From 607faca9bab3f1a1cee956c4e6537a92716e8dc6 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 26 Oct 2022 12:53:38 +0200
Subject: [PATCH] firmware: in retrospect always fetch the signature file

When we move to the next major the file contents for
the txz are all the same but their signature is not.
So until the next changelog sync was carried out the
CHECKSUM matched and the signature will stay stale.
---
 src/opnsense/scripts/firmware/changelog.sh | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/opnsense/scripts/firmware/changelog.sh b/src/opnsense/scripts/firmware/changelog.sh
index e2c187336..b51875d57 100755
--- a/src/opnsense/scripts/firmware/changelog.sh
+++ b/src/opnsense/scripts/firmware/changelog.sh
@@ -65,21 +65,16 @@ changelog_fetch()
 {
 	mkdir -p ${DESTDIR}
 
-	CHECKSUM=$(changelog_checksum ${DESTDIR}/changelog.txz)
 	URL=$(changelog_url)
 
 	${FETCH} -mo ${DESTDIR}/changelog.txz "${URL}"
+	${FETCH} -o ${DESTDIR}/changelog.txz.sig "${URL}.sig"
 
-	if [ "${CHECKSUM}" != "$(changelog_checksum ${DESTDIR}/changelog.txz)" ]; then
-		${FETCH} -o ${DESTDIR}/changelog.txz.sig "${URL}.sig"
-	fi
+	opnsense-verify -q ${DESTDIR}/changelog.txz
 
-	if opnsense-verify -q ${DESTDIR}/changelog.txz; then
-		changelog_remove
-		tar -C ${DESTDIR} -xJf ${DESTDIR}/changelog.txz
-	else
-		rm -f ${DESTDIR}/changelog.txz ${DESTDIR}/changelog.txz.sig
-	fi
+	changelog_remove
+
+	tar -C ${DESTDIR} -xJf ${DESTDIR}/changelog.txz
 }
 
 changelog_show()