#!rsc
# RouterOS script: check-routeros-update
# Copyright (c) 2013-2019 Christian Hesse <mail@eworm.de>
#
# check for RouterOS update, send notification e-mails

:global Identity;
:global SafeUpdateUrl;
:global SentRouterosUpdateNotification;

:global SendNotification;

:local Update do={
  :if ([ / system script print count-only where name="packages-update" ] > 0) do={
    / system script run packages-update;
  } else={
    / system package update install without-paging;
  }
  :error "Waiting for system to reboot.";
}

:if ([ / system package print count-only where name="wireless" disabled=no ] > 0) do={
  :if ([ / interface wireless cap get enabled ] = true && \
      [ / caps-man manager get enabled ] = false) do={
    :error "System is managed by CAPsMAN, not checking.";
  }
}

/ system package update check-for-updates without-paging;
:local InstalledVersion [ / system package update get installed-version ];
:local LatestVersion [ / system package update get latest-version ];

:if ($InstalledVersion != $LatestVersion) do={
  :local Channel [ / system package update get channel ];
  :local BoardName [ / system resource get board-name ];
  :local Model [ / system routerboard get model ];
  :local SerialNumber [ / system routerboard get serial-number ];

  :if ([ :len $SafeUpdateUrl ] > 0) do={
    :local Result;
    :do {
      :set Result [ / tool fetch check-certificate=yes-without-crl \
          ($SafeUpdateUrl . $Channel . "?installed=" . $InstalledVersion . \
          "&latest=" . $LatestVersion) output=user as-value ];
    } on-error={
      :log warning ("Failed receiving safe version for " . $Channel . ".");
    }
    :if ($Result->"status" = "finished" && $Result->"data" = $LatestVersion) do={
      :log info ("Version " . $LatestVersion . " is considered safe, updating...");
      $SendNotification ("RouterOS update notification") \
          ("Version " . $LatestVersion . " is considered safe for " . $Channel . \
          ", updating on " . $Identity . "...");
      $Update;
    }
  }

  :if ([ / system script job print count-only where script="check-routeros-update" parent~"." ] > 0) do={
    :put ("Do you want to install RouterOS version " . $LatestVersion . "? [y/N]");
    :if ([ :terminal inkey timeout=60 ] = 121) do={
      $Update;
    } else={
      :put "Canceled...";
    }
  }

  :if ($SentRouterosUpdateNotification = $LatestVersion) do={
    :error ("Already sent the RouterOS update notification for version " . \
        $LatestVersion . ".");
  }

  $SendNotification ("RouterOS update notification") \
    ("There is a RouterOS update available\n\n" . \
      "Board name:    " . $BoardName . "\n" . \
      "Model:         " . $Model . "\n" . \
      "Serial number: " . $SerialNumber . "\n" . \
      "Hostname:      " . $Identity . "\n" . \
      "Channel:       " . $Channel . "\n" . \
      "Installed:     " . $InstalledVersion . "\n" . \
      "Available:     " . $LatestVersion);
  :set SentRouterosUpdateNotification $LatestVersion;
}