Turns out its a royal PITA to get Cisco BIOS and CIMC firmware out of their upgrade ISO just to upgrade a Cisco UCS (in my case a UCS C22 M3) server's management and BIOS via the web UI.
According to the Cisco docs:
(Optional) If you plan to upgrade the Cisco IMC and BIOS firmware manually, do the following:Beginning with Release 3.0, the BIOS and Cisco IMC firmware files are no longer embedded inside the HUU as a standalone .zip file. BIOS and Cisco IMC firmware must now be extracted using the getfw utility, which is available in the GETFW folder of the HUU. Perform the following steps to extract the BIOS or Cisco IMC firmware files:
Note To perform this:
Openssl must be installed in the target system.
Squashfs kernel module must be loaded in the target system.
Openssl is already installed on my system so that should be easy (if it's not installed on yours, don't bother Googling, keep reading). Famous last words.
squashfs-modules package in Ubuntu 16.04, 18.04 or Debian Stretch so sadly the instructions here for Debian won't work: https://www.tldp.org/HOWTO/html_single/SquashFS-HOWTO/#debian
Therefore we need to build from source to get the modules we need. Download the latest release from https://sourceforge.net/projects/squashfs/
Compile and install:
tar -zxvf squashfs4.3.tar.gz cd squashfs4.3 make sudo make install sudo modprobe squashfs
Note: this will require
zlib, I didn't have it installed so
make initially failed. Install it with
sudo apt install libz-dev.
lsmod | grep sqash should show it's all loaded okay.
At this point, theoretically it should be as simple as running this as root:
./getfw -s /root/Desktop/HUU/ucs-c2xxx-huu-3.0.1c.iso -d /tmp/HUU
I'd be so lucky.
# ./getfw -s ucs-c2x-huu-3.0.4j.iso -d out Decryption failed
After some Googling about it's something about versions. Luckily though, some chap on the Cisco forums says:
I was able the run the getfw cli on a Rhel7.3 with openssl ver 1:1.0.1e
Right then, let's grab that version and try again.
wget https://ftp.openssl.org/source/old/1.0.1/openssl-1.0.1e.tar.gz tar -zxvf openssl-1.0.1e.tar.gz cd openssl-1.0.1e ./config make
Now there's a version of OpenSSL 1.0.1e in
$ ./apps/openssl version OpenSSL 1.0.1e 11 Feb 2013
This need to be first on the PATH so that
getfw picks it up:
sudo su export PATH="/path/to/openssl-1.0.1e/apps:$PATH" ./getfw -s ucs-c2x-huu-3.0.4j.iso -d out Nothing was selected hence getting only CIMC and BIOS FW/s available at 'out/ucs-c2x-huu-3.0.4j'
And hey presto, we have firmware! With any luck this will save someone the hours it took me.