Age | Commit message (Expand) | Author | Files | Lines |
2024-06-21 | notify on changes regarding certificateschange-130 | Christian Hesse | 1 | -1/+1 |
2024-06-21 | certs: GTS CA 1C3 / GTS CA 1P5 -> GTS Root R1 | Christian Hesse | 1 | -1/+1 |
2024-06-21 | certs: R3 / R10 -> ISRG Root X1 | Christian Hesse | 1 | -1/+1 |
2024-06-21 | certs: E1 / E5 -> ISRG Root X2•••In the beginning of Let's Encrypt their root certificate ISRG Root X1
was not widely trusted, at least some older and/or mobile platforms were
missing that certificate in their root certificate store.
At that time Let's Encrypt was using an alternative chain of trust,
where a certificate was cross-signed with DST Root CA X3.
To make sure a valid chain of trust is available under all circumstances
a set of all certificates had to be supplied: both root vertificates
ISRG Root X1 & DST Root CA X3, and an intermediate certificate.
This was still true after DST Root CA X3 expired, as it could still be
used as a root anchor and was shipped by Let's Encrypt when requested. 🤪
This time is finally over, and we have a clean chain for trust ending in
ISRG Root X1 (or ISRG Root X2).
Well, actually it is the other way round... Let's Encrypt signs with
different tantamount intermediate certificates. There is not only E5, but
also E6 - and we can not know beforehand which one is used on renew.
So let's jetzt drop the intermediate certificates now, and rely on root
certificates only. We are perfectly fine with this these days.
Follow-up commits will do the same for *all* certificates.
The certificate is downloaded with:
curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
| Christian Hesse | 1 | -1/+1 |
2024-06-19 | Let's Encrypt changed their intermediate certificates•••https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/
But let's keep the old ones around for now, as some sites are still
using the old intermediate.
| Christian Hesse | 1 | -1/+1 |
2024-06-01 | global-functions: $CleanName: no exception for dash...•••... as we still want to deduplicate it when it is inside the input
string. This also unbreak certificate import for "Go Daddy Secure
Certificate Authority - G2" (and more)...
| Christian Hesse | 1 | -1/+1 |
2024-05-23 | backup-partition: news on support for copy-overchange-129 | Christian Hesse | 1 | -1/+1 |
2024-05-15 | global-functions: $IsTimeSync: initialize with uptime...•••... to make sure the warning is not issued too early.
| Christian Hesse | 1 | -2/+2 |
2024-05-14 | fw-addr-lists: add 'strongips' list from blocklist.dechange-128 | Christian Hesse | 1 | -1/+1 |
2024-05-08 | global-functions: $IsTimeSync: add (one time) warning on failed ntp sync | Christian Hesse | 1 | -0/+1 |
2024-05-08 | global-functions: $IsTimeSync: log just once | Christian Hesse | 1 | -3/+3 |
2024-04-29 | global-functions: $WaitForFile: drop extra conversion | Christian Hesse | 1 | -1/+1 |
2024-04-29 | global-functions: $WaitForFile: respect minimum delay | Christian Hesse | 1 | -1/+2 |
2024-04-29 | global-functions: $WaitForFile: use fewer steps | Christian Hesse | 1 | -2/+2 |
2024-04-29 | global-functions: $CleanName: do not start with a dash | Christian Hesse | 1 | -4/+12 |
2024-04-29 | global-functions: $FetchHuge: remove temporary directory | Christian Hesse | 1 | -4/+5 |
2024-04-19 | global-functions: $CertificateDownload: remove with find...•••... to make sure this does not break when the file does no longer
exist. Starting with RouterOS 7.15rc1 the file is automatically
removed on import.
routeros-7.15rc1-1 | Christian Hesse | 1 | -1/+1 |
2024-04-19 | global-functions: introduce $ProtocolStrip | Christian Hesse | 1 | -0/+12 |
2024-04-15 | global-functions: $CertificateDownload: use single quotes | Christian Hesse | 1 | -2/+2 |
2024-04-15 | global-functions: $CertificateAvailable: use single quotes | Christian Hesse | 1 | -3/+3 |
2024-04-15 | mod/notification-ntfy: support basic auth•••Closes #59
change-127 | Christian Hesse | 1 | -1/+1 |
2024-04-11 | global-functions: $ScriptFromTerminal: check multiple invocations...•••... and return false.
We can not tell which job is us... So better safe than sorry.
| Christian Hesse | 1 | -1/+6 |
2024-04-11 | global-functions: $ScriptLock: break long lines | Christian Hesse | 1 | -2/+5 |
2024-04-11 | global-functions: $ScriptLock: degrade message to debug | Christian Hesse | 1 | -2/+2 |
2024-04-10 | global-functions: $SendNotification: set origin | Christian Hesse | 1 | -1/+1 |
2024-04-07 | global-functions: $HumanReadableNum: indicate binary base...•••... and update scripts to match the change.
| Christian Hesse | 1 | -2/+6 |
2024-04-07 | global-functions: drop $LogPrintExit2 | Christian Hesse | 1 | -22/+0 |
2024-04-06 | global-functions: $FetchHuge: remove file on failed download | Christian Hesse | 1 | -0/+3 |
2024-04-06 | global-functions: $FetchHuge: make sure to work with clean file names | Christian Hesse | 1 | -3/+4 |
2024-04-06 | global-functions: $FetchHuge: control check-certificate with parameter | Christian Hesse | 1 | -3/+7 |
2024-04-06 | global-functions: $FetchHuge: use custom user agent string | Christian Hesse | 1 | -1/+3 |
2024-04-06 | global-functions: introduce $FetchHugerouteros-7.13-4 | Christian Hesse | 1 | -1/+38 |
2024-04-02 | global-functions: drop $ParseJson | Christian Hesse | 1 | -61/+0 |
2024-04-01 | telegram-chat: read file content...•••... instead of getting it. This lifts the size limit, though we are
still limited by Telegram message size.
This requires RouterOS 7.13.
routeros-7.13-2change-126 | Christian Hesse | 1 | -1/+1 |
2024-03-31 | news on charge and fees | Christian Hesse | 1 | -1/+1 |
2024-03-29 | global-functions: rename $FetchUserAgent -> $FetchUserAgentStr•••... to make sure the function does not clash with the variable we had before,
as this causes issue with news and changes notification.
| Christian Hesse | 1 | -7/+7 |
2024-03-27 | global-functions: $HumanReadableNum: set declared function only | Christian Hesse | 1 | -1/+1 |
2024-03-27 | global-functions: $AlignRight: set declared function only | Christian Hesse | 1 | -1/+1 |
2024-03-27 | global-functions: $FetchUserAgent: set declared function only | Christian Hesse | 1 | -1/+1 |
2024-03-27 | global-functions: $LogPrintOnce: detect and warn on possible crash | Christian Hesse | 1 | -0/+5 |
2024-03-26 | global-functions: $LogPrintOnce: indicate action via return | Christian Hesse | 1 | -1/+2 |
2024-03-21 | telegram-chat: improve readability with symbols | Christian Hesse | 1 | -0/+1 |
2024-03-16 | global-functions: $CertificateDownload: download via clean name...•••... and rename certificates in repository.
| Christian Hesse | 1 | -9/+8 |
2024-03-16 | global-functions: generate user agent string in function...•••... and add the caller and my shortened url.
| Christian Hesse | 1 | -11/+16 |
2024-03-15 | global-functions: $LogPrintExit2: add deprecation warning | Christian Hesse | 1 | -0/+4 |
2024-03-15 | global-functions: $ScriptInstallUpdate: use shorter url | Christian Hesse | 1 | -1/+1 |
2024-03-14 | global-functions: $SymbolByUnicodeName: add these for later use | Christian Hesse | 1 | -0/+3 |
2024-03-13 | netwatch-notify: pass link to notification•••This is pass verbatim below the notification text.
change-124 | Christian Hesse | 1 | -1/+1 |
2024-03-12 | global-functions: switch to $LogPrint | Christian Hesse | 1 | -80/+82 |
2024-03-12 | global-functions: introduce $LogPrint, deprecate $LogPrintExit2change-123 | Christian Hesse | 1 | -4/+17 |
2024-03-12 | global-functions: $LogPrintOnce: drop support for exit•••This is not widely adopted or used, so let's just drop it - no
compatibility.
| Christian Hesse | 1 | -5/+4 |
2024-03-12 | global-functions: add architecture in user-agent string | Christian Hesse | 1 | -1/+6 |
2024-03-12 | global-config: support loading snippets•••This adds support for loading snippets, which need a name starting with
"global-config-overlay.d/". This allows to split off configuration if
desired.
change-122 | Christian Hesse | 1 | -1/+1 |
2024-03-12 | news on wifiwave2 EOLchange-121 | Christian Hesse | 1 | -1/+1 |
2024-03-12 | backup-cloud: catch error with :execute workaround•••Catching a runtime error here fails... So let's try a workaround
with :execute...
change-120 | Christian Hesse | 1 | -1/+1 |
2024-03-12 | global-functions: $ScriptLock: fix wording...•••... as this does (no longer) abort.
| Christian Hesse | 1 | -1/+1 |
2024-03-12 | global-functions: $ScriptLock: do not exit from global function | Christian Hesse | 1 | -5/+4 |
2024-03-12 | global-functions: $DownloadPackage: do not exit from global function | Christian Hesse | 1 | -1/+2 |
2024-03-12 | global-functions: use variable name $ScriptName | Christian Hesse | 1 | -2/+2 |
2024-02-29 | fw-addr-lists: add support for IPv6change-119 | Christian Hesse | 1 | -1/+1 |
2024-01-31 | global-functions: $CertificateNameByCN: use $CleanName | Christian Hesse | 1 | -3/+2 |
2024-01-31 | global-functions: introduce $CleanName | Christian Hesse | 1 | -0/+19 |
2024-01-31 | global-functions: $MkDir: drop declaration of unused functions | Christian Hesse | 1 | -2/+0 |
2024-01-31 | global-functions: $IsDNSResolving: drop declaration of unused function | Christian Hesse | 1 | -2/+0 |
2024-01-30 | global-functions: $ScriptInstallUpdate: warn just once...•••... for every script on required RouterOS version.
| Christian Hesse | 1 | -1/+2 |
2024-01-30 | global-functions: use :jobname to get script name | Christian Hesse | 1 | -1/+1 |
2024-01-30 | send a warning on storage sizechange-118 | Christian Hesse | 1 | -1/+1 |
2024-01-30 | packages-update: support deferred reboot on auto-update•••Closes #56
change-117 | Christian Hesse | 1 | -1/+1 |
2024-01-30 | global-functions: $RandomDelay: always scale to ms...•••... to randomize in friction of unit.
This requires :tonsec from RouterOS 7.12.
routeros-7.12-1 | Christian Hesse | 1 | -2/+3 |
2024-01-29 | global-functions: $RandomDelay: allow zero time, return immediately | Christian Hesse | 1 | -0/+4 |
2024-01-29 | global-functions: $RandomDelay: name the parameters | Christian Hesse | 1 | -1/+4 |
2024-01-20 | global-functions: $SymbolByUnicodeName: log warning on missing name | Christian Hesse | 1 | -0/+7 |
2024-01-20 | global-functions: $SymbolByUnicodeName: name the parameter | Christian Hesse | 1 | -1/+3 |
2024-01-18 | global-functions: log successful loading | Christian Hesse | 1 | -0/+5 |
2024-01-18 | global-functions: $LogPrintOnce: support exit | Christian Hesse | 1 | -1/+2 |
2024-01-16 | global-functions: $HexToNum: use :tonum | Christian Hesse | 1 | -7/+5 |
2024-01-08 | global-functions: $CertificateDownload: move delay up•••We still had cases where fetch misbehaves... But this was permanent.
Perhaps we should not touch the certificate too early...
| Christian Hesse | 1 | -1/+1 |
2024-01-01 | update copyright for 2024 | Christian Hesse | 1 | -1/+1 |
2023-12-22 | global-functions: $GetMacVendor: get new certificate•••The service now uses: GTS CA 1P5 -> GTS Root R1
| Christian Hesse | 1 | -1/+1 |
2023-12-05 | mention the donation hint...change-116 | Christian Hesse | 1 | -1/+3 |
2023-12-05 | celebrating ✨⭐ 1.000 stars ⭐✨ on Github!change-115 | Christian Hesse | 1 | -1/+2 |
2023-12-04 | global-functions: $FormatLine: use $CharacterMultiply | Christian Hesse | 1 | -1/+3 |
2023-12-04 | global-functions: $AlignRight: use $CharacterMultiply | Christian Hesse | 1 | -1/+2 |
2023-12-04 | global-functions: introduce $CharacterMultiply | Christian Hesse | 1 | -0/+10 |
2023-12-04 | global-functions: $DeviceInfo: add SNMP location and contact | Christian Hesse | 1 | -1/+6 |
2023-11-30 | global-functions: introduce $MIN | Christian Hesse | 1 | -0/+7 |
2023-11-30 | global-functions: introduce $MAX | Christian Hesse | 1 | -0/+7 |
2023-11-30 | global-functions: $SymbolByUnicodeName: rename up-arrow -> arrow-up•••... so arrows are grouped in case we add more.
| Christian Hesse | 1 | -1/+1 |
2023-11-30 | global-functions: $SymbolForNotification: properly append space to alt text | Christian Hesse | 1 | -2/+3 |
2023-11-23 | global-functions: introduce $AlignRight | Christian Hesse | 1 | -0/+14 |
2023-11-15 | global-functions: introduce $HumanReadableNum | Christian Hesse | 1 | -0/+31 |
2023-11-15 | notify about parted scripts for wifi packagechange-114 | Christian Hesse | 1 | -1/+1 |
2023-11-09 | global-functions: drop $Read•••... which is no longer required now that RouterOS 7.12beta1
provides /terminal/ask.
| Christian Hesse | 1 | -6/+0 |
2023-11-09 | mod/notification-matrix: introduce $SetupMatrix{Authenticate,JoinRoom} for setup•••Well, now that we have a JSON parser... Let's improve the user
experience a bit.
change-113 | Christian Hesse | 1 | -1/+1 |
2023-11-09 | mod/ssh-keys-import: calculate fingerprint...•••... and store it in key-owner, which is descriptive only.
This requires RouterOS 7.12beta1 for the 'transform' property
for ':convert' command.
routeros-7.12beta1-2change-112 | Christian Hesse | 1 | -1/+1 |
2023-11-07 | global-functions: $ParseDate: drop code for old format...•••... and increase required RouterOS.
We should probably wait some time before merging this: Even current
versions have some hidden places with old format:
[admin@MikroTik] > /system/resource/print
[...]
version: 7.10.2 (stable)
build-time: Jul/12/2023 09:45:11
[...]
(Though this is written with capital letter and fails anyway...)
Something similar goes for `/ip/neighbor`, where format depends on
remote devices. Does anybody need to parse this?
routeros-7.10beta5-2 | Christian Hesse | 1 | -10/+1 |
2023-10-27 | dhcp-to-dns: allow multiple records for one mac address•••Now that we can have differnt name suffixes via networks it makes sense
to allow multiple records for one mac address.
Also update the wording for messages...
change-111 | Christian Hesse | 1 | -1/+1 |
2023-10-27 | global-functions: introduce $LogPrintOnce•••This does work just like $LogPrintExit2, except it acts just *once* for
each message, until device is rebooted.
| Christian Hesse | 1 | -0/+23 |
2023-10-26 | global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)•••old chain: R3 / ISRG Root X1
new chain: E1 / ISRG Root X2
No user interaction or migration is required for existing installations
as we install 'E1' and 'ISRG Root X2' for some time already.
| Christian Hesse | 1 | -4/+0 |
2023-10-25 | global-functions: $ParseJson: prevent infinite loop...•••... which could happen on corrupted or truncated input.
| Christian Hesse | 1 | -2/+4 |