From a51750a27f0dc7427fbf2e016cd0cc0787fb7057 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 27 Aug 2018 08:59:05 +0200 Subject: README: fetch into config without file --- README.md | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 52ac8cb..014e323 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,17 @@ to manage RouterOS devices or extend their functionality. *Use at your own risk!* +Requirements +------------ + +Latest version of the scripts require at least **RouterOS 6.43** to function +properly. The changelog lists the corresponding change as follows: + +> *) fetch - added "as-value" output format; + +See branch `pre-6-43` if you want to use the scripts on devices with older +RouterOS version. + Initial setup ------------- @@ -51,22 +62,8 @@ Then we import the certificates. Now let's download the main scripts, add them in configuration and remove the files. - [admin@MikroTik] > / tool fetch check-certificate=yes-without-crl dst-path="script-updates/global-config" "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/global-config" - status: finished - downloaded: 1KiBC-z pause] - total: 1KiB - duration: 0s - - [admin@MikroTik] > / tool fetch check-certificate=yes-without-crl dst-path="script-updates/script-updates" "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/script-updates" - status: finished - downloaded: 1KiBC-z pause] - total: 1KiB - duration: 1s - - [admin@MikroTik] > / system script add name=global-config source=[ / file get script-updates/global-config contents ] - [admin@MikroTik] > / file remove script-updates/global-config - [admin@MikroTik] > / system script add name=script-updates source=[ / file get script-updates/script-updates contents ] - [admin@MikroTik] > / file remove script-updates/script-updates + [admin@MikroTik] > / system script add name=global-config source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/global-config" output=user as-value]->"data") + [admin@MikroTik] > / system script add name=script-updates source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/script-updates" output=user as-value]->"data") The configuration needs to be tweaked for your needs. Make sure not to send your mails to `mail@example.com`! -- cgit v1.2.3-70-g09d2 From 838debd6cf394250bd6d540d9a56baab53f86032 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 24 Aug 2018 16:14:38 +0200 Subject: script-updates: fetch into variable --- script-updates | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/script-updates b/script-updates index ccfdd58..c872cd2 100644 --- a/script-updates +++ b/script-updates @@ -13,35 +13,38 @@ :local ignore 0; :local scriptname [ / system script get $script name ]; :local scriptfile [ / file find where name=("script-updates/" . $scriptname) ]; + :local sourcenew; + :if ([ :len $scriptfile ] > 0) do={ + :set sourcenew [ / file get $scriptfile content ]; + / file remove $scriptfile; + } - :if ([ :len $scriptfile ] = 0 && $"script-updates-fetch" = true) do={ + :if ([ :len $sourcenew ] = 0 && $"script-updates-fetch" = true) do={ :foreach "ignore-loop" in=$"script-updates-ignore" do={ :if ($"ignore-loop" = $scriptname) do={ :set ignore 1; } } :if ($ignore = 0) do={ :log debug ("Fetching script from url: " . $scriptname); - :do { - / tool fetch check-certificate=yes-without-crl \ - dst-path=("script-updates/" . $scriptname) \ - ($"script-updates-baseurl" . $scriptname . $"script-updates-urlsuffix"); - :set scriptfile [ / file find where name=("script-updates/" . $scriptname) ]; - } on-error={ + :local result [ / tool fetch check-certificate=yes-without-crl \ + ($"script-updates-baseurl" . $scriptname . $"script-updates-urlsuffix") \ + output=user as-value ]; + :if ($result->"status" = "finished") do={ + :set sourcenew ($result->"data"); + } else={ :log debug ("Failed fetching " . $scriptname); } } } - :if ([ :len $scriptfile ] > 0) do={ - :local filecontent [ / file get $scriptfile content ]; - :local scriptsource [ / system script get $script source ]; - :if ($filecontent = $scriptsource) do={ + :if ([ :len $sourcenew ] > 0) do={ + :local sourcecurrent [ / system script get $script source ]; + :if ($sourcenew = $sourcecurrent) do={ :log debug ("Script " . $scriptname . " did not change"); } else={ :log info ("Updating script: " . $scriptname); - / system script set owner=$scriptname source=$filecontent $script; + / system script set owner=$scriptname source=$sourcenew $script; } - / file remove $scriptfile; } else={ :log debug ("No update for script " . $scriptname); } -- cgit v1.2.3-70-g09d2 From 2de26a6617911d88fe0e4c10b861df670f0f17e6 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 30 Aug 2018 11:26:47 +0200 Subject: check-routeros-update: enable auto update for safe version --- check-routeros-update | 19 +++++++++++++++---- global-config | 5 +++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/check-routeros-update b/check-routeros-update index bcbe742..4810368 100644 --- a/check-routeros-update +++ b/check-routeros-update @@ -7,6 +7,7 @@ :global "identity"; :global "email-general-to"; :global "email-general-cc"; +:global "safe-update-url"; :global "sent-routeros-update-notification"; :if ([ :len [ / system package find where name="wireless" disabled=no ] ] > 0) do={ @@ -20,15 +21,25 @@ :local installedversion [ / system package update get installed-version ]; :local latestversion [ / system package update get latest-version ]; -:if ($"sent-routeros-update-notification" = $latestversion) do={ - :error ("Already sent the RouterOS update notification for version" . $latestversion . "."); -} - :if ($installedversion != $latestversion) do={ :local channel [ / system package update get channel ]; :local model [ / system routerboard get model ]; :local serialnumber [ / system routerboard get serial-number ]; + :if ([ :len $"safe-update-url" ] > 0) do={ + :local result [ / tool fetch check-certificate=yes-without-crl \ + ($"safe-update-url" . $channel) output=user as-value ]; + :if ($result->"status" = "finished" && $result->"data" = $latestversion) do={ + :log info ("Version " . $latestversion . " is assumed safe, updating..."); + / system package update install; + :error "Waiting for system to reboot."; + } + } + + :if ($"sent-routeros-update-notification" = $latestversion) do={ + :error ("Already sent the RouterOS update notification for version" . $latestversion . "."); + } + / tool e-mail send to=$"email-general-to" cc=$"email-general-cc" \ subject=("[" . $identity . "] RouterOS update notification") \ body=("There is a RouterOS update available\n\n" . \ diff --git a/global-config b/global-config index 756251b..ae7f73a 100644 --- a/global-config +++ b/global-config @@ -21,6 +21,11 @@ :global "backup-send-export" true; :global "backup-password" "v3ry-s3cr3t"; +# Specify an address to enable auto update to version assumed safe. +# The configured channel (bugfix, current, release-candidate) is appended. +:global "safe-update-url" ""; +#:global "safe-update-url" "https://example.com/ros/safe-update/"; + # This is used to update AAAA records and firewall address-list. :global "ipv6-interface" "br-local"; :global "ipv6-pool" "telekom"; -- cgit v1.2.3-70-g09d2