Kaspersky
Solved

Please fix "init" file of the Rescure DVD for proper PXE boot


in the current Kaspersky Rescure DVD 2018 there is an init file included, that, if PXE booted, looks for md5 checksum files only, but the ISO only contains sha512 check sum files.

to be able to PXE boot a Kaspersky Rescue DVD, i have to provide a modified init file, where all "md5" & "MD5" are replaced by "sha512" & "SHA512".

on the ISO the init file is located at:
code:
/boot/grub/initrd.xz -> /initrd/init


Kaspersky Rescure 2018 is used in my tiny RPi-PXE-Server project.
icon

Best answer by Yury N. 13 August 2019, 16:35

code:
--- original/init    2018-05-23 14:59:15.000000000 +0200
+++ custom/init 2018-12-22 09


Issue fixed. Please update ISO file.
Thank you!
View original

10 replies

is no Kaspersky Lab Employee available to answer/comment?
maybe @Yury N. ?
Userlevel 2
Badge
Hello. We will try to fix this in the next version.
Hello. We will try to fix this in the next version.
thank you very much!
can you already tell, when the next version will be available?
Userlevel 2
Badge
I hope in July
code:
--- original/init    2018-05-23 14:59:15.000000000 +0200
+++ custom/init 2018-12-22 09:09:04.863630200 +0100
@@ -493,7 +493,7 @@
echo "--- ${cureth}: link=${linkstate}, mac=${mac}"

# If the link is up, then try (even if another interface already has a dhcp address)
- if [ "${linkstate}" != 'no-link' ]
+ if [ "${linkstate}" != 'no-link' ]
then
good_msg "Attempting to get a DHCP address on ${cureth}..."
[ -n "${DHCPHOSTNAME}" ] && hostnameopt="-H ${DHCPHOSTNAME}"
@@ -639,7 +639,7 @@
for curfile in ${FILENAMES}
do
filename="${curfile}"
- filecksm=$(echo ${curfile} | sed -e 's!.dat!.md5!' -e 's!.srm!.md5!')
+ filecksm=$(echo ${curfile} | sed -e 's!.dat!.sha512!' -e 's!.srm!.sha512!')
urldatafile="${BASEADDR}/${filename}"
urlchecksum="${BASEADDR}/${filecksm}"
good_msg "Downloading ${urldatafile} ..."
@@ -665,13 +665,13 @@
sysresccd_panic "Cannot download the \"${filename}\" boot file."
fi

- md5now=$(/bin/busybox md5sum ${BOOTPATH}/${filename} | cut -d ' ' -f1)
- md5exp=$(cat ${BOOTPATH}/${filecksm} | cut -d ' ' -f1)
- if [ "${md5now}" = "${md5exp}" ]
+ sha512now=$(/bin/busybox sha512sum ${BOOTPATH}/${filename} | cut -d ' ' -f1)
+ sha512exp=$(cat ${BOOTPATH}/${filecksm} | cut -d ' ' -f1)
+ if [ "${sha512now}" = "${sha512exp}" ]
then
- good_msg "Successfully downloaded and md5 checked \"${filename}\""
+ good_msg "Successfully downloaded and sha512 checked \"${filename}\""
else
- sysresccd_panic "Filesystem image ${filename} is corrupt: md5sum incorrect"
+ sysresccd_panic "Filesystem image ${filename} is corrupt: sha512sum incorrect"
fi
done
}
@@ -710,7 +710,7 @@
for curfile in ${FILENAMES}
do
filename="${curfile}"
- filecksm=$(echo ${curfile} | sed -e 's!.dat!.md5!' -e 's!.srm!.md5!')
+ filecksm=$(echo ${curfile} | sed -e 's!.dat!.sha512!' -e 's!.srm!.sha512!')
urldatafile="${tftpurl}/${filename}"
urlchecksum="${tftpurl}/${filecksm}"
good_msg "Downloading ${urldatafile} ..."
@@ -730,13 +730,13 @@
sysresccd_panic "Cannot download the files: tftp failed. May be due to lack of memory"
fi

- md5now=$(/bin/busybox md5sum ${BOOTPATH}/${filename} | cut -d ' ' -f1)
- md5exp=$(cat ${BOOTPATH}/${filecksm} | cut -d ' ' -f1)
- if [ "${md5now}" = "${md5exp}" ]
+ sha512now=$(/bin/busybox sha512sum ${BOOTPATH}/${filename} | cut -d ' ' -f1)
+ sha512exp=$(cat ${BOOTPATH}/${filecksm} | cut -d ' ' -f1)
+ if [ "${sha512now}" = "${sha512exp}" ]
then
- good_msg "Successfully downloaded and md5 checked \"${filename}\""
+ good_msg "Successfully downloaded and sha512 checked \"${filename}\""
else
- sysresccd_panic "Filesystem image ${filename} is corrupt: md5sum incorrect"
+ sysresccd_panic "Filesystem image ${filename} is corrupt: sha512sum incorrect"
fi
done
}
@@ -758,13 +758,13 @@
sysresccd_panic "Cannot find the \"${SUBDIR}/${LOOPDAT}\" boot file."
fi

- md5now=$(/bin/busybox md5sum ${BOOTPATH}/${SUBDIR}/${LOOPDAT} | cut -d ' ' -f1)
- md5orig=$(cat ${BOOTPATH}/${SUBDIR}/${LOOPMD5} | cut -d ' ' -f1)
- if [ "$md5now" = "$md5orig" ]
+ sha512now=$(/bin/busybox sha512sum ${BOOTPATH}/${SUBDIR}/${LOOPDAT} | cut -d ' ' -f1)
+ sha512orig=$(cat ${BOOTPATH}/${SUBDIR}/${LOOPSHA512} | cut -d ' ' -f1)
+ if [ "$sha512now" = "$sha512orig" ]
then
- good_msg "Successfully checked md5 sum of ${BOOTPATH}/${LOOPDAT}"
+ good_msg "Successfully checked sha512 sum of ${BOOTPATH}/${LOOPDAT}"
else
- sysresccd_panic "md5sum checksum is invalid on the root filesystem image"
+ sysresccd_panic "sha512sum checksum is invalid on the root filesystem image"
fi

# load system rescue modules (srm files)
@@ -818,7 +818,7 @@
searchdevices="${devtype}"
;;
esac
-
+
echo "${searchdevices}"
return 1
}
@@ -945,7 +945,7 @@
good_msg " sha512 0x${sha512now} is valid for '${cursrm}'"
else
checksum_mismatch='1'
- bad_msg " sha512 0x${sha512now} is invalid for '${cursrm}' (expected 0x${sha512orig})"
+ bad_msg " sha512 0x${sha512now} is invalid for '${cursrm}' (expected 0x${sha512orig})"
fi
fi
done
@@ -988,7 +988,7 @@

# --------------- Cache other files
cp -a ${BOOTPATH}/${SUBDIR}/version ${CACHEDIR}/ 2>/dev/null
- cp -a ${BOOTPATH}/${SUBDIR}/${LOOPMD5} ${CACHEDIR}/${LOOPMD5} 2>/dev/null
+ cp -a ${BOOTPATH}/${SUBDIR}/${LOOPSHA512} ${CACHEDIR}/${LOOPSHA512} 2>/dev/null

# ---------------- Cache all squashfs filesystems
for curfile in ${CACHEFILES}
@@ -1042,7 +1042,7 @@
good_msg "Copying extra directories for caching..."
if ! cp -a ${BOOTPATH}/${SUBDIR}/???linux ${BOOTPATH}/${SUBDIR}/bootdisk \
${BOOTPATH}/${SUBDIR}/ntpasswd ${BOOTPATH}/${SUBDIR}/usb_inst* \
- ${BOOTPATH}/${SUBDIR}/boot ${BOOTPATH}/${SUBDIR}/efi ${CACHEDIR}/
+ ${BOOTPATH}/${SUBDIR}/boot ${BOOTPATH}/${SUBDIR}/efi ${CACHEDIR}/
then
rm -rf ${CACHEDIR}/???linux ${CACHEDIR}/bootdisk ${CACHEDIR}/ntpasswd
rm -rf ${CACHEDIR}/usb_inst* ${CACHEDIR}/boot ${CACHEDIR}/efi
@@ -1292,7 +1292,7 @@
fi
fi
done
-
+
if ! mount -n --move ${TFTPBOOT_DIR} ${NEWROOT}${TFTPBOOT_DIR}
then
bad_msg "Cannot move [${TFTPBOOT_DIR}] -> [${NEWROOT}${TFTPBOOT_DIR}]"
@@ -1353,7 +1353,7 @@
curconfig="dhcp"
fi

- echo "mac_${cureth}=\"${curmac}\"" >> ${NEWROOT}/etc/conf.d/net
+ echo "mac_${cureth}=\"${curmac}\"" >> ${NEWROOT}/etc/conf.d/net
echo "config_${cureth}=\"${curconfig}\"" >> ${NEWROOT}/etc/conf.d/net
done
echo "Writing network configuration in ${NEWROOT}/etc/conf.d/net:"
@@ -1368,6 +1368,8 @@
# manage services
rm -f ${NEWROOT}/etc/init.d/crypto-loop
rm -f ${NEWROOT}/etc/init.d/drbd
+
+ cp /etc/resolv.conf ${NEWROOT}/etc/
}

sysresccd_stage3_rootsys() # mount the root partition on ${SQUASHFSMNT}
@@ -1757,7 +1759,7 @@
BACKSTORE_MEM='/memory'
BACKSTORE_DAT='sysrcd.bs'
LOOPDAT='kernel.dat'
-LOOPMD5='kernel.dat.md5'
+LOOPSHA512='kernel.dat.sha512'
INITPROG='/sbin/init'
CONSOLE='/dev/console'
CACHEDIR='/cache'


Userlevel 2
Badge
code:
--- original/init    2018-05-23 14:59:15.000000000 +0200
+++ custom/init 2018-12-22 09


Issue fixed. Please update ISO file.
Thank you!
@Yury N.
thank you very much.
i tested it. with the current ISO i can PXE boot out of the box, without overlaying a custom init file...
very nice.

here the pxelinux options i used:
code:
LABEL kaspersky-rescue-x86
MENU LABEL Kaspersky Rescue Disk
KERNEL http://192.168.1.1/nfs/kaspersky-rescue-x86/boot/grub/k-x86
INITRD http://192.168.1.1/nfs/kaspersky-rescue-x86/boot/grub/initrd.xz
APPEND netboot=nfs://192.168.1.1:/srv/nfs/kaspersky-rescue-x86 ro dostartx -- lang=us setkmap=us
TEXT HELP
Boot to Kaspersky Rescue Disk
ENDTEXT
Userlevel 2
Badge
@Yury N.
here the pxelinux options i used:
code:
LABEL kaspersky-rescue-x86
KERNEL http://192.168.1.1/nfs/kaspersky-rescue-x86/boot/grub/k-x86


64-bit kernel recommended (k-x86_64). 32-bit kernel used for compatibility with old computers.

@Yury N.

here the pxelinux options i used:
code:
LABEL kaspersky-rescue-x86
KERNEL http://192.168.1.1/nfs/kaspersky-rescue-x86/boot/grub/k-x86

64-bit kernel recommended (k-x86_64). 32-bit kernel used for compatibility with old computers.

oops, sorry in reallity it is the x86_64 version ISO, but i still not corrected the names in my project file
code:
KERNEL http://192.168.1.1/nfs/kaspersky-rescue-x86/boot/grub/k-x86_64

i used now and it works as well.

Reply / Ответить