$?
224 ;;
225
226 *) error "$tool: unknown (internal error)" ;;
227 esac
228 return $rc
229 }
230
231 # check_file FILE FIRST_CHAR MIN_SIZE MAX_SIZE
232 check_file()
233 {
234 local firstchar f maxsize minsize size
235 test -z "$dryrun" || return 0
236 f=$1; firstchar=$2; minsize=$3; maxsize=$4
237
238 # Check first chars
239 case `dd if="$f" bs=1 count=1 2>/dev/null` in
240 $firstchar) ;;
241 \<) echo "HTML error message"; return 1 ;;
242 *) echo "unknown file contents"; return 1 ;;
243 esac
244
245 # Check file size
246 size=`wc -c < "$f"`
247 if test "$size" -lt $minsize; then
248 echo "too small file size $size bytes"
249 return 1
250 fi
251 if test "$size" -gt $maxsize; then
252 echo "too large file size $size bytes"
253 return 1
254 fi
255 return 0
256 }
257
258 # unexpand_svn_id < INFILE > OUTFILE
259 unexpand_svn_id()
260 {
261 sed 's,\$''Id'': drivedb\.h [0-9][0-9]* 2[-0-9]* [012][:0-9]*Z [a-z][a-z0-9]* \$,$''Id''$,'
262 }
263
264 # Smartmontools Signing Key (through 2020)
265 # <smartmontools-database@listi.jpberlin.de>
266 # Key ID 721042C5
267 public_key="\
268 -----BEGIN PGP PUBLIC KEY BLOCK-----
269
270 mQINBFwmhpUBEADRoOZaXq13MrqyAmbGe6FlHi6P9ujsT/SJGhTiAoN3W1X56Dbm
271 KP21nO9ZAjdXnvA2OmzppfCUX7v5Q3/TG3vN3WwfyQIO/dgSaTrGa1E8odbHEGc7
272 rhzYA8ekAn3TmxhOrEUTcRIogumW0zlQewHOlTe0OYsxat6/N8l3Cqn28HwZUpRH
273 MrJW3RgefFihQGEhXlnfzo+Tltl14IriURbwBZIDeZOk2AWLGweI0+zqTgYSbF5A
274 tI5rXO1QDeoyBYZhSX3MtnncwPdCnxoRasizU5w3KoZWYyKAc5bxJBJgUUp9HDOu
275 ATgNqekc8j28x/cUAWerXe183SBYQp0QkzMPbmE9TCGW3GjtW+Kk/NDbNe8ufj6O
276 hk0r7EbGyBO0qvgzHLzSsQiSsgaMCkLc5Xt4NzB4g2DvnReFU2WwgRh031lHOVLm
277 mvFqRtHzJb20dKufyjOmSMzNKRzURVmobECKARaBlGNP0wHYhq97n4OxM1o0eq7a
278 4ugaSp2q+6BSaAQhbZN8ULCF/oGA/376Sz7RNuoOmQwl9aFqnfl3YgopBIqKvnSP
279 h4j0QynN45rUFOe/VywTmpWKj+DonGCupxe9VvyZ87NKRgKiHprXGDrhdB0GcNXM
280 wV66WbjKBV7qlpSh/GH3oiHwlcYT8LNyZbxTJXcVF5ODtlZfc9zqRtUBWQARAQAB
281 tFNTbWFydG1vbnRvb2xzIFNpZ25pbmcgS2V5ICh0aHJvdWdoIDIwMjApIDxzbWFy
282 dG1vbnRvb2xzLWRhdGFiYXNlQGxpc3RpLmpwYmVybGluLmRlPokCPgQTAQIAKAUC
283 XCaGlQIbAwUJA8etAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ6nSrJXIQ
284 QsWXYQ/+IVHGQxDOg7lMX9iDbg/UDj/zrQfsJR2HQ2j0iI8TmsQLSK4pphwN0r9D
285 g0BuKhQBe3wPphLjwD40HueKatIacE91PgLse/KWmEe4OoQCDxshiIGad3YoIF3X
286 yrJg6pcMLOAnfT55Tg04EmWpT1LzWTJmH8RL2iftTM217Q2JnfQGKicTiD/GiYV1
287 oyFUvn+H5/u5O7UYhvWKBcccJtal2uhc6h8U2HugMV0SpNM5p83oGDZkV0YYSJ0C
288 044im1+axbz06Aeq7Uh3JFScCcbjl+SQ7gK0NJF39uI8HbwC7fcfySCj5JDuVeaq
289 KjahWctKa/D6nauKA8+LIGOckkf2oN0sJBrES7Zn8ImHYN/1wLCff9oIDAlux6Jk
290 BZ6+MqIJKHit4SSYPd3QnkdI1ehn+2EdxK9VSBU0W2ZPlZmoUSamWboloumhwYyN
291 86ohFVJWnN4YWlZiJNJlxj/F6d4GTEJBFqoK9yStdz8Dsg16sAwuNYFVFtCKaesA
292 keuhcS3SfoFXwLsz+8cLfHVdsBHmm9/OCfNtOm3EPJqaD57lL5ocTWQeLaAqUCse
293 rOCDoIUZul5e6kRytjjNIHFNufWTbuw4YlYM3+FU1nkgckmhw4M9kI/xGtVj7bvs
294 tJKKN976kOoRZRIAL+9SlC+3Tqd9a4y4RRjYongvFzqpqRlQfS+JARwEEwECAAYF
295 AlwmhpwACgkQL83sC9OvGqsVOggAqLB5eQrUv8E9ikD6kJCito827bzDWF29yD7P
296 vfhjXaz5in54jOVpwg3o9CsqIjjRW0/1bBVswC8ZL0sAdZ+GDSDMw5F2IpkD77gj
297 nFY79M/e6C9xYyxYzHC7emDPSz9IroOvdkkEgrB+OABKkaOCcS18P4Lk3WNHaPw5
298 c7aI0z1iJP52EmSfvB8r86mtUFJB+f15eD/4vaRfkZLFjF9FQ3kgEK1U+rV4s1O2
299 bCFfP3WPDcc83NgwRUvtXmcSOSOIoXnemJzyJr+JnqCWVET4XWF6i20mRFXVEpWt
300 f5AkJYgR3z/jW0djELbBWA/35bAnpXy5pDHv9NbZsTkBZxK/kokBHAQTAQIABgUC
301 XCaGnQAKCRAY7NpGy/a6xn4lB/90tXTnZsgmoftol9uivfQrPdR88WmOZLYmUeQA
302 d1rqSFMxe+KzO/qLuU8s6OF4nznwL2cPfbGZxezM4PiYmAmbbEU/3gTONwjVBBA0
303 Gfimy/fITEezFtCigo1thkaJ195g/dqY+zE3Vt4rzC03j1vx8mUHRPU6kkvKj8cP
304 0j+XHX2xQDsTXTstfnom29wBmGnvSZ9HgcdL71e1VXJXwikmnO3P4J/1C2LeCOlW
305 rGqWZ2c0WBLKdJnsYUx7Dm/OvkkB4lF+zWp98zS8jS/5h+1apVgEzrdTMvT8ydTk
306 Ur7ObKGkIhK+L+Xo5BD+V9Qf6xKGYPwhhdj/E5/kyjULrm10iQEcBBMBAgAGBQJc
307 JoadAAoJEPOHY87f0iVZfiUH/3yKS5wGvTeRInse8+W1WzKuto3XzqXLngb9QXWw
308 7nCwqmNS7PbzDnufQi2ThKrMfcK14WgNYABNZPU75I+6bcb0oCB5tlooIUEV/2Ut
309 /5Hl/83zFFoNA/kQKVz8kIDqgRcxC+zY2VJ4eTKHyQDvXygVk8wnKTBae3gX+CIZ
310 qJHPXiiygHlbl31Mi3G1Iaxu57dP6ocV0vX1dytKSwd4Rbviwwb4L76o/tVT9t3G
311 wFM15uK1SqtnAaiaktEdMi3XI4d01H3VUVz/iR0XQbf13RZoEM6CJWmsQ/qvYlwk
312 bKOdlahjoHrFlkhADSBaO9N1OZp3OYDjziIujMdt2IPKnmM=
313 =0uFV
314 -----END PGP PUBLIC KEY BLOCK-----
315 "
316
317 # gpg_verify FILE.asc FILE
318 gpg_verify()
319 {
320 local gnupgtmp opts out rc
321 opts="--quiet ${q:+--no-secmem-warnin} --batch --no-tty"
322
323 # Create temp home dir
324 gnupgtmp="$tmpdir/.gnupg.$$.tmp"
325 rm -f -r "$gnupgtmp"
326 mkdir "$gnupgtmp" || exit 1
327 chmod 0700 "$gnupgtmp"
328
329 # Import public key
330 "$GPG" $opts --homedir="$gnupgtmp" --import <<EOF
331 $public_key
332 EOF
333 test $? = 0 || exit 1
334
335 # Verify
336 rc=0
337 out=`"$GPG" $opts --homedir="$gnupgtmp" --verify "$1" "$2" </dev/null 2>&1` || rc=1
338 vecho "$out"
339
340 rm -f -r "$gnupgtmp"
341 return $rc
342 }
343
344 # mv_all PREFIX OLD NEW
345 mv_all()
346 {
347 mv "${1}${2}" "${1}${3}"
348 mv "${1}${2}.raw" "${1}${3}.raw"
349 mv "${1}${2}.raw.asc" "${1}${3}.raw.asc"
350 }
351
352 # Parse options
353 smtctl=$SMARTCTL
354 tool=
355 url=
356 q="-q"
357 dryrun=
358 trunk=
359 cacert=
360 capath=
361 insecure=
362 no_verify=
363
364 while true; do case $1 in
365 -s)
366 shift; test -n "$1" || usage
367 smtctl=$1 ;;
368
369 -t)
370 shift
371 case $1 in *\ *) usage ;; esac
372 case " $os_dltools " in *\ $1\ *) ;; *) usage ;; esac
373 tool=$1 ;;
374
375 -u)
376 shift; selecturl "$1" ;;
377
378 -v)
379 q= ;;
380
381 --dryrun)
382 dryrun=t ;;
383
384 --trunk)
385 trunk=trunk ;;
386
387 --cacert)
388 shift; test -n "$1" || usage
389 cacert=$1 ;;
390
391 --capath)
392 shift; test -n "$1" || usage
393 capath=$1 ;;
394
395 --insecure)
396 insecure=t ;;
397
398 --no-verify)
399 no_verify=t ;;
400
401 --export-key)
402 cat <<EOF
403 $public_key
404 EOF
405 exit 0 ;;
406
407 -*)
408 usage ;;
409
410 *)
411 break ;;
412 esac; shift; done
413
414 case $# in
415 0) DEST=$DRIVEDB ;;
416 1) DEST=$1 ;;
417 *) usage ;;
418 esac
419
420 if [ -z "$tool" ]; then
421 # Find download tool in PATH
422 for t in $os_dltools; do
423 if inpath "$t"; then
424 tool=$t
425 break
426 fi
427 done
428 test -n "$tool" || error "found none of '$os_dltools' in $pathinfo"
429 fi
430
431 test -n "$url" || selecturl "svn"
432
433 # Check option compatibility
434 case "$tool:$url" in
435 svn:http*://svn.code.sf.net*) ;;
436 svn:*) error "'-t svn' requires '-u svn' or '-u svni'" ;;
437 esac
438 case "$tool:${capath:+set}" in
439 svn:set) warning "'--capath' is ignored if '-t svn' is used" ;;
440 esac
441 case "${insecure:-f}:$url" in
442 t:http:*) insecure= ;;
443 ?:https:*) ;;
444 *) error "'-u svni' requires '--insecure'" ;;
445 esac
446 case "$tool:$insecure" in
447 lynx:t) warning "'--insecure' is ignored if '-t lynx' is used" ;;
448 esac
449
450 # Check for smartctl
451 if [ "$smtctl" != "-" ]; then
452 "$smtctl" -V >/dev/null 2>&1 \
453 || err_notfound "$smtctl" "('-s -' to ignore)"
454 fi
455
456 # Check for GnuPG
457 if [ -z "$no_verify" ]; then
458 test -n "$GPG" \
459 || error "GnuPG is not available ('--no-verify' to ignore)"
460 "$GPG" --version >/dev/null 2>&1 \
461 || err_notfound "$GPG" "('--no-verify' to ignore)"
462 fi
463
464 # Use destination directory as temp directory for gpg
465 tmpdir=`dirname "$DEST"`
466
467 # Adjust URLs
468 src=`echo "$url" | sed -e "s,/trunk/,/branches/$BRANCH/," \
469 -e "s,/master/,/origin/$BRANCH/,"`
470 src_asc=`echo "$src" | sed "s,/drivedb\.h,/drivedb.h.raw.asc,"`
471 test -z "$trunk" || src=$url
472
473 # Download
474 test -n "$dryrun" || rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
475
476 vecho "Download ${trunk:-branches/$BRANCH}/drivedb.h with $tool"
477 rc=0
478 download "$src" "$DEST.new" || rc=$?
479 if [ $rc != 0 ]; then
480 rm -f "$DEST.new"
481 error "${trunk:-$BRANCH}/drivedb.h: download failed ($tool: exit $rc)"
482 fi
483 if ! errmsg=`check_file "$DEST.new" '/' 10000 1000000`; then
484 mv "$DEST.new" "$DEST.error"
485 error "$DEST.error: $errmsg"
486 fi
487
488 vecho "Download branches/$BRANCH/drivedb.h.raw.asc with $tool"
489 rc=0
490 download "$src_asc" "$DEST.new.raw.asc" || rc=$?
491 if [ $rc != 0 ]; then
492 rm -f "$DEST.new" "$DEST.new.raw.asc"
493 error "$BRANCH/drivedb.h.raw.asc: download failed ($tool: exit $rc)"
494 fi
495 if ! errmsg=`check_file "$DEST.new.raw.asc" '-' 200 2000`; then
496 rm -f "$DEST.new"
497 mv "$DEST.new.raw.asc" "$DEST.error.raw.asc"
498 error "$DEST.error.raw.asc: $errmsg"
499 fi
500
501 test -z "$dryrun" || exit 0
502
503 # Create raw file with unexpanded SVN Id
504 # (This assumes newlines are LF and not CR/LF)
505 unexpand_svn_id < "$DEST.new" > "$DEST.new.raw"
506
507 # Adjust timestamps and permissions
508 touch "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
509 chmod 0644 "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
510
511 if [ -z "$no_verify" ]; then
512 # Verify raw file
513 if ! gpg_verify "$DEST.new.raw.asc" "$DEST.new.raw"; then
514 mv_all "$DEST" ".new" ".error"
515 test -n "$trunk" || error "$DEST.error.raw: *** BAD signature ***"
516 error "$DEST.error.raw: signature from branch no longer valid ('--no-verify' to ignore)"
517 fi
518 fi
519
520 if [ "$smtctl" != "-" ]; then
521 # Check syntax
522 if ! "$smtctl" -B "$DEST.new" -P showall >/dev/null; then
523 mv_all "$DEST" ".new" ".error"
524 error "$DEST.error: rejected by $smtctl, probably no longer compatible"
525 fi
526 vecho "$smtctl: syntax OK"
527 fi
528
529 # Keep old file if identical, ignore missing Id keyword expansion in new file
530 rm -f "$DEST.lastcheck"
531 if [ -f "$DEST" ]; then
532 if [ -f "$DEST.raw" ] && [ -f "$DEST.raw.asc" ]; then
533 if cmp "$DEST.raw" "$DEST.new.raw" >/dev/null 2>&1 \
534 && cmp "$DEST.raw.asc" "$DEST.new.raw.asc" >/dev/null 2>&1 \
535 && { cmp "$DEST" "$DEST.new" >/dev/null 2>&1 \
536 || cmp "$DEST.raw" "$DEST.new" >/dev/null 2>&1; }
537 then
538 rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
539 touch "$DEST.lastcheck"
540 echo "$DEST is already up to date"
541 exit 0
542 fi
543 mv_all "$DEST" "" ".old"
544 else
545 mv "$DEST" "$DEST.old"
546 fi
547 fi
548
549 mv_all "$DEST" ".new" ""
550
551 echo "$DEST updated from ${trunk:-branches/$BRANCH}${no_verify:+ (NOT VERIFIED)}"
Debian smartmontool mirror