wiki:FreeBSDOnEmbeddedDevice
Last modified 4 months ago

"Table of Content"

  1. Initial disk configuration
  2. Disk population
  3. Disk configuration
    1. Accounting & access control
    2. Networking
  4. Initial boot
    1. Package install
      1. dnsmasq
      2. ntp
      3. motd
      4. Flash disk protection
      5. various
  5. Put into production

Initial disk configuration

## Hack to find memory card and have partion entries re-read
# - No cards:
#   dd: /dev/da0: Device not configured
# - Inactive card:
#   dd: /dev/da4: Operation not permitted
# - Active card:
#   0+0 records in
#   0+0 records out
#   0 bytes transferred in 0.000018 secs (0 bytes/sec)

build# ls /dev/da? | xargs -I %%DA%% -n 1 dd if=/dev/zero of=%%DA%% count=0
build# setenv DA /dev/da0

Hack to really have all old partition information is detroyed:
build# dd if=/dev/zero of=$DA bs=1m count=1

build# fdisk -BI $DA
build# echo "a: * * 4.2BSD" | bsdlabel -R -B -m i386 ${DA}s1 /dev/stdin
build# newfs ${DA}s1a
build# mount ${DA}s1a /mnt

Disk population

build# setenv RELEASE 8.0-RELEASE
build# mkdir -p /usr/data/$RELEASE
build# cd /usr/data/$RELEASE

build# mkdir kernels base manpages
build# (cd base; echo 'mget *' | ftp -i ftp://ftp.nl.freebsd.org/pub/FreeBSD/releases/i386/$RELEASE/base/)
build# (cd kernels; echo 'mget *' | ftp -i ftp://ftp.nl.freebsd.org/pub/FreeBSD/releases/i386/$RELEASE/kernels/)
build# (cd manpages; echo 'mget *' | ftp -i ftp://ftp.nl.freebsd.org/pub/FreeBSD/releases/i386/$RELEASE/manpages/)

More sophisticated approach (rsync not in base):
build# rsync -vaz ftp.nl.freebsd.org::FreeBSD/releases/i386/$RELEASE/kernels .

build# setenv DESTDIR /mnt

build# (cd base; cat base.?? | tar --unlink -xpzf - -C $DESTDIR)
build# (cd kernels; sh install.sh generic)
build# (cd manpages; sh install.sh)

Tip: Soekris 2521 requires CPU_ELAN which is not included into the kernel by default. For optimal performance compile the kernel yourself

Activate right kernel:
build# rm -r /mnt/boot/kernel/ ; mv /mnt/boot/GENERIC/ /mnt/boot/kernel

Disk configuration

Need resolving power at later stage inside chroot:
build# cp /etc/resolv.conf /mnt/etc/
build# chroot /mnt

Important: if you FAIL to chroot and continue you will now start destroying your build system

Need rw on first boot for ssh keys and such:
chroot# echo "/dev/ad0s1a / ufs rw,noatime 0 1" > /etc/fstab

Tip: On Soekris net4801 v1.33 Flash is secondary
net4801# echo "/dev/ad1s1a / ufs rw,noatime 0 1" > /etc/fstab

Make sure to continue to check the disks on reboot, instead of waiting for user input:
chroot# echo "fsck_y_enable=YES" >> /etc/rc.conf

chroot# cat <<EOF > /boot/loader.conf
console=comconsole
autoboot_delay=3

hw.ata.ata_dma=0   # Soekris boot failure
EOF

Serial console boot only:
chroot# echo "-h" > /boot.config

Enable serial console:
chroot# sed '/ttyu0/ s/off/on /' /etc/ttys > /etc/ttys.new && mv /etc/ttys.new /etc/ttys

Cosmetic: disable all vidconsoles as a soekris embedded device does not have any:
chroot# sed '/ttyv[0-7]/ s/on /off/g' /etc/ttys > /etc/ttys.new && mv /etc/ttys.new /etc/ttys

Accounting & access control

chroot# echo "sshd_enable=YES" >> /etc/rc.conf
chroot# pw usermod root -w random

Administive user (admin for example):
chroot# setenv FTP_PASSIVE_MODE yes
chroot# pkg_add -r sudo
chroot# pw useradd admin -G wheel -c 'Admin User' -s /bin/csh -m -w random
chroot# echo '%wheel ALL=(ALL) ALL' >> /usr/local/etc/sudoers

Networking

chroot# echo "hostname=riff.vanderzwet.net" >> /etc/rc.conf

Package installation using 7.2 kernel and 8.0-RC2 world is core dumping, postponing for later stage

Make any other optional changes before first boot inside chroot(8):
chroot# vi /etc/rc.conf

chroot# exit
build# umount /mnt

Initial boot

Note: NOT READY YET: Insert card into your embedded device and get yourself a prompt, using serial of ssh login.

Package install

dnsmasq

dnsmasq used for local network dns and dhcp:
node# pkg_add -r dnsmasq
node# echo "dnsmasq_enable=YES" >> /etc/rc.conf

node# cat <<EOF > /usr/local/etc/dnsmasq.conf
interface=sis0

dhcp-range=192.168.42.100,192.168.42.200

domain=vanderzwet.net
EOF

ntp

node# echo "ntpd_enable=YES" >> /etc/rc.conf

node# cat <<EOF > /etc/ntp.conf
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
server 2.nl.pool.ntp.org

driftfile /var/db/ntp.drift
EOF

motd

node# (sed '3,$ d' /etc/motd; echo "WWW: http://rickvanderzwet.nl" ) > /etc/motd.new; mv /etc/motd.new /etc/motd

Flash disk protection

node# echo "update_motd=NO" >> /etc/rc.conf
node# echo "tmpmfs=YES" >> /etc/rc.conf

Tip: You could make /var completely read-only, but I hate the details like package management getting lost. Flash cards these days are cheap anyways
node# echo "varmfs=YES" >> /etc/rc.conf
Tip: Having your flash living in read-only gives you added security and increases the live-time of your (older) Flash cards
node# sed '/1a/ s/rw/ro/' /etc/fstab > /etc/fstab.new; mv /etc/fstab.new /etc/fstab

various

node# pkg_add -r tinyproxy sudo vim-lite

Put into production

node# reboot