From owner-freebsd-bugs@FreeBSD.ORG Thu May 4 04:40:17 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C15C216A409 for ; Thu, 4 May 2006 04:40:17 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77AAD43D67 for ; Thu, 4 May 2006 04:40:16 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k444eG9F027681 for ; Thu, 4 May 2006 04:40:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k444eGNB027680; Thu, 4 May 2006 04:40:16 GMT (envelope-from gnats) Resent-Date: Thu, 4 May 2006 04:40:16 GMT Resent-Message-Id: <200605040440.k444eGNB027680@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Frank Mayhar" Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB2CF16A403; Thu, 4 May 2006 04:35:57 +0000 (UTC) (envelope-from frank@exit.com) Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72E5A43D46; Thu, 4 May 2006 04:35:57 +0000 (GMT) (envelope-from frank@exit.com) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.13.4/8.13.4) with ESMTP id k444Zu1n081583; Wed, 3 May 2006 21:35:56 -0700 (PDT) (envelope-from frank@exit.com) Message-Id: <1146717356.71787@realtime.exit.com> Date: Wed, 3 May 2006 21:35:56 -0700 From: "Frank Mayhar" To: "FreeBSD gnats submit" X-Send-Pr-Version: gtk-send-pr 0.4.7 Cc: Subject: conf/96746: Configuration changes and README for nanobsd X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2006 04:40:18 -0000 >Number: 96746 >Category: conf >Synopsis: Configuration changes and README for nanobsd >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu May 04 04:40:15 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Frank Mayhar >Release: FreeBSD 6.1-RC i386 >Organization: Exit Consulting >Environment: System: FreeBSD 6.1-RC #0: Sun Apr 30 15:44:11 PDT 2006 frank@realtime.exit.com:/usr/obj/usr/src/sys/REALTIME >Description: I've enclosed a patch that wraps a new README and some hacks I've done to the nanobsd configuration. My hacks make it a bit more convenient to configure a few things, and the README documents those hacks and some stuff I had to figure out the hard way. I've also enclosed an example configuration for a Soekris net4501 box, along with a few ancillary files that might serve to get someone started. >How-To-Repeat: >Fix: --- nanobsd-diffs begins here --- Index: tools/tools/nanobsd/FlashDevice.sub =================================================================== RCS file: /cvs/repos/src/tools/tools/nanobsd/FlashDevice.sub,v retrieving revision 1.1.2.3 diff -u -r1.1.2.3 FlashDevice.sub --- tools/tools/nanobsd/FlashDevice.sub 19 Apr 2006 18:22:18 -0000 1.1.2.3 +++ tools/tools/nanobsd/FlashDevice.sub 30 Apr 2006 18:47:17 -0000 @@ -112,6 +112,19 @@ ;; esac ;; + toshiba) + case $a2 in + 256|256mb) + NANO_MEDIASIZE=`expr 256376832 / 512` + NANO_HEADS=16 + NANO_SECTS=32 + ;; + *) + echo "Unknown Toshiba Flash capacity" + exit 2 + ;; + esac + ;; siliconsystems) case $2 in 4096|4g) Index: tools/tools/nanobsd/nanobsd.sh =================================================================== RCS file: /cvs/repos/src/tools/tools/nanobsd/nanobsd.sh,v retrieving revision 1.7.2.5 diff -u -r1.7.2.5 nanobsd.sh --- tools/tools/nanobsd/nanobsd.sh 31 Jan 2006 15:56:33 -0000 1.7.2.5 +++ tools/tools/nanobsd/nanobsd.sh 21 Feb 2006 06:45:42 -0000 @@ -377,12 +377,22 @@ # Create Config slice newfs ${NANO_NEWFS} /dev/${MD}s3 - # XXX: fill from where ? + if [ -d ${NANO_TOOLS}/${NANO_NAME}/cfg ] ; then + mount /dev/${MD}s3 ${MNT} + ( cd ${NANO_TOOLS}/${NANO_NAME}/cfg && \ + find . -print | cpio -dump ${MNT} ) + umount ${MNT} + fi # Create Data slice, if any. if [ $NANO_DATASIZE -gt 0 ] ; then newfs ${NANO_NEWFS} /dev/${MD}s4 - # XXX: fill from where ? + if [ -d ${NANO_TOOLS}/${NANO_NAME}/data ] ; then + mount /dev/${MD}s4 ${MNT} + ( cd ${NANO_TOOLS}/${NANO_NAME}/data && \ + find . -print | cpio -dump ${MNT} ) + umount ${MNT} + fi fi dd if=/dev/${MD}s1 of=${MAKEOBJDIRPREFIX}/_.disk.image bs=64k --- /dev/null Wed May 3 21:11:00 2006 +++ tools/tools/nanobsd/nanobsd-soebridge.conf Sun Feb 26 12:23:06 2006 @@ -0,0 +1,144 @@ +# +# $Id: nanobsd-soekris.conf 1208 2006-01-04 04:33:50Z bmah $ +# + +NANO_NAME=soebridge +NANO_SRC=/usr/src +NANO_KERNEL=SOEBRIDGE +NANO_PKGDIR=${NANO_TOOLS}/${NANO_NAME}/pkg +export TARGET_ARCH=i386 + +CONF_WORLD=' +NO_ACPI=YES # do not build acpiconf(8) and related programs +NO_ATM=YES # do not build ATM related programs and libraries +#NO_AUTHPF=YES # do not build and install authpf (setuid/gid) +NO_BLUETOOTH=YES # do not build Bluetooth related stuff +#NO_BOOT=YES # do not build boot blocks and loader +#NO_CRYPT=YES # do not build any crypto code +NO_CVS=YES # do not build CVS +NO_CXX=YES # do not build C++ and friends +NO_DICT=YES # do not build the Webster dictionary files +#NO_DYNAMICROOT=YES # do not link /bin and /sbin dynamically +NO_FORTRAN=YES # do not build g77 and related libraries +NO_GAMES=YES # do not build games (games/ subdir) +NO_GDB=YES # do not build GDB +NO_GPIB=YES # do not build GPIB support +NO_I4B=YES # do not build isdn4bsd package +NO_INET6=YES # do not build IPv6 related programs and libraries +NO_INFO=YES # do not make or install info files +NO_IPFILTER=YES # do not build IP Filter package +NO_KERBEROS=YES # do not build and install Kerberos 5 (KTH Heimdal) +NO_LIBC_R=YES # do not build libc_r (re-entrant version of libc) +NO_LIBPTHREAD=YES # do not build libpthread (M:N threading library) +NO_LIBTHR=YES # do not build libthr (1:1 threading library) +NO_LPR=YES # do not build lpr and related programs +NO_MAILWRAPPER=YES # do not build the mailwrapper(8) MTA selector +NO_MAN=YES # do not build manual pages +NO_MODULES=YES # do not build modules with the kernel +#NO_NETCAT=YES # do not build netcat +NO_NIS=YES # do not build NIS support and related programs. +NO_OBJC=YES # do not build Objective C support +#NO_OPENSSH=YES # do not build OpenSSH +#NO_OPENSSL=YES # do not build OpenSSL (implies NO_KERBEROS/NO_OPENSSH) +#NO_PF=YES # do not build PF firewall package +NO_PROFILE=YES # Avoid compiling profiled libraries +NO_RCMDS=YES # do not build or install BSD r* commands (rsh, etc). +NO_SENDMAIL=YES # do not build sendmail and related programs +#NO_SHARE=YES # do not go into the share subdir +#NO_SHARED=YES # build /bin and /sbin dynamically linked (bad idea +NO_SHAREDOCS=YES # do not build the 4.4BSD legacy docs +#NO_TCSH=YES # do not build and install /bin/csh (which is tcsh) +NO_TOOLCHAIN=YES # do not build programs for program development +NO_USB=YES # do not build usbd(8) and related programs +PPP_NO_NAT=YES # do not build with NAT support (see make.conf(5)) +PPP_NO_NETGRAPH=YES # do not build with Netgraph support +PPP_NO_RADIUS=YES # do not build with RADIUS support +#PPP_NO_SUID=YES # build with normal permissions +#TRACEROUTE_NO_IPSEC=YES # do not build traceroute(8) with IPSEC support +#NO_BIND=YES # Do not build any part of BIND +#NO_BIND_DNSSEC=YES # Do not build dnssec-keygen, dnssec-signzone +#NO_BIND_ETC=YES # Do not install files to /etc/namedb +#NO_BIND_LIBS_LWRES=YES # Do not install the lwres library +#NO_BIND_MTREE=YES # Do not run mtree to create chroot directories +#NO_BIND_NAMED=YES # Do not build named, rndc, lwresd, etc. +NO_BIND_UTILS=YES # Do not build dig, host, nslookup, nsupdate +#WITH_BIND_LIBS= # Install the BIND libs and include files +NO_NETGRAPH=YES +NO_KLDLOAD=YES +NO_PAM=YES +NO_P1003_1B=YES +NO_GCOV=YES +NO_HTML=YES +NO_RESCUE=YES +NO_HESIOD_LIBC=YES +BOOT_COMCONSOLE_SPEED=115200 +' + +# Set disk geometry +FlashDevice SanDisk 256 + +# +# Define a configuration command to turn off the beastie menu +# +soekris_nobeastie() ( + touch ${NANO_WORLDDIR}/boot/loader.conf + echo "beastie_disable=\"YES\"" >> ${NANO_WORLDDIR}/boot/loader.conf +) + +# +# Define a configuration command to load packages +# Snarfed from phk. +# +# pkg_add -v -M -t ${NANO_WORLDDIR}/pkg/instmp.XXXXXX ${NANO_TOOLS}/${NANO_NAME}/pkg/* | sed -e "s;${NANO_WORLDDIR}/pkg;/pkg;" | pkg_add -v -f -S -C ${NANO_WORLDDIR} +# +soekris_pkg() ( + if [ -d ${NANO_TOOLS}/${NANO_NAME}/pkg ]; then + mkdir -p ${NANO_WORLDDIR}/Pkg + cp ${NANO_PKGDIR}/* ${NANO_WORLDDIR}/pkg + chroot ${NANO_WORLDDIR} sh -c 'pkg_add -v pkg/*' + rm -rf ${NANO_WORLDDIR}/pkg + fi +) + +soekris_comconsole () ( + # Enable getty on console + sed -i "" -e /ttyd0/s/off/on/ ${NANO_WORLDDIR}/etc/ttys + sed -i "" -e /ttyd0/s/std.9600/std.19200/ ${NANO_WORLDDIR}/etc/ttys + + # Disable getty on syscons devices + sed -i "" -e '/^ttyv[0-8]/s/ on/ off/' ${NANO_WORLDDIR}/etc/ttys + + # Tell loader to use serial console early. + echo " -h" > ${NANO_WORLDDIR}/boot.config +) + +# +# Define a configuration command to do some more tweaking of the +# ssh configuration. +# +soekris_ssh() ( + mkdir -p ${NANO_WORLDDIR}/etc/ssh/root + chmod 700 ${NANO_WORLDDIR}/etc/ssh/root + sed -i "" -e '/ChallengeResponseAuthentication/s/.*/ChallengeResponseAuthentication no/' ${NANO_WORLDDIR}/etc/ssh/sshd_config + sed -i "" -e '/AuthorizedKeysFile/s/.*/AuthorizedKeysFile \/etc\/ssh\/%u\/authorized_keys/' ${NANO_WORLDDIR}/etc/ssh/sshd_config + sed -i "" -e '/PasswordAuthentication/s/.*/PasswordAuthentication yes/' ${NANO_WORLDDIR}/etc/ssh/sshd_config +) + +# +# Pick up our directory skeleton +# +cust_skeleton() ( + if [ -d ${NANO_TOOLS}/${NANO_NAME}/skeleton ] ; then + ( cd ${NANO_TOOLS}/${NANO_NAME}/skeleton && + find . -depth -print | cpio -dump ${NANO_WORLDDIR} ) + fi +) + +# Register customization commands +customize_cmd soekris_comconsole +customize_cmd cust_install_files +customize_cmd cust_allow_ssh_root +customize_cmd soekris_nobeastie +customize_cmd soekris_ssh +customize_cmd cust_skeleton +#customize_cmd soekris_pkg --- /dev/null Wed May 3 21:22:00 2006 +++ tools/tools/nanobsd/soebridge/skeleton/boot/device.hints Tue Feb 21 14:31:17 2006 @@ -0,0 +1,78 @@ +# $FreeBSD: src/sys/i386/conf/GENERIC.hints,v 1.14 2005/01/14 06:54:59 imp Exp $ +hint.fdc.0.at="isa" +hint.fdc.0.port="0x3F0" +hint.fdc.0.irq="6" +hint.fdc.0.drq="2" +hint.fd.0.at="fdc0" +hint.fd.0.drive="0" +hint.fd.1.at="fdc0" +hint.fd.1.drive="1" +hint.ata.0.at="isa" +hint.ata.0.port="0x1F0" +hint.ata.0.irq="14" +hint.ata.1.at="isa" +hint.ata.1.port="0x170" +hint.ata.1.irq="15" +hint.adv.0.at="isa" +hint.adv.0.disabled="1" +hint.bt.0.at="isa" +hint.bt.0.disabled="1" +hint.aha.0.at="isa" +hint.aha.0.disabled="1" +hint.aic.0.at="isa" +hint.aic.0.disabled="1" +hint.atkbdc.0.at="isa" +hint.atkbdc.0.port="0x060" +hint.atkbd.0.at="atkbdc" +hint.atkbd.0.irq="1" +hint.psm.0.at="atkbdc" +hint.psm.0.irq="12" +#hint.vga.0.at="isa" +hint.sc.0.at="isa" +hint.sc.0.flags="0x100" +hint.vt.0.at="isa" +hint.vt.0.disabled="1" +hint.apm.0.disabled="1" +hint.apm.0.flags="0x20" +hint.sio.0.at="isa" +hint.sio.0.port="0x3F8" +hint.sio.0.flags="0x10" +hint.sio.0.irq="4" +hint.sio.1.at="isa" +hint.sio.1.port="0x2F8" +hint.sio.1.irq="3" +hint.sio.2.at="isa" +hint.sio.2.disabled="1" +hint.sio.2.port="0x3E8" +hint.sio.2.irq="5" +hint.sio.3.at="isa" +hint.sio.3.disabled="1" +hint.sio.3.port="0x2E8" +hint.sio.3.irq="9" +hint.ppc.0.at="isa" +hint.ppc.0.irq="7" +hint.ed.0.at="isa" +hint.ed.0.disabled="1" +hint.ed.0.port="0x280" +hint.ed.0.irq="10" +hint.ed.0.maddr="0xd8000" +hint.cs.0.at="isa" +hint.cs.0.disabled="1" +hint.cs.0.port="0x300" +hint.sn.0.at="isa" +hint.sn.0.disabled="1" +hint.sn.0.port="0x300" +hint.sn.0.irq="10" +hint.ie.0.at="isa" +hint.ie.0.disabled="1" +hint.ie.0.port="0x300" +hint.ie.0.irq="10" +hint.ie.0.maddr="0xd0000" +hint.fe.0.at="isa" +hint.fe.0.disabled="1" +hint.fe.0.port="0x300" +hint.lnc.0.at="isa" +hint.lnc.0.disabled="1" +hint.lnc.0.port="0x280" +hint.lnc.0.irq="10" +hint.lnc.0.drq="0" --- /dev/null Wed May 3 21:22:00 2006 +++ tools/tools/nanobsd/README Wed May 3 21:26:47 2006 @@ -0,0 +1,48 @@ +A couple of minor changes to the nanobsd infrastructure. + +I've included an example configuration file, nanobsd-soebridge.conf, that +builds a flash image for a Soekris Net4501 box (although I didn't include +the kernel config file, it's available elsewhere). It is based heavily +on one made available by Bruce Mah. I've kept most (all?) of his features +and added one more, a shell function called cust_skeleton(). This picks +up the directory structure and files in ${NANO_TOOLS}/${NANO_NAME}/skeleton +and slams that over the top of the contents of ${NANO_WORLDDIR}. This +means that you can insert other special configuration anywhere in the +file system and this configuration supersedes any defaults. I use it to +install a Soekris Net4501-specific device.hints and to populate /var/named +but it could be used for pretty much anything at all. + +In general, a configuration file sets various shell variables, may provide +new configuration functions, and invokes all the desired configuration +functions provided both there and in nanobsd.sh. + +The nanobsd.sh script now depends even more heavily on NANO_NAME. In +particular, when it creates the cfg and data slices, if there is a +/usr/src/tools/tools/nanobsd/${NANO_NAME} directory, it fills those +slices from the cfg and data directories (if any) therein. So if you +have, for example, a soebridge/cfg subdirectory, all the files and +directories there will get copied into the /cfg slice of the disk image. +This means that one can pre-populate /cfg and/or /data with such things +as ssh keys, a root password or other default configuration. + +It's not obvious, but during boot the /etc/rc.initdiskless script first +creates memory filesystems for /etc and /var, mounts the cfg slice (slice +3) on /cfg and copies the contents of that directory into /etc. It then +dismounts /cfg. So any configuration in /cfg will survive reboot; if you +want configuration in /etc to also survive, mount /cfg, copy the relevant +files there, then dismount it. There are a couple of scripts in /root +that do this for changing passwords and saving away ssh host keys. Note +that these scripts are picked up from ${NANO_TOOLS}/Files; files there will +be inserted into _any_ image, not just a specific image as in the case of +my changes. + +As always, no warranty, here's the gun and here are the bullets, if you +shoot yourself in the foot it's your own damned fault for digging this +deeply into Things Man Was Not Meant To Know. + +And I'm utterly certain that this document could be more complete. +Volunteers welcome. At least this is _something_, as opposed to the +nothing that was here before. + +Frank Mayhar +frank@exit.com --- /dev/null Wed May 3 21:22:00 2006 +++ tools/tools/nanobsd/soebridge/cfg/sysctl.conf Tue Apr 11 21:44:39 2006 @@ -0,0 +1,11 @@ +# $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $ +# +# This file is read when going to multi-user and its contents piped thru +# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. +# + +# Uncomment this to prevent users from seeing information about processes that +# are being run under another UID. +#security.bsd.see_other_uids=0 +net.inet.ip.forwarding=1 +net.inet.ip.fastforwarding=1 --- nanobsd-diffs ends here --- >Release-Note: >Audit-Trail: >Unformatted: