What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I did this but no luck. Would you be willing share your font type and size settings? I am still on UTF-8. Not sure why I can't get this to work right.
Thank you!
It worked as soon as I updated to the v7.0.2. Thank you @ Adamm!
 
I'm going to have to sleep on this one and approach it on a clear head , makes no logical sense to me why its failing to use the entware binaries from all the information you both provided.

Thanks for the information, sorry I couldn't provide a solution just yet beyond downgrade and wait for a firmware update to natively correct the issue. o_O
Can it be that because you aren’t exporting any PATH at all in his scenario that the eval command doesn’t get a proper PATH to inherit?
 
7.0.2 working on my 87U.
Code:
[i] Downloading filter.list         | [1s]
[i] Refreshing Whitelists           | [7s]
[i] Consolidating Blacklist         | [9s]
[i] Filtering IPv4 Addresses        | [5s]
[i] Filtering IPv4 Ranges           | [0s]
[i] Applying New Blacklist          | [14s]
[i] Refreshing AiProtect Bans       | [0s]
[i] Saving Changes                  | [8s]

grifo@r1:/tmp/home/root# echo $PATH
/opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/home/grifo:/mmc/sbin:/mmc/bin
grifo@r1:/tmp/home/root# curl --version
curl 7.66.0 (arm-openwrt-linux-gnu) libcurl/7.66.0 OpenSSL/1.1.1d zlib/1.2.11
Release-Date: 2019-09-11
Protocols: file ftp ftps http https imap imaps pop3 pop3s rtsp smtp smtps tftp
Features: HTTPS-proxy IPv6 Largefile libz SSL
grifo@r1:/tmp/home/root#
 
Last idea is that /opt/bin/curl is not executable. That would skip it in the path.

@Zastoff please check if it is.
Code:
ls -l /opt/bin/curl
Edit: No, this is a dead end.
 

With:

Code:
if [ "$(/usr/sbin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
    if [ -f "/opt/bin/opkg" ] && [ ! -f "/opt/bin/curl" ]; then
        opkg update
        opkg install curl
    elif [ "$(/opt/bin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
        opkg update
        opkg upgrade curl
    elif [ ! -f "/opt/bin/opkg" ]; then
        logger -st Skynet "[!] curl Version Outdated - Please Update Firmware Or Install Entware"
    fi
else
    export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
fi

Why is $PATH being re-written in the last else -- fi? Won't that give precedence to the /sbin version of curl if the script is run a *second* time, un-doing the opkg install of curl to /opt/bin?
 
With:

Code:
if [ "$(/usr/sbin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
    if [ -f "/opt/bin/opkg" ] && [ ! -f "/opt/bin/curl" ]; then
        opkg update
        opkg install curl
    elif [ "$(/opt/bin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
        opkg update
        opkg upgrade curl
    elif [ ! -f "/opt/bin/opkg" ]; then
        logger -st Skynet "[!] curl Version Outdated - Please Update Firmware Or Install Entware"
    fi
else
    export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
fi

Why is $PATH being re-written in the last else -- fi? Won't that give precedence to the /sbin version of curl if the script is run a *second* time, un-doing the opkg install of curl to /opt/bin?
It checks the version of the read-only curl in firmware. If it’s new enough, it prioritizes the firmware version. Otherwise it leaves the PATH untouched assuming Entware version will be first in the path. The /usr/sbin/curl version won’t change without a firmware upgrade.
 
Can it be that because you aren’t exporting any PATH at all in his scenario that the eval command doesn’t get a proper PATH to inherit?

If entware is installed it should default to the path set in /opt/etc/profile which gives entware binaries precedence

Why is $PATH being re-written in the last else -- fi? Won't that give precedence to the /sbin version of curl if the script is run a *second* time, un-doing the opkg install of curl to /opt/bin?

In the first if statement we specifically check the /usr/sbin/curl binary so old firmware versions will always fail this test.

7.0.2 working on my 87U.

Good to know the fix is working atleast for some people o_O
 
In the first if statement we specifically check the /usr/sbin/curl binary so old firmware versions will always fail this test.

Yes, but once the script has installed the new curl in /opt/bin on the first pass (when everything will work), the *NEXT TIME* the script is run, it will go to the else statement, which rewrites $PATH to put sbin upfront.

The opkg installation changes $PATH so /opt/bin is at the front, as shown in /opt/etc/profile. The statement on the last else -- fi undoes this, if the script is run again.

Why is the $PATH statement even there?

J
 
Where can I find my Custom Filter List URL?

I believe its shown when running a malware list update or you can manually find it inside the config file in Skynets install dir.

Yes, but once the script has installed the new curl in /opt/bin on the first pass (when everything will work), the *NEXT TIME* the script is run, it will go to the else statement, which rewrites $PATH to put sbin upfront.

Thats why we specifically check "/usr/sbin/curl --version" rather then plain old "curl --version" which as you stated would prioritize entware on the second run.

Why is the $PATH statement even there?

We added the path var around two years ago because I vaguely remember a specific stripped down busybox binary acting differently then the full entware version (git history shows it may have been the find binary), it also makes development easier so I don't accidentally use non supported flags. Not something I want to remove without further investigation as it may cause other issues.

Still very confusing why the fix is working for some but not others o_O
 
I'm going to have to sleep on this one and approach it on a clear head , makes no logical sense to me why its failing to use the entware binaries from all the information you both provided.

Thanks for the information, sorry I couldn't provide a solution just yet beyond downgrade and wait for a firmware update to natively correct the issue. o_O

Check the version, and act accordingly:

Code:
admin@stargateax88:/tmp/home/root# curl -V | head -n 1 | cut -f 2 -d " "
7.66.0
 
Check the version, and act accordingly:

Code:
admin@stargateax88:/tmp/home/root# curl -V | head -n 1 | cut -f 2 -d " "
7.66.0

Already doing that;

Code:
if [ "$(/usr/sbin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
    if [ -f "/opt/bin/opkg" ] && [ ! -f "/opt/bin/curl" ]; then
        opkg update
        opkg install curl
    elif [ "$(/opt/bin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
        opkg update
        opkg upgrade curl
    elif [ ! -f "/opt/bin/opkg" ]; then
        logger -st Skynet "[!] curl Version Outdated - Please Update Firmware Or Install Entware"
    fi
else
    export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
fi

This seems to work for everyone except @Zastoff and (prior to upgrading)@Andy1932 . For those two regardless of what we tried the built-in curl binary was always being prioritized regardless of their path vars. Very confusing.
 
Could other running scripts be interfering with this? Looking at Zastoff's sig he has 2 scripts I don't have, DNSCrypt-proxy and scMerlin.
 
If entware is installed it should default to the path set in /opt/etc/profile which gives entware binaries precedence
Barring any PATH statements in /jffs/configs/profile.add.

Always hard troubleshooting someone else’s router. ;)

I still don’t like something about why it would work for @Zastoff when he would put the absolute path to Entware (/tmp/mnt/.../bin). I must learn to let go.
 
Tested again with 7.0.2 and still got the "Consolidating Blacklist | curl: option -fsLZ: is unknown" on Malware Blacklist update
Tested again with adding my export PATH=.. but after all the entware checking
if [ "$(/usr/sbin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
if [ -f "/opt/bin/opkg" ] && [ ! -f "/opt/bin/curl" ]; then
opkg update
opkg install curl
elif [ "$(/opt/bin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
opkg update
opkg upgrade curl
elif [ ! -f "/opt/bin/opkg" ]; then
logger -st Skynet "[!] curl Version Outdated - Please Update Firmware Or Install Entware"
fi
else
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
fi
export PATH=/tmp/mnt/Zastoff/entware/bin:/sbin:/bin:/usr/sbin:/usr/bin:$PATH
printf '\033[?7l'
And now Malware Blacklist update works!! And i read your posts and started thinking.. i use a older netflix script did a check in IPSET_Netflix.sh and there is some entware checking in that script, Can that be my problem?
 
Why not add an echo of the $PATH variable within Skynet's Print Debug Info output, so you can check what's happening within the script?
 
Added echo $PATH to script
Checked with my export PATH
and get:
/tmp/mnt/Zastoff/entware/bin:/sbin:/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sbin:/usr/bin:/bin:/usr/bin:/sbin:/usr/sbin:/home/drizzt:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin
Removed my export PATH
and get:
/sbin:/bin:/usr/sbin:/usr/bin:/bin:/usr/bin:/sbin:/usr/sbin:/home/drizzt:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin
 
So it would appear that the initial version check is indeed failing for some reason, and the subsequent export path statement is pushing the /usr/sbin version over /opt/bin.

Could you see if adding an export path with /opt/bin first instead of your /tmp/mnt/Zastoff.. works?
 
So it would appear that the initial version check is indeed failing for some reason, and the subsequent export path statement is pushing the /usr/sbin version over /opt/bin.

Could you see if adding an export path with /opt/bin first instead of your /tmp/mnt/Zastoff.. works?

export PATH=/opt/bin:/sbin:/bin:/usr/sbin:/usr/bin:$PATH Works!

echo $PATH:
/opt/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/bin:/sbin:/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sbin:/usr/bin:/bin:/usr/bin:/sbin:/usr/sbin:/home/drizzt:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin
 
Tested again with 7.0.2 and still got the "Consolidating Blacklist | curl: option -fsLZ: is unknown" on Malware Blacklist update
Tested again with adding my export PATH=.. but after all the entware checking
if [ "$(/usr/sbin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
if [ -f "/opt/bin/opkg" ] && [ ! -f "/opt/bin/curl" ]; then
opkg update
opkg install curl
elif [ "$(/opt/bin/curl --version | awk 'NR >= 1 && NR <= 1 {print $2}' | tr -d '.')" -lt "7660" ]; then
opkg update
opkg upgrade curl
elif [ ! -f "/opt/bin/opkg" ]; then
logger -st Skynet "[!] curl Version Outdated - Please Update Firmware Or Install Entware"
fi
else
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:$PATH
fi
export PATH=/tmp/mnt/Zastoff/entware/bin:/sbin:/bin:/usr/sbin:/usr/bin:$PATH
printf '\033[?7l'
And now Malware Blacklist update works!! And i read your posts and started thinking.. i use a older netflix script did a check in IPSET_Netflix.sh and there is some entware checking in that script, Can that be my problem?

I've had the same issue as Zastoff with 7.0.2 on an RT-AC3200 and merlin firmware 384_13_2. Got it working for now using the same fix above.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top