diff options
| -rw-r--r-- | CERTIFICATES.d/01-dialog-A.avif | bin | 0 -> 29972 bytes | |||
| -rw-r--r-- | CERTIFICATES.d/02-dialog-B.avif | bin | 0 -> 28821 bytes | |||
| -rw-r--r-- | CERTIFICATES.d/03-window.avif | bin | 0 -> 48111 bytes | |||
| -rw-r--r-- | CERTIFICATES.d/04-certificate.avif | bin | 0 -> 22386 bytes | |||
| -rw-r--r-- | CERTIFICATES.md | 82 | ||||
| -rw-r--r-- | CONTRIBUTIONS.md | 2 | ||||
| -rw-r--r-- | certs/Makefile | 3 | ||||
| -rw-r--r-- | check-routeros-update.rsc | 15 | ||||
| -rw-r--r-- | doc/fw-addr-lists.md | 10 | ||||
| -rw-r--r-- | doc/ipv6-update.md | 12 | ||||
| -rw-r--r-- | doc/mod/notification-matrix.md | 10 | ||||
| -rw-r--r-- | doc/mod/notification-ntfy.md | 5 | ||||
| -rw-r--r-- | doc/netwatch-dns.md | 5 | ||||
| -rw-r--r-- | doc/netwatch-notify.md | 17 | ||||
| -rw-r--r-- | fw-addr-lists.rsc | 7 | ||||
| -rw-r--r-- | global-config.rsc | 4 | ||||
| -rw-r--r-- | global-functions.rsc | 5 | ||||
| -rw-r--r-- | hotspot-to-wpa-cleanup.capsman.rsc | 3 | ||||
| -rw-r--r-- | hotspot-to-wpa-cleanup.template.rsc | 3 | ||||
| -rw-r--r-- | hotspot-to-wpa-cleanup.wifi.rsc | 3 | ||||
| -rw-r--r-- | ipv6-update.rsc | 10 | ||||
| -rw-r--r-- | log-forward.rsc | 5 | ||||
| -rw-r--r-- | mod/notification-ntfy.rsc | 4 | ||||
| -rw-r--r-- | mod/ssh-keys-import.rsc | 17 | ||||
| -rw-r--r-- | mode-button.rsc | 15 |
25 files changed, 186 insertions, 51 deletions
diff --git a/CERTIFICATES.d/01-dialog-A.avif b/CERTIFICATES.d/01-dialog-A.avif Binary files differnew file mode 100644 index 0000000..2fc3c9b --- /dev/null +++ b/CERTIFICATES.d/01-dialog-A.avif diff --git a/CERTIFICATES.d/02-dialog-B.avif b/CERTIFICATES.d/02-dialog-B.avif Binary files differnew file mode 100644 index 0000000..5e408ab --- /dev/null +++ b/CERTIFICATES.d/02-dialog-B.avif diff --git a/CERTIFICATES.d/03-window.avif b/CERTIFICATES.d/03-window.avif Binary files differnew file mode 100644 index 0000000..96039a3 --- /dev/null +++ b/CERTIFICATES.d/03-window.avif diff --git a/CERTIFICATES.d/04-certificate.avif b/CERTIFICATES.d/04-certificate.avif Binary files differnew file mode 100644 index 0000000..e666314 --- /dev/null +++ b/CERTIFICATES.d/04-certificate.avif diff --git a/CERTIFICATES.md b/CERTIFICATES.md new file mode 100644 index 0000000..589d480 --- /dev/null +++ b/CERTIFICATES.md @@ -0,0 +1,82 @@ +Certificate name from browser +============================= + +[](https://github.com/eworm-de/routeros-scripts/stargazers) +[](https://github.com/eworm-de/routeros-scripts/network) +[](https://github.com/eworm-de/routeros-scripts/watchers) +[](https://mikrotik.com/download/changelogs/) +[](https://t.me/routeros_scripts) +[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) + +[⬅️ Go back to main README](README.md) + +All well known desktop, mobile and server operating systems come with a +certificate store that is populated with a set of well known and trusted +certificates, acting as *trust anchors*. + +However RouterOS does not, still sometimes a specific certificate is +required to properly verify a chain of trust. One example is downloading +the scripts from this repository with `fetch` command, thus the very +first step of [installation](README.md#the-long-way-in-detail) is importing +the certificate. + +The scripts can install additional certificates when required. This happens +from this repository if available, or from [mkcert.org](https://mkcert.org) +as a fallback. + +Get the certificate's CommonName +-------------------------------- + +But how to determine what certificate may be required? Often easiest way +is to use a desktop browser to get that information. This demonstration uses +[Mozilla Firefox](https://www.mozilla.org/firefox/). + +Let's assume we want to make sure the certificate for +[git.eworm.de](https://git.eworm.de/) is available. Open that page in the +browser, then click the *lock* icon in addressbar, followed by "*Connection +secure*". + + + +The dialog will change, click "*More information*". + + + +A new window opens, click the button "*View Certificate*". (That window +can be closed now.) + + + +A new tab opens, showing information on the server certificate and its +chain of trust. The leftmost certificate is what we are interested in. + + + +Now we know that "`ISRG Root X2`" is required, some scripts need just +that information. + +Import a certificate by CommonName +---------------------------------- + +Running the function `$CertificateAvailable` with that name as parameter +makes sure the certificate is available in the device's store: + + $CertificateAvailable "ISRG Root X2"; + +If the certificate is actually available already nothing happens, and there +is no output. Otherwise the certificate is downloaded and imported. + +If importing a certificate with that exact name fails a warning is given +and nothing is actually imported. + +See also +-------- + +* [Download, import and update firewall address-lists](doc/fw-addr-lists.md) +* [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md) +* [Send notifications via Matrix](doc/mod/notification-matrix.md) +* [Send notifications via Ntfy](doc/mod/notification-ntfy.md) + +--- +[⬅️ Go back to main README](README.md) +[⬆️ Go back to top](#top) diff --git a/CONTRIBUTIONS.md b/CONTRIBUTIONS.md index 0b192fc..ed1d6fa 100644 --- a/CONTRIBUTIONS.md +++ b/CONTRIBUTIONS.md @@ -20,6 +20,7 @@ for details! * [Anatoly Bubenkov](mailto:bubenkoff@gmail.com) (@bubenkoff) * [Ben Harris](mailto:mail@bharr.is) (@bharrisau) * [Daniel Ziegenberg](mailto:daniel@ziegenberg.at) (@ziegenberg) +* [Ignacio Serrano](mailto:ignic@ignic.com) (@ignic) * [Michael Gisbers](mailto:michael@gisbers.de) (@mgisbers) * @netravnen * [netztrip](mailto:dave-tvg@netztrip.de) (@netztrip) @@ -37,6 +38,7 @@ Add yourself to the list, * Daniel Ziegenberg (@ziegenberg) * Devin Dean (@dd2594gh) * Evaldo Gardenal +* Florian Estraviz * Giorgio Bikos * Harold Schoemaker * Hugo BV diff --git a/certs/Makefile b/certs/Makefile index 2e6ac9d..9ce8dd4 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -16,12 +16,13 @@ DOMAINS = \ ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \ ipv6.showipv6.de/ISRG-Root-X1 \ lists.blocklist.de/Certum-Trusted-Network-CA \ + matrix.org/GTS-Root-R4 \ mkcert.org/ISRG-Root-X1 \ ntfy.sh/ISRG-Root-X1 \ sslbl.abuse.ch/GlobalSign \ upgrade.mikrotik.com/ISRG-Root-X1 \ www.dshield.org/ISRG-Root-X1 \ - www.spamhaus.org/GTS-Root-R4 + www.spamhaus.org/ISRG-Root-X1 .PHONY: $(DOMAINS) diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index 84849ea..0624808 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -55,11 +55,18 @@ /system/package/update/check-for-updates without-paging as-value; :local Update [ /system/package/update/get ]; - :if ([ $ScriptFromTerminal $ScriptName ] = true && ($Update->"installed-version") = ($Update->"latest-version")) do={ - $LogPrint info $ScriptName ("System is already up to date."); + :if (($Update->"installed-version") = ($Update->"latest-version")) do={ + :if ([ $ScriptFromTerminal $ScriptName ] = true) do={ + $LogPrint info $ScriptName ("System is already up to date."); + } :error true; } + :if ([ :len ($Update->"latest-version") ] = 0) do={ + $LogPrint info $ScriptName ("Received an empty version string from server."); + :error false; + } + :local NumInstalled [ $VersionToNum ($Update->"installed-version") ]; :local NumLatest [ $VersionToNum ($Update->"latest-version") ]; :local BitMask [ $VersionToNum "255.255zero0" ]; @@ -67,8 +74,8 @@ :local NumLatestFeature ($NumLatest & $BitMask); :local Link ("https://mikrotik.com/download/changelogs/" . $Update->"channel" . "-release-tree"); - :if ($NumLatest < 117505792) do={ - $LogPrint info $ScriptName ("The version '" . ($Update->"latest-version") . "' is not a valid version."); + :if ($NumLatest < [ $VersionToNum "7.0" ]) do={ + $LogPrint warning $ScriptName ("The version '" . ($Update->"latest-version") . "' is not a valid version."); :error false; } diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md index 2008c7e..3d9e771 100644 --- a/doc/fw-addr-lists.md +++ b/doc/fw-addr-lists.md @@ -62,9 +62,8 @@ The configuration goes to `global-config-overlay`, these are the parameters: > your local `global-config-overlay` and modify it to your specific needs. Naming a certificate for a list makes the script verify the server -certificate, so you should add that if possible. Some certificates are -available in my repository and downloaded automatically. Import it manually -(menu `/certificate/`) if missing. +certificate, so you should add that if possible. You may want to find the +[certificate name from browser](../CERTIFICATES.md). Create firewall rules to process the packets that are related to addresses from address-lists. @@ -127,6 +126,11 @@ Drop packets in firewall's raw section: > ⚠️ **Warning**: Just again... The order of firewall rules is important. Make > sure they actually take effect as expected! +See also +-------- + +* [Certificate name from browser](../CERTIFICATES.md) + --- [⬅️ Go back to main README](../README.md) [⬆️ Go back to top](#top) diff --git a/doc/ipv6-update.md b/doc/ipv6-update.md index 88600c5..42f0fe4 100644 --- a/doc/ipv6-update.md +++ b/doc/ipv6-update.md @@ -45,13 +45,17 @@ Installing [ppp-on-up](ppp-on-up.md) may solve this. Configuration ------------- -An address list entry is updated with current prefix and can be used in -firewall rules, comment has to be "`ipv6-pool-`" and actual pool name: +As an address-list entry is mandatory a dynamic one is created automatically. +It is updated with current prefix and can be used in firewall rules. + +Alternatively a static address-list entry can be used, where comment has to +be "`ipv6-pool-`" and actual pool name. Use what ever list is desired, and +create it with: /ipv6/firewall/address-list/add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern; -As this entry is mandatory it is created automatically if it does not exist, -with the comment also set for list. +If the dynamic entry exists already you need to remove it before creating +the static one.. Address list entries for specific interfaces can be updated as well. The interface needs to get its address from pool `isp` and the address list entry diff --git a/doc/mod/notification-matrix.md b/doc/mod/notification-matrix.md index c96a719..fbc9b91 100644 --- a/doc/mod/notification-matrix.md +++ b/doc/mod/notification-matrix.md @@ -46,6 +46,15 @@ The Matrix server is connected via encrypted https, and certificate verification is applied. So make sure you have the certificate chain for your server in device's certificate store. +The example below is for `matrix.org`, which uses a trust chain from *Google +Trust Services*. Run this to import the required certificate: + + $CertificateAvailable "GTS Root R4"; + +Replace the CA certificate name with what ever is needed for your server. +You may want to find the +[certificate name from browser](../../CERTIFICATES.md). + ### From other device If you have setup your Matrix *notification account* before just reuse that. @@ -120,6 +129,7 @@ function available: See also -------- +* [Certificate name from browser](../../CERTIFICATES.md) * [Send notifications via e-mail](notification-email.md) * [Send notifications via Ntfy](notification-ntfy.md) * [Send notifications via Telegram](notification-telegram.md) diff --git a/doc/mod/notification-ntfy.md b/doc/mod/notification-ntfy.md index 2a43e3c..5393d44 100644 --- a/doc/mod/notification-ntfy.md +++ b/doc/mod/notification-ntfy.md @@ -52,6 +52,10 @@ basic authentication. Configure `NtfyServerUser` and `NtfyServerPass` for this. Even authentication via access token is possible, adding it as password with a blank username. +For a custom service installing an additional certificate may be required. +You may want to install that certificate manually, after finding the +[certificate name from browser](../../CERTIFICATES.md). + Usage and invocation -------------------- @@ -82,6 +86,7 @@ function available: See also -------- +* [Certificate name from browser](../../CERTIFICATES.md) * [Send notifications via e-mail](notification-email.md) * [Send notifications via Matrix](notification-matrix.md) * [Send notifications via Telegram](notification-telegram.md) diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md index 54dd6c6..cdfbd97 100644 --- a/doc/netwatch-dns.md +++ b/doc/netwatch-dns.md @@ -59,8 +59,8 @@ resolves to the same address. Be aware that you have to keep the ip address in sync with real world manually! -Importing a certificate automatically is possible, at least if available in -the repository (see `certs` sub directory). +Importing a certificate automatically is possible. You may want to find the +[certificate name from browser](../CERTIFICATES.md). /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G2" host=1.1.1.1; /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G3" host=9.9.9.9; @@ -87,6 +87,7 @@ Also this allows to update host address, see option `resolve`. See also -------- +* [Certificate name from browser](../CERTIFICATES.md) * [Notify on host up and down](netwatch-notify.md) --- diff --git a/doc/netwatch-notify.md b/doc/netwatch-notify.md index 948cbec..81adfe9 100644 --- a/doc/netwatch-notify.md +++ b/doc/netwatch-notify.md @@ -66,9 +66,9 @@ notification is sent. Getting the escaping right may be troublesome. Please consider adding a script in `/system/script`, then running that from hook. -### Count threshould +### Count threshold -The count threshould (default is 5 checks) is configurable as well: +The count threshold (default is 5 checks) is configurable as well: /tool/netwatch/add comment="notify, name=example.com, count=10" host=104.18.144.11; @@ -81,19 +81,24 @@ suppress notification if the parent host is down: /tool/netwatch/add comment="notify, name=example.com, parent=gateway" host=93.184.216.34; Note that every configured parent in a chain increases the check count -threshould by one. +threshold by one. ### Update from DNS The host address can be updated dynamically. Give extra parameter `resolve` with a resolvable name: - /tool/netwatch/add comment="notify, name=example.com, resolve=example.com"; + /tool/netwatch/add comment="notify, name=example.com, resolve=example.com" host=0.0; -This supports multiple A or AAAA records for a name just fine, even a CNAME +This supports multiple A records for a name just fine, even a CNAME to those. An update happens only if no more record with the configured host address is found. +The address family is preserved, so if you want AAAA records (for IPv6) +use this: + + /tool/netwatch/add comment="notify, name=example.com, resolve=example.com" host=::; + ### No notification on host down Also suppressing the notification on host down is possible with parameter @@ -125,7 +130,7 @@ included verbatim into the notification. It is possible to add a link in notification, that is added below the formatted notification text. - /tool/netwatch/add comment="notify, name=example.com, resolve=example.com, link=https://example.com/"; + /tool/netwatch/add comment="notify, name=example.com, resolve=example.com, link=https://example.com/" host=0.0; Tips & Tricks ------------- diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 4675e3a..a9513d8 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -65,7 +65,7 @@ :for I from=1 to=5 do={ :if ($Data = false) do={ - :set Data [ $FetchHuge $ScriptName ($List->"url") $CheckCertificate ]; + :set Data [ :tolf [ $FetchHuge $ScriptName ($List->"url") $CheckCertificate ] ]; :if ($Data = false) do={ :if ($I < 5) do={ $LogPrint debug $ScriptName ("Failed downloading for list '" . $FwListName . \ @@ -86,8 +86,8 @@ "B for list '" . $FwListName . "' from: " . $List->"url"); } - :while ([ :len $Data ] != 0) do={ - :local Line [ :pick $Data 0 [ :find $Data "\n" ] ]; + :foreach Line in=[ :deserialize $Data delimiter="\n" from=dsv options=dsv.plain ] do={ + :set Line ($Line->0); :local Address; :if ([ :pick $Line 0 1 ] = "{") do={ :set Address [ :tostr ([ :deserialize from=json $Line ]->"cidr") ]; @@ -109,7 +109,6 @@ :error true; } } on-error={ } - :set Data [ :pick $Data ([ :len $Line ] + 1) [ :len $Data ] ]; } } diff --git a/global-config.rsc b/global-config.rsc index 2ed67f3..c4e04b5 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -106,9 +106,9 @@ { url="https://lists.blocklist.de/lists/strongips.txt"; cert="Certum Trusted Network CA" }; # { url="https://www.spamhaus.org/drop/drop_v4.json"; -# cert="GTS Root R4" }; +# cert="ISRG Root X1" }; # { url="https://www.spamhaus.org/drop/drop_v6.json"; -# cert="GTS Root R4" }; +# cert="ISRG Root X1" }; }; # "mikrotik"={ # { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/mikrotik"; diff --git a/global-functions.rsc b/global-functions.rsc index e5471dd..47a69c4 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -107,6 +107,11 @@ "is configured to download certificate CRLs to system!"); } + :if ([ :len $CommonName ] = 0) do={ + $LogPrint warning $0 ("No CommonName given!"); + :return false; + } + :if ([ :len [ /certificate/find where common-name=$CommonName ] ] = 0) do={ $LogPrint info $0 ("Certificate with CommonName '" . $CommonName . "' not available."); :if ([ $CertificateDownload $CommonName ] = false) do={ diff --git a/hotspot-to-wpa-cleanup.capsman.rsc b/hotspot-to-wpa-cleanup.capsman.rsc index 45ea72b..e935850 100644 --- a/hotspot-to-wpa-cleanup.capsman.rsc +++ b/hotspot-to-wpa-cleanup.capsman.rsc @@ -61,8 +61,9 @@ } :foreach Server,Timeout in=$DHCPServers do={ + :local TimeoutExtra ($Timeout + [ /system/clock/get time ]); :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \ - server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={ + server=$Server last-seen>$TimeoutExtra comment~"^hotspot-to-wpa:" ] do={ :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ]; $LogPrint info $ScriptName ("Client with mac address " . ($LeaseVal->"mac-address") . \ " was not seen for " . ($LeaseVal->"last-seen") . ", removing."); diff --git a/hotspot-to-wpa-cleanup.template.rsc b/hotspot-to-wpa-cleanup.template.rsc index 081f3d0..fa99b5d 100644 --- a/hotspot-to-wpa-cleanup.template.rsc +++ b/hotspot-to-wpa-cleanup.template.rsc @@ -67,8 +67,9 @@ } :foreach Server,Timeout in=$DHCPServers do={ + :local TimeoutExtra ($Timeout + [ /system/clock/get time ]); :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \ - server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={ + server=$Server last-seen>$TimeoutExtra comment~"^hotspot-to-wpa:" ] do={ :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ]; $LogPrint info $ScriptName ("Client with mac address " . ($LeaseVal->"mac-address") . \ " was not seen for " . ($LeaseVal->"last-seen") . ", removing."); diff --git a/hotspot-to-wpa-cleanup.wifi.rsc b/hotspot-to-wpa-cleanup.wifi.rsc index 23f773f..d3f859e 100644 --- a/hotspot-to-wpa-cleanup.wifi.rsc +++ b/hotspot-to-wpa-cleanup.wifi.rsc @@ -61,8 +61,9 @@ } :foreach Server,Timeout in=$DHCPServers do={ + :local TimeoutExtra ($Timeout + [ /system/clock/get time ]); :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \ - server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={ + server=$Server last-seen>$TimeoutExtra comment~"^hotspot-to-wpa:" ] do={ :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ]; $LogPrint info $ScriptName ("Client with mac address " . ($LeaseVal->"mac-address") . \ " was not seen for " . ($LeaseVal->"last-seen") . ", removing."); diff --git a/ipv6-update.rsc b/ipv6-update.rsc index 0577bdc..ccc0eb9 100644 --- a/ipv6-update.rsc +++ b/ipv6-update.rsc @@ -18,12 +18,18 @@ :global ParseKeyValueStore; :global ScriptLock; + :local NaAddress $"na-address"; :local PdPrefix $"pd-prefix"; :if ([ $ScriptLock $ScriptName ] = false) do={ :error false; } + :if ([ :typeof $NaAddress ] = "str") do={ + $LogPrint info $ScriptName ("An address (" . $NaAddress . ") was acquired, not a prefix. Ignoring."); + :error false; + } + :if ([ :typeof $PdPrefix ] = "nothing") do={ $LogPrint error $ScriptName ("This script is supposed to run from ipv6 dhcp-client."); :error false; @@ -31,8 +37,8 @@ :local Pool [ /ipv6/pool/get [ find where prefix=$PdPrefix ] name ]; :if ([ :len [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ] ] = 0) do={ - /ipv6/firewall/address-list/add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool); - $LogPrint warning $ScriptName ("Added ipv6 address list entry for ipv6-pool-" . $Pool); + /ipv6/firewall/address-list/add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool) dynamic=yes; + $LogPrint warning $ScriptName ("Added dynamic ipv6 address list entry for ipv6-pool-" . $Pool); } :local AddrList [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ]; :local OldPrefix [ /ipv6/firewall/address-list/get ($AddrList->0) address ]; diff --git a/log-forward.rsc b/log-forward.rsc index 5133e73..e0d8f35 100644 --- a/log-forward.rsc +++ b/log-forward.rsc @@ -94,9 +94,10 @@ [ $IfThenElse ($Duplicates = true) (" Multi-repeated messages have been skipped.") ] . \ [ $IfThenElse ($LogForwardRateLimit > 30) ("\nRate limit in action, delaying forwarding.") ] . \ "\n" . $Messages) }); - - :set LogForwardLast ($MessageVal->".id"); } else={ :set LogForwardRateLimit [ $MAX 0 ($LogForwardRateLimit - 1) ]; } + + :local LogAll [ /log/find ]; + :set LogForwardLast ($LogAll->([ :len $LogAll ] - 1) ); } on-error={ } diff --git a/mod/notification-ntfy.rsc b/mod/notification-ntfy.rsc index 661f69f..b2bb280 100644 --- a/mod/notification-ntfy.rsc +++ b/mod/notification-ntfy.rsc @@ -87,7 +87,7 @@ :return false; } - :local Url ("https://" . $NtfyServer . "/" . [ $UrlEncode $NtfyTopic ]); + :local Url ("https://" . $Server . "/" . [ $UrlEncode $Topic ]); :local Headers ({ [ $FetchUserAgentStr ($Notification->"origin") ]; \ ("Priority: " . [ $IfThenElse ($Notification->"silent") "low" "default" ]); \ ("Title: " . "[" . $IdentityExtra . $Identity . "] " . ($Notification->"subject")) }); @@ -97,7 +97,7 @@ } :do { - :if ($NtfyServer = "ntfy.sh") do={ + :if ($Server = "ntfy.sh") do={ :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={ $LogPrint warning $0 ("Downloading required certificate failed."); :error false; diff --git a/mod/ssh-keys-import.rsc b/mod/ssh-keys-import.rsc index 8cafa95..d6b3b3f 100644 --- a/mod/ssh-keys-import.rsc +++ b/mod/ssh-keys-import.rsc @@ -16,7 +16,6 @@ :local Key [ :tostr $1 ]; :local User [ :tostr $2 ]; - :global CharacterReplace; :global GetRandom20CharAlNum; :global LogPrint; :global MkDir; @@ -32,7 +31,7 @@ :return false; } - :local KeyVal [ :toarray [ $CharacterReplace $Key " " "," ] ]; + :local KeyVal ([ :deserialize $Key delimiter=" " from=dsv options=dsv.plain ]->0); :if (!($KeyVal->0 = "ssh-ed25519" || $KeyVal->0 = "ssh-rsa")) do={ $LogPrint warning $0 ("SSH key of type '" . $KeyVal->0 . "' is not supported."); :return false; @@ -72,7 +71,6 @@ :local FileName [ :tostr $1 ]; :local User [ :tostr $2 ]; - :global CharacterReplace; :global EitherOr; :global LogPrint; :global ParseKeyValueStore; @@ -88,27 +86,24 @@ $LogPrint warning $0 ("File '" . $FileName . "' does not exist."); :return false; } - :local Keys ([ /file/get $FileName contents ] . "\n"); + :local Keys [ :tolf [ /file/get $FileName contents ] ]; - :do { + :foreach KeyVal in=[ :deserialize $Keys delimiter=" " from=dsv options=dsv.plain ] do={ :local Continue false; - :local Line [ :pick $Keys 0 [ :find $Keys "\n" ] ]; - :set Keys [ :pick $Keys ([ :find $Keys "\n" ] + 1) [ :len $Keys ] ]; - :local KeyVal [ :toarray [ $CharacterReplace $Line " " "," ] ]; :if ($KeyVal->0 = "ssh-ed25519" || $KeyVal->0 = "ssh-rsa") do={ :do { - $SSHKeysImport $Line $User; + $SSHKeysImport ($KeyVal->0 . " " . $KeyVal->1 . " " . $KeyVal->2) $User; } on-error={ $LogPrint warning $0 ("Failed importing key for user '" . $User . "'."); } :set Continue true; } :if ($Continue = false && $KeyVal->0 = "#") do={ - :set User [ $EitherOr ([ $ParseKeyValueStore [ :pick $Line 2 [ :len $Line ] ] ]->"user") $User ]; + :set User [ $EitherOr ([ $ParseKeyValueStore ($KeyVal->1) ]->"user") $User ]; :set Continue true; } :if ($Continue = false && [ :len ($KeyVal->0) ] > 0) do={ $LogPrint warning $0 ("SSH key of type '" . $KeyVal->0 . "' is not supported."); } - } while=([ :len $Keys ] > 0); + } } diff --git a/mode-button.rsc b/mode-button.rsc index 7908a7f..3bd922b 100644 --- a/mode-button.rsc +++ b/mode-button.rsc @@ -36,7 +36,8 @@ :global IfThenElse; - :local LED [ /system/leds/find where leds=$ModeButtonLED type~"^(on|off)\$" interface=[] ]; + :local LED [ /system/leds/find where leds=$ModeButtonLED \ + !disabled type~"^(on|off)\$" interface=[] ]; :if ([ :len $LED ] = 0) do={ :return false; } @@ -52,7 +53,7 @@ :if ([ :len $Code ] > 0) do={ :if ([ $ValidateSyntax $Code ] = true) do={ - $LogPrint info $ScriptName ("Acting on " . $Count . " mode-button presses: " . $Code); + $LogPrint info $0 ("Acting on " . $Count . " mode-button presses: " . $Code); :for I from=1 to=$Count do={ $LEDInvert; @@ -64,12 +65,16 @@ :delay 200ms; } - [ :parse $Code ]; + :do { + [ :parse $Code ]; + } on-error={ + $LogPrint warning $0 ("The code for " . $Count . " mode-button presses failed with runtime error!"); + } } else={ - $LogPrint warning $ScriptName ("The code for " . $Count . " mode-button presses failed syntax validation!"); + $LogPrint warning $0 ("The code for " . $Count . " mode-button presses failed syntax validation!"); } } else={ - $LogPrint info $ScriptName ("No action defined for " . $Count . " mode-button presses."); + $LogPrint info $0 ("No action defined for " . $Count . " mode-button presses."); } } /system/scheduler/add name="_ModeButtonScheduler" \ |
