From 11dc1e2aa1c6accee458d0507553433d0104955c Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 24 Apr 2026 14:25:11 +0200 Subject: [PATCH 01/14] ipv6-update: log dynamic entry with info, not warning --- ipv6-update.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipv6-update.rsc b/ipv6-update.rsc index dadca54c..f93e2786 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -54,7 +54,7 @@ :local Pool [ /ipv6/pool/get [ find where prefix=$PdPrefix ] name ]; :if ([ :len [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ] ] = 0) do={ /ipv6/firewall/address-list/add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool) dynamic=yes; - $LogPrint warning $ScriptName ("Added dynamic ipv6 address list entry for ipv6-pool-" . $Pool); + $LogPrint info $ScriptName ("Added dynamic ipv6 address list entry for ipv6-pool-" . $Pool); } :local AddrList [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ]; :local OldPrefix [ /ipv6/firewall/address-list/get ($AddrList->0) address ]; From 174e16502a5c2c6ed5a5d7a5cafeded75f997e0c Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 28 Apr 2026 16:36:15 +0200 Subject: [PATCH 02/14] global-config: update comment on backup options --- global-config.rsc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/global-config.rsc b/global-config.rsc index 12c85916..de22019c 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -90,7 +90,8 @@ # Toggle this to disable color output in terminal/cli. :global TerminalColorOutput true; -# This defines what backups to generate and what password to use. +# This defines what backups to generate, the password to use, +# and what random delay (between 0 and given seconds) to apply. :global BackupSendBinary false; :global BackupSendExport true; :global BackupSendGlobalConfig true; From d54a0d541d3245706631f5deaca651a4dfb8c5d7 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 24 Apr 2026 14:22:02 +0200 Subject: [PATCH 03/14] backup-email: support date & time in filename --- backup-email.rsc | 5 ++++- doc/backup-email.md | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/backup-email.rsc b/backup-email.rsc index fcafff45..47523f74 100644 --- a/backup-email.rsc +++ b/backup-email.rsc @@ -16,6 +16,7 @@ do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; + :global BackupFileNameDate; :global BackupPassword; :global BackupRandomDelay; :global BackupSendBinary; @@ -73,7 +74,9 @@ # filename based on identity :local DirName ("tmpfs/" . $ScriptName); - :local FileName [ $CleanName ($Identity . "." . $Domain) ]; + :local Clock [ /system/clock/get ]; + :local FileName [ $CleanName ($Identity . "." . $Domain . [ $IfThenElse ($BackupFileNameDate = true) \ + ("-" . $Clock->"date" . "-" . $Clock->"time" . "-" . $Clock->"gmt-offset") "" ] ) ]; :local FilePath ($DirName . "/" . $FileName); :local BackupFile "none"; :local ExportFile "none"; diff --git a/doc/backup-email.md b/doc/backup-email.md index cf334697..e55a0d7b 100644 --- a/doc/backup-email.md +++ b/doc/backup-email.md @@ -34,6 +34,7 @@ Configuration The configuration goes to `global-config-overlay`, these are the parameters: +* `BackupFileNameDate`: whether to add date & time in filenames * `BackupSendBinary`: whether to send binary backup * `BackupSendExport`: whether to send configuration export * `BackupSendGlobalConfig`: whether to send `global-config-overlay` From 0382a368ec6d76dd347ff69db79bb7e61a9eda86 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 24 Apr 2026 14:20:29 +0200 Subject: [PATCH 04/14] backup-upload: support date & time in filename --- backup-upload.rsc | 5 ++++- doc/backup-upload.md | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/backup-upload.rsc b/backup-upload.rsc index bded570c..3230ef65 100644 --- a/backup-upload.rsc +++ b/backup-upload.rsc @@ -17,6 +17,7 @@ do={ :error ("Global config and/or functions not ready."); }; } delay=500ms max=50; :local ScriptName [ :jobname ]; + :global BackupFileNameDate; :global BackupPassword; :global BackupRandomDelay; :global BackupSendBinary; @@ -72,7 +73,9 @@ # filename based on identity :local DirName ("tmpfs/" . $ScriptName); - :local FileName [ $CleanName ($Identity . "." . $Domain) ]; + :local Clock [ /system/clock/get ]; + :local FileName [ $CleanName ($Identity . "." . $Domain . [ $IfThenElse ($BackupFileNameDate = true) \ + ("-" . $Clock->"date" . "-" . $Clock->"time" . "-" . $Clock->"gmt-offset") "" ] ) ]; :local FilePath ($DirName . "/" . $FileName); :local BackupFile "none"; :local ExportFile "none"; diff --git a/doc/backup-upload.md b/doc/backup-upload.md index 221cb721..bbf5227b 100644 --- a/doc/backup-upload.md +++ b/doc/backup-upload.md @@ -40,6 +40,7 @@ Configuration The configuration goes to `global-config-overlay`, these are the parameters: +* `BackupFileNameDate`: whether to add date & time in filenames * `BackupSendBinary`: whether to send binary backup * `BackupSendExport`: whether to send configuration export * `BackupSendGlobalConfig`: whether to send `global-config-overlay` From fd956519e262c5a545a3471af335a04023434866 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 27 Apr 2026 17:17:38 +0200 Subject: [PATCH 05/14] backup-email: drop the GMT offset from filename... ... as it is of little help only. Also it is ambiguous due to signdness being dropped when cleaning the name. --- backup-email.rsc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backup-email.rsc b/backup-email.rsc index 47523f74..70b18c06 100644 --- a/backup-email.rsc +++ b/backup-email.rsc @@ -75,8 +75,8 @@ # filename based on identity :local DirName ("tmpfs/" . $ScriptName); :local Clock [ /system/clock/get ]; - :local FileName [ $CleanName ($Identity . "." . $Domain . [ $IfThenElse ($BackupFileNameDate = true) \ - ("-" . $Clock->"date" . "-" . $Clock->"time" . "-" . $Clock->"gmt-offset") "" ] ) ]; + :local FileName [ $CleanName ($Identity . "." . $Domain . [ $IfThenElse \ + ($BackupFileNameDate = true) ("-" . $Clock->"date" . "-" . $Clock->"time") "" ] ) ]; :local FilePath ($DirName . "/" . $FileName); :local BackupFile "none"; :local ExportFile "none"; From 2f621a5981fd2b8b646595e0290c6868fc2371f1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 27 Apr 2026 17:17:41 +0200 Subject: [PATCH 06/14] backup-upload: drop the GMT offset from filename... ... as it is of little help only. Also it is ambiguous due to signdness being dropped when cleaning the name. --- backup-upload.rsc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backup-upload.rsc b/backup-upload.rsc index 3230ef65..b89d123d 100644 --- a/backup-upload.rsc +++ b/backup-upload.rsc @@ -74,8 +74,8 @@ # filename based on identity :local DirName ("tmpfs/" . $ScriptName); :local Clock [ /system/clock/get ]; - :local FileName [ $CleanName ($Identity . "." . $Domain . [ $IfThenElse ($BackupFileNameDate = true) \ - ("-" . $Clock->"date" . "-" . $Clock->"time" . "-" . $Clock->"gmt-offset") "" ] ) ]; + :local FileName [ $CleanName ($Identity . "." . $Domain . [ $IfThenElse \ + ($BackupFileNameDate = true) ("-" . $Clock->"date" . "-" . $Clock->"time") "" ] ) ]; :local FilePath ($DirName . "/" . $FileName); :local BackupFile "none"; :local ExportFile "none"; From 2f5aa2f337db330c9bb85eff3f6077eefe0ad860 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 24 Apr 2026 14:20:29 +0200 Subject: [PATCH 07/14] backup-{email,upload}: add setting in configuration --- global-config.rsc | 5 +++-- global-functions.rsc | 2 +- news-and-changes.rsc | 1 + 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/global-config.rsc b/global-config.rsc index de22019c..0bb572b5 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -90,8 +90,9 @@ # Toggle this to disable color output in terminal/cli. :global TerminalColorOutput true; -# This defines what backups to generate, the password to use, -# and what random delay (between 0 and given seconds) to apply. +# This defines whether to add date & time in filenames, what backups to generate, +# the password to use, and what random delay (between 0 and given seconds) to apply. +:global BackupFileNameDate false; :global BackupSendBinary false; :global BackupSendExport true; :global BackupSendGlobalConfig true; diff --git a/global-functions.rsc b/global-functions.rsc index 413517f3..10a9b5ac 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -15,7 +15,7 @@ # Git commit id & info, expected configuration version :global CommitId "unknown"; :global CommitInfo "unknown"; -:global ExpectedConfigVersion 142; +:global ExpectedConfigVersion 143; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/news-and-changes.rsc b/news-and-changes.rsc index 2c1a0272..ed60a6c2 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -67,6 +67,7 @@ 140="The scripts 'lease-script' was renamed to 'dhcpv4-server-lease', configuration was updated automatically."; 141="Introduced script 'dhcpv6-client-lease' to run several scripts on IPv6 DHCP client lease."; 142="Added a setting for 'mod/notification-email' to check availability of certificate chain."; + 143="Made backup scripts 'backup-email' and 'backup-upload' support date & time in filenames."; }; # Migration steps to be applied on script updates From 811df5abf2ab708538d860b32c9abfc5ad5dbbac Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 6 May 2026 09:17:35 +0200 Subject: [PATCH 08/14] global-functions: $IsDNSResolving: check with eworm.de and eworm.net This should prevent against DENIC outages... https://blog.denic.de/en/denic-reports-resolved-dnssec-disruption-affecting-de-domains/ --- global-functions.rsc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index 10a9b5ac..f2b13113 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -813,10 +813,15 @@ :set IsDNSResolving do={ :do { :resolve "low-ttl.eworm.de"; - } on-error={ - :return false; - } - :return true; + :return true; + } on-error={ } + + :do { + :resolve "low-ttl.eworm.net"; + :return true; + } on-error={ } + + :return false; } # check if system is is fully connected (default route reachable, DNS resolving, time sync) From 0ef11bf11dc6b37ce687010cf9ce349664d5affa Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 6 May 2026 09:21:44 +0200 Subject: [PATCH 09/14] global-functions: $IsDNSResolving: check with :retry --- global-functions.rsc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index f2b13113..c9440ed7 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -812,16 +812,16 @@ # check if DNS is resolving :set IsDNSResolving do={ :do { - :resolve "low-ttl.eworm.de"; - :return true; - } on-error={ } + :local I 1; + :retry { + :set I ($I ^ 1); + :resolve ("low-ttl.eworm." . ({ "de"; "net" }->$I)); + } delay=50ms max=6; + } on-error={ + :return false; + } - :do { - :resolve "low-ttl.eworm.net"; - :return true; - } on-error={ } - - :return false; + :return true; } # check if system is is fully connected (default route reachable, DNS resolving, time sync) From 3aaba1f408cfb505f107ef53274ad969e64141cf Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 6 May 2026 09:06:26 +0200 Subject: [PATCH 10/14] netwatch-dns: check with eworm.de and eworm.net This should prevent against DENIC outages... https://blog.denic.de/en/denic-reports-resolved-dnssec-disruption-affecting-de-domains/ --- netwatch-dns.rsc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc index 9531d4ad..7c6a7b5b 100644 --- a/netwatch-dns.rsc +++ b/netwatch-dns.rsc @@ -115,13 +115,15 @@ :local Data false; :onerror Err { + :local I 1; :retry { + :set I ($I ^ 1); :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ http-header-field=({ "accept: application/dns-message" }) \ url=(($DohServer->"doh-url") . "?dns=" . [ :convert to=base64 ([ :rndstr length=2 ] . \ - "\01\00" . "\00\01" . "\00\00" . "\00\00" . "\00\00" . "\09doh-check\05eworm\02de\00" . \ - "\00\10" . "\00\01") ]) as-value ]->"data"); - } delay=1s max=3; + "\01\00" . "\00\01" . "\00\00" . "\00\00" . "\00\00" . "\09doh-check\05eworm" . \ + ({ "\02de"; "\03net" }->$I) . "\00" . "\00\10" . "\00\01") ]) as-value ]->"data"); + } delay=500ms max=6; } do={ $LogPrint warning $ScriptName ("Request to DoH server " . ($DohServer->"doh-url") . \ " failed: " . $Err); From 875df5da76ae1c5fc38e5f0d876968bcebd4e70e Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 7 May 2026 15:56:20 +0200 Subject: [PATCH 11/14] global-functions: $RmDir: remove with find... ... as this is still racy. --- global-functions.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global-functions.rsc b/global-functions.rsc index c9440ed7..cde2694a 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1205,7 +1205,7 @@ } :onerror Err { - /file/remove $DirName; + /file/remove [ find where name=$DirName ]; } do={ $LogPrint error $0 ("Removing directory '" . $DirName . "' failed: " . $Err); :return false; From 74d3fc2933fe1c0cc55ff7213ec3ed02021de612 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 7 May 2026 15:57:03 +0200 Subject: [PATCH 12/14] global-functions: $RmFile: remove with find... ... as this is still racy. --- global-functions.rsc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global-functions.rsc b/global-functions.rsc index cde2694a..5134ca4e 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1234,7 +1234,7 @@ } :onerror Err { - /file/remove $FileName; + /file/remove [ find where name=$FileName ]; } do={ $LogPrint error $0 ("Removing file '" . $FileName . "' failed: " . $Err); :return false; From 57385b593451907267812ee61701d54cbaf71af2 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 7 May 2026 15:53:18 +0200 Subject: [PATCH 13/14] global-functions: $RmDir: ignore "no such item"... ... as this is still racy. --- global-functions.rsc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index 5134ca4e..6ea47123 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1207,8 +1207,10 @@ :onerror Err { /file/remove [ find where name=$DirName ]; } do={ - $LogPrint error $0 ("Removing directory '" . $DirName . "' failed: " . $Err); - :return false; + :if (!($Err ~ "no such item")) do={ + $LogPrint error $0 ("Removing directory '" . $DirName . "' failed: " . $Err); + :return false; + } } :return true; } From 73f15a2df0e243d7255809736ea13b078150c5af Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 7 May 2026 15:54:33 +0200 Subject: [PATCH 14/14] global-functions: $RmFile: ignore "no such item"... ... as this is still racy. --- global-functions.rsc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index 6ea47123..cbaba0e3 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -1238,8 +1238,10 @@ :onerror Err { /file/remove [ find where name=$FileName ]; } do={ - $LogPrint error $0 ("Removing file '" . $FileName . "' failed: " . $Err); - :return false; + :if (!($Err ~ "no such item")) do={ + $LogPrint error $0 ("Removing file '" . $FileName . "' failed: " . $Err); + :return false; + } } :return true; }