Tech9
Part of the Furniture
RT-AC86U and ZenWiFi XT12 are HND models.
Seeking Feedback & Contributions: Merlin Auto Update Solutions
- Thread starter ExtremeFiretop
- Start date
- Status
RT-AC86U and ZenWiFi XT12 are HND models.
ExtremeFiretop
Very Senior Member
sfx2000
Part of the Furniture
@RMerlin makes a lot of good reasons here...
On my latest project - we have managed devices (via CWMP/TR-069) where we can push FW updates out to end-user devices.
It's an entire platform - it's certs on the devices, signed code on the server, two banks in flash so if a FW update fails, the device can fail back to the previous code.
While it's a neat idea, and we do use this in the industry - for AsusWRT-RMerlin, there is no infrasture to support this in a safe/sane manner - and to even start to get there, one would have to sign the devices and code - I don't think anyone wants this...
ExtremeFiretop
Very Senior Member
I think all the points can be addressed as discussed on the last page.
As for if anyone wants this, that's it's own separate conversation...
I do have a use-case for the desktop version, I'm not going to repeat myself there.
Whether or not people want to use it, they obviously don't need too.
As I stated in my original posting, I am trying to push forwards on this as a challenge and looking for advise and contributions on my project, not looking for people to say they don't want it. I get it, some people don't want it.
Then don't use it, asides from that glorious point, assume I'm working on this until I identify an actual roadblock which requires me stopping, which so far I have not found...
If you could upload the new firmware file to the router and then trigger the normal upgrade process that the GUI triggers, this would be a much more appealing concept. But in a checklist of 10 things that ASUS does, you're starting at #9. ASUS firmware is getting more complicated, not less.
I chased windmills with Adaptive QoS for a couple years (as recently as last week). Eventually, despite all good intentions, the closed-source boogeyman that is continuting to take over ASUS firmware will thwart your efforts.
github.com
github.com
I chased windmills with Adaptive QoS for a couple years (as recently as last week). Eventually, despite all good intentions, the closed-source boogeyman that is continuting to take over ASUS firmware will thwart your efforts.
asuswrt-merlin.ng/release/src/router/httpd/web.c at 7f513adff207ce8efe156a7aecc39359e28ec264 · RMerl/asuswrt-merlin.ng
Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com
asuswrt-merlin.ng/release/src/router/httpd/web.c at 7f513adff207ce8efe156a7aecc39359e28ec264 · RMerl/asuswrt-merlin.ng
Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng
github.com
sfx2000
Part of the Furniture
And here's where it gets interesting - there would be no entware, no third-party scripts... because with signed code, we don't share the keys - we can still be in compliance with GPL however...
And even there - signed code needs certs, and certs can be revoked, so the bootloader might fail or even if it doesn't, it would not be able to decrypt the rest of the FW image slides (e.g. MTD)
sfx2000
Part of the Furniture
Like for reasons I also mentioned - the best approach is the one that is in place _now_ - if people log in to their router, they can see a notification that there is an update - to do push updates via email or whatever, this gets into the space where things like GDPR start to become a problem - even here in California, where I live, has constraints similar to GDPR...
At the core - it's a good idea - but without the technical and legal infra behind it, it's a really big mess...
ExtremeFiretop
Very Senior Member
I just don't see where it gets messy myself.. The files are uploaded directly to SourceForge by RMerlin. SourceForge provides the technical and legal infrastructure already.
The router or desktop app, simply connects directly to that page to parse for the newest download matching the model, and downloads it directly to the device. The same way you or I do, It can do a checksum after to confirm no tamping of the file in transit, etc. Which is already probably more than most people do.
It's not like I am the one providing the infrastructure, and your downloading the files from my hard drive. I just don't understand the infrastructure angle.
As for flashing it, well... hnd-write seems to be pretty robust to me, on 3 devices over an extended amount of time. It seems the general understanding is that it has/follows the same guidelines to flashing as the webui. So as long as your router handles hnd-write, then it should work the same.
Anything hnd-write may not handle, such as backing up configs and jffs, downloading cers, shutting down services and unmounting before a flash, I will be handling via script before passing off to the hnd-write to write the upgrade to the secondary partition then reboot to complete the upgrade.
This feels like it's getting a bit off track from the original topic of discussion which was concerns to address and things to improve, however I am absolutely fine with that, this is still all calm and collective thinking, and I appreciate your comment all the same!
I just want to make sure people don't get the wrong idea, I am not promoting this as a ready solution for anyone to go download and try, and never was.. it was, from the start, a work in progress and I had most of my features for the desktop app ready that i cared about.
Such as:
1. Backing up my configs weekly,
2. Downloading my ssl certs and installing them on NGINX reverse proxy weekly incase they renewed.
3. Pre-downloading the firmware to my downloads and giving me a desktop notification in my notification centre that the firmware update was available
4. And even provide the option to flash if I wanted
This is the last point, which has worked for some time, I was looking for feedback on improving. I have yet to find a technical roadblock with my suggested solution, but I am open to suggestions if someone thinks if a better method..
I won't lie though, I'm starting to think discussing this with others just seems like a bad idea since many simply want to fixate on how this is not something they care for..
Tech9
Part of the Furniture
For that reason, I'm out.
ExtremeFiretop
Very Senior Member
I feel you... I'm pretty much out too.
Edit:
Thanks to all the people that did help and pointed out some great things
L&LD
Part of the Furniture
That's your 'problem' right there. If you don't take into account what others are stating, with very valid reasons why this doesn't work for an RMerlin-powered Asus router today, then this failure, it's on you.
Discussing it with others isn't the bad idea here. It has brought very valid reasons from many different perspectives of why this isn't something worth pursuing, today. If your goal is to actually have people use this in a timely fashion (and not into the very far future).
Still wish you the best of luck in this project, and hope you come to understand the very real roadblocks to this being a stable, reliable, and dependable project, in the long term.
ExtremeFiretop
Very Senior Member
It does work today for an RMerlin-powered router. At no point did I not take into account valid concerns... Everytime a cocern was brought up it was met with:
and an explanation of why I think we can workaround/resolve that concern, etc... No one has said anything in regard to my counter-points once.
It's depressing when people simply want to fixate on how it's not something they want, instead of fixating on the questions at hand and in OP, like I have a script that works, help me address concerns to make it better.
Literally not a single person in 3 pages has offered any scripting advise to my questions in the OP.
Instead I get lots of "Don't do it, I don't want it" as if that was the question or the reason for this post.
I honestly have no plans on anyone using it but me and my friend, I think that's what people fail to understand.
But it's bad practice to ask for coding or scripting advise without showing your work, which I did.. Just ask stackoverflow forum guys what happens if you ask for help without showing your work.
And github is how I shared this project with my friend with the AC86U, everytime we make a discover or update, so honestly yes it's tiring to hear this over and over again:
On a thread specifically asking for "Contributions" in the title.
it's lots of defending a project I was interested in from a technical aspect since it DOES WORK. Lol. I feel like not a single person has even reviewed the script I shared or given points of improvement (scripting wise)
This is one of the only groups of people in my life, that are techy tinkers, that has seen evidence of something working for solid months and goes "Nah instead of making it better, lets tell this guy I don't need this or want this over and over again."
I'm tired of defending why I'm working on this, so you know what? I'm not anymore. Project is dropped, the funs been taken out of it and my friend can use my ordinal version without the GUI and be happy.
Thanks for the people that did offer feedback though.
The take aways were valuable, but clearly people without anything to contribute tech wise can't keep their personal opinions out.
ExtremeFiretop
Very Senior Member
Tech9
Part of the Furniture
And you posted it online for what exactly reason? This script is dangerous, tested on few routers only, claiming compatibility with all HND models. Take it off Internet, use it with your friend.
L&LD
Part of the Furniture
I hear your frustration and am sorry your interest has waned so quickly for this.
I do believe you are ignoring the real and important points why this project won't work for public release anytime soon.
I cannot speak for the others you quote, but personal reasons aside, this isn't something I would not use/recommend because of my mere 'preference', rather, because of all the objective reasons RMerlin, sfx2000, and others brought to light, and I did not even know those reasons at all before this thread.
Again, I don't doubt that this works for you and your friend, today. I'm more into a long-term assessment here. And that is where things get shaky.
I do believe you are ignoring the real and important points why this project won't work for public release anytime soon.
I cannot speak for the others you quote, but personal reasons aside, this isn't something I would not use/recommend because of my mere 'preference', rather, because of all the objective reasons RMerlin, sfx2000, and others brought to light, and I did not even know those reasons at all before this thread.
Again, I don't doubt that this works for you and your friend, today. I'm more into a long-term assessment here. And that is where things get shaky.
ExtremeFiretop
Very Senior Member
You have literally zero evidence to say it's dangerous, you just think it is and rather say that then find ways to make it safer. Lol. Do you even know how to script? Because that is what I am asking for.
Read below and ask me that question again:
Please read the above. I'm moving over to stackoverflow with specific scripting questions in the future, I thought asking a forum full of experienced shell scripters to review and contribute on my script was a good idea. Lol. My bad.
ExtremeFiretop
Very Senior Member
Thank you, and I do hear that, naturally if something changed in the future i would either try to fix or reassess at that time.
But is it really unreasonable to say, if that if was a demand to use hnd-write to flash outside the UI, that maybe it would be improved on ASUS's side as well?
edit:
I think poking at this to learn about it more and how it functions, and making it as safe as possible today, was of interest.
ColinTaylor
Part of the Furniture
I think this is the fundamental misunderstanding of your intention then. There is nothing in your initial post to suggest this. In fact from the subsequent posts it sounds like you're trying to create a publicly available script for any user and any model of router. You've now limited the project to HND routers only but there's still nothing to suggest that this is for your own use only using only the models that you have access to. If you had said from the outset that this was for your own personal use and you only wanted code improvement suggestions you probably wouldn't have received such negative feedback.
L&LD
Part of the Furniture
No, that is not an unreasonable vision.
Over a decade ago, RMerlin himself was doing things on his own. Today, Asus is using his code and sharing with him, more and more.
That is why I don't want you to lose interest in your baby so quickly. Even if I'm not your target audience.
Over a decade ago, RMerlin himself was doing things on his own. Today, Asus is using his code and sharing with him, more and more.
That is why I don't want you to lose interest in your baby so quickly. Even if I'm not your target audience.
Something that should have been clearly stated up front, not three pages later. "People fail to understand" (in your words) because you haven't indicated or clearly articulated until that post on page 3 that you didn't have plans for anyone else using it. Your OP post and many subsequent posts/replies seems to imply it was intended for a wider audience because you were seeking input from a wide audience.
- Status
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| F | seeking help with bridge mode | Asuswrt-Merlin | 28 | |
|
Looking for feedback: Anyone considering AiCloud important to them? | Asuswrt-Merlin | 164 |
Similar threads
-
-
Looking for feedback: Anyone considering AiCloud important to them?
- Started by RMerlin
- Replies: 164
Latest threads
-
-
-
AdGuardHome Use DNS encryption automatically via AdGuard DHCP server
- Started by Milan
- Replies: 1
-
-
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root- Started by PR3MIUM
- Replies: 0
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!