Seeking Feedback & Contributions: Merlin Auto Update Solutions

[ExtremeFiretop]

Hello everyone!

This is a continuation of the previous thread regarding the need for automatic firmware updates on Merlin.

EDIT: --- THIS IS A PROJECT FOR ME AND FRIENDS ONLY ---​

Don't get the idea this is going to be offered on AMTM anytime soon, if anything I still need to learn the implications of installing with AMTM​

IF YOU KNOW ANYTHING ABOUT SCRIPTING OR THE ROUTER FIRMWARE, PLEASE CONTRIBUTE TO THE DISCUSSION BELOW.​

The project is on the risky edge, Don't do anything your not comfortable doing, the code exists to be reviewed and picked at and improved, not to be run blindly.​

Merlin has expressed disinterest multiple times in incorporating auto-updates, necessitating user-driven solutions.
While Merlin provides an update notification script, users are left to handle backups and flashing manually.

I’m also working on a router-based solution for users interested solely in auto firmware updates without additional features, still in preview (only started working on this may 12 hour ago).
The preview is available here.

Use it with caution, and manual supervision is advised initially for the first few runs. Report any issues on Github or here...

I'm exploring further enhancements, and would appreciate any help, feedback, or suggestions:

• Log analysis to determine the necessity of a factory reset within a specified date range... requiring a notification system.
• Install and Uninstall features for AMTM... needing further research and assistance.

Lastly, I’m looking to integrate RMerlin's Notification script for the log analysis feature which requires some type of notification.
I would like to know if anyone has insights or suggestions on accomplishing this? Is there a way for me to utilize his functions or call his script from mine?

Let's discuss any potential concerns, suggestions, or contributions regarding these solutions, especially regarding compatibility...

Please lets remember to keep things calm and collective.
Lets think critically here, stock firmware includes auto-updates which can be enabled or disabled, usually enabled is considered better for security and less so for uptime.
If your accustomed to this on stock firmware, and willing to take a bit of downtime for better security, already you may be thrown off by this seemingly missing feature on Merlin.

If your only value is "just be happy the way it is", please go elsewhere, we have 2 scripts that can do the job here in this thread, it's just about compatibility and cleaning it up now as much as possible..
Naturally If your not happy with something, you fix it! Looking forwards to feedback and concerns!

Thank you in advance!

 

[dave14305]

How do you account for the different firmware file types? I just see hnd-write in the PowerShell script. Does that cover all the bases?

 

[ExtremeFiretop]

How do you account for the different firmware file types? I just see hnd-write in the PowerShell script. Does that cover all the bases?

Edit: this is a great point!

I have 2 Asus routers and they both use this command, but it's a great point I didn't even consider.

Do we know if they are all the same? If not I can program in specific commands for specific models.

I'll start downloading .zip files to see what they all contain lol

 

[ExtremeFiretop]

I did find references to: mtd-write2 but none of my 2 routers (GT-AXE11000 and RT-AX88U) or my buddies router recognize it.

The hnd-write seems to be the right command so far, the PowerShell accounts for the different models by the filename variable, the filename variable would have a model name, whichever would be selected further up the script by the user. In the router based script it uses the model name itself to identify the firmware to download and flash it via the hnd-write command.

But if hnd-write is the wrong command for any models I can put a if statement for those models and a different flash command.

 

[Viktor Jaep]

Please lets remember to keep things calm and collective.
Lets think critically here, stock firmware includes auto-updates which can be enabled or disabled, usually enabled is considered better for security and less so for uptime.
If your accustomed to this on stock firmware, and willing to take a bit of downtime for better security, already you may be thrown off by this seemingly missing feature on Merlin.

If your only value is "just be happy the way it is", please go elsewhere, we have 2 scripts that can do the job here in this thread, it's just about compatibility and cleaning it up now as much as possible..

Truthfully, I'm pretty happy the way it is at the moment... but I will defend your right to pursue this project all day long! I wanted to start a calm, collective, open-minded, critically thinking discussion about auto-updates for your (and others) feedback... some thoughts below:

* The ability to manually update or not update something gives us some level of control. You are in a forum of control freaks, who like to tinker, modify and completely customize their routers (or other hardware). The community will know when something needs to be updated, and in many cases, are on the frontline to install/test when a new firmware update is released to provide feedback.
* Personal opinion: The need for manufacturers to pursue auto-updates is because the vast majority of their customers are average Joe's who don't know a modem from a router from a network switch, who just want to plug and play with minimal configs so their kid can achieve low latency for their Fortnite death match, and so they can stream movies with minimal network interruption. These customers aren't going to keep track of when URGENT firmware updates are released, and most likely won't even touch the router again until it breaks, gets "slow", or because they need to change a wifi password.
* Companies like ASUS (or Google) recognize the need to make sure people's routers stay up-to-date because of numerous vulnerabilities that need to get patched on a regular basis. Asus recently went through a spate where their routers suffered from a slew of vulnerabilities that no doubt hacked thousands, even tens or hundreds of thousands of their customers. And it doesn't stop... not will it ever.
* Most of my equipment requires manual firmware update intervention... My car, my watch, my phone, my robovac, my printer, my PC/BIOS, my PC applications, my router, along with AMTM, all my custom scripts I've downloaded, etc. It's a lot to keep track of!
* But there has been a trend... My Google Nest Pro Mesh WiFi setup updates itself out of the box from the very beginning, much like all their other equipment, Google Home speakers, hubs, thermostats... etc. I have zero control over this. And it works, for the most part. Sometimes it doesn't. I think Asus saw the writing on the wall in an attempt to keep their customers safe, or from lawsuits resulting from their customer's breaches affecting their business.
* As was mentioned earlier, auto-update can work against you... in the rare instance a firmware update causes a bricked router, or if hackers were able to maliciously insert code before a wide release is made, it could literally take down the entire base. For those of us manual updaters, we have a way out of a doomsday scenario like this.

Needless to say, I still encourage you to pursue this, not only because it's a challenge, but also because there will be those in this custom firmware community who find this incredibly useful, and who don't want to be bothered with automatically updating their equipment.

 

[ExtremeFiretop]

Truthfully, I'm pretty happy the way it is at the moment... but I will defend your right to pursue this project all day long! I wanted to start a calm, collective, open-minded, critically thinking discussion about auto-updates for your (and others) feedback... some thoughts below:

* The ability to manually update or not update something gives us some level of control. You are in a forum of control freaks, who like to tinker, modify and completely customize their routers (or other hardware). The community will know when something needs to be updated, and in many cases, are on the frontline to install/test when a new firmware update is released to provide feedback.
* Personal opinion: The need for manufacturers to pursue auto-updates is because the vast majority of their customers are average Joe's who don't know a modem from a router from a network switch, who just want to plug and play with minimal configs so their kid can achieve low latency for their Fortnite death match, and so they can stream movies with minimal network interruption. These customers aren't going to keep track of when URGENT firmware updates are released, and most likely won't even touch the router again until it breaks, gets "slow", or because they need to change a wifi password.
* Companies like ASUS (or Google) recognize the need to make sure people's routers stay up-to-date because of numerous vulnerabilities that need to get patched on a regular basis. Asus recently went through a spate where their routers suffered from a slew of vulnerabilities that no doubt hacked thousands, even tens or hundreds of thousands of their customers. And it doesn't stop... not will it ever.
* Most of my equipment requires manual firmware update intervention... My car, my watch, my phone, my robovac, my printer, my PC/BIOS, my PC applications, my router, along with AMTM, all my custom scripts I've downloaded, etc. It's a lot to keep track of!
* But there has been a trend... My Google Nest Pro Mesh WiFi setup updates itself out of the box from the very beginning, much like all their other equipment, Google Home speakers, hubs, thermostats... etc. I have zero control over this. And it works, for the most part. Sometimes it doesn't. I think Asus saw the writing on the wall in an attempt to keep their customers safe, or from lawsuits resulting from their customer's breaches affecting their business.
* As was mentioned earlier, auto-update can work against you... in the rare instance a firmware update causes a bricked router, or if hackers were able to maliciously insert code before a wide release is made, it could literally take down the entire base. For those of us manual updaters, we have a way out of a doomsday scenario like this.

Needless to say, I still encourage you to pursue this, not only because it's a challenge, but also because there will be those in this custom firmware community who find this incredibly useful, and who don't want to be bothered with automatically updating their equipment.

This was a great reply, thank you for your support. I do appreciate the feedback and your right on pretty much all counts.

I'm thinking that the Desktop script is ideal for these power users you mentioned, like myself which I like to not only update my firmware but also backup my configs and I also need to constantly download my SSL certificate and add it to the root of my NGINX directory and this handles all this for me however often I want.

For the average joe, the router implementation without any special features would probably more ideal on initial setup, assuming you setup a friend or family members router.

Honestly I think the challenge is fun, and I'm happy others are willing to take on this challenge with me and discuss this openly as much as possible.

 

[Tech9]

@ExtremeFiretop, you're about to create the most potentially disruptive script ever offered on SNB Forums.

 

[ExtremeFiretop]

@ExtremeFiretop, you're about to create the most potentially disruptive script ever offered on SNB Forums.

Tech9, I hope that is a good thing! Lol

Thank you for your comment, and sorry for any past friction on the topics.

 

[Tech9]

sorry for any past friction on the topics

Nothing personal, but this script may even beat @Viktor Jaep own ROMMON for Cisco routers. Hitting auto-update on 3rd party custom firmware with unknown custom scripts on top and mounted USB drive may create even longer system recovery downtime especially for average Joe type users.

 

[Viktor Jaep]

Nothing personal, but this script may even beat @Viktor Jaep own ROMMON for Cisco routers. Hitting auto-update on 3rd party custom firmware with unknown custom scripts on top and mounted USB drive may create even longer system recovery downtime especially for average Joe type users.

I was going to say, this may even beat RTRHTR v1.2! LOL

 

[ExtremeFiretop]

Nothing personal, but this script may even beat @Viktor Jaep own ROMMON for Cisco routers. Hitting auto-update on 3rd party custom firmware with unknown custom scripts on top and mounted USB drive may create even longer system recovery downtime especially for average Joe type users.

It's still early days, I wouldn't want anything officially offered on AMTM until it's been vetted through such scenarios, I know the desktop version has been used on both my routers and my buddies without issues.

For example the script for the router implementation was only just started a few hours ago, and while it creates a cron job, I don't think that cron job actually runs the update right now. I needed some sleep so I took a break but I'll get back into it later this evening.

I also still need to find the best way to implement the notification system Incase a factory default is recommended on that firmware release. That code exists in the script but is commented out until I either implement my own notification system or install rmerlins as a requirement.

 

[Tech9]

The problem I see with this script:

- experienced users will never touch it
- non-experienced users may have serious issues with it

Who is this script for?

 

[Clark Griswald]

I use forum members posting fw and script updates directly to SNB Forums.
Seems @octopus post RMerlin fw updates to The Forum fast enough for me

 

[bibikalka]

The problem I see with this script:

- experienced users will never touch it
- non-experienced users may have serious issues with it

Who is this script for?

Say, it works fine 95% of the time. And then 5% - you do a lot of recovery because something has gone wrong. Is anyone asking for an unexpected time sink?

I guess before using this script one has to automatically:
1) backup nvram (nvram save current.cfg)
2) backup /jffs fully with tar
3) dump current firmware version to a text file
4) copy all of these to a non-disappearing location outside of the router

If things do go wrong - factory reset, restore prior firmware, restore config, restore /jffs. I am expecting that EntWare survived just fine since it sits on it's own external USB drive. Probably 15 min minimum if one is proficient.

 

[ExtremeFiretop]

The problem I see with this script:

- experienced users will never touch it
- non-experienced users may have serious issues with it

Who is this script for?

I see the desktop version being for experienced users that want the extra features

I see the router version being for people that setup Merlin for xyz reasons for their friend and family and just want it to stay updated when possible.

I do see your point, and if people don't want to use it their don't need too naturally, like I said above this is mostly as the challenge, I do see the need for the desktop version for myself as I mentioned above for my SSL certs being updated on NGINX when they are refreshed on the router so I don't get the "this page isn't secure" message in the browser for my visitors.

Wether or not the router implementation is needed, I myself wouldn't need it but I believe others would rather something centrally hosted on the router itself instead of on a device on the network.

 

[Clark Griswald]

Unfortunately, "people" will directly blame RMerlin for anything and everything (as usual), regarding network issues. Attaching anything to his fw will cause unjust issues for RMerlin, and he doesn't need/want any additional headaches.

 

[ExtremeFiretop]

Unfortunately, "people" will directly blame RMerlin for anything and everything (as usual), regarding network issues. Attaching anything to his fw will cause unjust issues for RMerlin, and he doesn't need/want any additional headaches.

If @RMerlin sees this maybe he may have a view point on this project! I'd be open to the discussion.

If there is concern from his view of something on the router handling auto updates, it can be a desktop app only.

 

[ExtremeFiretop]

Say, it works fine 95% of the time. And then 5% - you do a lot of recovery because something has gone wrong. Is anyone asking for an unexpected time sink?

I guess before using this script one has to automatically:
1) backup nvram (nvram save current.cfg)
2) backup /jffs fully with tar
3) dump current firmware version to a text file
4) copy all of these to a non-disappearing location outside of the router

If things do go wrong - factory reset, restore prior firmware, restore config, restore /jffs. I am expecting that EntWare survived just fine since it sits on it's own external USB drive. Probably 15 min minimum if one is proficient.

Surprisingly I haven't had to do a recovery while testing these scripts, but my setup at home is very basic I know some people load them up with a million scripts.

I have had to do a recovery for my RT-AX88U the first year I got it and it wasn't that bad so I am not too concerned if I need a recovery while testing. It's fairly easy.

I do agree with backing up as much as possible before doing the flash, this is something I can spend extra time developing redundancy for. Incase of a worst case scenario type situation

 

[Tech9]

I guess before using this script one has to automatically:
1) backup nvram (nvram save current.cfg)
2) backup /jffs fully with tar
3) dump current firmware version to a text file
4) copy all of these to a non-disappearing location outside of the router

5) stop whatever is running there
6) unmound the USB drive
7) reboot the router to free RAM, otherwise firmware update may fail

We've seen auto-update on much simpler configuration Asuswrt resulting in bootloop and RMA. If the router is at remote location (friends or family) - plan a trip to fix it. I would never install custom firmware with scripts at place users can't support it themselves. Don't need extra support responsibilities.

 

[Viktor Jaep]

I guess before using this script one has to automatically:
1) backup nvram (nvram save current.cfg)
2) backup /jffs fully with tar
3) dump current firmware version to a text file
4) copy all of these to a non-disappearing location outside of the router

Now why does that sound familiar... oh yeah, BACKUPMON. Lol.