diff options
author | Christian Hesse <mail@eworm.de> | 2024-09-30 16:10:55 +0200 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2024-09-30 16:23:50 +0200 |
commit | f2576cf55892618c65fca6a1bff03b35a94acee8 (patch) | |
tree | 00837f7350f4eab9764c0102fdbb9a1644c64cc2 /packages-update.rsc | |
parent | 1776b8f50b173b49ca7ce3ab917de4493ae36ff6 (diff) |
packages-update: give warning on lock in device-moderouteros-7.17beta2-2
RouterOS 7.17beta2 introduced some extra security measures, including
some to prevent downgrade attacks for the installation. Detect early
and exit with message and error.
https://help.mikrotik.com/docs/display/ROS/Device-mode
Diffstat (limited to 'packages-update.rsc')
-rw-r--r-- | packages-update.rsc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/packages-update.rsc b/packages-update.rsc index b08a48d..b4fab46 100644 --- a/packages-update.rsc +++ b/packages-update.rsc @@ -18,6 +18,7 @@ :global Grep; :global LogPrint; :global ParseKeyValueStore; + :global RequiredRouterOS; :global ScriptFromTerminal; :global ScriptLock; :global VersionToNum; @@ -99,6 +100,13 @@ :local DoDowngrade false; :if ($NumInstalled > $NumLatest) do={ + :if ([ $RequiredRouterOS $ScriptName "7.17beta2" false ] = true && \ + ([ /system/device-mode/get ]->"downgrade") != true) do={ + $LogPrint error $ScriptName \ + ("The device mode has locked downgrades! You will need physical access!"); + :error false; + } + :if ([ $ScriptFromTerminal $ScriptName ] = true) do={ :put "Latest version is older than installed one. Want to downgrade? [y/N]"; :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={ |