Script to check forticlient package version
This commit is contained in:
parent
6a9fbdd0a3
commit
af735add43
|
@ -0,0 +1,327 @@
|
|||
#!/bin/sh
|
||||
# Purpose {{{
|
||||
## Create a temp file (to monitor) if an upgrade is available for Forticlient
|
||||
## from official website − https://www.fortinet.com/fr/support/product-downloads#vpn
|
||||
## It's based on .deb package installation to check the current version.
|
||||
## It can also compare the current available version in APT repositories
|
||||
## if "repo" is given as first argument.
|
||||
## If a new version is available, the script will try to download it.
|
||||
## How-to use {{{
|
||||
### 1. Create a cron job, eg :
|
||||
#00 20 * * * root /opt/repos/ipr.scripts/app/check.forticlient.update
|
||||
### 2-1 Create a cron job to compare the version available in an APT repository :
|
||||
#00 20 * * * root /opt/repos/ipr.scripts/app/check.forticlient.update --mode repo
|
||||
### 2. Monitor the temp file : /tmp/.forticlient.upgrade
|
||||
# Or enable MAILTO in cronjob and edit the script to print a message.
|
||||
# Or send a mail.
|
||||
# …
|
||||
## }}}
|
||||
|
||||
# }}}
|
||||
|
||||
# Vars {{{
|
||||
PROGNAME=$(basename "${0}"); readonly PROGNAME
|
||||
PROGDIR=$(readlink -m $(dirname "${0}")); readonly PROGDIR
|
||||
ARGS="${*}"; readonly ARGS
|
||||
readonly NBARGS="${#}"
|
||||
[ -z "${DEBUG}" ] && DEBUG=0
|
||||
## Export DEBUG for sub-script
|
||||
export DEBUG
|
||||
|
||||
## Default values for some vars
|
||||
CHECK_MODE_DEFAULT="file"
|
||||
|
||||
## Colors
|
||||
readonly PURPLE='\033[1;35m'
|
||||
readonly RED='\033[0;31m'
|
||||
readonly RESET='\033[0m'
|
||||
readonly COLOR_DEBUG="${PURPLE}"
|
||||
# }}}
|
||||
|
||||
usage() { # {{{
|
||||
|
||||
cat << HELP
|
||||
|
||||
usage: $PROGNAME [check_mode] [-m|-d|-h]
|
||||
|
||||
Compare current version of an installed Forticlient and the last available.
|
||||
|
||||
EXAMPLES :
|
||||
- Compare the current version of Forticlient installed from a .deb file
|
||||
${PROGNAME}
|
||||
${PROGNAME} --mode file
|
||||
|
||||
- Compare the current version of Forticlient available in the APT repo
|
||||
${PROGNAME} repo
|
||||
${PROGNAME} --mode repo
|
||||
|
||||
OPTIONS :
|
||||
-m,--mode
|
||||
Set the check_mode to use to get current version of Forticlient client
|
||||
Available mode :
|
||||
* repo
|
||||
* file (default behaviour)
|
||||
|
||||
-d,--debug
|
||||
Enable debug messages.
|
||||
|
||||
-h,--help
|
||||
Print this help message.
|
||||
HELP
|
||||
}
|
||||
# }}}
|
||||
debug_message() { # {{{
|
||||
|
||||
local_debug_message="${1}"
|
||||
|
||||
## Print message if DEBUG is enable (=0)
|
||||
[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6b\e[m\n' "DEBUG − ${PROGNAME} : ${local_debug_message}"
|
||||
|
||||
unset local_debug_message
|
||||
|
||||
return 0
|
||||
}
|
||||
# }}}
|
||||
error_message() { # {{{
|
||||
|
||||
local_error_message="${1}"
|
||||
local_error_code="${2}"
|
||||
|
||||
## Print message
|
||||
printf '%b\n' "ERROR − ${PROGNAME} : ${RED}${local_error_message}${RESET}"
|
||||
|
||||
unset local_error_message
|
||||
|
||||
exit "${local_error_code:=66}"
|
||||
}
|
||||
# }}}
|
||||
is_var_empty() { # {{{
|
||||
|
||||
## Return False by default
|
||||
return_var_empty="1"
|
||||
## Total number of variables to test
|
||||
local_total_var_empty="${#}"
|
||||
|
||||
loop_count_var_empty="0"
|
||||
|
||||
## While it remains a variable to test
|
||||
while [ "${local_total_var_empty}" -gt "${loop_count_var_empty}" ]; do
|
||||
debug_message "is_var_empty − \
|
||||
Test var: ${RED}${1}${COLOR_DEBUG}."
|
||||
### Test if this is empty and set return value to True
|
||||
[ -z "${1}" ] && return_var_empty="0"
|
||||
|
||||
### Increase the number of tested variables
|
||||
loop_count_var_empty=$((loop_count_var_empty+1))
|
||||
|
||||
### Shift to the next variable
|
||||
shift
|
||||
done
|
||||
|
||||
unset local_total_var_empty
|
||||
unset loop_count_var_empty
|
||||
|
||||
return "${return_var_empty}"
|
||||
}
|
||||
# }}}
|
||||
define_vars() { # {{{
|
||||
|
||||
## If check_mode wasn't defined (argument) {{{
|
||||
## Use default value
|
||||
is_var_empty "${check_mode}" \
|
||||
&& debug_message "define_vars − Use default value (${CHECK_MODE_DEFAULT}) for check_mode variable." \
|
||||
&& check_mode="${CHECK_MODE_DEFAULT}"
|
||||
## }}}
|
||||
|
||||
## Get forticlient_current_version according to the check_mode {{{
|
||||
case "${check_mode}" in
|
||||
"repo" ) ## Check forticlient version from repository
|
||||
forticlient_current_version=$(apt-cache policy -- forticlient | awk '/Candidate:/ {print $2}' | sed 's/.:\(.*\)-.*/\1/')
|
||||
;;
|
||||
"file" ) ## Check forticlient version from installed .deb file
|
||||
forticlient_current_version=$(dpkg --list -- forticlient | awk '/^ii *forticlient/ {print $3}' | sed 's/.:\(.*\)-.*/\1/')
|
||||
;;
|
||||
* ) ## unknow mode
|
||||
error_message "define_vars − Invalid check mode: ${check_mode}" 1
|
||||
;;
|
||||
esac
|
||||
|
||||
## If forticlient_current_version is empty
|
||||
is_var_empty "${forticlient_current_version}" \
|
||||
&& error_message "define_vars − Error with forticlient_current_version variable (${forticlient_current_version})" 2
|
||||
|
||||
## }}}
|
||||
|
||||
## Forticlient vars for new version {{{
|
||||
## Fortinet offer "always" the same URL to download .deb package.
|
||||
## This URL can be expanded to get package version
|
||||
forticlient_new_version_expanded_url=$(curl --silent https://unshorten.me/s/https://links.fortinet.com/forticlient/deb/vpnagent)
|
||||
forticlient_new_version=$(echo "${forticlient_new_version_expanded_url}" | sed -e 's/http.*forticlient_vpn_\(.*\)_amd64.deb/\1/')
|
||||
|
||||
is_var_empty "${forticlient_new_version_expanded_url}" "${forticlient_new_version}" \
|
||||
&& error_message "define_vars − Error with new version variables (forticlient_new_version_expanded_url: ${forticlient_new_version_expanded_url} ; forticlient_new_version: ${forticlient_new_version})." 3
|
||||
## }}}
|
||||
|
||||
## Vars for temp files
|
||||
forticlient_new_version_file="/tmp/.forticlient.upgrade"
|
||||
forticlient_new_pkg_path="/tmp/forticlient_${forticlient_new_version}_amd64.deb"
|
||||
forticlient_tmp_pkg_path="/tmp/.forticlient_${forticlient_new_version}_amd64.deb"
|
||||
}
|
||||
# }}}
|
||||
is_version_greater_than() { # {{{
|
||||
|
||||
first_value="${1}"
|
||||
value_to_compare="${2}"
|
||||
|
||||
## Return False by default
|
||||
return_is_version_greater_than="1"
|
||||
|
||||
debug_message "is_version_greater_than − \
|
||||
Is first value (${first_value}) greater than the second value (${value_to_compare})."
|
||||
|
||||
if printf '%s\n' "${first_value}" "${value_to_compare}" | sort --check=quiet --version-sort; then
|
||||
debug_message "is_version_greater_than − ${first_value} <= ${value_to_compare} ."
|
||||
return_is_version_greater_than="1"
|
||||
else
|
||||
debug_message "is_version_greater_than − ${first_value} > ${value_to_compare} ."
|
||||
return_is_version_greater_than="0"
|
||||
fi
|
||||
|
||||
unset first_value
|
||||
unset value_to_compare
|
||||
|
||||
return "${return_is_version_greater_than}"
|
||||
}
|
||||
# }}}
|
||||
|
||||
main() { # {{{
|
||||
|
||||
define_vars
|
||||
|
||||
# Behaviour can be tested by overriding this variable
|
||||
#forticlient_current_version="7.0.0.0000"
|
||||
#forticlient_current_version="${forticlient_new_version}"
|
||||
#forticlient_current_version="9.9.9.9999"
|
||||
|
||||
if is_version_greater_than "${forticlient_new_version}" "${forticlient_current_version}"; then
|
||||
debug_message "Test version − \
|
||||
New version (${forticlient_new_version}) seems more recent than the current one (${forticlient_current_version})."
|
||||
|
||||
## If it doesn't already exists, download the package for this new version
|
||||
if [ ! -f "${forticlient_new_pkg_path}" ]; then
|
||||
debug_message "Deb file − \
|
||||
Download .deb file from fortinet.com to ${forticlient_new_pkg_path} ."
|
||||
wget --quiet https://links.fortinet.com/forticlient/deb/vpnagent --output-document="${forticlient_new_pkg_path}"
|
||||
fi
|
||||
|
||||
# Verify downloaded package
|
||||
# Check the version from dpkg info {{{
|
||||
forticlient_dpkg_version=$(dpkg --info -- "${forticlient_new_pkg_path}" | awk '/ Version/ { print $2 }')
|
||||
|
||||
if [ "${forticlient_dpkg_version}" = "${forticlient_new_version}" ]; then
|
||||
debug_message "Check dpkg version − \
|
||||
New version and .deb file informations are similar."
|
||||
## Create a temp file to monitor
|
||||
touch -- "${forticlient_new_version_file}"
|
||||
printf '\e[1;35m%-6s\e[m\n' "An upgrade is available for forticlient (current : ${forticlient_current_version}) : ${forticlient_new_version}." >> "${forticlient_new_version_file}"
|
||||
|
||||
## Exit
|
||||
exit 0
|
||||
else
|
||||
debug_message "Check dpkg version − \
|
||||
New version and .deb file informations mismatch, don't need to go further."
|
||||
|
||||
# }}}
|
||||
# Remove useless file {{{
|
||||
## Ensure to remove the file to monitor
|
||||
rm --force -- "${forticlient_new_version_file}"
|
||||
|
||||
## Keep a record of the downloaded package because as a new release might come soon
|
||||
mv --force -- "${forticlient_new_pkg_path}" "${forticlient_tmp_pkg_path}"
|
||||
|
||||
## Exit
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# }}}
|
||||
|
||||
else
|
||||
debug_message "Test version − The current version is the same or is more recent than the available one."
|
||||
## Ensure to remove any temp file and useless .deb file
|
||||
rm --force -- "${forticlient_new_version_file}" "${forticlient_new_pkg_path}" "${forticlient_tmp_pkg_path}"
|
||||
|
||||
## Exit
|
||||
exit 0
|
||||
fi
|
||||
# }}}
|
||||
}
|
||||
# }}}
|
||||
|
||||
# Manage arguments # {{{
|
||||
# This code can't be in a function due to arguments
|
||||
|
||||
if [ ! "${NBARGS}" -eq "0" ]; then
|
||||
|
||||
manage_arg="0"
|
||||
|
||||
## If the first argument is not an option
|
||||
if ! printf -- '%s' "${1}" | grep --quiet --extended-regexp -- "^-+";
|
||||
then
|
||||
## Consider it as the mode to use to get current forticlient version
|
||||
check_mode="${1}"
|
||||
## Move to the next argument
|
||||
shift
|
||||
manage_arg=$((manage_arg+1))
|
||||
fi
|
||||
|
||||
# Parse all options (start with a "-") one by one
|
||||
while printf -- '%s' "${1}" | grep --quiet --extended-regexp -- "^-+"; do
|
||||
|
||||
case "${1}" in
|
||||
-m|--mode ) ## Define check_mode
|
||||
## Move to the next argument
|
||||
shift
|
||||
## Define var
|
||||
readonly check_mode="${1}"
|
||||
;;
|
||||
-d|--debug ) ## debug
|
||||
DEBUG=0
|
||||
;;
|
||||
-h|--help ) ## help
|
||||
usage
|
||||
## Exit after help informations
|
||||
exit 0
|
||||
;;
|
||||
-- ) ## End of options list
|
||||
## End the while loop
|
||||
break
|
||||
;;
|
||||
* ) ## unknow option
|
||||
printf '%b\n' "${RED}Invalid option: ${1}${RESET}"
|
||||
printf '%b\n' "---"
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
debug_message "Arguments management − \
|
||||
${RED}${1}${COLOR_DEBUG} option managed."
|
||||
|
||||
## Move to the next argument
|
||||
shift
|
||||
manage_arg=$((manage_arg+1))
|
||||
|
||||
done
|
||||
|
||||
debug_message "Arguments management − \
|
||||
${RED}${manage_arg}${COLOR_DEBUG} argument(s) successfully managed."
|
||||
else
|
||||
debug_message "Arguments management − \
|
||||
No arguments/options to manage."
|
||||
fi
|
||||
|
||||
# }}}
|
||||
|
||||
main
|
||||
|
||||
exit 255
|
Loading…
Reference in New Issue