conf/96746: Configuration changes and README for nanobsd

Frank Mayhar frank at exit.com
Thu May 4 04:40:18 UTC 2006 

>Number:         96746
>Category:       conf
>Synopsis:       Configuration changes and README for nanobsd
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 04 04:40:15 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Frank Mayhar
>Release:        FreeBSD 6.1-RC i386
>Organization:
Exit Consulting 
>Environment:


System: FreeBSD 6.1-RC #0: Sun Apr 30 15:44:11 PDT 2006
    frank at realtime.exit.com:/usr/obj/usr/src/sys/REALTIME



>Description:


I've enclosed a patch that wraps a new README and some hacks I've
done to the nanobsd configuration.  My hacks make it a bit more
convenient to configure a few things, and the README documents those
hacks and some stuff I had to figure out the hard way.

I've also enclosed an example configuration for a Soekris net4501 box,
along with a few ancillary files that might serve to get someone started.



>How-To-Repeat:





>Fix:


--- nanobsd-diffs begins here ---
Index: tools/tools/nanobsd/FlashDevice.sub
===================================================================
RCS file: /cvs/repos/src/tools/tools/nanobsd/FlashDevice.sub,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 FlashDevice.sub
--- tools/tools/nanobsd/FlashDevice.sub	19 Apr 2006 18:22:18 -0000	1.1.2.3
+++ tools/tools/nanobsd/FlashDevice.sub	30 Apr 2006 18:47:17 -0000
@@ -112,6 +112,19 @@
 			;;
 		esac
 		;;
+	toshiba)
+		case $a2 in
+		256|256mb)
+			NANO_MEDIASIZE=`expr 256376832 / 512`
+			NANO_HEADS=16
+			NANO_SECTS=32
+			;;
+		*)
+			echo "Unknown Toshiba Flash capacity"
+			exit 2
+			;;
+		esac
+		;;
 	siliconsystems)
 		case $2 in
 		4096|4g)
Index: tools/tools/nanobsd/nanobsd.sh
===================================================================
RCS file: /cvs/repos/src/tools/tools/nanobsd/nanobsd.sh,v
retrieving revision 1.7.2.5
diff -u -r1.7.2.5 nanobsd.sh
--- tools/tools/nanobsd/nanobsd.sh	31 Jan 2006 15:56:33 -0000	1.7.2.5
+++ tools/tools/nanobsd/nanobsd.sh	21 Feb 2006 06:45:42 -0000
@@ -377,12 +377,22 @@
 	
 	# Create Config slice
 	newfs ${NANO_NEWFS} /dev/${MD}s3
-	# XXX: fill from where ?
+	if [ -d ${NANO_TOOLS}/${NANO_NAME}/cfg ] ; then
+		mount /dev/${MD}s3 ${MNT}
+		( cd ${NANO_TOOLS}/${NANO_NAME}/cfg && \
+					find . -print | cpio -dump ${MNT} )
+		umount ${MNT}
+	fi
 
 	# Create Data slice, if any.
 	if [ $NANO_DATASIZE -gt 0 ] ; then
 		newfs ${NANO_NEWFS} /dev/${MD}s4
-		# XXX: fill from where ?
+		if [ -d ${NANO_TOOLS}/${NANO_NAME}/data ] ; then
+			mount /dev/${MD}s4 ${MNT}
+			( cd ${NANO_TOOLS}/${NANO_NAME}/data && \
+					find . -print | cpio -dump ${MNT} )
+			umount ${MNT}
+		fi
 	fi
 
 	dd if=/dev/${MD}s1 of=${MAKEOBJDIRPREFIX}/_.disk.image bs=64k
--- /dev/null	Wed May  3 21:11:00 2006
+++ tools/tools/nanobsd/nanobsd-soebridge.conf	Sun Feb 26 12:23:06 2006
@@ -0,0 +1,144 @@
+#
+# $Id: nanobsd-soekris.conf 1208 2006-01-04 04:33:50Z bmah $
+#
+
+NANO_NAME=soebridge
+NANO_SRC=/usr/src
+NANO_KERNEL=SOEBRIDGE
+NANO_PKGDIR=${NANO_TOOLS}/${NANO_NAME}/pkg
+export TARGET_ARCH=i386
+
+CONF_WORLD='
+NO_ACPI=YES		# do not build acpiconf(8) and related programs
+NO_ATM=YES		# do not build ATM related programs and libraries
+#NO_AUTHPF=YES		# do not build and install authpf (setuid/gid)
+NO_BLUETOOTH=YES	# do not build Bluetooth related stuff
+#NO_BOOT=YES		# do not build boot blocks and loader
+#NO_CRYPT=YES		# do not build any crypto code
+NO_CVS=YES		# do not build CVS
+NO_CXX=YES		# do not build C++ and friends
+NO_DICT=YES		# do not build the Webster dictionary files
+#NO_DYNAMICROOT=YES	# do not link /bin and /sbin dynamically
+NO_FORTRAN=YES		# do not build g77 and related libraries
+NO_GAMES=YES		# do not build games (games/ subdir)
+NO_GDB=YES		# do not build GDB
+NO_GPIB=YES		# do not build GPIB support
+NO_I4B=YES		# do not build isdn4bsd package
+NO_INET6=YES		# do not build IPv6 related programs and libraries
+NO_INFO=YES		# do not make or install info files   
+NO_IPFILTER=YES		# do not build IP Filter package
+NO_KERBEROS=YES		# do not build and install Kerberos 5 (KTH Heimdal)
+NO_LIBC_R=YES		# do not build libc_r (re-entrant version of libc)
+NO_LIBPTHREAD=YES	# do not build libpthread (M:N threading library)
+NO_LIBTHR=YES		# do not build libthr (1:1 threading library)
+NO_LPR=YES		# do not build lpr and related programs
+NO_MAILWRAPPER=YES	# do not build the mailwrapper(8) MTA selector
+NO_MAN=YES		# do not build manual pages
+NO_MODULES=YES		# do not build modules with the kernel
+#NO_NETCAT=YES		# do not build netcat
+NO_NIS=YES		# do not build NIS support and related programs.
+NO_OBJC=YES		# do not build Objective C support
+#NO_OPENSSH=YES		# do not build OpenSSH
+#NO_OPENSSL=YES		# do not build OpenSSL (implies NO_KERBEROS/NO_OPENSSH)
+#NO_PF=YES		# do not build PF firewall package
+NO_PROFILE=YES		# Avoid compiling profiled libraries
+NO_RCMDS=YES		# do not build or install BSD r* commands (rsh, etc).
+NO_SENDMAIL=YES		# do not build sendmail and related programs
+#NO_SHARE=YES		# do not go into the share subdir
+#NO_SHARED=YES		# build /bin and /sbin dynamically linked (bad idea
+NO_SHAREDOCS=YES	# do not build the 4.4BSD legacy docs
+#NO_TCSH=YES		# do not build and install /bin/csh (which is tcsh)
+NO_TOOLCHAIN=YES	# do not build programs for program development
+NO_USB=YES		# do not build usbd(8) and related programs
+PPP_NO_NAT=YES		# do not build with NAT support (see make.conf(5))
+PPP_NO_NETGRAPH=YES	# do not build with Netgraph support
+PPP_NO_RADIUS=YES	# do not build with RADIUS support
+#PPP_NO_SUID=YES	# build with normal permissions
+#TRACEROUTE_NO_IPSEC=YES # do not build traceroute(8) with IPSEC support
+#NO_BIND=YES		# Do not build any part of BIND
+#NO_BIND_DNSSEC=YES	# Do not build dnssec-keygen, dnssec-signzone 
+#NO_BIND_ETC=YES	# Do not install files to /etc/namedb
+#NO_BIND_LIBS_LWRES=YES	# Do not install the lwres library
+#NO_BIND_MTREE=YES	# Do not run mtree to create chroot directories
+#NO_BIND_NAMED=YES	# Do not build named, rndc, lwresd, etc.
+NO_BIND_UTILS=YES	# Do not build dig, host, nslookup, nsupdate
+#WITH_BIND_LIBS=	# Install the BIND libs and include files
+NO_NETGRAPH=YES
+NO_KLDLOAD=YES
+NO_PAM=YES
+NO_P1003_1B=YES
+NO_GCOV=YES
+NO_HTML=YES
+NO_RESCUE=YES
+NO_HESIOD_LIBC=YES
+BOOT_COMCONSOLE_SPEED=115200
+'
+
+# Set disk geometry
+FlashDevice SanDisk 256
+
+#
+# Define a configuration command to turn off the beastie menu
+#
+soekris_nobeastie() (
+	touch ${NANO_WORLDDIR}/boot/loader.conf
+	echo "beastie_disable=\"YES\"" >> ${NANO_WORLDDIR}/boot/loader.conf
+)
+
+#
+# Define a configuration command to load packages
+# Snarfed from phk.
+#
+#		pkg_add -v -M -t ${NANO_WORLDDIR}/pkg/instmp.XXXXXX ${NANO_TOOLS}/${NANO_NAME}/pkg/* | sed -e "s;${NANO_WORLDDIR}/pkg;/pkg;" | pkg_add -v -f -S -C ${NANO_WORLDDIR}
+#
+soekris_pkg() (
+	if [ -d ${NANO_TOOLS}/${NANO_NAME}/pkg ]; then
+		mkdir -p ${NANO_WORLDDIR}/Pkg
+		cp ${NANO_PKGDIR}/* ${NANO_WORLDDIR}/pkg
+		chroot ${NANO_WORLDDIR} sh -c 'pkg_add -v pkg/*'
+		rm -rf ${NANO_WORLDDIR}/pkg
+	fi
+)
+
+soekris_comconsole () (
+	# Enable getty on console
+	sed -i "" -e /ttyd0/s/off/on/ ${NANO_WORLDDIR}/etc/ttys
+	sed -i "" -e /ttyd0/s/std.9600/std.19200/ ${NANO_WORLDDIR}/etc/ttys
+
+	# Disable getty on syscons devices
+	sed -i "" -e '/^ttyv[0-8]/s/	on/	off/' ${NANO_WORLDDIR}/etc/ttys
+
+	# Tell loader to use serial console early.
+	echo " -h" > ${NANO_WORLDDIR}/boot.config
+)
+
+#
+# Define a configuration command to do some more tweaking of the
+# ssh configuration.
+#
+soekris_ssh() (
+	mkdir -p ${NANO_WORLDDIR}/etc/ssh/root
+	chmod 700 ${NANO_WORLDDIR}/etc/ssh/root
+	sed -i "" -e '/ChallengeResponseAuthentication/s/.*/ChallengeResponseAuthentication no/' ${NANO_WORLDDIR}/etc/ssh/sshd_config
+	sed -i "" -e '/AuthorizedKeysFile/s/.*/AuthorizedKeysFile \/etc\/ssh\/%u\/authorized_keys/' ${NANO_WORLDDIR}/etc/ssh/sshd_config
+	sed -i "" -e '/PasswordAuthentication/s/.*/PasswordAuthentication yes/' ${NANO_WORLDDIR}/etc/ssh/sshd_config
+)
+
+#
+# Pick up our directory skeleton
+#
+cust_skeleton() (
+	if [ -d ${NANO_TOOLS}/${NANO_NAME}/skeleton ] ; then
+		( cd ${NANO_TOOLS}/${NANO_NAME}/skeleton &&
+			 find . -depth -print | cpio -dump ${NANO_WORLDDIR} )
+	fi
+)
+
+# Register customization commands
+customize_cmd soekris_comconsole
+customize_cmd cust_install_files
+customize_cmd cust_allow_ssh_root
+customize_cmd soekris_nobeastie
+customize_cmd soekris_ssh
+customize_cmd cust_skeleton
+#customize_cmd soekris_pkg
--- /dev/null	Wed May  3 21:22:00 2006
+++ tools/tools/nanobsd/soebridge/skeleton/boot/device.hints	Tue Feb 21 14:31:17 2006
@@ -0,0 +1,78 @@
+# $FreeBSD: src/sys/i386/conf/GENERIC.hints,v 1.14 2005/01/14 06:54:59 imp Exp $
+hint.fdc.0.at="isa"
+hint.fdc.0.port="0x3F0"
+hint.fdc.0.irq="6"
+hint.fdc.0.drq="2"
+hint.fd.0.at="fdc0"
+hint.fd.0.drive="0"
+hint.fd.1.at="fdc0"
+hint.fd.1.drive="1"
+hint.ata.0.at="isa"
+hint.ata.0.port="0x1F0"
+hint.ata.0.irq="14"
+hint.ata.1.at="isa"
+hint.ata.1.port="0x170"
+hint.ata.1.irq="15"
+hint.adv.0.at="isa"
+hint.adv.0.disabled="1"
+hint.bt.0.at="isa"
+hint.bt.0.disabled="1"
+hint.aha.0.at="isa"
+hint.aha.0.disabled="1"
+hint.aic.0.at="isa"
+hint.aic.0.disabled="1"
+hint.atkbdc.0.at="isa"
+hint.atkbdc.0.port="0x060"
+hint.atkbd.0.at="atkbdc"
+hint.atkbd.0.irq="1"
+hint.psm.0.at="atkbdc"
+hint.psm.0.irq="12"
+#hint.vga.0.at="isa"
+hint.sc.0.at="isa"
+hint.sc.0.flags="0x100"
+hint.vt.0.at="isa"
+hint.vt.0.disabled="1"
+hint.apm.0.disabled="1"
+hint.apm.0.flags="0x20"
+hint.sio.0.at="isa"
+hint.sio.0.port="0x3F8"
+hint.sio.0.flags="0x10"
+hint.sio.0.irq="4"
+hint.sio.1.at="isa"
+hint.sio.1.port="0x2F8"
+hint.sio.1.irq="3"
+hint.sio.2.at="isa"
+hint.sio.2.disabled="1"
+hint.sio.2.port="0x3E8"
+hint.sio.2.irq="5"
+hint.sio.3.at="isa"
+hint.sio.3.disabled="1"
+hint.sio.3.port="0x2E8"
+hint.sio.3.irq="9"
+hint.ppc.0.at="isa"
+hint.ppc.0.irq="7"
+hint.ed.0.at="isa"
+hint.ed.0.disabled="1"
+hint.ed.0.port="0x280"
+hint.ed.0.irq="10"
+hint.ed.0.maddr="0xd8000"
+hint.cs.0.at="isa"
+hint.cs.0.disabled="1"
+hint.cs.0.port="0x300"
+hint.sn.0.at="isa"
+hint.sn.0.disabled="1"
+hint.sn.0.port="0x300"
+hint.sn.0.irq="10"
+hint.ie.0.at="isa"
+hint.ie.0.disabled="1"
+hint.ie.0.port="0x300"
+hint.ie.0.irq="10"
+hint.ie.0.maddr="0xd0000"
+hint.fe.0.at="isa"
+hint.fe.0.disabled="1"
+hint.fe.0.port="0x300"
+hint.lnc.0.at="isa"
+hint.lnc.0.disabled="1"
+hint.lnc.0.port="0x280"
+hint.lnc.0.irq="10"
+hint.lnc.0.drq="0"
--- /dev/null	Wed May  3 21:22:00 2006
+++ tools/tools/nanobsd/README	Wed May  3 21:26:47 2006
@@ -0,0 +1,48 @@
+A couple of minor changes to the nanobsd infrastructure.
+
+I've included an example configuration file, nanobsd-soebridge.conf, that
+builds a flash image for a Soekris Net4501 box (although I didn't include
+the kernel config file, it's available elsewhere).  It is based heavily
+on one made available by Bruce Mah.  I've kept most (all?) of his features
+and added one more, a shell function called cust_skeleton().  This picks
+up the directory structure and files in ${NANO_TOOLS}/${NANO_NAME}/skeleton
+and slams that over the top of the contents of ${NANO_WORLDDIR}.  This
+means that you can insert other special configuration anywhere in the
+file system and this configuration supersedes any defaults.  I use it to
+install a Soekris Net4501-specific device.hints and to populate /var/named
+but it could be used for pretty much anything at all.
+
+In general, a configuration file sets various shell variables, may provide
+new configuration functions, and invokes all the desired configuration
+functions provided both there and in nanobsd.sh.
+
+The nanobsd.sh script now depends even more heavily on NANO_NAME.  In
+particular, when it creates the cfg and data slices, if there is a
+/usr/src/tools/tools/nanobsd/${NANO_NAME} directory, it fills those
+slices from the cfg and data directories (if any) therein.  So if you
+have, for example, a soebridge/cfg subdirectory, all the files and
+directories there will get copied into the /cfg slice of the disk image.
+This means that one can pre-populate /cfg and/or /data with such things
+as ssh keys, a root password or other default configuration.
+
+It's not obvious, but during boot the /etc/rc.initdiskless script first
+creates memory filesystems for /etc and /var, mounts the cfg slice (slice
+3) on /cfg and copies the contents of that directory into /etc.  It then
+dismounts /cfg.  So any configuration in /cfg will survive reboot; if you
+want configuration in /etc to also survive, mount /cfg, copy the relevant
+files there, then dismount it.  There are a couple of scripts in /root
+that do this for changing passwords and saving away ssh host keys.  Note
+that these scripts are picked up from ${NANO_TOOLS}/Files; files there will
+be inserted into _any_ image, not just a specific image as in the case of
+my changes.
+
+As always, no warranty, here's the gun and here are the bullets, if you
+shoot yourself in the foot it's your own damned fault for digging this
+deeply into Things Man Was Not Meant To Know.
+
+And I'm utterly certain that this document could be more complete.
+Volunteers welcome.  At least this is _something_, as opposed to the
+nothing that was here before.
+
+Frank Mayhar
+frank at exit.com
--- /dev/null	Wed May  3 21:22:00 2006
+++ tools/tools/nanobsd/soebridge/cfg/sysctl.conf	Tue Apr 11 21:44:39 2006
@@ -0,0 +1,11 @@
+# $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $
+#
+#  This file is read when going to multi-user and its contents piped thru
+#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
+#
+
+# Uncomment this to prevent users from seeing information about processes that
+# are being run under another UID.
+#security.bsd.see_other_uids=0
+net.inet.ip.forwarding=1
+net.inet.ip.fastforwarding=1
--- nanobsd-diffs ends here ---



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list