From a2fcc601c98440c70603c6e2f6a93bd9260a8b88 Mon Sep 17 00:00:00 2001 From: Michael Shigorin Date: Fri, 18 Apr 2014 13:26:15 +0400 Subject: [PATCH] syslinux: process @rescue_hash@ (forensic mode) This value is used to authenticate rescue rootfs image by verifying the squashfs file's sha256sum before use (propagator-20140419+). Looks like this check might be useful for other stage2 images as well but let's get started with this one. Thanks Maxim Suhanov for both http://www.forensicswiki.org/wiki/Forensic_Live_CD_issues and propagator patches. --- features.in/syslinux/cfg.in/83rescue_fm.cfg | 2 +- .../syslinux/scripts.d/20-propagator-rescue-hash | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100755 features.in/syslinux/scripts.d/20-propagator-rescue-hash diff --git a/features.in/syslinux/cfg.in/83rescue_fm.cfg b/features.in/syslinux/cfg.in/83rescue_fm.cfg index 1ca728a7..619f22cb 100644 --- a/features.in/syslinux/cfg.in/83rescue_fm.cfg +++ b/features.in/syslinux/cfg.in/83rescue_fm.cfg @@ -1,5 +1,5 @@ label rescue_forensic menu label ^Forensic mode (leave disks alone) kernel alt0/vmlinuz - append initrd=alt0/full.cz fastboot live showopts automatic=method:cdrom ramdisk_size=@rescue_size@ stagename=rescue forensic + append initrd=alt0/full.cz fastboot live showopts automatic=method:cdrom ramdisk_size=@rescue_size@ stagename=rescue forensic hash=@rescue_hash@ diff --git a/features.in/syslinux/scripts.d/20-propagator-rescue-hash b/features.in/syslinux/scripts.d/20-propagator-rescue-hash new file mode 100755 index 00000000..c785b354 --- /dev/null +++ b/features.in/syslinux/scripts.d/20-propagator-rescue-hash @@ -0,0 +1,14 @@ +#!/bin/sh +# postprocess isolinux configuration +# to add rescue image hash, if any +# (for propagator in forensic mode) + +cd "$WORKDIR" + +grep -qs "@rescue_hash@" syslinux/*.cfg || exit 0 + +find -maxdepth 1 -type f -name rescue \ +| while read image; do + rescue_hash="$(sha256sum -b "$image" | cut -f1 -d' ')" + sed -i "s,@rescue_hash@,$rescue_hash," syslinux/*.cfg +done