From af735add434efb8abe78188a521c5bd010fd584f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?= Date: Fri, 27 Jan 2023 21:22:55 +0100 Subject: [PATCH] Script to check forticlient package version --- app/check.forticlient.update | 327 +++++++++++++++++++++++++++++++++++ 1 file changed, 327 insertions(+) create mode 100755 app/check.forticlient.update diff --git a/app/check.forticlient.update b/app/check.forticlient.update new file mode 100755 index 0000000..8833687 --- /dev/null +++ b/app/check.forticlient.update @@ -0,0 +1,327 @@ +#!/bin/sh +# Purpose {{{ +## Create a temp file (to monitor) if an upgrade is available for Forticlient +## from official website − https://www.fortinet.com/fr/support/product-downloads#vpn +## It's based on .deb package installation to check the current version. +## It can also compare the current available version in APT repositories +## if "repo" is given as first argument. +## If a new version is available, the script will try to download it. +## How-to use {{{ +### 1. Create a cron job, eg : +#00 20 * * * root /opt/repos/ipr.scripts/app/check.forticlient.update +### 2-1 Create a cron job to compare the version available in an APT repository : +#00 20 * * * root /opt/repos/ipr.scripts/app/check.forticlient.update --mode repo +### 2. Monitor the temp file : /tmp/.forticlient.upgrade +# Or enable MAILTO in cronjob and edit the script to print a message. +# Or send a mail. +# … +## }}} + +# }}} + +# Vars {{{ +PROGNAME=$(basename "${0}"); readonly PROGNAME +PROGDIR=$(readlink -m $(dirname "${0}")); readonly PROGDIR +ARGS="${*}"; readonly ARGS +readonly NBARGS="${#}" +[ -z "${DEBUG}" ] && DEBUG=0 +## Export DEBUG for sub-script +export DEBUG + +## Default values for some vars +CHECK_MODE_DEFAULT="file" + +## Colors +readonly PURPLE='\033[1;35m' +readonly RED='\033[0;31m' +readonly RESET='\033[0m' +readonly COLOR_DEBUG="${PURPLE}" +# }}} + +usage() { # {{{ + + cat << HELP + +usage: $PROGNAME [check_mode] [-m|-d|-h] + +Compare current version of an installed Forticlient and the last available. + +EXAMPLES : + - Compare the current version of Forticlient installed from a .deb file + ${PROGNAME} + ${PROGNAME} --mode file + + - Compare the current version of Forticlient available in the APT repo + ${PROGNAME} repo + ${PROGNAME} --mode repo + +OPTIONS : + -m,--mode + Set the check_mode to use to get current version of Forticlient client + Available mode : + * repo + * file (default behaviour) + + -d,--debug + Enable debug messages. + + -h,--help + Print this help message. +HELP +} +# }}} +debug_message() { # {{{ + + local_debug_message="${1}" + + ## Print message if DEBUG is enable (=0) + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6b\e[m\n' "DEBUG − ${PROGNAME} : ${local_debug_message}" + + unset local_debug_message + + return 0 +} +# }}} +error_message() { # {{{ + + local_error_message="${1}" + local_error_code="${2}" + + ## Print message + printf '%b\n' "ERROR − ${PROGNAME} : ${RED}${local_error_message}${RESET}" + + unset local_error_message + + exit "${local_error_code:=66}" +} +# }}} +is_var_empty() { # {{{ + + ## Return False by default + return_var_empty="1" + ## Total number of variables to test + local_total_var_empty="${#}" + + loop_count_var_empty="0" + + ## While it remains a variable to test + while [ "${local_total_var_empty}" -gt "${loop_count_var_empty}" ]; do + debug_message "is_var_empty − \ +Test var: ${RED}${1}${COLOR_DEBUG}." + ### Test if this is empty and set return value to True + [ -z "${1}" ] && return_var_empty="0" + + ### Increase the number of tested variables + loop_count_var_empty=$((loop_count_var_empty+1)) + + ### Shift to the next variable + shift + done + + unset local_total_var_empty + unset loop_count_var_empty + + return "${return_var_empty}" +} +# }}} +define_vars() { # {{{ + + ## If check_mode wasn't defined (argument) {{{ + ## Use default value + is_var_empty "${check_mode}" \ + && debug_message "define_vars − Use default value (${CHECK_MODE_DEFAULT}) for check_mode variable." \ + && check_mode="${CHECK_MODE_DEFAULT}" + ## }}} + + ## Get forticlient_current_version according to the check_mode {{{ + case "${check_mode}" in + "repo" ) ## Check forticlient version from repository + forticlient_current_version=$(apt-cache policy -- forticlient | awk '/Candidate:/ {print $2}' | sed 's/.:\(.*\)-.*/\1/') + ;; + "file" ) ## Check forticlient version from installed .deb file + forticlient_current_version=$(dpkg --list -- forticlient | awk '/^ii *forticlient/ {print $3}' | sed 's/.:\(.*\)-.*/\1/') + ;; + * ) ## unknow mode + error_message "define_vars − Invalid check mode: ${check_mode}" 1 + ;; + esac + + ## If forticlient_current_version is empty + is_var_empty "${forticlient_current_version}" \ + && error_message "define_vars − Error with forticlient_current_version variable (${forticlient_current_version})" 2 + + ## }}} + + ## Forticlient vars for new version {{{ + ## Fortinet offer "always" the same URL to download .deb package. + ## This URL can be expanded to get package version + forticlient_new_version_expanded_url=$(curl --silent https://unshorten.me/s/https://links.fortinet.com/forticlient/deb/vpnagent) + forticlient_new_version=$(echo "${forticlient_new_version_expanded_url}" | sed -e 's/http.*forticlient_vpn_\(.*\)_amd64.deb/\1/') + + is_var_empty "${forticlient_new_version_expanded_url}" "${forticlient_new_version}" \ + && error_message "define_vars − Error with new version variables (forticlient_new_version_expanded_url: ${forticlient_new_version_expanded_url} ; forticlient_new_version: ${forticlient_new_version})." 3 + ## }}} + + ## Vars for temp files + forticlient_new_version_file="/tmp/.forticlient.upgrade" + forticlient_new_pkg_path="/tmp/forticlient_${forticlient_new_version}_amd64.deb" + forticlient_tmp_pkg_path="/tmp/.forticlient_${forticlient_new_version}_amd64.deb" +} +# }}} +is_version_greater_than() { # {{{ + + first_value="${1}" + value_to_compare="${2}" + + ## Return False by default + return_is_version_greater_than="1" + + debug_message "is_version_greater_than − \ +Is first value (${first_value}) greater than the second value (${value_to_compare})." + + if printf '%s\n' "${first_value}" "${value_to_compare}" | sort --check=quiet --version-sort; then + debug_message "is_version_greater_than − ${first_value} <= ${value_to_compare} ." + return_is_version_greater_than="1" + else + debug_message "is_version_greater_than − ${first_value} > ${value_to_compare} ." + return_is_version_greater_than="0" + fi + + unset first_value + unset value_to_compare + + return "${return_is_version_greater_than}" +} +# }}} + +main() { # {{{ + + define_vars + + # Behaviour can be tested by overriding this variable + #forticlient_current_version="7.0.0.0000" + #forticlient_current_version="${forticlient_new_version}" + #forticlient_current_version="9.9.9.9999" + + if is_version_greater_than "${forticlient_new_version}" "${forticlient_current_version}"; then + debug_message "Test version − \ +New version (${forticlient_new_version}) seems more recent than the current one (${forticlient_current_version})." + + ## If it doesn't already exists, download the package for this new version + if [ ! -f "${forticlient_new_pkg_path}" ]; then + debug_message "Deb file − \ +Download .deb file from fortinet.com to ${forticlient_new_pkg_path} ." + wget --quiet https://links.fortinet.com/forticlient/deb/vpnagent --output-document="${forticlient_new_pkg_path}" + fi + + # Verify downloaded package + # Check the version from dpkg info {{{ + forticlient_dpkg_version=$(dpkg --info -- "${forticlient_new_pkg_path}" | awk '/ Version/ { print $2 }') + + if [ "${forticlient_dpkg_version}" = "${forticlient_new_version}" ]; then + debug_message "Check dpkg version − \ +New version and .deb file informations are similar." + ## Create a temp file to monitor + touch -- "${forticlient_new_version_file}" + printf '\e[1;35m%-6s\e[m\n' "An upgrade is available for forticlient (current : ${forticlient_current_version}) : ${forticlient_new_version}." >> "${forticlient_new_version_file}" + + ## Exit + exit 0 + else + debug_message "Check dpkg version − \ +New version and .deb file informations mismatch, don't need to go further." + + # }}} + # Remove useless file {{{ + ## Ensure to remove the file to monitor + rm --force -- "${forticlient_new_version_file}" + + ## Keep a record of the downloaded package because as a new release might come soon + mv --force -- "${forticlient_new_pkg_path}" "${forticlient_tmp_pkg_path}" + + ## Exit + exit 0 + fi + + # }}} + + else + debug_message "Test version − The current version is the same or is more recent than the available one." + ## Ensure to remove any temp file and useless .deb file + rm --force -- "${forticlient_new_version_file}" "${forticlient_new_pkg_path}" "${forticlient_tmp_pkg_path}" + + ## Exit + exit 0 + fi + # }}} +} +# }}} + +# Manage arguments # {{{ +# This code can't be in a function due to arguments + +if [ ! "${NBARGS}" -eq "0" ]; then + + manage_arg="0" + + ## If the first argument is not an option + if ! printf -- '%s' "${1}" | grep --quiet --extended-regexp -- "^-+"; + then + ## Consider it as the mode to use to get current forticlient version + check_mode="${1}" + ## Move to the next argument + shift + manage_arg=$((manage_arg+1)) + fi + + # Parse all options (start with a "-") one by one + while printf -- '%s' "${1}" | grep --quiet --extended-regexp -- "^-+"; do + + case "${1}" in + -m|--mode ) ## Define check_mode + ## Move to the next argument + shift + ## Define var + readonly check_mode="${1}" + ;; + -d|--debug ) ## debug + DEBUG=0 + ;; + -h|--help ) ## help + usage + ## Exit after help informations + exit 0 + ;; + -- ) ## End of options list + ## End the while loop + break + ;; + * ) ## unknow option + printf '%b\n' "${RED}Invalid option: ${1}${RESET}" + printf '%b\n' "---" + usage + exit 1 + ;; + esac + + debug_message "Arguments management − \ +${RED}${1}${COLOR_DEBUG} option managed." + + ## Move to the next argument + shift + manage_arg=$((manage_arg+1)) + + done + + debug_message "Arguments management − \ +${RED}${manage_arg}${COLOR_DEBUG} argument(s) successfully managed." +else + debug_message "Arguments management − \ +No arguments/options to manage." +fi + +# }}} + +main + +exit 255