diff --git a/CERTIFICATES.md b/CERTIFICATES.md
index 69d6c18..0e0a867 100644
--- a/CERTIFICATES.md
+++ b/CERTIFICATES.md
@@ -61,7 +61,7 @@ Import a certificate by CommonName
Running the function `$CertificateAvailable` with that name as parameter
makes sure the certificate is available in the device's store:
- $CertificateAvailable "ISRG Root X2";
+ $CertificateAvailable "ISRG Root X2" "fetch";
If the certificate is actually available already nothing happens, and there
is no output. Otherwise the certificate is downloaded and imported.
diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md
index 40f609b..6e70b66 100644
--- a/INITIAL-COMMANDS.md
+++ b/INITIAL-COMMANDS.md
@@ -22,8 +22,11 @@ Run the complete base installation:
:local CertFileName "ISRG-Root-X2.pem";
:local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
- :if (!(([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \
- [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={
+ :local CertSettings [ /certificate/settings/get ];
+ :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \
+ ($CertSettings->"builtin-trust-store") ~ "fetch" || \
+ ($CertSettings->"builtin-trust-store") = "all") && \
+ [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={
:put "Importing certificate...";
/tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value;
:delay 1s;
diff --git a/Makefile b/Makefile
index 680d768..f841ca2 100644
--- a/Makefile
+++ b/Makefile
@@ -2,18 +2,28 @@
# template scripts -> final scripts
# markdown files -> html files
-CAPSMAN = $(wildcard *.capsman.rsc)
-LOCAL = $(wildcard *.local.rsc)
-WIFI = $(wildcard *.wifi.rsc)
+ALL_RSC := $(wildcard *.rsc */*.rsc)
+GEN_RSC := $(wildcard *.capsman.rsc *.local.rsc *.wifi.rsc)
-MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md)
-HTML = $(MARKDOWN:.md=.html)
+MARKDOWN := $(wildcard *.md doc/*.md doc/mod/*.md)
+HTML := $(MARKDOWN:.md=.html)
-all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json
+.PHONY: all checksums docs rsc clean
+
+all: checksums docs rsc
+
+checksums: checksums.json
+
+checksums.json: contrib/checksums.sh $(ALL_RSC)
+ contrib/checksums.sh > $@
+
+docs: $(HTML)
%.html: %.md general/style.css contrib/html.sh contrib/html.sh.d/head.html
contrib/html.sh $< > $@
+rsc: $(GEN_RSC)
+
%.capsman.rsc: %.template.rsc Makefile
sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \
-e '/^# NOT \/caps-man\/ #$$/,/^# NOT \/caps-man\/ #$$/d' \
@@ -32,8 +42,5 @@ all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json
-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
< $< > $@
-checksums.json: contrib/checksums.sh *.rsc */*.rsc
- contrib/checksums.sh
-
clean:
rm -f $(HTML) checksums.json
diff --git a/README.md b/README.md
index b0d26bd..36408ec 100644
--- a/README.md
+++ b/README.md
@@ -77,8 +77,11 @@ download the certificates.
> 💡️ **Hint**: RouterOS 7.19 comes with a builtin certificate store. You
> can skip the steps regarding certificate download and import and jump
> to [installation of scripts](#installation-of-scripts) if you set the
-> trust for these builtin trust anchors:
-> `/certificate/settings/set builtin-trust-anchors=trusted;`
+> trust for these builtin trust anchors:
+> `/certificate/settings/set builtin-trust-anchors=trusted;`
+> With RouterOS 7.21 the functionality was changed. Set this at minimum,
+> but make sure not to drop other targets:
+> `/certificate/settings/set builtin-trust-store=fetch;`
If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
@@ -173,7 +176,7 @@ This last step is required when ever you make changes to your configuration.
> ℹ️ **Info**: It is recommended to edit the configuration using the command
> line interface. If using Winbox on Windows OS, the line endings may be
-> missing. To fix this run:
+> missing. To fix this run:
> `/system/script/set source=[ :tocrlf [ get global-config-overlay source ] ] global-config-overlay;`
Updating scripts
@@ -401,7 +404,7 @@ immediately remove the link in question.
Upstream
--------
-[](https://rsc.eworm.de/)
+[](https://rsc.eworm.de/)
URL:
[GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts)
diff --git a/check-certificates.rsc b/check-certificates.rsc
index f2d5c1f..3300bee 100644
--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@@ -189,7 +189,7 @@
fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
:local CertNewVal [ /certificate/get $CertNew ];
- :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") ] = false) do={
+ :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") "fetch" ] = false) do={
$LogPrint warning $ScriptName ("The certificate chain is not available!");
}
diff --git a/contrib/Makefile b/contrib/Makefile
new file mode 100644
index 0000000..aae3178
--- /dev/null
+++ b/contrib/Makefile
@@ -0,0 +1,10 @@
+# Makefile
+
+HTML := $(wildcard *.html)
+
+.PHONY: all docs
+
+all: docs
+
+docs: $(HTML)
+ sed -i '/href=/s|\.md|\.html|' $(HTML)
diff --git a/contrib/checksums.sh b/contrib/checksums.sh
index b472b49..ab4e973 100755
--- a/contrib/checksums.sh
+++ b/contrib/checksums.sh
@@ -6,4 +6,4 @@ set -e
md5sum $(find -name '*.rsc' | sort) | \
sed -e "s| \./||" -e 's|.rsc$||' | \
- jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add' > 'checksums.json'
+ jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add'
diff --git a/contrib/html.sh b/contrib/html.sh
index 5b0b978..6276df1 100755
--- a/contrib/html.sh
+++ b/contrib/html.sh
@@ -7,6 +7,8 @@ sed \
-e "s|__TITLE__|$(head -n1 "${1}")|" \
-e "s|__STYLE__|$(realpath --relative-to="${RELTO}" general/style.css)|" \
-e "s|__LOGO__|$(realpath --relative-to="${RELTO}" logo.png)|" \
+ -e "s|__EWORM__|$(realpath --relative-to="${RELTO}" general/eworm-meadow.avif)|" \
+ -e "s|__QR_CODE__|$(realpath --relative-to="${RELTO}" general/qr-code.png)|" \
< "${0}.d/head.html"
markdown -f toc,idanchor "${1}" | sed \
-e 's/href="\([-_\./[:alnum:]]*\)\.md\(#[-[:alnum:]]*\)\?"/href="\1.html\2"/g' \
diff --git a/contrib/html.sh.d/head.html b/contrib/html.sh.d/head.html
index 779e246..1d4f93a 100644
--- a/contrib/html.sh.d/head.html
+++ b/contrib/html.sh.d/head.html
@@ -1,6 +1,17 @@
-RouterOS Scripts :: __TITLE__
-
+
+RouterOS Scripts :: __TITLE__
+
+
+  |
+  |
+ RouterOS Scripts |
+
+
+ | a collection of scripts for MikroTik RouterOS |
+
+
+
diff --git a/contrib/logo-color.html b/contrib/logo-color.html
index 507445b..f824e2d 100644
--- a/contrib/logo-color.html
+++ b/contrib/logo-color.html
@@ -1,14 +1,14 @@
-
-
-
-
-RouterOS-Scripts Logo Color Changer
+
+
+RouterOS Scripts :: Logo Color Changer
+
-
-
+
-RouterOS-Scripts Logo Color Changer
+Logo Color Changer
+
+⬅️ Go back to main README
You want the logo for your own notifications? But you joined the
Telegram Group and want
@@ -24,17 +24,20 @@ something that differentiates? Color it!
Then right-click, click "Take Screenshot" and finally select the
logo and download it.
-
-
-
+
+
+
(This example is with
Firefox. The workflow
for other browsers may differ.)
See how to
-Set
+Set
a profile photo for your Telegram bot.
-
-
+
+
+⬅️ Go back to main README
+⬆️ Go back to top
+
diff --git a/contrib/notification.html b/contrib/notification.html
index b7d6764..a4d0486 100644
--- a/contrib/notification.html
+++ b/contrib/notification.html
@@ -1,14 +1,14 @@
-
-
-
-
-RouterOS-Scripts Notification Generator
+
+
+RouterOS Scripts :: Notification Generator
+
-
-
+
-RouterOS-Scripts Notification Generator
+Notification Generator
+
+⬅️ Go back to main README
@@ -16,8 +16,8 @@
[MikroTik] ℹ️ Subject
Message
🔗 https://eworm.de/
-
⏰ This message was queued since oct/18/2022 18:30:48 and may be obsolete.
-
✂️ The message was too long and has been truncated, cut off 13%!
+
⏰ This message was queued since 2025-10-29 16:06:18 and may be obsolete.
+
✂️ The message was too long and has been truncated, cut off 13%!
@@ -25,11 +25,14 @@
Subject:
Message:
Show link:
- Queued since
+ Queued since
Cut-off with percent
Then right-click, click "Take Screenshot" and finally select the
notification and download it.
-
-
+
+
+⬅️ Go back to main README
+⬆️ Go back to top
+
diff --git a/doc/mod/notification-matrix.md b/doc/mod/notification-matrix.md
index da6d6de..ad4cf4f 100644
--- a/doc/mod/notification-matrix.md
+++ b/doc/mod/notification-matrix.md
@@ -49,7 +49,7 @@ your server in device's certificate store.
The example below is for `matrix.org`, which uses a trust chain from *Google
Trust Services*. Run this to import the required certificate:
- $CertificateAvailable "GTS Root R4";
+ $CertificateAvailable "GTS Root R4" "fetch";
Replace the CA certificate name with what ever is needed for your server.
You may want to find the
diff --git a/doc/mod/notification-telegram.md b/doc/mod/notification-telegram.md
index 804104f..05180b2 100644
--- a/doc/mod/notification-telegram.md
+++ b/doc/mod/notification-telegram.md
@@ -107,7 +107,7 @@ chat with [BotFather ↗️](https://t.me/BotFather) and set it there.
Have a look at my
-[RouterOS-Scripts Logo Color Changer](https://git.eworm.de/cgit/routeros-scripts/plain/contrib/logo-color.html)
+[RouterOS-Scripts Logo Color Changer](../../contrib/logo-color.html)
to create a colored version of this scripts' logo.
See also
diff --git a/fw-addr-lists.d/allow b/fw-addr-lists.d/allow
index 8b59ed7..8c4ca3c 100644
--- a/fw-addr-lists.d/allow
+++ b/fw-addr-lists.d/allow
@@ -1,3 +1,3 @@
# an ip address list for use with fw-addr-lists script
-# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md
-git.eworm.de
+# https://rsc.eworm.de/doc/fw-addr-lists.md
+rsc.eworm.de
diff --git a/fw-addr-lists.d/block b/fw-addr-lists.d/block
index 5e9fef2..86a6c62 100644
--- a/fw-addr-lists.d/block
+++ b/fw-addr-lists.d/block
@@ -1,5 +1,5 @@
# an ip address list for use with fw-addr-lists script
-# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md
+# https://rsc.eworm.de/doc/fw-addr-lists.md
# example.net
93.184.216.34
diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc
index c85cc8b..e5a71aa 100644
--- a/fw-addr-lists.rsc
+++ b/fw-addr-lists.rsc
@@ -74,7 +74,7 @@
:if ([ :len ($List->"cert") ] > 0) do={
:set CheckCertificate true;
- :if ([ $CertificateAvailable ($List->"cert") ] = false) do={
+ :if ([ $CertificateAvailable ($List->"cert") "fetch" ] = false) do={
$LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \
" / " . $List->"url" . ") failed, trying anyway.");
}
diff --git a/general/eworm-meadow.avif b/general/eworm-meadow.avif
new file mode 100644
index 0000000..f592d59
Binary files /dev/null and b/general/eworm-meadow.avif differ
diff --git a/README.d/upstream.png b/general/qr-code.png
similarity index 100%
rename from README.d/upstream.png
rename to general/qr-code.png
diff --git a/general/style.css b/general/style.css
index ad25c7c..016ca63 100644
--- a/general/style.css
+++ b/general/style.css
@@ -18,7 +18,7 @@ a:hover {
blockquote {
border-left: 4px solid #ccc;
padding: 0 10px;
- color: #777;
+ color: #555;
}
code {
margin: 0 2px;
@@ -68,6 +68,18 @@ pre code {
span.link {
color: #863600;
}
+td.head-top {
+ height: 48px;
+ vertical-align: bottom;
+ font-size: 250%;
+ font-weight: bold;
+}
+td.head-bottom {
+ height: 48px;
+ vertical-align: top;
+ font-size: 125%;
+ color: #555;
+}
@media only screen and (orientation: landscape) {
body {
margin-left: 10vw;
diff --git a/global-functions.rsc b/global-functions.rsc
index 3089d2e..48aaf7f 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -106,11 +106,15 @@
# check and download required certificate
:set CertificateAvailable do={
:local CommonName [ :tostr $1 ];
+ :local UseFor [ :tostr $2 ];
:global CertificateDownload;
+ :global EitherOr;
:global LogPrint;
:global ParseKeyValueStore;
+ :set UseFor [ $EitherOr $UseFor "undefined" ];
+
:if ([ /system/resource/get free-hdd-space ] < 8388608 && \
[ /certificate/settings/get crl-download ] = true && \
[ /certificate/settings/get crl-store ] = "system") do={
@@ -123,7 +127,10 @@
:return false;
}
- :if (([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \
+ :local CertSettings [ /certificate/settings/get ];
+ :if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \
+ ($CertSettings->"builtin-trust-store") ~ $UseFor || \
+ ($CertSettings->"builtin-trust-store") = "all") && \
[[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={
:return true;
}
@@ -397,7 +404,7 @@
:return true;
}
- :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={
+ :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={
$LogPrint error $0 ("Downloading required certificate failed.");
:return false;
}
@@ -633,7 +640,7 @@
}
:do {
- :if ([ $CertificateAvailable "GTS Root R4" ] = false) do={
+ :if ([ $CertificateAvailable "GTS Root R4" "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading required certificate failed.");
:error false;
}
@@ -1241,7 +1248,7 @@
:global SymbolForNotification;
:global ValidateSyntax;
- :if ([ $CertificateAvailable "ISRG Root X2" ] = false) do={
+ :if ([ $CertificateAvailable "ISRG Root X2" "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading certificate failed, trying without.");
}
@@ -1292,7 +1299,7 @@
}
:if ([ :len ($ScriptInfo->"certificate") ] > 0) do={
- :if ([ $CertificateAvailable ($ScriptInfo->"certificate") ] = false) do={
+ :if ([ $CertificateAvailable ($ScriptInfo->"certificate") "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading certificate failed, trying without.");
}
}
@@ -1309,9 +1316,19 @@
}
} do={
$LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "': " . $Err);
+ :if ($Err != "Fetch failed with status 404") do={
+ :error false;
+ }
+
:if ($ScriptVal->"source" = "#!rsc by RouterOS\n") do={
$LogPrint warning $0 ("Removing dummy. Typo on installation?");
/system/script/remove $Script;
+ :error false;
+ }
+ :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \
+ [ :len $CheckSum ] = 0) do={
+ $LogPrintOnce warning $0 \
+ ("Added the script manually? Skip updates with 'ignore=true' in comment.");
}
:error false;
}
diff --git a/mod/notification-ntfy.rsc b/mod/notification-ntfy.rsc
index 7114020..dd10812 100644
--- a/mod/notification-ntfy.rsc
+++ b/mod/notification-ntfy.rsc
@@ -109,7 +109,7 @@
:onerror Err {
:if ($Server = "ntfy.sh") do={
- :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={
+ :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading required certificate failed.");
:error false;
}
diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc
index ff9b4da..b1996a3 100644
--- a/mod/notification-telegram.rsc
+++ b/mod/notification-telegram.rsc
@@ -30,7 +30,7 @@
:return false;
}
- :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+ :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading required certificate failed.");
:return false;
}
@@ -72,7 +72,7 @@
:global CertificateAvailable;
:global LogPrint;
- :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+ :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading required certificate failed.");
:return false;
}
@@ -197,7 +197,7 @@
"&reply_to_message_id=" . ($Notification->"replyto") . "&message_thread_id=" . $ThreadId . \
"&disable_web_page_preview=true&parse_mode=MarkdownV2");
:onerror Err {
- :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+ :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading required certificate failed.");
:error false;
}
diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc
index 9e2f9bc..eee5f85 100644
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@@ -112,7 +112,7 @@
:foreach DohServer in=$DohServers do={
:if ([ :len ($DohServer->"doh-cert") ] > 0) do={
- :if ([ $CertificateAvailable ($DohServer->"doh-cert") ] = false) do={
+ :if ([ $CertificateAvailable ($DohServer->"doh-cert") "dns" ] = false) do={
$LogPrint warning $ScriptName ("Downloading certificate failed, trying without.");
}
}
diff --git a/telegram-chat.rsc b/telegram-chat.rsc
index 7f7b7a7..54872fb 100644
--- a/telegram-chat.rsc
+++ b/telegram-chat.rsc
@@ -61,7 +61,7 @@
:set TelegramRandomDelay 0;
}
- :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+ :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
$LogPrint warning $ScriptName ("Downloading required certificate failed.");
:set ExitOK true;
:error false;
diff --git a/update-tunnelbroker.rsc b/update-tunnelbroker.rsc
index 9057e1e..5372f4c 100644
--- a/update-tunnelbroker.rsc
+++ b/update-tunnelbroker.rsc
@@ -28,7 +28,7 @@
:error false;
}
- :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" ] = false) do={
+ :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" "fetch" ] = false) do={
$LogPrint error $ScriptName ("Downloading required certificate failed.");
:set ExitOK true;
:error false;