1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
| | #!/usr/bin/env -S execlineb -WS0
# SPDX-License-Identifier: EUPL-1.2+
# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
export LC_ALL C
export LANGUAGE C
if { mount -toverlay -olowerdir=/run/virtiofs/virtiofs0/etc:/etc -- overlay /etc }
backtick tmpdir { mktemp -d /tmp/sysupdate-XXXXXX }
# Not a useless use of cat: if there are NUL bytes in the URL
# busybox's awk might misbehave.
backtick update_url { cat /etc/update-url }
if {
backtick sed_rhs {
# Use awk to both validate the URL and to escape sed metacharacters.
# Reject URLs with control characters, query parameters, or fragments.
# They *cannot* work and so are rejected to produce better error messages.
#
# curl rejects control characters with "Malformed input to a URL function".
# Fragment specifiers ("#") and query parameters ("?") break concatenating
# /SHA256SUMS and /SHA256SUMS.sha256.asc onto the update URL. Also, it is
# simpler to reject update URLs that contain whitespace than to try to
# escape them.
#
# Backslash needs to be escaped once for systemd-sysupdate and again for sed.
# Ampersand needs to be escaped once for sed.
awk "BEGIN {
update_url = ENVIRON[\"update_url\"];
if (update_url ~ /^[^\\001-\\040?#\\x7F]+$/) {
# Use & to avoid extra escaping (16 or 32 backslashes!)
# and a divergence between POSIX and GNU awk.
gsub(/\\\\/, \"&&&&\", update_url);
gsub(/&/, \"\\\\\\\\&\", update_url);
print update_url;
exit 0;
} else {
print ARGV[2] > \"/dev/stderr\";
exit 100;
}
}" -- $3
"Bad update URL from host: control characters, whitespace, query parameters, and fragment specifiers not allowed"
}
elglob -w -0 transfer_file_ /etc/vm-sysupdate.d/*.transfer
forx -E transfer_file { $transfer_file_ }
backtick target_basename {
basename -- $transfer_file
}
multisubstitute {
importas -iuS sed_rhs
importas -iuS target_basename
importas -iuS tmpdir
define sed_input $transfer_file
}
redirfd -w 1 ${tmpdir}/${target_basename}
sed -E -- "s#@UPDATE_URL@#${sed_rhs}#g" $sed_input
}
multisubstitute {
importas -iuS update_url
importas -iuS CURL_PATH
importas -iuS SYSTEMD_SYSUPDATE_PATH
importas -iuS tmpdir
}
if { $SYSTEMD_SYSUPDATE_PATH --definitions=${tmpdir} update }
# [ and ] are allowed in update URLs so that IPv6 addresses work, but
# they cause globbing in the curl command-line tool by default. Use --globoff
# to disable this feature.
if { $CURL_PATH -L --proto-redir =http,https --globoff
-o /run/virtiofs/virtiofs0/updates/SHA256SUMS -- ${update_url}/SHA256SUMS }
$CURL_PATH -L --proto-redir =http,https --globoff
-o /run/virtiofs/virtiofs0/updates/SHA256SUMS.sha256.asc -- ${update_url}/SHA256SUMS.sha256.asc
|