Age | Commit message (Expand) | Author | Files | Lines |
2024-07-05 | backup-partition: rename variable | Christian Hesse | 1 | -8/+8 |
2024-07-04 | packages-update: run backups before package download•••This reduces memory pressure, especially on device with very limited RAM
like mAP with its 64 MB.
| Christian Hesse | 1 | -26/+26 |
2024-07-04 | global-functions: $MkDir: enable tmpfs if disabled | Christian Hesse | 1 | -1/+6 |
2024-07-02 | global-functions: $GetMacVendor: cert 'GTS Root R4' | Christian Hesse | 2 | -1/+21 |
2024-06-25 | check-certificates: limit scope for $CertNew...•••... into block where certificate is replaced.
This should unbreak renewing with a certificate updated in place.
| Christian Hesse | 1 | -4/+3 |
2024-06-21 | global-functions: $CertificateDownload: try fallback to mkcert.org•••There's a nice API that allows to download certificate by exact common
name. Let's use that, as a fallback at least.
https://mkcert.org/
change-131 | Christian Hesse | 2 | -11/+31 |
2024-06-21 | Merge branch 'root-certificates' into next | Christian Hesse | 36 | -2456/+334 |
2024-06-21 | notify on changes regarding certificateschange-130 | Christian Hesse | 2 | -1/+2 |
2024-06-21 | certs: DigiCert TLS Hybrid ECC SHA384 2020 CA1 -> DigiCert Global Root CA•••This is used by Cloudflare DNS Quard9 (9.9.9.9).
$CertificateAvailable "DigiCert Global Root CA";
/ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes;
| Christian Hesse | 3 | -175/+30 |
2024-06-21 | certs: DigiCert Global G2 TLS RSA SHA256 2020 CA1 -> DigiCert Global Root G2•••This is used by Cloudflare DNS (1.1.1.1).
$CertificateAvailable "DigiCert Global Root G2";
/ip/dns/set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes;
| Christian Hesse | 3 | -183/+30 |
2024-06-21 | certs: Go Daddy Secure Certificate Authority - G2 -> Go Daddy Root Certificat... | Christian Hesse | 4 | -180/+32 |
2024-06-21 | certs: GTS CA 1C3 / GTS CA 1P5 -> GTS Root R1 | Christian Hesse | 5 | -482/+40 |
2024-06-21 | certs: Starfield Secure Certificate Authority - G2 -> Starfield Root Certific... | Christian Hesse | 3 | -180/+31 |
2024-06-21 | certs: Cloudflare Inc ECC CA-3 -> Baltimore CyberTrust Root | Christian Hesse | 3 | -165/+30 |
2024-06-21 | certs: Certum Domain Validation CA SHA2 -> Certum Trusted Network CA | Christian Hesse | 3 | -177/+30 |
2024-06-21 | certs: GlobalSign Atlas R3 DV TLS CA 2022 Q3 -> GlobalSign | Christian Hesse | 3 | -179/+30 |
2024-06-21 | certs: R3 / R10 -> ISRG Root X1 | Christian Hesse | 6 | -471/+41 |
2024-06-21 | certs: E1 / E5 -> ISRG Root X2•••In the beginning of Let's Encrypt their root certificate ISRG Root X1
was not widely trusted, at least some older and/or mobile platforms were
missing that certificate in their root certificate store.
At that time Let's Encrypt was using an alternative chain of trust,
where a certificate was cross-signed with DST Root CA X3.
To make sure a valid chain of trust is available under all circumstances
a set of all certificates had to be supplied: both root vertificates
ISRG Root X1 & DST Root CA X3, and an intermediate certificate.
This was still true after DST Root CA X3 expired, as it could still be
used as a root anchor and was shipped by Let's Encrypt when requested. 🤪
This time is finally over, and we have a clean chain for trust ending in
ISRG Root X1 (or ISRG Root X2).
Well, actually it is the other way round... Let's Encrypt signs with
different tantamount intermediate certificates. There is not only E5, but
also E6 - and we can not know beforehand which one is used on renew.
So let's jetzt drop the intermediate certificates now, and rely on root
certificates only. We are perfectly fine with this these days.
Follow-up commits will do the same for *all* certificates.
The certificate is downloaded with:
curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
| Christian Hesse | 10 | -263/+38 |
2024-06-20 | doc/mod/notification-matrix: drop certificate hint...•••... as matrix.org switched to Let's Encrypt with ISRG Root X2.
| Christian Hesse | 1 | -3/+0 |
2024-06-19 | Let's Encrypt changed their intermediate certificates•••https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/
But let's keep the old ones around for now, as some sites are still
using the old intermediate.
| Christian Hesse | 8 | -16/+366 |
2024-06-11 | unattended-lte-firmware-upgrade: check on valid version first | Christian Hesse | 1 | -1/+2 |
2024-06-11 | unattended-lte-firmware-upgrade: drop the AT reset•••The AT command to reset is specific to modem. So this worked for some
only... Let's just drop it, and update the log message.
| Christian Hesse | 1 | -2/+1 |
2024-06-11 | unattended-lte-firmware-upgrade: omit just another once | Christian Hesse | 1 | -1/+1 |
2024-06-10 | backup-cloud: remove trailing spaces•••How did I produce these!? 😳
| Christian Hesse | 1 | -1/+1 |
2024-06-10 | unattended-lte-firmware-upgrade: omit once•••Omit `once` from the `/interface/lte/firmware-upgrade` command to make
sure it does acutally return a valid result.
Fixes #69
| netravnen | 1 | -1/+1 |
2024-06-10 | check-lte-firmware-upgrade: omit once•••Omit `once` from the `/interface/lte/firmware-upgrade` command to make
sure it does acutally return a valid result.
| netravnen | 1 | -1/+1 |
2024-06-05 | backup-cloud: log note on previous connection errors | Christian Hesse | 1 | -0/+4 |
2024-06-01 | global-functions: $CleanName: no exception for dash...•••... as we still want to deduplicate it when it is inside the input
string. This also unbreak certificate import for "Go Daddy Secure
Certificate Authority - G2" (and more)...
| Christian Hesse | 1 | -1/+1 |
2024-05-25 | telegram-chat: drop extra parenthesis | Christian Hesse | 1 | -3/+3 |
2024-05-24 | telegram-chat: convert the message (command) to string•••RouterOS 7.15beta4 fixed a bug in JSON parser:
*) console - do not convert string to array in ":deserialize" command;
Before that change commands with a comma caused very crazy issues. Let's
convert the message to a string. This does not give exactly the expected
result, but mitigates telegram-chat to explode.
A command like...
/ip/address/print proplist=address,network;
... is converted to...
/ip/address/print proplist=address;network;
... and results in:
Columns: ADDRESS
# ADDRESS
0 10.0.0.1/24
1 127.0.0.1/8
bad command name network (line 1 column 36)
| Christian Hesse | 1 | -10/+11 |
2024-05-23 | Merge branch 'backup-partition' into next | Christian Hesse | 5 | -4/+66 |
2024-05-23 | backup-partition: news on support for copy-overchange-129 | Christian Hesse | 2 | -1/+2 |
2024-05-23 | doc/backup-upload: fix link for backup-partition | Christian Hesse | 1 | -1/+1 |
2024-05-23 | backup-partition: support copy before feature update | Christian Hesse | 3 | -3/+30 |
2024-05-23 | doc/backup-email: fix link for backup-partition | Christian Hesse | 1 | -1/+1 |
2024-05-23 | backup-partition: move code to a local function | Christian Hesse | 1 | -5/+17 |
2024-05-23 | doc/backup-cloud: fix link for backup-partition | Christian Hesse | 1 | -1/+1 |
2024-05-23 | backup-partition: support RouterOS copy-over...•••... when run interactively from CLI.
| Christian Hesse | 2 | -3/+25 |
2024-05-15 | daily-psk: quote ssid and passphrase | Christian Hesse | 4 | -4/+4 |
2024-05-15 | daily-psk: decrease indention in notification | Christian Hesse | 4 | -12/+12 |
2024-05-15 | daily-psk: adopt syntax changes•••RouterOS 7.15beta8 came with this change:
*) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values;
While the old code is bad syntax with RouterOS 7.15, the new code is
valid for older RouterOS, but produces different (and more or less
unexpected) results. 🥴
Let's use the new code, and add a check on the RouterOS version.
With old RouterOS this now sends the notification even if the interface
is disabled.
routeros-7.15beta8-1 | Christian Hesse | 4 | -2/+6 |
2024-05-15 | global-functions: $IsTimeSync: initialize with uptime...•••... to make sure the warning is not issued too early.
| Christian Hesse | 1 | -2/+2 |
2024-05-14 | fw-addr-lists: add 'strongips' list from blocklist.dechange-128 | Christian Hesse | 5 | -3/+182 |
2024-05-08 | global-functions: $IsTimeSync: add (one time) warning on failed ntp sync | Christian Hesse | 1 | -0/+1 |
2024-05-08 | global-functions: $IsTimeSync: log just once | Christian Hesse | 1 | -3/+3 |
2024-04-29 | global-functions: $WaitForFile: drop extra conversion | Christian Hesse | 1 | -1/+1 |
2024-04-29 | global-functions: $WaitForFile: respect minimum delay | Christian Hesse | 1 | -1/+2 |
2024-04-29 | global-functions: $WaitForFile: use fewer steps | Christian Hesse | 1 | -2/+2 |
2024-04-29 | telegram-chat: shorten the message | Christian Hesse | 1 | -1/+1 |
2024-04-29 | mod/notification-telegram: format percentage italic | Christian Hesse | 1 | -2/+2 |
2024-04-29 | mod/notification-telegram: format date & time italic | Christian Hesse | 1 | -2/+2 |
2024-04-29 | mod/notification-telegram: support excluding characters from escaping...•••... to support formatting in plain text.
Handle with care, this can break the request if done wrong!
| Christian Hesse | 1 | -1/+4 |
2024-04-29 | mod/notification-telegram: use proper variable naming...•••... in local escaping function.
| Christian Hesse | 1 | -7/+9 |
2024-04-29 | mod/notification-telegram: capitalize Telegram in message | Christian Hesse | 1 | -1/+1 |
2024-04-29 | mod/notification-matrix: format date & time italic | Christian Hesse | 1 | -5/+6 |
2024-04-29 | global-functions: $CleanName: do not start with a dash | Christian Hesse | 1 | -4/+12 |
2024-04-29 | mod/ssh-keys-import: remove temporary directory | Christian Hesse | 1 | -0/+2 |
2024-04-29 | mod/ssh-keys-import: create directory later | Christian Hesse | 1 | -5/+5 |
2024-04-29 | global-functions: $FetchHuge: remove temporary directory | Christian Hesse | 1 | -4/+5 |
2024-04-29 | backup-cloud: retry on error...•••Let's see if brute force helps. 🤪
| Christian Hesse | 1 | -12/+16 |
2024-04-29 | backup-cloud: clean up and simplify code | Christian Hesse | 1 | -6/+4 |
2024-04-29 | backup-cloud: no early exit...•••... as we want to make sure the directory (and its content) is removed.
| Christian Hesse | 1 | -1/+0 |
2024-04-29 | backup-upload: no early exit... | Christian Hesse | 1 | -1/+0 |
2024-04-23 | backup-upload: remove temporary directory | Christian Hesse | 1 | -0/+1 |
2024-04-23 | netwatch-notify: log to debug...•••... instead of discarding the message completely.
| Christian Hesse | 1 | -2/+3 |
2024-04-19 | README: show fingerprints in output•••This is not scrictly necessary, as we filter by fingerprint already...
But it gives better overview and feeling.
| Christian Hesse | 2 | -1/+1 |
2024-04-19 | README: remove left over certificate file•••But use find as RouterOS 7.15rc1 removes it automatically.
| Christian Hesse | 1 | -1/+2 |
2024-04-19 | INITIAL-COMMANDS: remove the certificate file with find•••Required as RouterOS 7.15rc1 removes it automatically.
routeros-7.15rc1-2 | Christian Hesse | 1 | -1/+1 |
2024-04-19 | global-functions: $CertificateDownload: remove with find...•••... to make sure this does not break when the file does no longer
exist. Starting with RouterOS 7.15rc1 the file is automatically
removed on import.
routeros-7.15rc1-1 | Christian Hesse | 1 | -1/+1 |
2024-04-19 | netwatch-notify: allow to suppress resolve failure | Christian Hesse | 2 | -1/+10 |
2024-04-19 | mod/notification-telegram: string protocol for display | Christian Hesse | 1 | -2/+5 |
2024-04-19 | mod/notification-matrix: string protocol for display | Christian Hesse | 1 | -2/+4 |
2024-04-19 | global-functions: introduce $ProtocolStrip | Christian Hesse | 1 | -0/+12 |
2024-04-18 | mod/notification-matrix: ... and more double escaping | Christian Hesse | 1 | -2/+2 |
2024-04-18 | mod/notification-matrix: fix double escaping•••That was introduced with 2a232ad2f5eef4b60c97306ef731bc5883bf5cfb when
switching to :serialize...
| Christian Hesse | 1 | -17/+11 |
2024-04-15 | certificate-renew-issued: use single quotes | Christian Hesse | 1 | -3/+3 |
2024-04-15 | global-functions: $CertificateDownload: use single quotes | Christian Hesse | 1 | -2/+2 |
2024-04-15 | global-functions: $CertificateAvailable: use single quotes | Christian Hesse | 1 | -3/+3 |
2024-04-15 | gps-track: use custom user agent string | Christian Hesse | 1 | -3/+4 |
2024-04-15 | gps-track: generate JSON with :serializerouteros-7.13-8 | Christian Hesse | 1 | -5/+2 |
2024-04-15 | mod/notification-matrix: generate JSON with :serializerouteros-7.13-7 | Christian Hesse | 1 | -13/+11 |
2024-04-15 | mod/notification-matrix: use custom user agent string | Christian Hesse | 1 | -7/+15 |
2024-04-15 | mod/notification-ntfy: use custom user agent string | Christian Hesse | 1 | -1/+3 |
2024-04-15 | mod/notification-ntfy: support basic auth•••Closes #59
change-127 | Christian Hesse | 5 | -4/+20 |
2024-04-11 | global-functions: $ScriptFromTerminal: check multiple invocations...•••... and return false.
We can not tell which job is us... So better safe than sorry.
| Christian Hesse | 1 | -1/+6 |
2024-04-11 | global-functions: $ScriptLock: break long lines | Christian Hesse | 1 | -2/+5 |
2024-04-11 | global-functions: $ScriptLock: degrade message to debug | Christian Hesse | 1 | -2/+2 |
2024-04-10 | mod/notification-telegram: $SendTelegram: set origin | Christian Hesse | 1 | -1/+1 |
2024-04-10 | mod/notification-ntfy: $SendNtfy: set origin | Christian Hesse | 1 | -1/+1 |
2024-04-10 | mod/notification-matrix: $SendMatrix: set origin | Christian Hesse | 1 | -1/+1 |
2024-04-10 | mod/notification-email: $SendEMail: set origin | Christian Hesse | 1 | -1/+1 |
2024-04-10 | global-functions: $SendNotification: set origin | Christian Hesse | 1 | -1/+1 |
2024-04-07 | global-functions: $HumanReadableNum: indicate binary base...•••... and update scripts to match the change.
| Christian Hesse | 4 | -7/+11 |
2024-04-07 | global-functions: drop $LogPrintExit2 | Christian Hesse | 1 | -22/+0 |
2024-04-07 | bump RouterOS requirement for all scripts and modules...•••... now that global-functions requires RouterOS 7.13 anyway.
routeros-7.13-6 | Christian Hesse | 110 | -104/+116 |
2024-04-07 | Merge branch 'fw-addr-lists' into next | Christian Hesse | 2 | -37/+65 |
2024-04-07 | fw-addr-lists: break long lines | Christian Hesse | 1 | -4/+8 |
2024-04-07 | fw-addr-lists: show count of active addresses | Christian Hesse | 1 | -0/+1 |
2024-04-07 | fw-addr-lists: human readable numbers for counts | Christian Hesse | 1 | -2/+4 |
2024-04-07 | fw-addr-lists: rework log messages, always include list name | Christian Hesse | 1 | -13/+26 |