Changes between Version 11 and Version 12 of FreeBSDOnEmbeddedDevice


Ignore:
Timestamp:
Feb 2, 2012, 11:25:11 AM (13 years ago)
Author:
Rick van der Zwet
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • FreeBSDOnEmbeddedDevice

    v11 v12  
    2222build# setenv RELEASE 9.0-RELEASE
    2323build# mkdir -p /usr/data/$RELEASE
     24
    2425build# cd /usr/data/$RELEASE
    2526
     
    4243Need resolving power at later stage inside chroot:
    4344build# cp /etc/resolv.conf /mnt/etc/
     45
     46Need ssh-keygen to work, so need access to /dev/urandom
     47build# mount -t devfs devfs /mnt/dev
     48
    4449build# chroot /mnt
    45 
    4650Important: if you FAIL to chroot and continue you will now start destroying your build system
    4751
    48 Need rw on first boot for ssh keys and such:
     52Tip: Having your flash living in read-only gives you added security and increases the live-time of your (older) Flash cards. read-write is more convenient But you will need to do some tricks as some programs need rw on first boot for ssh keys and such.
     53
    4954chroot# echo "/dev/ada0s1 / ufs ro,noatime 0 1" > /etc/fstab
    5055
     
    7378== Accounting & access control ==
    7479chroot# echo "sshd_enable=YES" >> /etc/rc.conf
     80chroot# service sshd keygen
     81
    7582chroot# pw usermod root -w random
    7683
     
    8188
    8289== Networking ==
    83 chroot# echo "hostname=riff.vanderzwet.net" >> /etc/rc.conf
     90chroot# hostname riff.vanderzwet.net
     91chroot# echo hostname=`hostname` >> /etc/rc.conf
    8492
    85 Make any other optional changes before first boot inside chroot(8):
    86 chroot# vi /etc/rc.conf
    87 
    88 
    89 chroot# exit
    90 build# umount /mnt
    91 
    92 = Initial boot =
    93 Note: NOT READY YET: Insert card into your embedded device and get yourself a prompt, using serial of ssh login.
    9493== Package install ==
    9594
     
    104103chroot# pkg_add -r dnsmasq
    105104chroot# echo "dnsmasq_enable=YES" >> /etc/rc.conf
     105chroot# setenv DOMAIN `hostname | sed 's/^[^.]*.//'`
    106106
    107107{{{
    108108#!sh
    109109node# cat <<EOF > /usr/local/etc/dnsmasq.conf
    110 interface=vr0
     110interface=bridge0
     111no-dhcp-interface=vr1
     112cache-size=10000
    111113
    112 dhcp-range=192.168.42.100,192.168.42.200
     114localise-queries
     115domain=${DOMAIN}.
    113116
    114 domain=vanderzwet.net
     117dhcp-range=bridge0,192.168.42.100,192.168.42.200
     118dhcp-host=00:00:24:c1:1d:d0,192.168.42.130
     119dhcp-host=00:13:d3:a7:24:51,192.168.42.165
     120dhcp-option=option:router,192.168.42.1
     121
     122server=/wleiden.net/172.20.145.129
     123`jot 16 16 | xargs -n 1 -I % echo server=/%.172.in-addr.arpa/172.20.145.129`
    115124EOF
    116125}}}
     
    130139=== motd ===
    131140
    132 node# (sed '3,$ d' /etc/motd; echo "WWW: http://rickvanderzwet.nl" ) > /etc/motd.new; mv /etc/motd.new /etc/motd
     141node# (sed '3,$ d' /etc/motd; echo "WWW: riff.vanderzwet.net - http://rickvanderzwet.nl" ) > /etc/motd.new; mv /etc/motd.new /etc/motd
    133142
    134143=== Flash disk protection ===
    135144chroot# echo "update_motd=NO" >> /etc/rc.conf
    136145chroot# echo "tmpmfs=YES" >> /etc/rc.conf
    137 Tip: You could make /var completely read-only, but I hate the details like package management getting lost. Flash cards these days are cheap anyways, mine lived for 1 year after extensive use. Of course with read-only this will be _much_ longer.
    138146chroot# echo "varmfs=YES" >> /etc/rc.conf
    139 Tip: Having your flash living in read-only gives you added security and increases the live-time of your (older) Flash cards
     147
     148Tip: I hate the details like package management details getting lost. Flash cards these days are cheap anyways, mine lived for 1 year after extensive use. Of course with read-only this will be _much_ longer.
     149
     150
    140151chroot# sed '/1a/ s/rw/ro/' /etc/fstab > /etc/fstab.new; mv /etc/fstab.new /etc/fstab
     152
    141153
    142154=== various ===
    143155node# pkg_add -r tinyproxy sudo vim-lite
    144156
    145 = Put into production =
    146 node# reboot
    147157
    148 = Adding packages =
     158= Initial boot =
     159Note: NOT READY YET: Insert card into your embedded device and get yourself a prompt, using serial of ssh login.
     160
     161
     162= Production Maintenance =
     163
     164== Adding packages ==
    149165Tip: As space is limited unpacking packages can result in I/O errors due to (memory) disks which run out of space. Installing for example the package apache22 goes as follows:
    150166node# mkdir /usr/local/tmp
    151167node# setenv PKG_TMPDIR /usr/local/tmp
    152168node# pkg_add -r -t /usr/local/tmp/instmp.XXXXXX apache22
     169
     170Make any other optional changes before first boot inside chroot(8):
     171chroot# vi /etc/rc.conf
     172
     173chroot# exit
     174build# umount /mnt