Skip to content

Akira25/autoupdate

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

80 Commits
 
 
 
 
 
 
 
 

Repository files navigation

autoupdate

This script wants to get the upgrade process of a freifunk-berlin router via terminal smooth and easy.

For a more complete and more recent documentation (currently only in German), have a look for /doc/paper_autoupdate.pdf

Features

  • manual mode

    • saves a backup on your (remote) machine
      • (needs to be configured in /etc/config/autoupdate)
    • gets the model of the router and its uplink type
    • fetches the corresponding sysupgrade.bin and downloads it
    • does the upgrade
  • automatic mode

    • does save backup in /root/
    • does upgrade automatically

At default autoupdate is only avaiable in manual mode. To set it working automatically, you need to set a variable in the config file.

Usage

The script will give some explanatory text, if you start it without operators.

-m) Manual Mode

To start autoupdate in manual mode, type autoupdate -m in the CLI of your Freifunk Berlin router.

Before setting the script into auto mode (see below) it is strongly recommended to run it one time manually! Please check, if the router model and the uplink type is recognised correctly (especially hardware revisions). If not, you should override them by storing the correct values in the config file. /etc/config/autoupdate

For example: TP-LINK TL-WR1043ND v3 states itself as TP-LINK TL-WR1043ND v2. To fix that, set

config 'autoupdate' 'router'
	option 'router' 'null'

to

config 'autoupdate' 'router'
        option 'router' 'TP-LINK TL-WR1043ND v3'

You may also use uci, if you are more comfortable with that:

uci set autoupdate.router.router='TP-LINK TL-WR1043ND v3'
uci commit autoupdate

-a) Automatic Mode

Set autoupdate.automode.automode='true' in the config file. Also the valueson, yes, 1 are accepted. The script will check for updates weekly on Thursday. If automode is set on, the automatic update might also be started manually by autoupdate -a.

-r) Do Remote Backup

If you set up the values in config file, this will trigger the router to save a backup directly onto your remote machine. For this your machine must be accessible via ssh. Please mind to really give a slash at the end of the remote path.

	option 'client_path' '/complete/path/to/your/backups/'

-s) Send Router String

This "sends" (have a look in details section) the router string to the developers. This happens every week on Monday. With that string sent we can manage to take the link lists up to date, because the strings may vary in different firmware versions. (have a look above)

Technical Details

Format of Link Definition Files

To get the right download link, the script loads a signed json file. This file should have a form like this:

{
  "date":"20190512",
  "ROUTER-NAME#1":
  {
    "default": "http://link-to-sysupgrade.bin",
    "tunneldigger": "http://link-to-sysupgrade.bin"
  },
  "ROUTER-NAME#2":
  {
    "default": "http://link-to-sysupgrade.bin",
    "tunneldigger": "http://link-to-sysupgrade.bin"
  }
}

To generate those files automatically, you should have a look at json-creator https://github.com/Akira25/json-creator

Authenticy Check for Link Definition Files

The authenticy check function checks the signatures of the link definition file againts all the public keys in /usr/share/autoupdate/keys/. Update do only proceed, if a certain amount of signatures was valid. This amount is specified in /etc/config/autoupdate. We use openwrt-built-in usign for that.

The value should match with the importance of the upgrade branch. For example:

branch name minimum amount of valid signatures
stable 4
testing 3
experimental 1

One signature in each branch might be generated by the buildbot itself.

Caution: If you change the branch, you should change amount of signatures accordingly.

Generation and Signing of Link Definiton Files

Please check json-creator manual.

Send String Function

Actually the string is not "send". Due to firewalls and that wole stuff, the string is transmitted via wget. wget will try to get http://some-defined-server.berlin/devicename;$ROUTER;. It will fail by intention, but the device strings can be extracted fairly easy from the web server's access.log.

Have a look at name-finder.

Disclaimer

Upgrades which are not supported by the developers of Freifunk Berlin might break your configuration. Therefore this script should not be used in crucial environments like backbone-setups.

If you are comfortable with C, you should have a look at gluon-autoupdater too. https://github.com/freifunk-gluon/packages/tree/master/admin/autoupdater