packages-update: drop RouterOS version check...

... and allow all updates again. This requires RouterOS 7.13.

BRANCHES.md

@@ -0,0 +1,43 @@
+Installing from branches
+========================
+
+[⬅️ Go back to main README](README.md)
+
+> ⚠️ **Warning**: Living on the edge? Great, read on!
+> If not: Please use the `main` branch and leave this page!
+
+These scripts are developed in a [git](https://git-scm.com/) repository.
+Development and experimental branches are used to provide early access
+for specific changes. You can install scripts from these branches
+for testing.
+
+## Install single script
+
+To install a single script from `next` branch:
+
+    $ScriptInstallUpdate script-name "url-suffix=?h=next";
+
+## Switch existing script
+
+Alternatively switch an existing script to update from `next` branch:
+
+    /system/script/set comment="url-suffix=?h=next" script-name;
+    $ScriptInstallUpdate;
+
+## Switch installation
+
+Last but not least - to switch the complete installation to the `next`
+branch edit `global-config-overlay` and add:
+
+    :global ScriptUpdatesUrlSuffix "?h=next";
+
+... then reload the configuration and update:
+
+    /system/script/run global-config;
+    $ScriptInstallUpdate;
+
+> ℹ️ **Info**: Replace `next` with *whatever* to use another specific branch.
+
+---
+[⬅️ Go back to main README](README.md)  
+[⬆️ Go back to top](#top)

CONTRIBUTIONS.md

@@ -32,6 +32,7 @@ Add yourself to the list,
 * Harold Schoemaker
 * Hugo BV
 * Klaus Michael Rübsam
+* Leonardo Valeri Manera
 * Linux-Schmie.de Michael Gisbers
 * Manuel Kuhn
 * Marek Čábák

INITIAL-COMMANDS.md

@@ -18,10 +18,13 @@ Run the complete base installation:
       };
       /file/remove "letsencrypt-E1.pem";
       :delay 1s;
+      /system/script/set name=("global-config-overlay-" . [ /system/clock/get date ] . "-" . [ /system/clock/get time ]) [ find where name="global-config-overlay" ];
       :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
-        /system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data");
+        /system/script/remove [ find where name=$Script ];
+        /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data");
       };
       /system/script { run global-config; run global-functions; };
+      /system/scheduler/remove [ find where name="global-scripts" ];
       /system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
       :global CertificateNameByCN;
       $CertificateNameByCN "E1";
@@ -32,6 +35,14 @@ Then continue setup with
 [scheduled automatic updates](README.md#scheduled-automatic-updates) or
 [editing configuration](README.md#editing-configuration).
 
+## Fix existing installation
+
+The [initial commands](#initial-commands) above allow to fix an existing
+installation in case it ever breaks. If `global-config-overlay` did exist
+before it is renamed with a date and time suffix (like
+`global-config-overlay-2024-01-25-09:33:12`). Make sure to restore the
+configuration overlay if required.
+
 ---
 [⬅️ Go back to main README](README.md)  
 [⬆️ Go back to top](#top)

README.md

@@ -4,7 +4,7 @@ RouterOS Scripts
 [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
 [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
 [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.10-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.12-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
 [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
 [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
 
@@ -21,6 +21,8 @@ to manage RouterOS devices or extend their functionality.
 Requirements
 ------------
 
+### Software (RouterOS)
+
 Latest version of the scripts require recent RouterOS to function properly.
 Make sure to install latest updates before you begin. If new functionality
 or a breaking change in RouterOS `7.n` is used in my scripts I push my
@@ -32,6 +34,14 @@ Specific scripts may require even newer RouterOS version.
 > ℹ️ **Info**: The `main` branch is now RouterOS v7 only. If you are still
 > running RouterOS v6 switch to `routeros-v6` branch!
 
+### Hardware
+
+RouterOS packages increase in size with each release. This becomes a
+problem for devices with 16MB storage and below, those with an ARM CPU
+are specifically affected.
+
+Huge configuration and lots of scripts give an extra risk. **Take care!**
+
 Initial setup
 -------------
 
@@ -97,7 +107,7 @@ date and time is set correctly!
 
 Now let's download the main scripts and add them in configuration on the fly.
 
-    :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data"); };
+    :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data"); };
 
 ![screenshot: import scripts](README.d/04-import-scripts.avif)
 
@@ -215,7 +225,7 @@ Available scripts
 * [Download, import and update firewall address-lists](doc/fw-addr-lists.md)
 * [Wait for global functions und modules](doc/global-wait.md)
 * [Send GPS position to server](doc/gps-track.md)
-* [Use WPA2 network with hotspot credentials](doc/hotspot-to-wpa.md)
+* [Use WPA network with hotspot credentials](doc/hotspot-to-wpa.md)
 * [Create DNS records for IPSec peers](doc/ipsec-to-dns.md)
 * [Update configuration on IPv6 prefix change](doc/ipv6-update.md)
 * [Manage IP addresses with bridge status](doc/ip-addr-bridge.md)

accesslist-duplicates.capsman.rsc

@@ -3,14 +3,14 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# requires RouterOS, version=7.12beta1
+# requires RouterOS, version=7.12
 #
 # print duplicate antries in wireless access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "accesslist-duplicates.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

accesslist-duplicates.local.rsc

@@ -3,14 +3,14 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# requires RouterOS, version=7.12beta1
+# requires RouterOS, version=7.12
 #
 # print duplicate antries in wireless access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "accesslist-duplicates.local";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

accesslist-duplicates.template.rsc

@@ -3,7 +3,7 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# requires RouterOS, version=7.12beta1
+# requires RouterOS, version=7.12
 #
 # print duplicate antries in wireless access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
@@ -11,7 +11,7 @@
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "accesslist-duplicates%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

accesslist-duplicates.wifi.rsc

@@ -3,14 +3,14 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# requires RouterOS, version=7.12beta1
+# requires RouterOS, version=7.12
 #
 # print duplicate antries in wireless access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "accesslist-duplicates.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

accesslist-duplicates.wifiwave2.rsc

@@ -3,14 +3,14 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# requires RouterOS, version=7.12beta1
+# requires RouterOS, version=7.12
 #
 # print duplicate antries in wireless access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "accesslist-duplicates.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

backup-cloud.rsc

@@ -4,11 +4,12 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: backup-script, order=40
+# requires RouterOS, version=7.12
 #
 # upload backup to MikroTik cloud
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-cloud.md
 
-:local 0 "backup-cloud";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

backup-email.rsc

@@ -4,11 +4,12 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: backup-script, order=20
+# requires RouterOS, version=7.12
 #
 # create and email backup and config file
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-email.md
 
-:local 0 "backup-email";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -20,7 +21,7 @@
 :global Domain;
 :global Identity;
 
-:global CharacterReplace;
+:global CleanName;
 :global DeviceInfo;
 :global FormatLine;
 :global LogPrintExit2;
@@ -51,7 +52,7 @@ $WaitFullyConnected;
 
 # filename based on identity
 :local DirName ("tmpfs/" . $0);
-:local FileName [ $CharacterReplace ($Identity . "." . $Domain) "." "_" ];
+:local FileName [ $CleanName ($Identity . "." . $Domain) ];
 :local FilePath ($DirName . "/" . $FileName);
 :local BackupFile "none";
 :local ExportFile "none";

backup-partition.rsc

@@ -4,11 +4,12 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: backup-script, order=70
+# requires RouterOS, version=7.12
 #
 # save configuration to fallback partition
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-partition.md
 
-:local 0 "backup-partition";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -27,13 +28,18 @@ $ScriptLock $0;
   $LogPrintExit2 error $0 ("Device is not running from active partition.") true;
 }
 
-:local ActiveRunningVar [ /partitions/get $ActiveRunning ];
+:local FallbackTo [ /partitions/get $ActiveRunning fallback-to ];
 
 :do {
-  /partitions/save-config-to ($ActiveRunningVar->"fallback-to");
+  /system/scheduler/add start-time=startup name="running-from-backup-partition" \
+      on-event=(":log warning (\"Running from partition '\" . " . \
+      "[ /partitions/get [ find where running ] name ] . \"'!\")");
+  /partitions/save-config-to $FallbackTo;
+  /system/scheduler/remove "running-from-backup-partition";
   $LogPrintExit2 info $0 ("Saved configuration to partition '" . \
-      ($ActiveRunningVar->"fallback-to") . "'.") false;
+      $FallbackTo . "'.") false;
 } on-error={
+  /system/scheduler/remove [ find where name="running-from-backup-partition" ];
   $LogPrintExit2 error $0 ("Failed saving configuration to partition '" . \
-      ($ActiveRunningVar->"fallback-to") . "'!") true;
+      $FallbackTo . "'!") true;
 }

backup-upload.rsc

@@ -4,11 +4,12 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: backup-script, order=50
+# requires RouterOS, version=7.12
 #
 # create and upload backup and config file
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/backup-upload.md
 
-:local 0 "backup-upload";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -23,7 +24,7 @@
 :global Domain;
 :global Identity;
 
-:global CharacterReplace;
+:global CleanName;
 :global DeviceInfo;
 :global IfThenElse;
 :global LogPrintExit2;
@@ -50,7 +51,7 @@ $WaitFullyConnected;
 
 # filename based on identity
 :local DirName ("tmpfs/" . $0);
-:local FileName [ $CharacterReplace ($Identity . "." . $Domain) "." "_" ];
+:local FileName [ $CleanName ($Identity . "." . $Domain) ];
 :local FilePath ($DirName . "/" . $FileName);
 :local BackupFile "none";
 :local ExportFile "none";
@@ -138,7 +139,7 @@ $WaitFullyConnected;
 $SendNotification2 ({ origin=$0; \
   subject=[ $IfThenElse ($Failed > 0) \
     ([ $SymbolForNotification "floppy-disk,warning-sign" ] . "Backup & Config upload with failure") \
-    ([ $SymbolForNotification "floppy-disk,up-arrow" ] . "Backup & Config upload") ]; \
+    ([ $SymbolForNotification "floppy-disk,arrow-up" ] . "Backup & Config upload") ]; \
   message=("Backup and config export upload for " . $Identity . ".\n\n" . \
     [ $DeviceInfo ] . "\n\n" . \
     [ $FileInfo "Backup file" $BackupFile ] . "\n" . \

capsman-download-packages.capsman.rsc

@@ -4,12 +4,14 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # download and cleanup packages for CAP installation from CAPsMAN
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "capsman-download-packages.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

capsman-download-packages.template.rsc

@@ -4,13 +4,15 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # download and cleanup packages for CAP installation from CAPsMAN
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 #
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "capsman-download-packages%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

capsman-download-packages.wifi.rsc

@@ -4,12 +4,14 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # download and cleanup packages for CAP installation from CAPsMAN
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "capsman-download-packages.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

capsman-download-packages.wifiwave2.rsc

@@ -4,12 +4,14 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # download and cleanup packages for CAP installation from CAPsMAN
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "capsman-download-packages.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

capsman-rolling-upgrade.capsman.rsc

@@ -5,13 +5,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: capsman-rolling-upgrade
+# requires RouterOS, version=7.12
 #
 # upgrade CAPs one after another
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "capsman-rolling-upgrade.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

capsman-rolling-upgrade.template.rsc

@@ -5,6 +5,7 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: capsman-rolling-upgrade
+# requires RouterOS, version=7.12
 #
 # upgrade CAPs one after another
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
@@ -12,7 +13,7 @@
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "capsman-rolling-upgrade%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

capsman-rolling-upgrade.wifi.rsc

@@ -5,13 +5,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: capsman-rolling-upgrade
+# requires RouterOS, version=7.12
 #
 # upgrade CAPs one after another
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "capsman-rolling-upgrade.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

capsman-rolling-upgrade.wifiwave2.rsc

@@ -5,13 +5,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: capsman-rolling-upgrade
+# requires RouterOS, version=7.12
 #
 # upgrade CAPs one after another
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "capsman-rolling-upgrade.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

certificate-renew-issued.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # renew locally issued certificates
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/certificate-renew-issued.md
 
-:local 0 "certificate-renew-issued";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

check-certificates.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # check for certificate validity
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/check-certificates.md
 
-:local 0 "check-certificates";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -34,6 +36,7 @@
 
   :global CertificateNameByCN;
   :global EscapeForRegEx;
+  :global FetchUserAgent;
   :global LogPrintExit2;
   :global UrlEncode;
   :global WaitForFile;
@@ -43,7 +46,7 @@
   :foreach Type in={ ".pem"; ".p12" } do={
     :local CertFileName ([ $UrlEncode $Name ] . $Type);
     :do {
-      /tool/fetch check-certificate=yes-without-crl \
+      /tool/fetch check-certificate=yes-without-crl http-header-field=({ $FetchUserAgent }) \
           ($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
       $WaitForFile $CertFileName;
 
@@ -57,7 +60,7 @@
       /file/remove [ find where name=$CertFileName ];
 
       :if ($DecryptionFailed = true) do={
-        $LogPrintExit2 warning $0 ("Decryption failed for certificate file " . $CertFileName) false;
+        $LogPrintExit2 warning $0 ("Decryption failed for certificate file '" . $CertFileName . "'.") false;
       }
 
       :foreach CertInChain in=[ /certificate/find where name~("^" . [ $EscapeForRegEx $CertFileName ] . "_[0-9]+\$") \
@@ -67,7 +70,7 @@
 
       :set Return true;
     } on-error={
-      $LogPrintExit2 debug $0 ("Could not download certificate file " . $CertFileName) false;
+      $LogPrintExit2 debug $0 ("Could not download certificate file '" . $CertFileName . "'.") false;
     }
   }
 
@@ -134,7 +137,7 @@ $WaitFullyConnected;
     :if ([ :len $CertRenewUrl ] = 0) do={
       $LogPrintExit2 info $0 ("No CertRenewUrl given.") true;
     }
-    $LogPrintExit2 info $0 ("Attempting to renew certificate " . ($CertVal->"name") . ".") false;
+    $LogPrintExit2 info $0 ("Attempting to renew certificate '" . ($CertVal->"name") . "'.") false;
 
     :local ImportSuccess false;
     :set LastName ($CertVal->"common-name");
@@ -182,9 +185,9 @@ $WaitFullyConnected;
     $SendNotification2 ({ origin=$0; silent=true; \
       subject=([ $SymbolForNotification "lock-with-ink-pen" ] . "Certificate renewed: " . ($CertVal->"name")); \
       message=("A certificate on " . $Identity . " has been renewed.\n\n" . [ $FormatInfo $CertNew ]) });
-    $LogPrintExit2 info $0 ("The certificate " . ($CertVal->"name") . " has been renewed.") false;
+    $LogPrintExit2 info $0 ("The certificate '" . ($CertVal->"name") . "' has been renewed.") false;
   } on-error={
-    $LogPrintExit2 debug $0 ("Could not renew certificate " . ($CertVal->"name") . ".") false;
+    $LogPrintExit2 debug $0 ("Could not renew certificate '" . ($CertVal->"name") . "'.") false;
   }
 }
 
@@ -193,14 +196,14 @@ $WaitFullyConnected;
   :local CertVal [ /certificate/get $Cert ];
 
   :if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={
-    $LogPrintExit2 debug $0 ("Certificate \"" . ($CertVal->"name") . "\" is handled by SCEP, skipping.") false;
+    $LogPrintExit2 debug $0 ("Certificate '" . ($CertVal->"name") . "' is handled by SCEP, skipping.") false;
   } else={
     :local State [ $IfThenElse (($CertVal->"expired") = true) "expired" "is about to expire" ];
 
     $SendNotification2 ({ origin=$0; \
       subject=([ $SymbolForNotification "warning-sign" ] . "Certificate warning: " . ($CertVal->"name")); \
       message=("A certificate on " . $Identity . " " . $State . ".\n\n" . [ $FormatInfo $Cert ]) });
-    $LogPrintExit2 info $0 ("The certificate " . ($CertVal->"name") . " " . $State . \
+    $LogPrintExit2 info $0 ("The certificate '" . ($CertVal->"name") . "' " . $State . \
         ", it is invalid after " . ($CertVal->"invalid-after") . ".") false;
   }
 }

check-health.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # check for RouterOS health state
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/check-health.md
 
-:local 0 "check-health";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

check-lte-firmware-upgrade.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # check for LTE firmware upgrade, send notification
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/check-lte-firmware-upgrade.md
 
-:local 0 "check-lte-firmware-upgrade";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

check-routeros-update.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # check for RouterOS update, send notification and/or install
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/check-routeros-update.md
 
-:local 0 "check-routeros-update";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

collect-wireless-mac.capsman.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
+# requires RouterOS, version=7.12
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "collect-wireless-mac.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

collect-wireless-mac.local.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
+# requires RouterOS, version=7.12
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "collect-wireless-mac.local";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

collect-wireless-mac.template.rsc

@@ -4,6 +4,7 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
+# requires RouterOS, version=7.12
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
@@ -11,7 +12,7 @@
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "collect-wireless-mac%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

collect-wireless-mac.wifi.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
+# requires RouterOS, version=7.12
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "collect-wireless-mac.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

collect-wireless-mac.wifiwave2.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=40
+# requires RouterOS, version=7.12
 #
 # collect wireless mac adresses in access list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "collect-wireless-mac.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

daily-psk.capsman.rsc

@@ -4,12 +4,14 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # update daily PSK (pre shared key)
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "daily-psk.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

daily-psk.local.rsc

@@ -4,12 +4,14 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # update daily PSK (pre shared key)
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "daily-psk.local";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

daily-psk.template.rsc

@@ -4,13 +4,15 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # update daily PSK (pre shared key)
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "daily-psk%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

daily-psk.wifi.rsc

@@ -4,12 +4,14 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # update daily PSK (pre shared key)
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "daily-psk.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

daily-psk.wifiwave2.rsc

@@ -4,12 +4,14 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # update daily PSK (pre shared key)
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "daily-psk.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

dhcp-lease-comment.capsman.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=60
+# requires RouterOS, version=7.12
 #
 # update dhcp-server lease comment with infos from access-list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "dhcp-lease-comment.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

dhcp-lease-comment.local.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=60
+# requires RouterOS, version=7.12
 #
 # update dhcp-server lease comment with infos from access-list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "dhcp-lease-comment.local";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

dhcp-lease-comment.template.rsc

@@ -4,6 +4,7 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=60
+# requires RouterOS, version=7.12
 #
 # update dhcp-server lease comment with infos from access-list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
@@ -11,7 +12,7 @@
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "dhcp-lease-comment%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

dhcp-lease-comment.wifi.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=60
+# requires RouterOS, version=7.12
 #
 # update dhcp-server lease comment with infos from access-list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "dhcp-lease-comment.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

dhcp-lease-comment.wifiwave2.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=60
+# requires RouterOS, version=7.12
 #
 # update dhcp-server lease comment with infos from access-list
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "dhcp-lease-comment.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

dhcp-to-dns.rsc

@@ -4,18 +4,19 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=20
+# requires RouterOS, version=7.12
 #
 # check DHCP leases and add/remove/update DNS entries
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-to-dns.md
 
-:local 0 "dhcp-to-dns";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
 :global Domain;
 :global Identity;
 
-:global CharacterReplace;
+:global CleanName;
 :global EitherOr;
 :global IfThenElse;
 :global LogPrintExit2;
@@ -56,7 +57,7 @@ $ScriptLock $0 false 10;
   :do {
     :set LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
     :if ([ :len [ /ip/dhcp-server/lease/find where active-mac-address=($LeaseVal->"active-mac-address") status=bound ] ] > 1) do={
-      $LogPrintOnce info $0 ("Multiple bound leases found for mac-address " . ($LeaseVal->"active-mac-address") . "!");
+      $LogPrintOnce info $0 ("Multiple bound leases found for mac-address " . ($LeaseVal->"active-mac-address") . "!") false;
     }
   } on-error={
     $LogPrintExit2 debug $0 ("A lease just vanished, ignoring.") false;
@@ -64,8 +65,8 @@ $ScriptLock $0 false 10;
 
   :if ([ :len ($LeaseVal->"active-address") ] > 0) do={
     :local Comment ($CommentPrefix . ", macaddress=" . $LeaseVal->"active-mac-address" . ", server=" . $LeaseVal->"server");
-    :local MacDash [ $CharacterReplace ($LeaseVal->"active-mac-address") ":" "-" ];
-    :local HostName [ $CharacterReplace [ $EitherOr ([ $ParseKeyValueStore ($LeaseVal->"comment") ]->"hostname") ($LeaseVal->"host-name") ] " " "" ];
+    :local MacDash [ $CleanName ($LeaseVal->"active-mac-address") ];
+    :local HostName [ $CleanName [ $EitherOr ([ $ParseKeyValueStore ($LeaseVal->"comment") ]->"hostname") ($LeaseVal->"host-name") ] ];
     :local Network [ /ip/dhcp-server/network/find where ($LeaseVal->"active-address") in address ];
     :local NetworkVal;
     :if ([ :len $Network ] > 0) do={
@@ -112,7 +113,7 @@ $ScriptLock $0 false 10;
     }
 
     :if ([ :len [ /ip/dns/static/find where name=$FullA (!type or type=A) ] ] > 1) do={
-      $LogPrintOnce warning $0 ("The name '" . $FullA . "' appeared in more than one A record!");
+      $LogPrintOnce warning $0 ("The name '" . $FullA . "' appeared in more than one A record!") false;
     }
   } else={
     $LogPrintExit2 debug $0 ("No address available... Ignoring.") false;

doc/accesslist-duplicates.md

@@ -3,8 +3,6 @@ Find and remove access list duplicates
 
 [⬅️ Go back to main README](../README.md)
 
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.12-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
-
 > ℹ️️ **Info**: This script can not be used on its own but requires the base
 > installation. See [main README](../README.md) for details.
 

doc/backup-partition.md

@@ -15,6 +15,14 @@ This script saves the current configuration to fallback
 For this to work you need a device with sufficient flash storage that is
 properly partitioned.
 
+To make you aware of a possible issue a scheduler logging a warning is
+added in the backup partition's configuration. You may want to use
+[log-forward](log-forward.md) to be notified.
+
+> ⚠️ **Warning**: Only the configuration is saved to backup partition.
+> Every now and then you should copy your installation over for a recent
+> RouterOS version!
+
 Requirements and installation
 -----------------------------
 
@@ -39,6 +47,7 @@ See also
 * [Upload backup to Mikrotik cloud](backup-cloud.md)
 * [Send backup via e-mail](backup-email.md)
 * [Upload backup to server](backup-upload.md)
+* [Forward log messages via notification](log-forward.md)
 
 ---
 [⬅️ Go back to main README](../README.md)  

doc/check-certificates.md

@@ -63,11 +63,23 @@ Just run the script:
 Tips & Tricks
 -------------
 
+### Schedule at startup
+
 The script checks for full connectivity before acting, so scheduling at
 startup is perfectly valid:
 
     /system/scheduler/add name=check-certificates@startup on-event="/system/script/run check-certificates;" start-time=startup;
 
+### Initial import
+
+Given you have a certificate on you server, you can use `check-certificates`
+for the initial import. Just create a *dummy* certificate with short lifetime
+that matches criteria to be renewed:
+
+    /certificate/add name=example.com common-name=example.com days-valid=1;
+    /certificate/sign example.com;
+    /system/script/run check-certificates;
+
 See also
 --------
 

doc/hotspot-to-wpa.md

@@ -1,5 +1,5 @@
-Use WPA2 network with hotspot credentials
-=========================================
+Use WPA network with hotspot credentials
+========================================
 
 [⬅️ Go back to main README](../README.md)
 
@@ -10,13 +10,13 @@ Description
 -----------
 
 RouterOS supports an unlimited number of MAC address specific passphrases
-for WPA2 encrypted wifi networks via access list. The idea of this script
-is to transfer hotspot credentials to MAC address specific WPA2 passphrase.
+for WPA encrypted wifi networks via access list. The idea of this script
+is to transfer hotspot credentials to MAC address specific WPA passphrase.
 
 Requirements and installation
 -----------------------------
 
-You need a properly configured hotspot on one (open) SSID and a WP2 enabled
+You need a properly configured hotspot on one (open) SSID and a WPA enabled
 SSID with suffix "`-wpa`".
 
 Then install the script.
@@ -90,9 +90,9 @@ Additional information is not available, including the password.
 Additionally templates can be created to give more options for access list:
 
 * `action`: set to `reject` to ignore logins on that hotspot
-* `private-passphrase`: do **not** use passphrase from hotspot's user
-  credentials, but given one - or unset (use default passphrase) with
-  special word `ignore`
+* `passphrase` or `private-passphrase`: do **not** use passphrase from
+  hotspot's user credentials, but given one - or unset (use default
+  passphrase) with special word `ignore`
 * `ssid-regexp`: set a different SSID regular expression to match
 * `vlan-id`: connect device to specific VLAN
 * `vlan-mode`: set the VLAN mode for device
@@ -100,11 +100,11 @@ Additionally templates can be created to give more options for access list:
 For a hotspot called `example` the template could look like this. For
 `wifi` (RouterOS 7.13 and later):
 
-    /interface/wifi/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
+    /interface/wifi/access-list/add comment="hotspot-to-wpa template example" disabled=yes passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
 
 For `wifiwave2` (up to RouterOS 7.12):
 
-    /interface/wifiwave2/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
+    /interface/wifiwave2/access-list/add comment="hotspot-to-wpa template example" disabled=yes passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
 
 For legacy CAPsMAN:
 
@@ -119,7 +119,7 @@ Usage and invocation
 --------------------
 
 Now let the users connect and login to the hotspot. After that the devices
-(identified by MAC address) can connect to the WPA2 network, using the
+(identified by MAC address) can connect to the WPA network, using the
 passphrase from hotspot credentials.
 
 See also

doc/lease-script.md

@@ -40,7 +40,7 @@ See also
 * [Collect MAC addresses in wireless access list](collect-wireless-mac.md)
 * [Comment DHCP leases with info from access list](dhcp-lease-comment.md)
 * [Create DNS records for DHCP leases](dhcp-to-dns.md)
-* [Use WPA2 network with hotspot credentials](hotspot-to-wpa.md)
+* [Use WPA network with hotspot credentials](hotspot-to-wpa.md)
 
 ---
 [⬅️ Go back to main README](../README.md)  

doc/mod/ssh-keys-import.md

@@ -3,8 +3,6 @@ Import ssh keys for public key authentication
 
 [⬅️ Go back to main README](../../README.md)
 
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.12-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
-
 > ℹ️️ **Info**: This module can not be used on its own but requires the base
 > installation. See [main README](../../README.md) for details.
 

doc/packages-update.md

@@ -34,6 +34,21 @@ Just install the script:
 It is automatically run by [check-routeros-update](check-routeros-update.md)
 if available.
 
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, this is the only parameter:
+
+* `PackagesUpdateDeferReboot`: defer the reboot for night (between 3 AM
+  and 5 AM)
+
+By modifying the scheduler's `start-time` you can force the reboot at
+different time.
+
+> ℹ️ **Info**: Copy relevant configuration from
+> [`global-config`](../global-config.rsc) (the one without `-overlay`) to
+> your local `global-config-overlay` and modify it to your specific needs.
+
 Usage and invocation
 --------------------
 

firmware-upgrade-reboot.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2022-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # install firmware upgrade, and reboot
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/firmware-upgrade-reboot.md
 
-:local 0 "firmware-upgrade-reboot";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

fw-addr-lists.rsc

@@ -3,13 +3,16 @@
 # Copyright (c) 2023-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # download, import and update firewall address-lists
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md
 
-:local 0 "fw-addr-lists";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
+:global FetchUserAgent;
 :global FwAddrLists;
 :global FwAddrListTimeOut;
 
@@ -57,7 +60,7 @@ $WaitFullyConnected;
       :if ($Data = false) do={
         :do {
           :set Data ([ /tool/fetch check-certificate=$CheckCertificate output=user \
-            ($List->"url") as-value ]->"data");
+            http-header-field=({ $FetchUserAgent }) ($List->"url") as-value ]->"data");
         } on-error={
           :if ($I < 4) do={
             $LogPrintExit2 debug $0 ("Failed downloading, " . $I . ". try: " . $List->"url") false;
@@ -74,7 +77,7 @@ $WaitFullyConnected;
     }
 
     :if ([ :len $Data ] > 63000) do={
-      $LogPrintOnce warning $0 ("The list is huge and may be truncated: " . $List->"url");
+      $LogPrintOnce warning $0 ("The list is huge and may be truncated: " . $List->"url") false;
     }
 
     :while ([ :len $Data ] != 0) do={

global-config.rsc

@@ -135,6 +135,9 @@
 # Set to all upper-case "Yes, please!" to enable.
 :global SafeUpdateAll "no";
 
+# Defer the reboot for night on automatic (non-interactive) update
+:global PackagesUpdateDeferReboot false;
+
 # These thresholds control when to send health notification
 # on temperature and voltage.
 :global CheckHealthTemperature {

global-functions.rsc

@@ -4,15 +4,15 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# requires RouterOS, version=7.10beta5
+# requires RouterOS, version=7.12
 #
 # global functions
 # https://git.eworm.de/cgit/routeros-scripts/about/
 
-:local 0 "global-functions";
+:local 0 [ :jobname ];
 
 # expected configuration version
-:global ExpectedConfigVersion 116;
+:global ExpectedConfigVersion 118;
 
 # global variables not to be changed by user
 :global GlobalFunctionsReady false;
@@ -27,6 +27,7 @@
 :global CharacterMultiply;
 :global CharacterReplace;
 :global CleanFilePath;
+:global CleanName;
 :global DeviceInfo;
 :global Dos2Unix;
 :global DownloadPackage;
@@ -167,11 +168,10 @@
 :set CertificateNameByCN do={
   :local CommonName [ :tostr $1 ];
 
-  :global CharacterReplace;
+  :global CleanName;
 
   :local Cert [ /certificate/find where common-name=$CommonName ];
-  /certificate/set $Cert \
-    name=[ $CharacterReplace [ $CharacterReplace [ $CharacterReplace $CommonName "'" "-" ] " " "-" ] "---" "-" ];
+  /certificate/set $Cert name=[ $CleanName $CommonName ];
 }
 
 # multiply given character(s)
@@ -222,6 +222,24 @@
   :return $Path;
 }
 
+# clean name for DNS, file and more
+:set CleanName do={
+  :local Input [ :tostr $1 ];
+
+  :local Return "";
+
+  :for I from=0 to=([ :len $Input ] - 1) do={
+    :local Char [ :pick $Input $I ];
+    :if ([ :typeof [ find "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-" $Char ] ] = "nil") do={
+      :set Char "-";
+    }
+    :if ($Char != "-" || [ :pick $Return ([ :len $Return ] - 1) ] != "-") do={
+      :set Return ($Return . $Char);
+    }
+  }
+  :return $Return;
+}
+
 # get readable device info
 :set DeviceInfo do={
   :global ExpectedConfigVersion;
@@ -488,16 +506,14 @@
 # convert from hex (string) to num
 :set HexToNum do={
   :local Input [ :tostr $1 ];
-  :local Hex "0123456789abcdef0123456789ABCDEF";
-  :local Multi 1;
-  :local Return 0;
 
-  :for I from=([ :len $Input ] - 1) to=0 do={
-    :set Return ($Return + (([ :find $Hex [ :pick $Input $I ] ] % 16) * $Multi));
-    :set Multi ($Multi * 16);
+  :global HexToNum;
+
+  :if ([ :pick $Input 0 ] = "*") do={
+    :return [ $HexToNum [ :pick  $Input 1 [ :len $Input ] ] ];
   }
 
-  :return $Return;
+  :return [ :tonum ("0x" . $Input) ];
 }
 
 # return human readable number
@@ -548,8 +564,6 @@
 
 # check if DNS is resolving
 :set IsDNSResolving do={
-  :global CharacterReplace;
-
   :do {
     :resolve "low-ttl.eworm.de";
   } on-error={
@@ -683,6 +697,7 @@
   :local Severity [ :tostr $1 ];
   :local Name     [ :tostr $2 ];
   :local Message  [ :tostr $3 ];
+  :local Exit     [ :tostr $4 ];
 
   :global LogPrintExit2;
 
@@ -697,7 +712,7 @@
   }
 
   :set ($LogPrintOnceMessages->$Message) 1;
-  $LogPrintExit2 $Severity $Name $Message false;
+  $LogPrintExit2 $Severity $Name $Message $Exit;
 }
 
 # get max value
@@ -716,9 +731,7 @@
 :set MkDir do={
   :local Path [ :tostr $1 ];
 
-  :global CharacterReplace;
   :global CleanFilePath;
-  :global GetRandom20CharAlNum;
   :global LogPrintExit2;
   :global WaitForFile;
 
@@ -874,10 +887,18 @@
 
 # delay a random amount of seconds
 :set RandomDelay do={
+  :local Time [ :tonum $1 ];
+  :local Unit [ :tostr $2 ];
+
   :global EitherOr;
   :global GetRandomNumber;
+  :global MAX;
 
-  :delay ([ $GetRandomNumber $1 ] . [ $EitherOr $2 "s" ]);
+  :if ($Time = 0) do={
+    :return false;
+  }
+
+  :delay ([ $MAX 10 [ $GetRandomNumber ([ :tonsec [ :totime ($Time . [ $EitherOr $Unit "s" ]) ] ] / 1000000) ] ] . "ms");
 }
 
 # check for required RouterOS version
@@ -944,6 +965,7 @@
   :global Grep;
   :global IfThenElse;
   :global LogPrintExit2;
+  :global LogPrintOnce;
   :global ParseKeyValueStore;
   :global RequiredRouterOS;
   :global SendNotification2;
@@ -1019,7 +1041,7 @@
                 "' failed! Ignoring!") false;
             }
           } else={
-            $LogPrintExit2 warning $0 ("The script '" . $ScriptVal->"name" . "' requires RouterOS " . \
+            $LogPrintOnce warning $0 ("The script '" . $ScriptVal->"name" . "' requires RouterOS " . \
               $Required . ", which is not met by your installation. Ignoring!") false;
           }
         } else={
@@ -1294,6 +1316,10 @@
 
 # return UTF-8 symbol for unicode name
 :set SymbolByUnicodeName do={
+  :local Name [ :tostr $1 ];
+
+  :global LogPrintOnce;
+
   :local Symbols {
     "abacus"="\F0\9F\A7\AE";
     "alarm-clock"="\E2\8F\B0";
@@ -1327,7 +1353,12 @@
     "white-heavy-check-mark"="\E2\9C\85"
   }
 
-  :return (($Symbols->$1) . "\EF\B8\8F");
+  :if ([ :len ($Symbols->$Name) ] = 0) do={
+    $LogPrintOnce warning $0 ("No symbol available for name '" . $Name . "'!") false;
+    :return "";
+  }
+
+  :return (($Symbols->$Name) . "\EF\B8\8F");
 }
 
 # return symbol for notification
@@ -1501,5 +1532,10 @@
   }
 }
 
+# Log success
+:local Resource [ /system/resource/get ];
+$LogPrintOnce info $0 ("Loaded on " . $Resource->"board-name" . \
+  " with RouterOS " . $Resource->"version" . ".") false;
+
 # signal we are ready
 :set GlobalFunctionsReady true;

global-wait.rsc

@@ -3,9 +3,11 @@
 # Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # wait for global-functions to finish
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/global-wait.md
 
-:local 0 "global-wait";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }

gps-track.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # track gps data by sending json data to http server
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/gps-track.md
 
-:local 0 "gps-track";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa-cleanup.capsman.rsc

@@ -4,13 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
+# requires RouterOS, version=7.12
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "hotspot-to-wpa-cleanup.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa-cleanup.template.rsc

@@ -4,9 +4,7 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
-# NOT /caps-man/ #
-# requires RouterOS, version=7.12beta3
-# NOT /caps-man/ #
+# requires RouterOS, version=7.12
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
@@ -14,7 +12,7 @@
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "hotspot-to-wpa-cleanup%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa-cleanup.wifi.rsc

@@ -4,14 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
-# requires RouterOS, version=7.12beta3
+# requires RouterOS, version=7.12
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "hotspot-to-wpa-cleanup.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa-cleanup.wifiwave2.rsc

@@ -4,14 +4,14 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
-# requires RouterOS, version=7.12beta3
+# requires RouterOS, version=7.12
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "hotspot-to-wpa-cleanup.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa.capsman.rsc

@@ -3,12 +3,14 @@
 # Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # add private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "hotspot-to-wpa.capsman";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa.template.rsc

@@ -3,13 +3,15 @@
 # Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # add private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! This is just a template to generate the real script!
 # !! Pattern '%TEMPL%' is replaced, paths are filtered.
 
-:local 0 "hotspot-to-wpa%TEMPL%";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa.wifi.rsc

@@ -3,12 +3,14 @@
 # Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # add private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "hotspot-to-wpa.wifi";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

hotspot-to-wpa.wifiwave2.rsc

@@ -3,12 +3,14 @@
 # Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # add private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
 #
 # !! Do not edit this file, it is generated from template!
 
-:local 0 "hotspot-to-wpa.wifiwave2";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

ipsec-to-dns.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2021-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # and add/remove/update DNS entries from IPSec mode-config
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/ipsec-to-dns.md
 
-:local 0 "ipsec-to-dns";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

ipv6-update.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # update firewall and dns settings on IPv6 prefix change
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/ipv6-update.md
 
-:local 0 "ipv6-update";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

lease-script.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # run scripts on DHCP lease
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/lease-script.md
 
-:local 0 "lease-script";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

log-forward.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # forward log messages via notification
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/log-forward.md
 
-:local 0 "log-forward";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -23,6 +25,7 @@
 :global IfThenElse;
 :global LogForwardFilterLogForwarding;
 :global LogPrintExit2;
+:global MAX;
 :global ScriptLock;
 :global SendNotification2;
 :global SymbolForNotification;
@@ -89,7 +92,5 @@ $ScriptLock $0;
 
   :set LogForwardLast ($MessageVal->".id");
 } else={
-  :if ($LogForwardRateLimit > 0) do={
-    :set LogForwardRateLimit ($LogForwardRateLimit - 1);
-  }
+  :set LogForwardRateLimit [ $MAX 0 ($LogForwardRateLimit - 1) ];
 }

mod/notification-email.rsc

@@ -3,6 +3,8 @@
 # Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # send notifications via e-mail
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/notification-email.md
 
@@ -43,7 +45,7 @@
   }
 
   :local EMailSettings [ /tool/e-mail/get ];
-  :if ([ :typeof [ :toip [ $EitherOr ($EMailSettings->"server") ($EMailSettings->"address") ] ] ] != "ip" && [ $IsDNSResolving ] = false) do={
+  :if ([ :typeof [ :toip ($EMailSettings->"server") ] ] != "ip" && [ $IsDNSResolving ] = false) do={
     $LogPrintExit2 debug $0 ("Server address is a DNS name and resolving fails, not flushing.") false;
     :return false;
   }
@@ -138,7 +140,7 @@
   :local Cc [ $EitherOr ($EmailGeneralCcOverride->($Notification->"origin")) $EmailGeneralCc ];
 
   :local EMailSettings [ /tool/e-mail/get ];
-  :if ([ :len $To ] = 0 || [ $EitherOr ($EMailSettings->"server") ($EMailSettings->"address") ] = "0.0.0.0" || ($EMailSettings->"from") = "<>") do={
+  :if ([ :len $To ] = 0 || ($EMailSettings->"server") = "0.0.0.0" || ($EMailSettings->"from") = "<>") do={
     :return false;
   }
 

mod/notification-matrix.rsc

@@ -186,7 +186,6 @@
   :global CharacterReplace;
   :global LogPrintExit2;
   :global ParseJson;
-  :global UrlEncode;
 
   :global MatrixAccessToken;
   :global MatrixHomeServer;

mod/notification-telegram.rsc

@@ -20,6 +20,7 @@
   :global IsFullyConnected;
   :global LogPrintExit2;
   :global ParseJson;
+  :global UrlEncode;
 
   :if ([ $IsFullyConnected ] = false) do={
     $LogPrintExit2 debug $0 ("System is not fully connected, not flushing.") false;
@@ -40,7 +41,7 @@
           ("https://api.telegram.org/bot" . ($Message->"tokenid") . "/sendMessage") \
           http-data=("chat_id=" . ($Message->"chatid") . "&disable_notification=" . ($Message->"silent") . \
           "&reply_to_message_id=" . ($Message->"replyto") . "&disable_web_page_preview=true" . \
-          "&parse_mode=MarkdownV2&text=" . ($Message->"text")) as-value ]->"data");
+          "&parse_mode=MarkdownV2&text=" . [ $UrlEncode ($Message->"text") ]) as-value ]->"data");
         :set ($TelegramQueue->$Id);
         :set ($TelegramMessageIDs->([ $ParseJson ([ $ParseJson $Data ]->"result") ]->"message_id")) 1;
       } on-error={
@@ -132,7 +133,6 @@
       [ $EscapeMD ("The message was too long and has been truncated, cut off " . \
       (($LenSum - [ :len $Text ]) * 100 / $LenSum) . "%!") "plain" ]);
   }
-  :set Text [ $UrlEncode $Text ];
 
   :do {
     :if ([ $CertificateAvailable "Go Daddy Secure Certificate Authority - G2" ] = false) do={
@@ -142,7 +142,7 @@
       ("https://api.telegram.org/bot" . $TokenId . "/sendMessage") \
       http-data=("chat_id=" . $ChatId . "&disable_notification=" . ($Notification->"silent") . \
       "&reply_to_message_id=" . ($Notification->"replyto") . "&disable_web_page_preview=true" . \
-      "&parse_mode=MarkdownV2&text=" . $Text) as-value ]->"data");
+      "&parse_mode=MarkdownV2&text=" . [ $UrlEncode $Text ]) as-value ]->"data");
     :set ($TelegramMessageIDs->([ $ParseJson ([ $ParseJson $Data ]->"result") ]->"message_id")) 1;
   } on-error={
     $LogPrintExit2 info $0 ("Failed sending telegram notification! Queuing...") false;
@@ -150,9 +150,9 @@
     :if ([ :typeof $TelegramQueue ] = "nothing") do={
       :set TelegramQueue ({});
     }
-    :set Text ($Text . [ $UrlEncode ("\n" . [ $SymbolForNotification "alarm-clock" ] . \
+    :set Text ($Text . "\n" . [ $SymbolForNotification "alarm-clock" ] . \
       [ $EscapeMD ("This message was queued since " . [ /system/clock/get date ] . \
-      " " . [ /system/clock/get time ] . " and may be obsolete.") "plain" ]) ]);
+      " " . [ /system/clock/get time ] . " and may be obsolete.") "plain" ]);
     :set ($TelegramQueue->[ :len $TelegramQueue ]) { chatid=$ChatId; tokenid=$TokenId;
       text=$Text; silent=($Notification->"silent"); replyto=($Notification->"replyto") };
     :if ([ :len [ /system/scheduler/find where name="_FlushTelegramQueue" ] ] = 0) do={

mod/ssh-keys-import.rsc

@@ -3,7 +3,7 @@
 # Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
-# requires RouterOS, version=7.12beta1
+# requires RouterOS, version=7.12
 #
 # import ssh keys for public key authentication
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/mod/ssh-keys-import.md

mode-button.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # act on multiple mode and reset button presses
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/mode-button.md
 
-:local 0 "mode-button";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

netwatch-dns.rsc

@@ -3,24 +3,26 @@
 # Copyright (c) 2022-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # monitor and manage dns/doh with netwatch
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-dns.md
 
-:local 0 "netwatch-dns";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
 :global CertificateAvailable;
 :global EitherOr;
-:global IsDNSResolving;
 :global LogPrintExit2;
 :global ParseKeyValueStore;
 :global ScriptLock;
 
 $ScriptLock $0;
 
-:if ([ /system/resource/get uptime ] < 5m30s) do={
-  $LogPrintExit2 info $0 ("System just booted, giving netwatch some time to settle.") true;
+:local SettleTime (5m30s - [ /system/resource/get uptime ]);
+:if ($SettleTime > 0s) do={
+  $LogPrintExit2 info $0 ("System just booted, giving netwatch " . $SettleTime . " to settle.") true;
 }
 
 :local DnsServers ({});
@@ -58,7 +60,6 @@ $ScriptLock $0;
   }
 }
 
-:local DohCertVerify [ /ip/dns/get verify-doh-cert ];
 :local DohCurrent [ /ip/dns/get use-doh-server ];
 :local DohServers ({});
 
@@ -77,34 +78,46 @@ $ScriptLock $0;
     }
 
     :if ($DohCurrent = $HostInfo->"doh-url") do={
-      $LogPrintExit2 debug $0 ("Current DoH server is still up.") true;
+      $LogPrintExit2 debug $0 ("Current DoH server is still up: " . $DohCurrent) true;
     }
 
     :set ($DohServers->[ :len $DohServers ]) $HostInfo;
   }
 }
 
-:if ([ :len $DohCurrent ] > 0 && [ :len $DohServers ] = 0) do={
-  $LogPrintExit2 info $0 ("DoH server (" . $DohCurrent . ") is down, disabling.") false;
+:if ([ :len $DohCurrent ] > 0) do={
+  $LogPrintExit2 info $0 ("Current DoH server is down, disabling: " . $DohCurrent) false;
   /ip/dns/set use-doh-server="";
   /ip/dns/cache/flush;
 }
 
 :foreach DohServer in=$DohServers do={
-  $LogPrintExit2 info $0 ("Updating DoH server: " . ($DohServer->"doh-url")) false;
   :if ([ :len ($DohServer->"doh-cert") ] > 0) do={
-    :set DohCertVerify true;
-    /ip/dns/set use-doh-server="";
     :if ([ $CertificateAvailable ($DohServer->"doh-cert") ] = false) do={
       $LogPrintExit2 warning $0 ("Downloading certificate failed, trying without.") false;
     }
   }
-  /ip/dns/set use-doh-server=($DohServer->"doh-url") verify-doh-cert=$DohCertVerify;
-  /ip/dns/cache/flush;
-  :if ([ $IsDNSResolving ] = true) do={
-    $LogPrintExit2 debug $0 ("DoH server is functional.") true;
-  } else={
-    /ip/dns/set use-doh-server="";
-    $LogPrintExit2 warning $0 ("DoH server not functional, trying next.") false;
+
+  :local Data false;
+  :do {
+    :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \
+      http-header-field=({ "accept: application/dns-message" }) \
+      url=(($DohServer->"doh-url") . "?dns=" . [ :convert to=base64 ([ :rndstr length=2 ] . \
+      "\01\00" . "\00\01" . "\00\00" . "\00\00" . "\00\00" . "\09doh-check\05eworm\02de\00" . \
+      "\00\10" . "\00\01") ]) as-value ]->"data");
+  } on-error={
+    $LogPrintExit2 warning $0 ("Request to DoH server failed (network or certificate issue): " . \
+      ($DohServer->"doh-url")) false;
+  }
+
+  :if ($Data != false) do={
+    :if ([ :typeof [ :find $Data "doh-check-OK" ] ] = "num") do={
+      /ip/dns/set use-doh-server=($DohServer->"doh-url") verify-doh-cert=yes;
+      /ip/dns/cache/flush;
+      $LogPrintExit2 info $0 ("Setting DoH server: " . ($DohServer->"doh-url")) true;
+    } else={
+      $LogPrintExit2 warning $0 ("Received unexpected response from DoH server: " . \
+        ($DohServer->"doh-url")) false;
+    }
   }
 }

netwatch-notify.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # monitor netwatch and send notifications
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-notify.md
 
-:local 0 "netwatch-notify";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

news-and-changes.rsc

@@ -8,6 +8,8 @@
 :global RequiredRouterOS;
 :global SymbolForNotification;
 
+:local Resource [ /system/resource/get ];
+
 # News, changes and migration up to change 95:
 # https://git.eworm.de/cgit/routeros-scripts/plain/global-config.changes?h=change-95
 
@@ -36,6 +38,11 @@
   116=("... and also please keep in mind that it takes a huge amount of time maintaining these scripts. " . [ $IfThenElse ($IDonate != true) \
         ("Following the donation hint " . [ $SymbolForNotification "arrow-down" "below" ] . "to keep me motivated is much appreciated. Thanks!") \
         ("Looks like you did donate already. " . [ $SymbolForNotification "heart" "<3" ] . "Much appreciated, thanks!") ]);
+  117="Enhanced 'packages-update' to support deferred reboot on automatically installed updates.";
+  118=("RouterOS packages increase in size with each release. This becomes a problem for devices with 16MB storage and below. " . \
+        [ $IfThenElse ($Resource->"total-hdd-space" < 16000000) ("Your " . $Resource->"board-name" . " is specifically affected! ") \
+        [ $IfThenElse ($Resource->"free-hdd-space" > 4000000) ("(Your " . $Resource->"board-name" . " does not suffer this issue.) ") ] ] . \
+        "Huge configuration and lots of scripts give an extra risk. Take care!");
 };
 
 # Migration steps to be applied on script updates

ospf-to-leds.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # visualize ospf instance state via leds
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/ospf-to-leds.md
 
-:local 0 "ospf-to-leds";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

packages-update.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2019-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.13
+#
 # download packages and reboot for installation
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/packages-update.md
 
-:local 0 "packages-update";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -18,6 +20,24 @@
 :global ScriptLock;
 :global VersionToNum;
 
+:global PackagesUpdateDeferReboot;
+
+:local Schedule do={
+  :global GetRandomNumber;
+  :global LogPrintExit2;
+
+  :global RebootForUpdate do={
+    /system/reboot;
+  }
+
+  :local StartTime [ :tostr [ :totime (10800 + [ $GetRandomNumber 7200 ]) ] ];
+  /system/scheduler/add name="_RebootForUpdate" start-time=$StartTime interval=1d \
+      on-event=("/system/scheduler/remove \"_RebootForUpdate\"; " . \
+      ":global RebootForUpdate; \$RebootForUpdate;");
+  $LogPrintExit2 info $1 ("Scheduled reboot for update at " . $StartTime . \
+      " local time (" . [ /system/clock/get time-zone-name ] . ").") true;
+}
+
 $ScriptLock $0;
 
 :local Update [ /system/package/update/get ];
@@ -33,11 +53,6 @@ $ScriptLock $0;
 :local NumInstalled [ $VersionToNum ($Update->"installed-version") ];
 :local NumLatest [ $VersionToNum ($Update->"latest-version") ];
 
-:if ($NumInstalled < 0x070d0000 && $NumLatest > 0x070d0000) do={
-  $LogPrintExit2 error $0 ("Migration to wireless/wifi package in RouterOS " . \
-    ($Update->"latest-version") . " is pending. Please update manually!") true;
-}
-
 :local DoDowngrade false;
 :if ($NumInstalled > $NumLatest) do={
   :if ([ $ScriptFromTerminal $0 ] = true) do={
@@ -95,15 +110,11 @@ $ScriptLock $0;
 :if ([ $ScriptFromTerminal $0 ] = true) do={
   :put "Do you want to (s)chedule reboot or (r)eboot now? [s/R]";
   :if (([ /terminal/inkey timeout=60 ] % 32) = 19) do={
-    :global RebootForUpdate do={
-      :global RandomDelay;
-      $RandomDelay 3600;
-      /system/reboot;
-    }
-    /system/scheduler/add name="_RebootForUpdate" start-time=03:00:00 interval=1d \
-        on-event=("/system/scheduler/remove \"_RebootForUpdate\"; " . \
-        ":global RebootForUpdate; \$RebootForUpdate;");
-    $LogPrintExit2 info $0 ("Scheduled reboot for update between 03:00 and 04:00.") true;
+    $Schedule $0;
+  }
+} else={
+  :if ($PackagesUpdateDeferReboot = true) do={
+    $Schedule $0;
   }
 }
 

ppp-on-up.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # run scripts on ppp up
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/ppp-on-up.md
 
-:local 0 "ppp-on-up";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

sms-action.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2018-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # run action on received SMS
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/sms-action.md
 
-:local 0 "sms-action";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

sms-forward.rsc

@@ -4,10 +4,12 @@
 #                         Anatoly Bubenkov <bubenkoff@gmail.com>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # forward SMS to e-mail
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/sms-forward.md
 
-:local 0 "sms-forward";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -16,6 +18,7 @@
 
 :global IfThenElse;
 :global LogPrintExit2;
+:global LogPrintOnce;
 :global ScriptLock;
 :global SendNotification2;
 :global SymbolForNotification;
@@ -25,7 +28,7 @@
 $ScriptLock $0;
 
 :if ([ /tool/sms/get receive-enabled ] = false) do={
-  $LogPrintExit2 warning $0 ("Receiving of SMS is not enabled.") true;
+  $LogPrintOnce warning $0 ("Receiving of SMS is not enabled.") true;
 }
 
 $WaitFullyConnected;

telegram-chat.rsc

@@ -3,10 +3,12 @@
 # Copyright (c) 2023-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # use Telegram to chat with your Router and send commands
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/telegram-chat.md
 
-:local 0 "telegram-chat";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 
@@ -18,6 +20,7 @@
 :global TelegramChatOffset;
 :global TelegramChatRunTime;
 :global TelegramMessageIDs;
+:global TelegramRandomDelay;
 :global TelegramTokenId;
 
 :global CertificateAvailable;
@@ -26,8 +29,11 @@
 :global GetRandom20CharAlNum;
 :global IfThenElse;
 :global LogPrintExit2;
+:global MAX;
+:global MIN;
 :global MkDir;
 :global ParseJson;
+:global RandomDelay;
 :global ScriptLock;
 :global SendTelegram2;
 :global SymbolForNotification;
@@ -42,11 +48,16 @@ $WaitFullyConnected;
 :if ([ :typeof $TelegramChatOffset ] != "array") do={
   :set TelegramChatOffset { 0; 0; 0 };
 }
+:if ([ :typeof $TelegramRandomDelay ] != "num") do={
+  :set TelegramRandomDelay 0;
+}
 
 :if ([ $CertificateAvailable "Go Daddy Secure Certificate Authority - G2" ] = false) do={
   $LogPrintExit2 warning $0 ("Downloading required certificate failed.") true;
 }
 
+$RandomDelay $TelegramRandomDelay;
+
 :local Data false;
 :for I from=1 to=4 do={
   :if ($Data = false) do={
@@ -54,10 +65,12 @@ $WaitFullyConnected;
       :set Data ([ /tool/fetch check-certificate=yes-without-crl output=user \
         ("https://api.telegram.org/bot" . $TelegramTokenId . "/getUpdates?offset=" . \
         $TelegramChatOffset->0 . "&allowed_updates=%5B%22message%22%5D") as-value ]->"data");
+      :set TelegramRandomDelay [ $MAX 0 ($TelegramRandomDelay - 1) ];
     } on-error={
       :if ($I < 4) do={
         $LogPrintExit2 debug $0 ("Fetch failed, " . $I . ". try.") false;
-        :delay (($I * $I) "s");
+        :set TelegramRandomDelay [ $MIN 15 ($TelegramRandomDelay + 5) ];
+        :delay (($I * $I) . "s");
       }
     }
   }

update-gre-address.rsc

@@ -3,11 +3,13 @@
 # Copyright (c) 2013-2024 Christian Hesse <mail@eworm.de>
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
+# requires RouterOS, version=7.12
+#
 # update gre interface remote address with dynamic address from
 # ipsec remote peer
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/update-gre-address.md
 
-:local 0 "update-gre-address";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
 

update-tunnelbroker.rsc

@@ -5,11 +5,12 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: ppp-on-up
+# requires RouterOS, version=7.12
 #
 # update local address of tunnelbroker interface
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/update-tunnelbroker.md
 
-:local 0 "update-tunnelbroker";
+:local 0 [ :jobname ];
 :global GlobalFunctionsReady;
 :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }