diff --git a/CERTIFICATES.md b/CERTIFICATES.md index 69d6c185..0e0a8671 100644 --- a/CERTIFICATES.md +++ b/CERTIFICATES.md @@ -61,7 +61,7 @@ Import a certificate by CommonName Running the function `$CertificateAvailable` with that name as parameter makes sure the certificate is available in the device's store: - $CertificateAvailable "ISRG Root X2"; + $CertificateAvailable "ISRG Root X2" "fetch"; If the certificate is actually available already nothing happens, and there is no output. Otherwise the certificate is downloaded and imported. diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md index 40f609b9..6e70b66a 100644 --- a/INITIAL-COMMANDS.md +++ b/INITIAL-COMMANDS.md @@ -22,8 +22,11 @@ Run the complete base installation: :local CertFileName "ISRG-Root-X2.pem"; :local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; - :if (!(([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \ - [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={ + :local CertSettings [ /certificate/settings/get ]; + :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \ + ($CertSettings->"builtin-trust-store") ~ "fetch" || \ + ($CertSettings->"builtin-trust-store") = "all") && \ + [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={ :put "Importing certificate..."; /tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value; :delay 1s; diff --git a/Makefile b/Makefile index 0265a51a..f841ca2b 100644 --- a/Makefile +++ b/Makefile @@ -2,18 +2,28 @@ # template scripts -> final scripts # markdown files -> html files -CAPSMAN = $(wildcard *.capsman.rsc) -LOCAL = $(wildcard *.local.rsc) -WIFI = $(wildcard *.wifi.rsc) +ALL_RSC := $(wildcard *.rsc */*.rsc) +GEN_RSC := $(wildcard *.capsman.rsc *.local.rsc *.wifi.rsc) -MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md) -HTML = $(MARKDOWN:.md=.html) +MARKDOWN := $(wildcard *.md doc/*.md doc/mod/*.md) +HTML := $(MARKDOWN:.md=.html) -all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json +.PHONY: all checksums docs rsc clean -%.html: %.md contrib/html.sh contrib/html.sh.d/head.html +all: checksums docs rsc + +checksums: checksums.json + +checksums.json: contrib/checksums.sh $(ALL_RSC) + contrib/checksums.sh > $@ + +docs: $(HTML) + +%.html: %.md general/style.css contrib/html.sh contrib/html.sh.d/head.html contrib/html.sh $< > $@ +rsc: $(GEN_RSC) + %.capsman.rsc: %.template.rsc Makefile sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \ -e '/^# NOT \/caps-man\/ #$$/,/^# NOT \/caps-man\/ #$$/d' \ @@ -32,8 +42,5 @@ all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ < $< > $@ -checksums.json: contrib/checksums.sh *.rsc */*.rsc - contrib/checksums.sh - clean: rm -f $(HTML) checksums.json diff --git a/README.md b/README.md index b0d26bdf..36408ec6 100644 --- a/README.md +++ b/README.md @@ -77,8 +77,11 @@ download the certificates. > 💡️ **Hint**: RouterOS 7.19 comes with a builtin certificate store. You > can skip the steps regarding certificate download and import and jump > to [installation of scripts](#installation-of-scripts) if you set the -> trust for these builtin trust anchors: -> `/certificate/settings/set builtin-trust-anchors=trusted;` +> trust for these builtin trust anchors: +> `/certificate/settings/set builtin-trust-anchors=trusted;` +> With RouterOS 7.21 the functionality was changed. Set this at minimum, +> but make sure not to drop other targets: +> `/certificate/settings/set builtin-trust-store=fetch;` If you intend to download the scripts from a different location (for example from github.com) install the corresponding @@ -173,7 +176,7 @@ This last step is required when ever you make changes to your configuration. > ℹ️ **Info**: It is recommended to edit the configuration using the command > line interface. If using Winbox on Windows OS, the line endings may be -> missing. To fix this run: +> missing. To fix this run: > `/system/script/set source=[ :tocrlf [ get global-config-overlay source ] ] global-config-overlay;` Updating scripts @@ -401,7 +404,7 @@ immediately remove the link in question. Upstream -------- -[![upstream](README.d/upstream.png)](https://rsc.eworm.de/) +[![upstream](general/qr-code.png)](https://rsc.eworm.de/) URL: [GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts) diff --git a/check-certificates.rsc b/check-certificates.rsc index f2d5c1f3..3300bee8 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -189,7 +189,7 @@ fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ]; :local CertNewVal [ /certificate/get $CertNew ]; - :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") ] = false) do={ + :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") "fetch" ] = false) do={ $LogPrint warning $ScriptName ("The certificate chain is not available!"); } diff --git a/contrib/Makefile b/contrib/Makefile new file mode 100644 index 00000000..aae31786 --- /dev/null +++ b/contrib/Makefile @@ -0,0 +1,10 @@ +# Makefile + +HTML := $(wildcard *.html) + +.PHONY: all docs + +all: docs + +docs: $(HTML) + sed -i '/href=/s|\.md|\.html|' $(HTML) diff --git a/contrib/checksums.sh b/contrib/checksums.sh index b472b49f..ab4e9738 100755 --- a/contrib/checksums.sh +++ b/contrib/checksums.sh @@ -6,4 +6,4 @@ set -e md5sum $(find -name '*.rsc' | sort) | \ sed -e "s| \./||" -e 's|.rsc$||' | \ - jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add' > 'checksums.json' + jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add' diff --git a/contrib/html.sh b/contrib/html.sh index bbd8ba86..6276df1a 100755 --- a/contrib/html.sh +++ b/contrib/html.sh @@ -2,8 +2,16 @@ set -e -sed "s|__TITLE__|$(head -n1 "${1}")|" < "${0}.d/head.html" +RELTO="$(dirname "${1}")" +sed \ + -e "s|__TITLE__|$(head -n1 "${1}")|" \ + -e "s|__STYLE__|$(realpath --relative-to="${RELTO}" general/style.css)|" \ + -e "s|__LOGO__|$(realpath --relative-to="${RELTO}" logo.png)|" \ + -e "s|__EWORM__|$(realpath --relative-to="${RELTO}" general/eworm-meadow.avif)|" \ + -e "s|__QR_CODE__|$(realpath --relative-to="${RELTO}" general/qr-code.png)|" \ + < "${0}.d/head.html" markdown -f toc,idanchor "${1}" | sed \ - -e 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' \ - -e '/| id="\L\1">|' + -e 's/href="\([-_\./[:alnum:]]*\)\.md\(#[-[:alnum:]]*\)\?"/href="\1.html\2"/g' \ + -e '/| id="\L\1">|' \ + -e '/' diff --git a/contrib/html.sh.d/head.html b/contrib/html.sh.d/head.html index 1b1dd03a..1d4f93a3 100644 --- a/contrib/html.sh.d/head.html +++ b/contrib/html.sh.d/head.html @@ -1,15 +1,17 @@ -RouterOS Scripts :: __TITLE__ - - - + +RouterOS Scripts :: __TITLE__ + + + + + + + + + + + +
eworm on meadowQR code: rsc.eworm.deRouterOS Scripts
a collection of scripts for MikroTik RouterOS
+
diff --git a/contrib/logo-color.d/style.css b/contrib/logo-color.d/style.css deleted file mode 100644 index eb2ec6a1..00000000 --- a/contrib/logo-color.d/style.css +++ /dev/null @@ -1,5 +0,0 @@ -body { - font-family: fira-sans, sans-serif; - font-size: 10pt; - background-color: transparent; -} diff --git a/contrib/logo-color.html b/contrib/logo-color.html index 17942cea..f824e2d4 100644 --- a/contrib/logo-color.html +++ b/contrib/logo-color.html @@ -1,14 +1,14 @@ - - - - -RouterOS-Scripts Logo Color Changer - + + +RouterOS Scripts :: Logo Color Changer + + - - + -

RouterOS-Scripts Logo Color Changer

+

Logo Color Changer

+ +

⬅️ Go back to main README

You want the logo for your own notifications? But you joined the Telegram Group and want @@ -24,17 +24,20 @@ something that differentiates? Color it!

Then right-click, click "Take Screenshot" and finally select the logo and download it.

-

Screenshot Browser 01 -Screenshot Browser 02 -Screenshot Browser 03

+

Screenshot Browser 01

+

Screenshot Browser 02

+

Screenshot Browser 03

(This example is with Firefox. The workflow for other browsers may differ.)

See how to -Set +Set a profile photo for your Telegram bot.

- - +
+ +

⬅️ Go back to main README
+⬆️ Go back to top

+ diff --git a/contrib/notification.d/style.css b/contrib/notification.d/style.css deleted file mode 100644 index 648ea23c..00000000 --- a/contrib/notification.d/style.css +++ /dev/null @@ -1,36 +0,0 @@ -body { - font-family: fira-sans, sans-serif; - font-size: 10pt; - background-color: transparent; -} -div.notification { - position: relative; - float: right; - width: 600px; - border: 3px outset #6c5d53; - /* border-radius: 5px; */ - padding: 10px; - background-color: #e6e6e6; -} -div.content { - padding-left: 60px; -} -img.logo { - float: left; - border-radius: 50%; -} -p.heading { - margin: 0px; - font-weight: bold; - text-decoration: underline; -} -p.hint { - display: none; -} -pre { - font-family: fira-mono, monospace; - white-space: pre-wrap; -} -span.link { - color: #863600; -} diff --git a/contrib/notification.html b/contrib/notification.html index 78750362..a4d04864 100644 --- a/contrib/notification.html +++ b/contrib/notification.html @@ -1,14 +1,14 @@ - - - - -RouterOS-Scripts Notification Generator - - - - + + +RouterOS Scripts :: Notification Generator + + + + -

RouterOS-Scripts Notification Generator

+

Notification Generator

+ +

⬅️ Go back to main README

@@ -16,8 +16,8 @@

[MikroTik] ℹ️ Subject

Message
-

⏰ This message was queued since oct/18/2022 18:30:48 and may be obsolete.

-

✂️ The message was too long and has been truncated, cut off 13%!

+

⏰ This message was queued since 2025-10-29 16:06:18 and may be obsolete.

+

✂️ The message was too long and has been truncated, cut off 13%!

@@ -25,11 +25,14 @@

Subject:

Message:

Show link:

-

Queued since

+

Queued since

Cut-off with percent

Then right-click, click "Take Screenshot" and finally select the notification and download it.

- - +
+ +

⬅️ Go back to main README
+⬆️ Go back to top

+ diff --git a/doc/mod/notification-matrix.md b/doc/mod/notification-matrix.md index da6d6dea..ad4cf4f9 100644 --- a/doc/mod/notification-matrix.md +++ b/doc/mod/notification-matrix.md @@ -49,7 +49,7 @@ your server in device's certificate store. The example below is for `matrix.org`, which uses a trust chain from *Google Trust Services*. Run this to import the required certificate: - $CertificateAvailable "GTS Root R4"; + $CertificateAvailable "GTS Root R4" "fetch"; Replace the CA certificate name with what ever is needed for your server. You may want to find the diff --git a/doc/mod/notification-telegram.md b/doc/mod/notification-telegram.md index 804104fa..05180b2a 100644 --- a/doc/mod/notification-telegram.md +++ b/doc/mod/notification-telegram.md @@ -107,7 +107,7 @@ chat with [BotFather ↗️](https://t.me/BotFather) and set it there. ![set profile photo](notification-telegram.d/setuserpic.avif) Have a look at my -[RouterOS-Scripts Logo Color Changer](https://git.eworm.de/cgit/routeros-scripts/plain/contrib/logo-color.html) +[RouterOS-Scripts Logo Color Changer](../../contrib/logo-color.html) to create a colored version of this scripts' logo. See also diff --git a/fw-addr-lists.d/allow b/fw-addr-lists.d/allow index 8b59ed7c..8c4ca3c7 100644 --- a/fw-addr-lists.d/allow +++ b/fw-addr-lists.d/allow @@ -1,3 +1,3 @@ # an ip address list for use with fw-addr-lists script -# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md -git.eworm.de +# https://rsc.eworm.de/doc/fw-addr-lists.md +rsc.eworm.de diff --git a/fw-addr-lists.d/block b/fw-addr-lists.d/block index 5e9fef29..86a6c626 100644 --- a/fw-addr-lists.d/block +++ b/fw-addr-lists.d/block @@ -1,5 +1,5 @@ # an ip address list for use with fw-addr-lists script -# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md +# https://rsc.eworm.de/doc/fw-addr-lists.md # example.net 93.184.216.34 diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index c85cc8bf..e5a71aa6 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -74,7 +74,7 @@ :if ([ :len ($List->"cert") ] > 0) do={ :set CheckCertificate true; - :if ([ $CertificateAvailable ($List->"cert") ] = false) do={ + :if ([ $CertificateAvailable ($List->"cert") "fetch" ] = false) do={ $LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \ " / " . $List->"url" . ") failed, trying anyway."); } diff --git a/general/eworm-meadow.avif b/general/eworm-meadow.avif new file mode 100644 index 00000000..f592d59b Binary files /dev/null and b/general/eworm-meadow.avif differ diff --git a/README.d/upstream.png b/general/qr-code.png similarity index 100% rename from README.d/upstream.png rename to general/qr-code.png diff --git a/general/style.css b/general/style.css new file mode 100644 index 00000000..016ca631 --- /dev/null +++ b/general/style.css @@ -0,0 +1,91 @@ +/* stylesheet for RouterOS Scripts */ +body { + background-color: transparent; + font-family: fira-sans, sans-serif; + font-size: 10pt; + line-height: 1.6; +} +h2 { + border-bottom: 1px solid #ccc; + color: #000; +} +a { + text-decoration: none; +} +a:hover { + text-decoration: underline; +} +blockquote { + border-left: 4px solid #ccc; + padding: 0 10px; + color: #555; +} +code { + margin: 0 2px; + padding: 2px 5px; + border: 1px solid #ccc; + background-color: #f8f8f8; + border-radius: 3px; +} +div.notification { + position: relative; + float: none; + width: 600px; + border: 3px outset #6c5d53; + /* border-radius: 5px; */ + padding: 10px; + background-color: #e6e6e6; +} +div.content { + padding-left: 60px; +} +img.logo { + float: left; + border-radius: 50%; +} +p.heading { + margin: 0px; + font-weight: bold; + text-decoration: underline; +} +p.hint { + display: none; +} +pre { + font-family: fira-mono, monospace; + white-space: pre-wrap; + background-color: #f8f8f8; + border: 1px solid #ccc; + overflow: auto; + padding: 6px 10px; + border-radius: 3px; +} +pre code { + margin: 0; + padding: 0; + border: 0; +} +span.link { + color: #863600; +} +td.head-top { + height: 48px; + vertical-align: bottom; + font-size: 250%; + font-weight: bold; +} +td.head-bottom { + height: 48px; + vertical-align: top; + font-size: 125%; + color: #555; +} +@media only screen and (orientation: landscape) { + body { + margin-left: 10vw; + margin-right: 10vw; + } + div.notification { + float: right; + } +} diff --git a/global-functions.rsc b/global-functions.rsc index 3089d2e2..48aaf7fb 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -106,11 +106,15 @@ # check and download required certificate :set CertificateAvailable do={ :local CommonName [ :tostr $1 ]; + :local UseFor [ :tostr $2 ]; :global CertificateDownload; + :global EitherOr; :global LogPrint; :global ParseKeyValueStore; + :set UseFor [ $EitherOr $UseFor "undefined" ]; + :if ([ /system/resource/get free-hdd-space ] < 8388608 && \ [ /certificate/settings/get crl-download ] = true && \ [ /certificate/settings/get crl-store ] = "system") do={ @@ -123,7 +127,10 @@ :return false; } - :if (([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \ + :local CertSettings [ /certificate/settings/get ]; + :if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \ + ($CertSettings->"builtin-trust-store") ~ $UseFor || \ + ($CertSettings->"builtin-trust-store") = "all") && \ [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={ :return true; } @@ -397,7 +404,7 @@ :return true; } - :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={ + :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={ $LogPrint error $0 ("Downloading required certificate failed."); :return false; } @@ -633,7 +640,7 @@ } :do { - :if ([ $CertificateAvailable "GTS Root R4" ] = false) do={ + :if ([ $CertificateAvailable "GTS Root R4" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; } @@ -1241,7 +1248,7 @@ :global SymbolForNotification; :global ValidateSyntax; - :if ([ $CertificateAvailable "ISRG Root X2" ] = false) do={ + :if ([ $CertificateAvailable "ISRG Root X2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading certificate failed, trying without."); } @@ -1292,7 +1299,7 @@ } :if ([ :len ($ScriptInfo->"certificate") ] > 0) do={ - :if ([ $CertificateAvailable ($ScriptInfo->"certificate") ] = false) do={ + :if ([ $CertificateAvailable ($ScriptInfo->"certificate") "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading certificate failed, trying without."); } } @@ -1309,9 +1316,19 @@ } } do={ $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "': " . $Err); + :if ($Err != "Fetch failed with status 404") do={ + :error false; + } + :if ($ScriptVal->"source" = "#!rsc by RouterOS\n") do={ $LogPrint warning $0 ("Removing dummy. Typo on installation?"); /system/script/remove $Script; + :error false; + } + :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \ + [ :len $CheckSum ] = 0) do={ + $LogPrintOnce warning $0 \ + ("Added the script manually? Skip updates with 'ignore=true' in comment."); } :error false; } diff --git a/mod/notification-ntfy.rsc b/mod/notification-ntfy.rsc index 71140209..dd10812e 100644 --- a/mod/notification-ntfy.rsc +++ b/mod/notification-ntfy.rsc @@ -109,7 +109,7 @@ :onerror Err { :if ($Server = "ntfy.sh") do={ - :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={ + :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; } diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index ff9b4da2..b1996a32 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -30,7 +30,7 @@ :return false; } - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :return false; } @@ -72,7 +72,7 @@ :global CertificateAvailable; :global LogPrint; - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :return false; } @@ -197,7 +197,7 @@ "&reply_to_message_id=" . ($Notification->"replyto") . "&message_thread_id=" . $ThreadId . \ "&disable_web_page_preview=true&parse_mode=MarkdownV2"); :onerror Err { - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; } diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc index 9e2f9bcf..eee5f854 100644 --- a/netwatch-dns.rsc +++ b/netwatch-dns.rsc @@ -112,7 +112,7 @@ :foreach DohServer in=$DohServers do={ :if ([ :len ($DohServer->"doh-cert") ] > 0) do={ - :if ([ $CertificateAvailable ($DohServer->"doh-cert") ] = false) do={ + :if ([ $CertificateAvailable ($DohServer->"doh-cert") "dns" ] = false) do={ $LogPrint warning $ScriptName ("Downloading certificate failed, trying without."); } } diff --git a/telegram-chat.rsc b/telegram-chat.rsc index 7f7b7a79..54872fb9 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -61,7 +61,7 @@ :set TelegramRandomDelay 0; } - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint warning $ScriptName ("Downloading required certificate failed."); :set ExitOK true; :error false; diff --git a/update-tunnelbroker.rsc b/update-tunnelbroker.rsc index 9057e1e4..5372f4c2 100644 --- a/update-tunnelbroker.rsc +++ b/update-tunnelbroker.rsc @@ -28,7 +28,7 @@ :error false; } - :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" ] = false) do={ + :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" "fetch" ] = false) do={ $LogPrint error $ScriptName ("Downloading required certificate failed."); :set ExitOK true; :error false;