aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--check-routeros-update19
-rw-r--r--global-config5
2 files changed, 20 insertions, 4 deletions
diff --git a/check-routeros-update b/check-routeros-update
index bcbe742..4810368 100644
--- a/check-routeros-update
+++ b/check-routeros-update
@@ -7,6 +7,7 @@
:global "identity";
:global "email-general-to";
:global "email-general-cc";
+:global "safe-update-url";
:global "sent-routeros-update-notification";
:if ([ :len [ / system package find where name="wireless" disabled=no ] ] > 0) do={
@@ -20,15 +21,25 @@
:local installedversion [ / system package update get installed-version ];
:local latestversion [ / system package update get latest-version ];
-:if ($"sent-routeros-update-notification" = $latestversion) do={
- :error ("Already sent the RouterOS update notification for version" . $latestversion . ".");
-}
-
:if ($installedversion != $latestversion) do={
:local channel [ / system package update get channel ];
:local model [ / system routerboard get model ];
:local serialnumber [ / system routerboard get serial-number ];
+ :if ([ :len $"safe-update-url" ] > 0) do={
+ :local result [ / tool fetch check-certificate=yes-without-crl \
+ ($"safe-update-url" . $channel) output=user as-value ];
+ :if ($result->"status" = "finished" && $result->"data" = $latestversion) do={
+ :log info ("Version " . $latestversion . " is assumed safe, updating...");
+ / system package update install;
+ :error "Waiting for system to reboot.";
+ }
+ }
+
+ :if ($"sent-routeros-update-notification" = $latestversion) do={
+ :error ("Already sent the RouterOS update notification for version" . $latestversion . ".");
+ }
+
/ tool e-mail send to=$"email-general-to" cc=$"email-general-cc" \
subject=("[" . $identity . "] RouterOS update notification") \
body=("There is a RouterOS update available\n\n" . \
diff --git a/global-config b/global-config
index 756251b..ae7f73a 100644
--- a/global-config
+++ b/global-config
@@ -21,6 +21,11 @@
:global "backup-send-export" true;
:global "backup-password" "v3ry-s3cr3t";
+# Specify an address to enable auto update to version assumed safe.
+# The configured channel (bugfix, current, release-candidate) is appended.
+:global "safe-update-url" "";
+#:global "safe-update-url" "https://example.com/ros/safe-update/";
+
# This is used to update AAAA records and firewall address-list.
:global "ipv6-interface" "br-local";
:global "ipv6-pool" "telekom";