#!rsc
# RouterOS script: check-routeros-update
# Copyright (c) 2013-2020 Christian Hesse <mail@eworm.de>
#
# check for RouterOS update, send notification and/or install

:global Identity;
:global SafeUpdateUrl;
:global SentRouterosUpdateNotification;

:global DeviceInfo;
:global ScriptFromTerminal;
:global SendNotification;

:local DoUpdate do={
  :if ([ / system script print count-only where name="packages-update" ] > 0) do={
    / system script run packages-update;
  } else={
    / system package update install without-paging;
  }
  :error "Waiting for system to reboot.";
}

:if ([ / system package print count-only where name="wireless" disabled=no ] > 0) do={
  :if ([ / interface wireless cap get enabled ] = true && \
      [ / caps-man manager get enabled ] = false) do={
    :log warning "System is managed by CAPsMAN, not checking.";
    :error "Warning: See log for details.";
  }
}

:if ([ / system scheduler print count-only where name="reboot-for-update" ] > 0) do={
  :error "A reboot for update is already scheduled.";
}

/ system package update check-for-updates without-paging;
:local Update [ / system package update get ];

:if ([ :len ($Update->"latest-version") ] = 0) do={
  :log warning "An empty string is not a valid version.";
  :error "Warning: See log for details.";
}

:if ($Update->"installed-version" != $Update->"latest-version") do={
  :if ([ :len $SafeUpdateUrl ] > 0) do={
    :local Result;
    :do {
      :set Result [ / tool fetch check-certificate=yes-without-crl \
          ($SafeUpdateUrl . $Update->"channel" . "?installed=" . $Update->"installed-version" . \
          "&latest=" . $Update->"latest-version") output=user as-value ];
    } on-error={
      :log warning ("Failed receiving safe version for " . $Update->"channel" . ".");
    }
    :if ($Result->"status" = "finished" && $Result->"data" = $Update->"latest-version") do={
      :log info ("Version " . $Update->"latest-version" . " is considered safe, updating...");
      $SendNotification ("RouterOS update") \
          ("Version " . $Update->"latest-version" . " is considered safe for " . $Update->"channel" . \
          ", updating on " . $Identity . "...") "" "true";
      $DoUpdate;
    }
  }

  :if ([ $ScriptFromTerminal "check-routeros-update" ] = true) do={
    :put ("Do you want to install RouterOS version " . $Update->"latest-version" . "? [y/N]");
    :if ([ :terminal inkey timeout=60 ] = 121) do={
      $DoUpdate;
    } else={
      :put "Canceled...";
    }
  }

  :if ($SentRouterosUpdateNotification = $Update->"latest-version") do={
    :log info ("Already sent the RouterOS update notification for version " . \
        $Update->"latest-version" . ".");
    :error "Already sent notification.";
  }

  $SendNotification ("RouterOS update") \
    ("There is a RouterOS update available.\n\n" . \
      [ $DeviceInfo ] . "\n\n" . \
      "https://mikrotik.com/download/changelogs/" . $Update->"channel" . "-release-tree") \
    "" "true";
  :set SentRouterosUpdateNotification ($Update->"latest-version");
}