From owner-cvs-src@FreeBSD.ORG Fri Aug 29 19:16:37 2003 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 495FE16A4C0; Fri, 29 Aug 2003 19:16:37 -0700 (PDT) Received: from cirb503493.alcatel.com.au (c211-28-27-130.belrs2.nsw.optusnet.com.au [211.28.27.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1190843FEC; Fri, 29 Aug 2003 19:16:30 -0700 (PDT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])h7U2GRgh084554; Sat, 30 Aug 2003 12:16:28 +1000 (EST) (envelope-from jeremyp@cirb503493.alcatel.com.au) Received: (from jeremyp@localhost) by cirb503493.alcatel.com.au (8.12.8/8.12.8/Submit) id h7U2GHV9084553; Sat, 30 Aug 2003 12:16:17 +1000 (EST) Date: Sat, 30 Aug 2003 12:16:17 +1000 From: Peter Jeremy To: Nate Lawson Message-ID: <20030830021617.GD43314@cirb503493.alcatel.com.au> References: <200308291035.h7TAZ1Wm008611@repoman.freebsd.org> <20030829183759.GA68755@dragon.nuxi.com> <20030829121043.K43708@root.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030829121043.K43708@root.org> User-Agent: Mutt/1.4.1i cc: David O'Brien cc: src-committers@freebsd.org cc: Robert Watson cc: Poul-Henning Kamp cc: cvs-src@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin Makefile src/lib Makefile src/sbin Makefile src/usr.bin Makefile src/usr.sbin Makefile X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Aug 2003 02:16:37 -0000 On Fri, Aug 29, 2003 at 12:14:17PM -0700, Nate Lawson wrote: >On Fri, 29 Aug 2003, David O'Brien wrote: >> On Fri, Aug 29, 2003 at 09:08:35AM -0400, Robert Watson wrote: >> > On Fri, 29 Aug 2003, Poul-Henning Kamp wrote: >> > >> > > NO_TOOLCHAIN skips Compilers and Binutils >> > > NO_USB skips USB stuff >> > > NO_VINUM skips Vinum stuff >> > > NO_ACPI skips ACPI stuff >> > >> > Great! I was hoping this would be the outcome of the Minimalist FreeBSD >> > discussion. >> >> Was there a discussion somewhere that most of us missed? > >Hmm, missed it also. In general I'm in favor of this but would prefer to >see these also defined under a single knob (MINIMAL?). I'd like to disagree here. What you see as essential in a minimal system might be irrelevant to me and vice versa. 2.x PicoBSD was probably the first real attempt at 'minimal' and it came in four versions (including 'custom') to meet different requirements. If you take something like PicoBSD as a minimal system, does the 'minimal' know give you the union or intersection of the various PicoBSD variants? In the former case, you have something that's slightly more than minimal and in the latter case, you need to add a few more bits to reach a usable system. At the extreme, 'minimal' amounts to /boot/kernel/kernel.ko, /sbin/init and /bin/sh with some user-defined shellscripts (ISTR that /boot/loader is optional again). This is likely to be too minimalist for most purposes though. > Before we get too many NO_*, >perhaps people who are actually building commercial and personal small >distributions could share some of their needs and experiences. I've adapted a version of 4.x for remote support purposes at work. A number of systems are installed in customer premises to provide serial console logging (using conserver) for the application systems as well as remote access via modem. Several systems are also installed in our DMZs as the 'local' end. These systems run Apache as a proxy cache to provide remote GUI management of our application. Footprint isn't an issue (the first systems had 9GB disk, the latest ones have 72GB disk) but security is and I've been hacking out anything that didn't seem necessary to make the systems as difficult as possible for unauthorised people to get into or use. The boxes originally came with a coloured head-covering installed but even our resident Linux expert didn't feel that he could confidently secure the boxes. I pushed for FreeBSD because I was confident I understood it well enough to produce an adequately secure result. My approach has been a mixture of customised buildworld (removing unwanted SUBDIR entries from both Makefile.inc1 and subsidiary Makefile's) and a hacked combination of 'make installworld' and 'make release' that includes some judicious 'rm -r' commands. The actual installation is done using standard sysinstall with a customised procedure (I thought this would be quicker than developing a customised install script since we only originally thought we'd have to build about 6 systems). This also saved me the pain of building the boot images. The resultant install image is about 20MB compressed. I could make it smaller but there's no pressure to do so. I have found that the removal of tcpdump in particular made debugging some network issues more difficult and will probably review the approach when I upgrade the base system. Peter