Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2024-07-04 | global-functions: $MkDir: enable tmpfs if disabled | Christian Hesse | 1 | -1/+6 | |
2024-07-02 | global-functions: $GetMacVendor: cert 'GTS Root R4' | Christian Hesse | 2 | -1/+21 | |
2024-06-25 | check-certificates: limit scope for $CertNew... | Christian Hesse | 1 | -4/+3 | |
... into block where certificate is replaced. This should unbreak renewing with a certificate updated in place. | |||||
2024-06-21 | global-functions: $CertificateDownload: try fallback to mkcert.orgchange-131 | Christian Hesse | 2 | -11/+31 | |
There's a nice API that allows to download certificate by exact common name. Let's use that, as a fallback at least. https://mkcert.org/ | |||||
2024-06-21 | Merge branch 'root-certificates' into next | Christian Hesse | 36 | -2456/+334 | |
2024-06-21 | notify on changes regarding certificateschange-130 | Christian Hesse | 2 | -1/+2 | |
2024-06-21 | certs: DigiCert TLS Hybrid ECC SHA384 2020 CA1 -> DigiCert Global Root CA | Christian Hesse | 3 | -175/+30 | |
This is used by Cloudflare DNS Quard9 (9.9.9.9). $CertificateAvailable "DigiCert Global Root CA"; /ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes; | |||||
2024-06-21 | certs: DigiCert Global G2 TLS RSA SHA256 2020 CA1 -> DigiCert Global Root G2 | Christian Hesse | 3 | -183/+30 | |
This is used by Cloudflare DNS (1.1.1.1). $CertificateAvailable "DigiCert Global Root G2"; /ip/dns/set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes; | |||||
2024-06-21 | certs: Go Daddy Secure Certificate Authority - G2 -> Go Daddy Root ↵ | Christian Hesse | 4 | -180/+32 | |
Certificate Authority - G2 | |||||
2024-06-21 | certs: GTS CA 1C3 / GTS CA 1P5 -> GTS Root R1 | Christian Hesse | 5 | -482/+40 | |
2024-06-21 | certs: Starfield Secure Certificate Authority - G2 -> Starfield Root ↵ | Christian Hesse | 3 | -180/+31 | |
Certificate Authority - G2 | |||||
2024-06-21 | certs: Cloudflare Inc ECC CA-3 -> Baltimore CyberTrust Root | Christian Hesse | 3 | -165/+30 | |
2024-06-21 | certs: Certum Domain Validation CA SHA2 -> Certum Trusted Network CA | Christian Hesse | 3 | -177/+30 | |
2024-06-21 | certs: GlobalSign Atlas R3 DV TLS CA 2022 Q3 -> GlobalSign | Christian Hesse | 3 | -179/+30 | |
2024-06-21 | certs: R3 / R10 -> ISRG Root X1 | Christian Hesse | 6 | -471/+41 | |
2024-06-21 | certs: E1 / E5 -> ISRG Root X2 | Christian Hesse | 10 | -263/+38 | |
In the beginning of Let's Encrypt their root certificate ISRG Root X1 was not widely trusted, at least some older and/or mobile platforms were missing that certificate in their root certificate store. At that time Let's Encrypt was using an alternative chain of trust, where a certificate was cross-signed with DST Root CA X3. To make sure a valid chain of trust is available under all circumstances a set of all certificates had to be supplied: both root vertificates ISRG Root X1 & DST Root CA X3, and an intermediate certificate. This was still true after DST Root CA X3 expired, as it could still be used as a root anchor and was shipped by Let's Encrypt when requested. 🤪 This time is finally over, and we have a clean chain for trust ending in ISRG Root X1 (or ISRG Root X2). Well, actually it is the other way round... Let's Encrypt signs with different tantamount intermediate certificates. There is not only E5, but also E6 - and we can not know beforehand which one is used on renew. So let's jetzt drop the intermediate certificates now, and rely on root certificates only. We are perfectly fine with this these days. Follow-up commits will do the same for *all* certificates. The certificate is downloaded with: curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem | |||||
2024-06-20 | doc/mod/notification-matrix: drop certificate hint... | Christian Hesse | 1 | -3/+0 | |
... as matrix.org switched to Let's Encrypt with ISRG Root X2. | |||||
2024-06-19 | Let's Encrypt changed their intermediate certificates | Christian Hesse | 8 | -16/+366 | |
https://letsencrypt.org/2024/03/19/new-intermediate-certificates https://letsencrypt.org/certificates/ But let's keep the old ones around for now, as some sites are still using the old intermediate. | |||||
2024-06-11 | unattended-lte-firmware-upgrade: check on valid version first | Christian Hesse | 1 | -1/+2 | |
2024-06-11 | unattended-lte-firmware-upgrade: drop the AT reset | Christian Hesse | 1 | -2/+1 | |
The AT command to reset is specific to modem. So this worked for some only... Let's just drop it, and update the log message. | |||||
2024-06-11 | unattended-lte-firmware-upgrade: omit just another once | Christian Hesse | 1 | -1/+1 | |
2024-06-10 | backup-cloud: remove trailing spaces | Christian Hesse | 1 | -1/+1 | |
How did I produce these!? 😳 | |||||
2024-06-10 | unattended-lte-firmware-upgrade: omit once | netravnen | 1 | -1/+1 | |
Omit `once` from the `/interface/lte/firmware-upgrade` command to make sure it does acutally return a valid result. Fixes #69 | |||||
2024-06-10 | check-lte-firmware-upgrade: omit once | netravnen | 1 | -1/+1 | |
Omit `once` from the `/interface/lte/firmware-upgrade` command to make sure it does acutally return a valid result. | |||||
2024-06-05 | backup-cloud: log note on previous connection errors | Christian Hesse | 1 | -0/+4 | |
2024-06-01 | global-functions: $CleanName: no exception for dash... | Christian Hesse | 1 | -1/+1 | |
... as we still want to deduplicate it when it is inside the input string. This also unbreak certificate import for "Go Daddy Secure Certificate Authority - G2" (and more)... | |||||
2024-05-25 | telegram-chat: drop extra parenthesis | Christian Hesse | 1 | -3/+3 | |
2024-05-24 | telegram-chat: convert the message (command) to string | Christian Hesse | 1 | -10/+11 | |
RouterOS 7.15beta4 fixed a bug in JSON parser: *) console - do not convert string to array in ":deserialize" command; Before that change commands with a comma caused very crazy issues. Let's convert the message to a string. This does not give exactly the expected result, but mitigates telegram-chat to explode. A command like... /ip/address/print proplist=address,network; ... is converted to... /ip/address/print proplist=address;network; ... and results in: Columns: ADDRESS # ADDRESS 0 10.0.0.1/24 1 127.0.0.1/8 bad command name network (line 1 column 36) | |||||
2024-05-23 | Merge branch 'backup-partition' into next | Christian Hesse | 5 | -4/+66 | |
2024-05-23 | backup-partition: news on support for copy-overchange-129 | Christian Hesse | 2 | -1/+2 | |
2024-05-23 | doc/backup-upload: fix link for backup-partition | Christian Hesse | 1 | -1/+1 | |
2024-05-23 | backup-partition: support copy before feature update | Christian Hesse | 3 | -3/+30 | |
2024-05-23 | doc/backup-email: fix link for backup-partition | Christian Hesse | 1 | -1/+1 | |
2024-05-23 | backup-partition: move code to a local function | Christian Hesse | 1 | -5/+17 | |
2024-05-23 | doc/backup-cloud: fix link for backup-partition | Christian Hesse | 1 | -1/+1 | |
2024-05-23 | backup-partition: support RouterOS copy-over... | Christian Hesse | 2 | -3/+25 | |
... when run interactively from CLI. | |||||
2024-05-15 | daily-psk: quote ssid and passphrase | Christian Hesse | 4 | -4/+4 | |
2024-05-15 | daily-psk: decrease indention in notification | Christian Hesse | 4 | -12/+12 | |
2024-05-15 | daily-psk: adopt syntax changesrouteros-7.15beta8-1 | Christian Hesse | 4 | -2/+6 | |
RouterOS 7.15beta8 came with this change: *) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values; While the old code is bad syntax with RouterOS 7.15, the new code is valid for older RouterOS, but produces different (and more or less unexpected) results. 🥴 Let's use the new code, and add a check on the RouterOS version. With old RouterOS this now sends the notification even if the interface is disabled. | |||||
2024-05-15 | global-functions: $IsTimeSync: initialize with uptime... | Christian Hesse | 1 | -2/+2 | |
... to make sure the warning is not issued too early. | |||||
2024-05-14 | fw-addr-lists: add 'strongips' list from blocklist.dechange-128 | Christian Hesse | 5 | -3/+182 | |
2024-05-08 | global-functions: $IsTimeSync: add (one time) warning on failed ntp sync | Christian Hesse | 1 | -0/+1 | |
2024-05-08 | global-functions: $IsTimeSync: log just once | Christian Hesse | 1 | -3/+3 | |
2024-04-29 | global-functions: $WaitForFile: drop extra conversion | Christian Hesse | 1 | -1/+1 | |
2024-04-29 | global-functions: $WaitForFile: respect minimum delay | Christian Hesse | 1 | -1/+2 | |
2024-04-29 | global-functions: $WaitForFile: use fewer steps | Christian Hesse | 1 | -2/+2 | |
2024-04-29 | telegram-chat: shorten the message | Christian Hesse | 1 | -1/+1 | |
2024-04-29 | mod/notification-telegram: format percentage italic | Christian Hesse | 1 | -2/+2 | |
2024-04-29 | mod/notification-telegram: format date & time italic | Christian Hesse | 1 | -2/+2 | |
2024-04-29 | mod/notification-telegram: support excluding characters from escaping... | Christian Hesse | 1 | -1/+4 | |
... to support formatting in plain text. Handle with care, this can break the request if done wrong! | |||||
2024-04-29 | mod/notification-telegram: use proper variable naming... | Christian Hesse | 1 | -7/+9 | |
... in local escaping function. | |||||
2024-04-29 | mod/notification-telegram: capitalize Telegram in message | Christian Hesse | 1 | -1/+1 | |
2024-04-29 | mod/notification-matrix: format date & time italic | Christian Hesse | 1 | -5/+6 | |
2024-04-29 | global-functions: $CleanName: do not start with a dash | Christian Hesse | 1 | -4/+12 | |
2024-04-29 | mod/ssh-keys-import: remove temporary directory | Christian Hesse | 1 | -0/+2 | |
2024-04-29 | mod/ssh-keys-import: create directory later | Christian Hesse | 1 | -5/+5 | |
2024-04-29 | global-functions: $FetchHuge: remove temporary directory | Christian Hesse | 1 | -4/+5 | |
2024-04-29 | backup-cloud: retry on error... | Christian Hesse | 1 | -12/+16 | |
Let's see if brute force helps. 🤪 | |||||
2024-04-29 | backup-cloud: clean up and simplify code | Christian Hesse | 1 | -6/+4 | |
2024-04-29 | backup-cloud: no early exit... | Christian Hesse | 1 | -1/+0 | |
... as we want to make sure the directory (and its content) is removed. | |||||
2024-04-29 | backup-upload: no early exit... | Christian Hesse | 1 | -1/+0 | |
2024-04-23 | backup-upload: remove temporary directory | Christian Hesse | 1 | -0/+1 | |
2024-04-23 | netwatch-notify: log to debug... | Christian Hesse | 1 | -2/+3 | |
... instead of discarding the message completely. | |||||
2024-04-19 | README: show fingerprints in output | Christian Hesse | 2 | -1/+1 | |
This is not scrictly necessary, as we filter by fingerprint already... But it gives better overview and feeling. | |||||
2024-04-19 | README: remove left over certificate file | Christian Hesse | 1 | -1/+2 | |
But use find as RouterOS 7.15rc1 removes it automatically. | |||||
2024-04-19 | INITIAL-COMMANDS: remove the certificate file with findrouteros-7.15rc1-2 | Christian Hesse | 1 | -1/+1 | |
Required as RouterOS 7.15rc1 removes it automatically. | |||||
2024-04-19 | global-functions: $CertificateDownload: remove with find...routeros-7.15rc1-1 | Christian Hesse | 1 | -1/+1 | |
... to make sure this does not break when the file does no longer exist. Starting with RouterOS 7.15rc1 the file is automatically removed on import. | |||||
2024-04-19 | netwatch-notify: allow to suppress resolve failure | Christian Hesse | 2 | -1/+10 | |
2024-04-19 | mod/notification-telegram: string protocol for display | Christian Hesse | 1 | -2/+5 | |
2024-04-19 | mod/notification-matrix: string protocol for display | Christian Hesse | 1 | -2/+4 | |
2024-04-19 | global-functions: introduce $ProtocolStrip | Christian Hesse | 1 | -0/+12 | |
2024-04-18 | mod/notification-matrix: ... and more double escaping | Christian Hesse | 1 | -2/+2 | |
2024-04-18 | mod/notification-matrix: fix double escaping | Christian Hesse | 1 | -17/+11 | |
That was introduced with 2a232ad2f5eef4b60c97306ef731bc5883bf5cfb when switching to :serialize... | |||||
2024-04-15 | certificate-renew-issued: use single quotes | Christian Hesse | 1 | -3/+3 | |
2024-04-15 | global-functions: $CertificateDownload: use single quotes | Christian Hesse | 1 | -2/+2 | |
2024-04-15 | global-functions: $CertificateAvailable: use single quotes | Christian Hesse | 1 | -3/+3 | |
2024-04-15 | gps-track: use custom user agent string | Christian Hesse | 1 | -3/+4 | |
2024-04-15 | gps-track: generate JSON with :serializerouteros-7.13-8 | Christian Hesse | 1 | -5/+2 | |
2024-04-15 | mod/notification-matrix: generate JSON with :serializerouteros-7.13-7 | Christian Hesse | 1 | -13/+11 | |
2024-04-15 | mod/notification-matrix: use custom user agent string | Christian Hesse | 1 | -7/+15 | |
2024-04-15 | mod/notification-ntfy: use custom user agent string | Christian Hesse | 1 | -1/+3 | |
2024-04-15 | mod/notification-ntfy: support basic authchange-127 | Christian Hesse | 5 | -4/+20 | |
Closes #59 | |||||
2024-04-11 | global-functions: $ScriptFromTerminal: check multiple invocations... | Christian Hesse | 1 | -1/+6 | |
... and return false. We can not tell which job is us... So better safe than sorry. | |||||
2024-04-11 | global-functions: $ScriptLock: break long lines | Christian Hesse | 1 | -2/+5 | |
2024-04-11 | global-functions: $ScriptLock: degrade message to debug | Christian Hesse | 1 | -2/+2 | |
2024-04-10 | mod/notification-telegram: $SendTelegram: set origin | Christian Hesse | 1 | -1/+1 | |
2024-04-10 | mod/notification-ntfy: $SendNtfy: set origin | Christian Hesse | 1 | -1/+1 | |
2024-04-10 | mod/notification-matrix: $SendMatrix: set origin | Christian Hesse | 1 | -1/+1 | |
2024-04-10 | mod/notification-email: $SendEMail: set origin | Christian Hesse | 1 | -1/+1 | |
2024-04-10 | global-functions: $SendNotification: set origin | Christian Hesse | 1 | -1/+1 | |
2024-04-07 | global-functions: $HumanReadableNum: indicate binary base... | Christian Hesse | 4 | -7/+11 | |
... and update scripts to match the change. | |||||
2024-04-07 | global-functions: drop $LogPrintExit2 | Christian Hesse | 1 | -22/+0 | |
2024-04-07 | bump RouterOS requirement for all scripts and modules...routeros-7.13-6 | Christian Hesse | 110 | -104/+116 | |
... now that global-functions requires RouterOS 7.13 anyway. | |||||
2024-04-07 | Merge branch 'fw-addr-lists' into next | Christian Hesse | 2 | -37/+65 | |
2024-04-07 | fw-addr-lists: break long lines | Christian Hesse | 1 | -4/+8 | |
2024-04-07 | fw-addr-lists: show count of active addresses | Christian Hesse | 1 | -0/+1 | |
2024-04-07 | fw-addr-lists: human readable numbers for counts | Christian Hesse | 1 | -2/+4 | |
2024-04-07 | fw-addr-lists: rework log messages, always include list name | Christian Hesse | 1 | -13/+26 | |
2024-04-07 | fw-addr-lists: add debug message on successful download | Christian Hesse | 1 | -0/+3 | |
2024-04-07 | fw-addr-lists: try with less regexp matches | Christian Hesse | 1 | -8/+15 | |