diff --git a/DEBUG.md b/DEBUG.md index d5e9beb..3d7f025 100644 --- a/DEBUG.md +++ b/DEBUG.md @@ -44,20 +44,6 @@ instead. Disable or remote that setting to restore regular logging. -## Verbose output - -Specific scripts can generate huge amount of output. These do use a function -`$LogPrintVerbose`, which is declared, but has no code, intentionally. - -If you *really* want that output set the function to be the same as -`$LogPrint`: - - :set LogPrintVerbose $LogPrint; - -To revert that change just run: - - :set LogPrintVerbose; - --- [⬅️ Go back to main README](README.md) [⬆️ Go back to top](#top) diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md index 8b64d28..424ef32 100644 --- a/INITIAL-COMMANDS.md +++ b/INITIAL-COMMANDS.md @@ -19,7 +19,7 @@ Run the complete base installation: { /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem" as-value; :delay 1s; - /certificate/import file-name="isrg-root-x2.pem" passphrase=""; + /certificate/import file-name=isrg-root-x2.pem passphrase=""; :if ([ :len [ /certificate/find where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 1) do={ :error "Something is wrong with your certificates!"; }; diff --git a/README.md b/README.md index fae6986..a76d50f 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ file to your MikroTik device. Then we import the certificate. - /certificate/import file-name="isrg-root-x2.pem" passphrase=""; + /certificate/import file-name=isrg-root-x2.pem passphrase=""; Do not worry that the command is not shown - that happens because it contains a sensitive property, the passphrase. diff --git a/capsman-download-packages.capsman.rsc b/capsman-download-packages.capsman.rsc index 25c43f5..4387cb1 100644 --- a/capsman-download-packages.capsman.rsc +++ b/capsman-download-packages.capsman.rsc @@ -62,7 +62,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile ($File->"name"); + $RmFile $Package; } } diff --git a/capsman-download-packages.template.rsc b/capsman-download-packages.template.rsc index b269838..744494e 100644 --- a/capsman-download-packages.template.rsc +++ b/capsman-download-packages.template.rsc @@ -64,7 +64,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile ($File->"name"); + $RmFile $Package; } } diff --git a/capsman-download-packages.wifi.rsc b/capsman-download-packages.wifi.rsc index 901bb0a..a0c5e12 100644 --- a/capsman-download-packages.wifi.rsc +++ b/capsman-download-packages.wifi.rsc @@ -62,7 +62,7 @@ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ ($File->"package-architecture") $PackagePath ] = true) do={ :set Updated true; - $RmFile ($File->"name"); + $RmFile $Package; } } diff --git a/certs/Makefile b/certs/Makefile index 3ccad6e..4e252b4 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -15,7 +15,7 @@ DOMAINS_DUAL = \ git.eworm.de/ISRG-Root-X2 \ lists.blocklist.de/Certum-Trusted-Network-CA \ matrix.org/GTS-Root-R4 \ - raw.githubusercontent.com/USERTrust-RSA-Certification-Authority \ + raw.githubusercontent.com/DigiCert-Global-Root-G2 \ rsc.eworm.de/ISRG-Root-X2 \ upgrade.mikrotik.com/ISRG-Root-X1 DOMAINS_IPV4 = \ diff --git a/certs/USERTrust-RSA-Certification-Authority.pem b/certs/USERTrust-RSA-Certification-Authority.pem deleted file mode 100644 index 0fbeef6..0000000 --- a/certs/USERTrust-RSA-Certification-Authority.pem +++ /dev/null @@ -1,41 +0,0 @@ -# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network -# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network -# Label: "USERTrust RSA Certification Authority" -# Serial: 2645093764781058787591871645665788717 -# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5 -# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e -# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2 ------BEGIN CERTIFICATE----- -MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB -iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl -cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV -BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw -MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV -BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B -3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY -tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ -Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 -VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT -79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 -c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT -Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l -c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee -UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE -Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd -BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G -A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF -Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO -VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 -ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs -8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR -iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze -Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ -XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ -qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB -VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB -L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG -jjxDah2nGN59PRbxYvnKkKj9 ------END CERTIFICATE----- diff --git a/check-certificates.rsc b/check-certificates.rsc index be8e4df..0907395 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -48,26 +48,21 @@ :global UrlEncode; :global WaitForFile; - :foreach Type in={ "p12"; "pem" } do={ - :local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type); - $LogPrint debug $ScriptName ("Trying type '" . $Type . "' for '" . $CertName . \ - "' (file '" . $CertFileName . "')..."); + :local Return false; + :foreach Type in={ ".pem"; ".p12" } do={ + :local CertFileName ([ $UrlEncode $FetchName ] . $Type); :do { /tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \ ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value; $WaitForFile $CertFileName; :local DecryptionFailed true; - :foreach I,PassPhrase in=$CertRenewPass do={ - :do { - $LogPrint debug $ScriptName ("Trying " . $I . ". passphrase... "); - :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ]; - :if ($Result->"decryption-failures" = 0) do={ - $LogPrint debug $ScriptName ("Success!"); - :set DecryptionFailed false; - } - } on-error={ } + :foreach PassPhrase in=$CertRenewPass do={ + :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ]; + :if ($Result->"decryption-failures" = 0) do={ + :set DecryptionFailed false; + } } $RmFile $CertFileName; @@ -82,13 +77,13 @@ $CertificateNameByCN [ /certificate/get $CertInChain common-name ]; } - :return true; + :set Return true; } on-error={ $LogPrint debug $ScriptName ("Could not download certificate file '" . $CertFileName . "'."); } } - :return false; + :return $Return; } :local FormatInfo do={ diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index 78161e4..361be34 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -66,27 +66,6 @@ :error "A reboot for update is already scheduled."; } - :local License [ /system/license/get ]; - :if ([ :typeof ($License->"deadline-at") ] = "str") do={ - :if ([ :len ($License->"next-renewal-at") ] = 0 && ($License->"limited-upgrades") = true) do={ - $LogPrint warning $ScriptName ("Your license expired on " . ($License->"deadline-at") . "!"); - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "warning-sign" ] . "License expired!"); \ - message=("Your license expired on " . ($License->"deadline-at") . \ - ", can no longer update RouterOS on " . $Identity . "...") }); - :set ExitOK true; - :error false; - } - - :if ([ :totime ($License->"deadline-at") ] - 3w < [ :timestamp ]) do={ - $LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!"); - $SendNotification2 ({ origin=$ScriptName; \ - subject=([ $SymbolForNotification "warning-sign" ] . "License about to expire!"); \ - message=("Your license failed to renew and is about to expire on " . \ - ($License->"deadline-at") . " on " . $Identity . "...") }); - } - } - $LogPrint debug $ScriptName ("Checking for updates..."); /system/package/update/check-for-updates without-paging as-value; :local Update [ /system/package/update/get ]; diff --git a/doc/mod/notification-telegram.d/getchatid.avif b/doc/mod/notification-telegram.d/getchatid.avif deleted file mode 100644 index 7792969..0000000 Binary files a/doc/mod/notification-telegram.d/getchatid.avif and /dev/null differ diff --git a/doc/mod/notification-telegram.md b/doc/mod/notification-telegram.md index 2d00116..8043716 100644 --- a/doc/mod/notification-telegram.md +++ b/doc/mod/notification-telegram.md @@ -38,21 +38,14 @@ create your own bot: ![create new bot](notification-telegram.d/newbot.avif) -Set that token from *BotFather* (use your own!) to `TelegramTokenId`, for -now just temporarily: +Now open a chat with your bot and start it by clicking the `START` button. - :set TelegramTokenId "5214364459:AAHLwf1o7ybbKDo6pY24Kd2bZ5rjCakDXTc"; - -Now open a chat with your bot and start it by clicking the `START` button, -then send your first message. Any text will do. On your device run -`$GetTelegramChatId` to retrieve the chat id: - - $GetTelegramChatId; - -![get chat id](notification-telegram.d/getchatid.avif) +Open just another chat with [GetIDs Bot](https://t.me/getidsbot), again start +with the `START` button. It will send you some information, including the +`id`, just below `You`. Finally edit `global-config-overlay`, add `TelegramTokenId` with the token -from *BotFather* and `TelegramChatId` with your retrieved chat id. Then +from *BotFather* and `TelegramChatId` with your id from *GetIDs Bot*. Then reload the configuration. > ℹ️ **Info**: Copy relevant configuration from @@ -61,10 +54,9 @@ reload the configuration. ### Notifications to a group -Sending notifications to a group is possible as well. Add your bot to a group -and make it an admin (required for read access!) and send a message and run -`$GetTelegramChatId` again. Then use that chat id (which starts with a dash) -for `TelegramChatId`. +Sending notifications to a group is possible as well. Add your bot and the +*GetIDs Bot* to a group, then use the group's id (which starts with a dash) +for `TelegramChatId`. Then remove *GetIDs Bot* from group. Groups can enable the `Topics` feature. Use `TelegramThreadId` to send to a specific topic in a group. diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index f0940fe..d41dc04 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -24,7 +24,6 @@ :global HumanReadableNum; :global LogPrint; :global LogPrintOnce; - :global LogPrintVerbose; :global ScriptLock; :global WaitFullyConnected; @@ -37,11 +36,6 @@ } } - :local GetBranch do={ - :global EitherOr; - :return [ :pick [ :convert transform=md5 to=hex [ :pick $1 0 [ $EitherOr [ :find $1 "/" ] [ :len $1 ] ] ] ] 0 2 ]; - } - :if ([ $ScriptLock $ScriptName ] = false) do={ :set ExitOK true; :error false; @@ -105,24 +99,17 @@ :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); } :do { - :local Branch [ $GetBranch $Address ]; :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ - :if ($Address ~ "/32\$") do={ - :set Address [ :pick $Address 0 ([ :len $Address ] - 3) ]; - } - :set ($IPv4Addresses->$Branch->$Address) $TimeOut; + :set ($IPv4Addresses->$Address) $TimeOut; :error true; } :if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={ - :if ($Address ~ "/128\$") do={ - :set Address [ :pick $Address 0 ([ :len $Address ] - 4) ]; - } - :set ($IPv6Addresses->$Branch->$Address) $TimeOut; + :set ($IPv6Addresses->$Address) $TimeOut; :error true; } :if ($Address ~ "^[\\.a-zA-Z0-9-]+\\.[a-zA-Z]{2,}\$") do={ - :set ($IPv4Addresses->$Branch->$Address) $TimeOut; - :set ($IPv6Addresses->$Branch->$Address) $TimeOut; + :set ($IPv4Addresses->$Address) $TimeOut; + :set ($IPv6Addresses->$Address) $TimeOut; :error true; } } on-error={ } @@ -132,17 +119,15 @@ :foreach Entry in=[ /ip/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ip/firewall/address-list/get $Entry address ]; - :local Branch [ $GetBranch $Address ]; - :local TimeOut ($IPv4Addresses->$Branch->$Address); - :if ([ :typeof $TimeOut ] = "time") do={ - $LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ - "' with " . $TimeOut . ": " . $Address); - /ip/firewall/address-list/set $Entry timeout=$TimeOut; - :set ($IPv4Addresses->$Branch->$Address); + :if ([ :typeof ($IPv4Addresses->$Address) ] = "time") do={ + $LogPrint debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \ + "' with " . ($IPv4Addresses->$Address) . ": " . $Address); + /ip/firewall/address-list/set $Entry timeout=($IPv4Addresses->$Address); + :set ($IPv4Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrintVerbose debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \ + $LogPrint debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \ "': " . $Address); /ip/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); @@ -153,17 +138,15 @@ :foreach Entry in=[ /ipv6/firewall/address-list/find where \ list=$FwListName comment=$ListComment ] do={ :local Address [ /ipv6/firewall/address-list/get $Entry address ]; - :local Branch [ $GetBranch $Address ]; - :local TimeOut ($IPv6Addresses->$Branch->$Address); - :if ([ :typeof $TimeOut ] = "time") do={ - $LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ - "' with " . $TimeOut . ": " . $Address); - /ipv6/firewall/address-list/set $Entry timeout=$TimeOut; - :set ($IPv6Addresses->$Branch->$Address); + :if ([ :typeof ($IPv6Addresses->$Address) ] = "time") do={ + $LogPrint debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \ + "' with " . ($IPv6Addresses->$Address) . ": " . $Address); + /ipv6/firewall/address-list/set $Entry timeout=($IPv6Addresses->$Address); + :set ($IPv6Addresses->$Address); :set CntRenew ($CntRenew + 1); } else={ :if ($Failure = false) do={ - $LogPrintVerbose debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \ + $LogPrint debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \ "': " . $Address); /ipv6/firewall/address-list/remove $Entry; :set CntRemove ($CntRemove + 1); @@ -171,35 +154,31 @@ } } - :foreach BranchName,Branch in=$IPv4Addresses do={ - $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); - :foreach Address,Timeout in=$Branch do={ - $LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ - "': " . $Address); - } + :foreach Address,Timeout in=$IPv4Addresses do={ + $LogPrint debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \ + "' with " . $Timeout . ": " . $Address); + :do { + /ip/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set ($IPv4Addresses->$Address); + :set CntAdd ($CntAdd + 1); + } on-error={ + $LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \ + "': " . $Address); } } - :foreach BranchName,Branch in=$IPv6Addresses do={ - $LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName); - :foreach Address,Timeout in=$Branch do={ - $LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ - "' with " . $Timeout . ": " . $Address); - :do { - /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ - address=$Address timeout=$Timeout; - :set CntAdd ($CntAdd + 1); - } on-error={ - $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ - "': " . $Address); - } + :foreach Address,Timeout in=$IPv6Addresses do={ + $LogPrint debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \ + "' with " . $Timeout . ": " . $Address); + :do { + /ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \ + address=$Address timeout=$Timeout; + :set ($IPv6Addresses->$Address); + :set CntAdd ($CntAdd + 1); + } on-error={ + $LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \ + "': " . $Address); } } diff --git a/global-config.rsc b/global-config.rsc index fa32b16..2524ded 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -103,7 +103,7 @@ # cert="ISRG Root X2" }; { url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt"; # # higher level (decrease the numerical value) for more addresses, and vice versa - cert="USERTrust RSA Certification Authority" }; + cert="DigiCert Global Root G2" }; { url="https://www.dshield.org/block.txt"; cidr="/24"; cert="ISRG Root X1" }; { url="https://lists.blocklist.de/lists/strongips.txt"; diff --git a/global-functions.rsc b/global-functions.rsc index 8ae7bb8..42782bc 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -15,7 +15,7 @@ # Git commit id & info, expected configuration version :global CommitId "unknown"; :global CommitInfo "unknown"; -:global ExpectedConfigVersion 135; +:global ExpectedConfigVersion 134; # global variables not to be changed by user :global GlobalFunctionsReady false; @@ -55,7 +55,6 @@ :global IsTimeSync; :global LogPrint; :global LogPrintOnce; -:global LogPrintVerbose; :global MAX; :global MIN; :global MkDir; @@ -310,19 +309,16 @@ ([ $FormatLine "Location" ($Snmp->"location") ] . "\n") ] . \ [ $IfThenElse ([ :len ($Snmp->"contact") ] > 0) \ ([ $FormatLine "Contact" ($Snmp->"contact") ] . "\n") ] . \ - "Hardware:\n" . \ - [ $FormatLine " Board" ($Resource->"board-name") ] . "\n" . \ - [ $FormatLine " Arch" ($Resource->"architecture-name") ] . "\n" . \ + [ $FormatLine "Board name" ($Resource->"board-name") ] . "\n" . \ + [ $FormatLine "Architecture" ($Resource->"architecture-name") ] . "\n" . \ [ $IfThenElse ($RouterBoard->"routerboard" = true) \ - ([ $FormatLine " Model" ($RouterBoard->"model") ] . \ + ([ $FormatLine "Model" ($RouterBoard->"model") ] . \ [ $IfThenElse ([ :len ($RouterBoard->"revision") ] > 0) \ (" " . $RouterBoard->"revision") ] . "\n" . \ - [ $FormatLine " Serial" ($RouterBoard->"serial-number") ] . "\n") ] . \ - [ $IfThenElse ([ :len ($License->"nlevel") ] > 0) \ - ([ $FormatLine " License" ("level " . ($License->"nlevel")) ] . "\n") ] . \ - "RouterOS:\n" . \ + [ $FormatLine "Serial number" ($RouterBoard->"serial-number") ] . "\n") ] . \ [ $IfThenElse ([ :len ($License->"level") ] > 0) \ - ([ $FormatLine " License" ("level " . ($License->"level")) ] . "\n") ] . \ + ([ $FormatLine "License" ($License->"level") ] . "\n") ] . \ + "RouterOS:\n" . \ [ $FormatLine " Channel" ($Update->"channel") ] . "\n" . \ [ $FormatLine " Installed" ($Update->"installed-version") ] . "\n" . \ [ $IfThenElse ([ :typeof ($Update->"latest-version") ] != "nothing" && \ @@ -849,9 +845,6 @@ :return true; } -# The function $LogPrintVerbose is declared, but has no code, intentionally. -# https://rsc.eworm.de/DEBUG.md#verbose-output - # get max value :set MAX do={ :if ($1 > $2) do={ :return $1; } @@ -1154,14 +1147,6 @@ :local ReloadGlobalConfig false; :local DeviceMode [ /system/device-mode/get ]; - :local CheckSums ({}); - :do { - :local Url ($ScriptUpdatesBaseUrl . "checksums.json" . $ScriptUpdatesUrlSuffix); - $LogPrint debug $0 ("Fetching checksums from url: " . $Url); - :set CheckSums [ :deserialize from=json ([ /tool/fetch check-certificate=yes-without-crl \ - http-header-field=({ [ $FetchUserAgentStr $0 ] }) $Url output=user as-value ]->"data") ]; - } on-error={ } - :foreach Script in=[ /system/script/find where source~"^#!rsc by RouterOS\r?\n" ] do={ :local ScriptVal [ /system/script/get $Script ]; :local ScriptInfo [ $ParseKeyValueStore ($ScriptVal->"comment") ]; @@ -1175,19 +1160,7 @@ } } - :do { - :if ($ScriptInfo->"ignore" = true) do={ - $LogPrint debug $0 ("Ignoring script '" . $ScriptVal->"name" . "', as requested."); - :error true; - } - - :local CheckSum ($CheckSums->($ScriptVal->"name")); - :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \ - [ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={ - $LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring."); - :error true; - } - + :if (!($ScriptInfo->"ignore" = true)) do={ :do { :local BaseUrl [ $EitherOr ($ScriptInfo->"base-url") $ScriptUpdatesBaseUrl ]; :local UrlSuffix [ $EitherOr ($ScriptInfo->"url-suffix") $ScriptUpdatesUrlSuffix ]; @@ -1206,9 +1179,10 @@ } else={ $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "'!"); } - :error false; } + } + :do { :if ([ :len $SourceNew ] = 0) do={ $LogPrint debug $0 ("No update for script '" . $ScriptVal->"name" . "'."); :error false; diff --git a/ipv6-update.rsc b/ipv6-update.rsc index 94bd1bc..c6e3d65 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -20,9 +20,7 @@ :global ScriptLock; :local NaAddress $"na-address"; - :local NaValid $"na-valid"; :local PdPrefix $"pd-prefix"; - :local PdValid $"pd-valid"; :if ([ $ScriptLock $ScriptName ] = false) do={ :set ExitOK true; @@ -35,18 +33,12 @@ :error false; } - :if ([ :typeof $PdPrefix ] = "nothing" || [ :typeof $PdValid ] = "nothing") do={ + :if ([ :typeof $PdPrefix ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from ipv6 dhcp-client."); :set ExitOK true; :error false; } - :if ($PdValid != 1) do={ - $LogPrint info $ScriptName ("The prefix " . $PdPrefix . " is no longer valid. Ignoring."); - :set ExitOK true; - :error false; - } - :local Pool [ /ipv6/pool/get [ find where prefix=$PdPrefix ] name ]; :if ([ :len [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ] ] = 0) do={ /ipv6/firewall/address-list/add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool) dynamic=yes; diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc index 68e913f..d04893f 100644 --- a/mod/notification-telegram.rsc +++ b/mod/notification-telegram.rsc @@ -10,7 +10,6 @@ # https://rsc.eworm.de/doc/mod/notification-telegram.md :global FlushTelegramQueue; -:global GetTelegramChatId; :global NotificationFunctions; :global PurgeTelegramQueue; :global SendTelegram; @@ -59,45 +58,6 @@ :global ExitError; $ExitError false $0; } } -# get the chat id -:set GetTelegramChatId do={ :do { - :global TelegramTokenId; - - :global CertificateAvailable; - :global LogPrint; - - :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={ - $LogPrint warning $0 ("Downloading required certificate failed."); - :return false; - } - - :local Data; - :do { - :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \ - ("https://api.telegram.org/bot" . $TelegramTokenId . "/getUpdates?offset=0" . \ - "&allowed_updates=%5B%22message%22%5D") as-value ]->"data"); - } on-error={ - $LogPrint warning $0 ("Fetching data failed!"); - :return false; - } - - :local JSON [ :deserialize from=json value=$Data ]; - :local Count [ :len ($JSON->"result") ]; - - :if ($Count = 0) do={ - $LogPrint info $0 ("No message received."); - :return false; - } - - :local Message ($JSON->"result"->($Count - 1)->"message"); - $LogPrint info $0 ("The chat id is: " . ($Message->"chat"->"id")); - :if (($Message->"is_topic_message") = true) do={ - $LogPrint info $0 ("The thread id is: " . ($Message->"message_thread_id")); - } -} on-error={ - :global ExitError; $ExitError false $0; -} } - # send notification via telegram - expects one array argument :set ($NotificationFunctions->"telegram") do={ :local Notification $1; diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index 0b8a8dc..8b05c5e 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -61,19 +61,15 @@ :global GetRandom20CharAlNum; :local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]); - :if ([ :typeof [ :toip $Expected ] ] = "ip") do={ - /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; - :delay 20ms; - :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; - } + /ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; + :delay 20ms; + :if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; } - :if ([ :typeof [ :toip6 $Expected ] ] = "ip6") do={ - /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s; - :delay 20ms; - :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ - :return true; - } + /ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s; + :delay 20ms; + :if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={ + :return true; } :return false; diff --git a/news-and-changes.rsc b/news-and-changes.rsc index 459326f..a735ff7 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -59,7 +59,6 @@ 132="Split off plugins from 'check-health', so the script works on all devices to monitor CPU and RAM. The supported plugins for sensors in hardware are installed automatically."; 133="Updated the default configuration for 'fw-addr-lists', deprecated lists were removed, a collective list was added."; 134="Enhanced 'mod/notification-telegram' and 'telegram-chat' to support topics in groups."; - 135="Introduced helper function '\$GetTelegramChatId' for 'mod/notification-telegram' which helps retrieve information."; }; # Migration steps to be applied on script updates diff --git a/telegram-chat.rsc b/telegram-chat.rsc index 5db4860..07e3816 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -119,8 +119,7 @@ $SendTelegram2 ({ origin=$ScriptName; chatid=($Chat->"id"); silent=true; \ replyto=($Message->"message_id"); threadid=$ThreadId; \ subject=([ $SymbolForNotification "speech-balloon" ] . "Telegram Chat"); \ - message=([ $IfThenElse ([ :len ($From->"first_name") ] > 0) ("Hello " . ($From->"first_name") . "!\n\n") ] . \ - "Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") }); + message=("Online" . [ $IfThenElse $TelegramChatActive " (and active!)" ] . ", awaiting your commands!") }); :set Done true; } :if ($Done = false && [ :pick $Command 0 1 ] = "!") do={