Merge branch 'fetch-as-value'

author: Christian Hesse <mail@eworm.de> 2018-09-10 09:44:36 +0200
committer: Christian Hesse <mail@eworm.de> 2018-09-10 09:44:36 +0200
commit: 8f4986af0bb0ecea13594b9ea2bbcfbaa6c8a7e7 (patch)
tree: 43018abe95d562d11fc56944908096d382342f33
parent: a1951cc86a206abd0b6d46d579a8247af42904f8 (diff)
parent: 2de26a6617911d88fe0e4c10b861df670f0f17e6 (diff)
4 files changed, 49 insertions, 33 deletions
diff --git a/README.md b/README.md
index 52ac8cb..014e323 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,17 @@ to manage RouterOS devices or extend their functionality.
 
 *Use at your own risk!*
 
+Requirements
+------------
+
+Latest version of the scripts require at least **RouterOS 6.43** to function
+properly. The changelog lists the corresponding change as follows:
+
+> *) fetch - added "as-value" output format;
+
+See branch `pre-6-43` if you want to use the scripts on devices with older
+RouterOS version.
+
 Initial setup
 -------------
 
@@ -51,22 +62,8 @@ Then we import the certificates.
 
 Now let's download the main scripts, add them in configuration and remove the files.
 
-    [admin@MikroTik] > / tool fetch check-certificate=yes-without-crl dst-path="script-updates/global-config" "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/global-config"
-          status: finished
-      downloaded: 1KiBC-z pause]
-           total: 1KiB
-        duration: 0s
-
-    [admin@MikroTik] > / tool fetch check-certificate=yes-without-crl dst-path="script-updates/script-updates" "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/script-updates"
-          status: finished
-      downloaded: 1KiBC-z pause]
-           total: 1KiB
-        duration: 1s
-
-    [admin@MikroTik] > / system script add name=global-config source=[ / file get script-updates/global-config contents ]
-    [admin@MikroTik] > / file remove script-updates/global-config
-    [admin@MikroTik] > / system script add name=script-updates source=[ / file get script-updates/script-updates contents ]
-    [admin@MikroTik] > / file remove script-updates/script-updates
+    [admin@MikroTik] > / system script add name=global-config source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/global-config" output=user as-value]->"data")
+    [admin@MikroTik] > / system script add name=script-updates source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/script-updates" output=user as-value]->"data")
 
 The configuration needs to be tweaked for your needs. Make sure not to send your mails to `mail@example.com`!
 
diff --git a/check-routeros-update b/check-routeros-update
index bcbe742..4810368 100644
--- a/check-routeros-update
+++ b/check-routeros-update
@@ -7,6 +7,7 @@
 :global "identity";
 :global "email-general-to";
 :global "email-general-cc";
+:global "safe-update-url";
 :global "sent-routeros-update-notification";
 
 :if ([ :len [ / system package find where name="wireless" disabled=no ] ] > 0) do={
@@ -20,15 +21,25 @@
 :local installedversion [ / system package update get installed-version ];
 :local latestversion [ / system package update get latest-version ];
 
-:if ($"sent-routeros-update-notification" = $latestversion) do={
-  :error ("Already sent the RouterOS update notification for version" . $latestversion . ".");
-}
-
 :if ($installedversion != $latestversion) do={
   :local channel [ / system package update get channel ];
   :local model [ / system routerboard get model ];
   :local serialnumber [ / system routerboard get serial-number ];
 
+  :if ([ :len $"safe-update-url" ] > 0) do={
+    :local result [ / tool fetch check-certificate=yes-without-crl \
+        ($"safe-update-url" . $channel) output=user as-value ];
+    :if ($result->"status" = "finished" && $result->"data" = $latestversion) do={
+      :log info ("Version " . $latestversion . " is assumed safe, updating...");
+      / system package update install;
+      :error "Waiting for system to reboot.";
+    }
+  }
+
+  :if ($"sent-routeros-update-notification" = $latestversion) do={
+    :error ("Already sent the RouterOS update notification for version" . $latestversion . ".");
+  }
+
   / tool e-mail send to=$"email-general-to" cc=$"email-general-cc" \
     subject=("[" . $identity . "] RouterOS update notification") \
     body=("There is a RouterOS update available\n\n" . \
diff --git a/global-config b/global-config
index 756251b..ae7f73a 100644
--- a/global-config
+++ b/global-config
@@ -21,6 +21,11 @@
 :global "backup-send-export" true;
 :global "backup-password" "v3ry-s3cr3t";
 
+# Specify an address to enable auto update to version assumed safe.
+# The configured channel (bugfix, current, release-candidate) is appended.
+:global "safe-update-url" "";
+#:global "safe-update-url" "https://example.com/ros/safe-update/";
+
 # This is used to update AAAA records and firewall address-list.
 :global "ipv6-interface" "br-local";
 :global "ipv6-pool" "telekom";
diff --git a/script-updates b/script-updates
index ccfdd58..c872cd2 100644
--- a/script-updates
+++ b/script-updates
@@ -13,35 +13,38 @@
   :local ignore 0;
   :local scriptname [ / system script get $script name ];
   :local scriptfile [ / file find where name=("script-updates/" . $scriptname) ];
+  :local sourcenew;
+  :if ([ :len $scriptfile ] > 0) do={
+    :set sourcenew [ / file get $scriptfile content ];
+    / file remove $scriptfile;
+  }
 
-  :if ([ :len $scriptfile ] = 0 && $"script-updates-fetch" = true) do={
+  :if ([ :len $sourcenew ] = 0 && $"script-updates-fetch" = true) do={
     :foreach "ignore-loop" in=$"script-updates-ignore" do={
       :if ($"ignore-loop" = $scriptname) do={ :set ignore 1; }
     }
 
     :if ($ignore = 0) do={
       :log debug ("Fetching script from url: " . $scriptname);
-      :do {
-        / tool fetch check-certificate=yes-without-crl \
-          dst-path=("script-updates/" . $scriptname) \
-          ($"script-updates-baseurl" . $scriptname . $"script-updates-urlsuffix");
-        :set scriptfile [ / file find where name=("script-updates/" . $scriptname) ];
-      } on-error={
+      :local result [ / tool fetch check-certificate=yes-without-crl \
+          ($"script-updates-baseurl" . $scriptname . $"script-updates-urlsuffix") \
+          output=user as-value ];
+      :if ($result->"status" = "finished") do={
+        :set sourcenew ($result->"data");
+      } else={
         :log debug ("Failed fetching " . $scriptname);
       }
     }
   }
 
-  :if ([ :len $scriptfile ] > 0) do={
-    :local filecontent [ / file get $scriptfile content ];
-    :local scriptsource [ / system script get $script source ];
-    :if ($filecontent = $scriptsource) do={
+  :if ([ :len $sourcenew ] > 0) do={
+    :local sourcecurrent [ / system script get $script source ];
+    :if ($sourcenew = $sourcecurrent) do={
       :log debug ("Script " .  $scriptname . " did not change");
     } else={
       :log info ("Updating script: " . $scriptname);
-      / system script set owner=$scriptname source=$filecontent $script;
+      / system script set owner=$scriptname source=$sourcenew $script;
     }
-    / file remove $scriptfile;
   } else={
     :log debug ("No update for script " . $scriptname);
   }
author	Christian Hesse <mail@eworm.de>	2018-09-10 09:44:36 +0200
committer	Christian Hesse <mail@eworm.de>	2018-09-10 09:44:36 +0200
commit	8f4986af0bb0ecea13594b9ea2bbcfbaa6c8a7e7 (patch)
tree	43018abe95d562d11fc56944908096d382342f33
parent	a1951cc86a206abd0b6d46d579a8247af42904f8 (diff)
parent	2de26a6617911d88fe0e4c10b861df670f0f17e6 (diff)