diff options
Diffstat (limited to 'freedom-maker')
35 files changed, 1194 insertions, 240 deletions
diff --git a/freedom-maker/Makefile b/freedom-maker/Makefile index e8fc80a..5adc490 100644 --- a/freedom-maker/Makefile +++ b/freedom-maker/Makefile @@ -1,17 +1,117 @@ -# copy DreamPlug root filesystem to a usb stick with an ext3 partition -dreamstick: stamp-dreamplug-rootfs - mount /media/freedom - sudo rsync -atvz --progress --delete build/dreamplug/ /media/freedom/ - umount /media/freedom +# /usr/bin/make + +# armel amd64 i386 +ARCHITECTURE = armel +# dreamplug guruplug +MACHINE = dreamplug +# card usb +DESTINATION = card +BUILD = $(MACHINE)-$(ARCHITECTURE)-$(DESTINATION) +BUILD_DIR = build/$(ARCHITECTURE) +MOUNTPOINT = /media/freedom +BOOTPOINT = $(MOUNTPOINT)/boot +DEVICE = /dev/sdb +TODAY = `date +%Y.%m%d` +NAME = freedombox-unstable_$(TODAY)_$(BUILD) +IMAGE = $(NAME).img +ARCHIVE = $(NAME).tar.bz2 +LOOP = /dev/loop0 # populate a tree with DreamPlug root filesystem -stamp-dreamplug-rootfs: fbx-armel.conf fbx-base.conf mk_dreamplug_rootfs - sudo ./mk_dreamplug_rootfs - touch stamp-dreamplug-rootfs +rootfs: rootfs-$(ARCHITECTURE) +rootfs-$(ARCHITECTURE): multistrap-configs/fbx-base.conf \ + multistrap-configs/fbx-$(ARCHITECTURE).conf \ + mk_dreamplug_rootfs \ + bin/projects bin/finalize bin/projects-chroot + -sudo umount `pwd`/$(BUILD_DIR)/var/cache/apt/ + sudo ./mk_dreamplug_rootfs $(ARCHITECTURE) multistrap-configs/fbx-$(ARCHITECTURE).conf + touch rootfs-$(ARCHITECTURE) + +# copy DreamPlug root filesystem to a usb stick or microSD card +# stick assumed to have 2 partitions, 128meg FAT and the rest ext3 partition +image: rootfs-$(ARCHITECTURE) + -umount $(BOOTPOINT) + -umount $(MOUNTPOINT) + mount $(MOUNTPOINT) + sudo mkdir -p $(BOOTPOINT) + mount $(BOOTPOINT) + sudo rsync -atvz --progress --delete --exclude=boot $(BUILD_DIR)/ $(MOUNTPOINT)/ + cp $(BUILD_DIR)/boot/* $(BOOTPOINT)/ +ifeq ($(DESTINATION),usb) +# prevent the first-run script from running during boot. +# we'll do this during copy2dream. + rm $(MOUNTPOINT)/etc/rc1.d/S01first-run $(MOUNTPOINT)/etc/rc2.d/S01first-run +# add u-boot binary for the DreamPlug to the FAT partition for easy access + cp -r $(MOUNTPOINT)/usr/lib/u-boot/dreamplug $(MOUNTPOINT)/boot +endif +ifeq ($(DESTINATION),card) +# we don't need to copy2dream, this is the microSD card. + sudo rm $(MOUNTPOINT)/sbin/copy2dream +# fix fstab for the SD card. + sudo sh -c "sed -e 's/sdc1/sda1/g' < $(BUILD_DIR)/etc/fstab > $(MOUNTPOINT)/etc/fstab" +endif +ifeq ($(MACHINE),guruplug) +# we can't flash the guru plug's kernel + mkdir -p $(MOUNTPOINT)/var/freedombox/ + touch $(MOUNTPOINT)/var/freedombox/dont-tweak-kernel +endif + sync + sleep 1 + umount $(BOOTPOINT) + umount $(MOUNTPOINT) + @echo "Build complete." + +# build a virtualbox image +virtualbox-image: stamp-vbox-predepend + ./mk_virtualbox_image freedombox-unstable_$(TODAY)_virtualbox-i386-hdd + +# build the weekly test image +weekly-image: image +# if we aren't installing to an armel system, assume we need a bootloader. +ifneq ($(ARCHITECTURE),armel) +# also, try my best to protect users from themselves: +ifneq ($(DEVICE),/dev/sda) + sudo grub-install $(DEVICE) +endif +endif + dd if=$(DEVICE) of=$(IMAGE) bs=1M + @echo "Image copied. The microSD card may now be removed." + tar -cjvf $(ARCHIVE) $(IMAGE) + +# +# meta +# + +# install required files so users don't need to do it themselves. +stamp-predepend: + sudo sh -c "apt-get install multistrap qemu-user-static u-boot-tools git mercurial" + touch stamp-predepend + +stamp-vbox-predepend: + sudo sh -c "apt-get install debootstrap extlinux qemu-utils parted mbr kpartx python-cliapp" + touch stamp-vbox-predepend clean: - rm -f stamp-dreamplug-rootfs - sudo rm -rf build/dreamplug +# just in case I tried to build before plugging in the USB drive. + -sudo umount `pwd`/$(BUILD_DIR)/var/cache/apt/ + sudo rm -rf $(BUILD_DIR) + -rm -f $(IMAGE) $(ARCHIVE) + -rm -f rootfs-* stamp-* + +distclean: clean + sudo rm -rf build + +# remove all data from the microSD card to repopulate it with a pristine image. +clean-card: + -umount $(BOOTPOINT) + -umount $(MOUNTPOINT) + + sudo mkdir -p $(BOOTPOINT) + mount $(BOOTPOINT) + sudo rm -rf $(BOOTPOINT)/* + umount $(BOOTPOINT) -distclean: clean - rm -rf build + sudo mkdir -p $(MOUNTPOINT) + mount $(MOUNTPOINT) + sudo rm -rf $(MOUNTPOINT)/* + umount $(MOUNTPOINT) diff --git a/freedom-maker/README b/freedom-maker/README index 1428d26..6039861 100644 --- a/freedom-maker/README +++ b/freedom-maker/README @@ -1,60 +1,418 @@ Freedom-Maker - Bdale's building tools for the FreedomBox project -Install required build packages: - apt-get install multistrap qemu-user-static +Welcome to the FreedomBox! This project is the central hub of the FreedomBox +project, it builds and installs the file-system image that turns any computer +into a FreedomBox. -To build for a DreamPlug, use +There are a couple ways to use this system: - sudo ./mk_dreamplug_rootfs +1. If you just want to use a FreedomBox and don't care about changing how it + works or mucking about in its insides (if you're like most people), you + should get a pre-built image from someone and copy it to an SD card or USB + drive. If you don't have a JTAG or don't know what one is, make sure to ask + for the SD card image. -This will yield a file tree under build/dreamplug, representing the -contents of a root file system. Get that onto a USB stick with a Linux -friendly file system (ext3 and not vfat) with something like +2. If you want to change and build on it, you can use: - sudo mount /dev/sdc1 /media/freedom - sudo rsync -atvz --progress build/dreamplug/ /media/freedom/ - sudo umount /media/freedom + A. A USB stick. This requires a JTAG, but doesn't require opening up the + DreamPlug, or, -Move the USB stick to the DreamPlug, and arrange to boot the existing kernel -from internal microSD pointing to our new root filesystem by interrupting the -boot to talk to U-Boot: + B. A microSD card and adapter. You can use the one from inside the + DreamPlug. You won't need a JTAG, but you will need to open the DreamPlug + and void the warranty. + +*** +*** Warning! There are no "training wheels" here .. read the scripts and +*** understand what they're going to do before you run them... +*** + +# Recent Firmware Necessary! + +Modern kernels need a relatively recent version of the u-boot firmware. If +you still use old firmware (including what Global Scale ships on the units by +default), then you need to update, which requires having the JTAG dongle (to +gain console serial port access). One way to know you've got old firmware +is if booting a Linux kernel results in errors about corrupt gzip data and +a failure to launch the kernel. + +Note that re-flashing firmware will erase all configuration variables. If +preserving your exising boot config is important, use printenv and make notes +before proceeding. Also note that any time you're re-flashing boot firmware, +there is a slight chance you could 'brick' your device leaving it unbootable. +If that happens, the JTAG interface can be used to recover. + +The instructions for updating firmaware go something like this (thanks to +Ian Campbell for his notes): + + Using 2012.04.01-2 which is current Wheezy. Prep by mounting a USB stick. + + wget http://http.debian.net/debian/pool/main/u/u-boot/u-boot_2012.04.01-2_armel.deb + dpkg-deb -x u-boot_2012.04.01-2_armel.deb u-boot_2012.04.01-2_armel + cp u-boot_2012.04.01-2_armel/usr/lib/u-boot/dreamplug/* /media/usbdisk + + Move the USB stick to your DreamPlug. Flash the new firmare: + + usb start + fatload usb 2 0x6400000 u-boot.kwb + sf probe 0 + sf erase 0x0 0x80000 + sf write 0x6400000 0x0 0x${filesize} + + (You must, of course, fill in the size of the file you're loading in hex) + +At this point, you should be able to reset the DreamPlug and have it boot to +a serial console prompt. If that fails, you'll need real JTAG magic to try +again. + +Note that if you use the 'make usb' target to create a bootable USB stick +image, we include the required firmware in /boot/dreamplug, so the above +fatload command might be replaced with: + + fatload usb 2 0x6400000 dreamplug/u-boot.kwb + +# To Use It + +You'll need to copy the image to the memory card or USB stick: + +1. Figure out which device your card actually is. + + A. Unplug your card. + + B. Run "df" to show you the list of devices your computer actually knows + about. + + C. Plug your card in. + + D. Run "df" again, your computer should know about a new device or two: your + memory card. It's probably "/dev/sd(someletter)". It *won't be* + /dev/sda. + +2. Decompress the image: + + $ tar -xjvf freedombox-unstable_*.tar.bz2 + +3. Copy the image to your card. Whatever you do, make sure you don't copy it to + /dev/sda. That'll break your system. + + # dd bs=1M if=freedombox-unstable_*.img of=/dev/sd(thesameletter) + + When picking a device, use the drive-letter destination, like /dev/sdb, not a + numbered destination, like /dev/sdb1. The device-without-a-number refers to + the entire device, while the device-with-a-number refers to a specific + partition. We want to use the whole device. + +Now, what you need to do depends on whether you're using the microSD card or USB +stick method: + +- USB drive: You'll hook the JTAG up to the DreamPlug before booting and use the + JTAG to control the boot process, so we can boot from the USB drive. + +- microSD card: You'll put the microSD card into the DreamPlug's internal + microSD card slot and boot the DreamPlug. It'll restart once to finish the + install process, then it's ready to use. + +## Running from a microSD Card + +When DD has finished, take the microSD card out of your computer and plug it +into your DreamPlug. If you have a JTAG, you can watch it boot. You'll see it +restart once during the boot process. If you don't have a JTAG, wait a while (5 +minutes or less) and it'll be available over SSH (port 22). You might need to +use nmap to find it: + + $ nmap -p 22 --open -sV 192.168.0.0/24 + + ... + Interesting ports on 192.168.0.13: + PORT STATE SERVICE VERSION + 22/tcp open ssh OpenSSH 6.0p1 Debian 2 (protocol 2.0) + Service Info: OS: Linux + ... + +Once you've found it, SSH into the box: + + $ ssh root@192.168.0.13 + +## Running from a USB Stick + +Move the USB stick to the DreamPlug, obtain a serial console, and hit reset. A +good way to access the serial console (actually USB serial emulation provided by +the optional JTAG dongle), is to use 'screen', like so: screen /dev/ttyUSB0 115200 -# Reboot the DreamPlug -# You should see "Hit any key to stop autoboot: " - hit a key, any key - setenv x_bootargs_root root=/dev/sdc1 rootdelay=10 - saveenv - reset -The system should boot to a login prompt and the default password is -'freedom' for the root user. +Interrupt the boot by pressing a key during the autoboot countdown, and type the +following to boot from the USB stick: + + setenv bootcmd '${x_bootcmd_usb}; ${x_bootcmd_kernel}; ${x_bootcmd_initrd}; setenv bootargs ${x_bootargs} ${x_bootargs_root}; bootm 0x6400000 0x6900000;' + setenv x_bootcmd_kernel fatload usb 2 0x6400000 uImage + setenv x_bootcmd_initrd fatload usb 2 0x6900000 uInitrd + setenv x_bootargs_root root=/dev/sdc2 rootdelay=10 + boot + +The system should boot to a login prompt, using only the bits on the stick. + +The default root password is 'freedom'. The normal user is "fbx" and the +password is "frdm". - - - - - -If you want to set things up to boot from the internal microSD card, once -you're logged into the system booted from root on USB stick you can use: +To set things up to boot from the internal microSD card, once you're logged into +the system booted from root on USB stick you can use: - sh /boot/copy2dream.sh + /sbin/copy2dream -If you choose to to reflash the device entirely you'll want to do the -following to switch the root filesystem back to the internal microSD card: +Note that if you don't have a reasonable system date and time set in the +DreamPlug before running this command, you may see a long stream of warnings +from tar about timestamps being in the future. It is safe to ignore these. - screen /dev/ttyUSB0 115200 -# Reboot the DreamPlug -# You should see "Hit any key to stop autoboot: " - hit a key, any key +On reboot, you may want to interrupt the boot and type the following to ensure +you boot from the internal microSD by default. This bootcmd line elides the +time-consuming attempts to boot grom gigE, which makes boot go much faster: + + setenv bootcmd '${x_bootcmd_usb}; ${x_bootcmd_kernel}; ${x_bootcmd_initrd}; setenv bootargs ${x_bootargs} ${x_bootargs_root}; bootm 0x6400000 0x6900000;' + setenv x_bootcmd_kernel fatload usb 0 0x6400000 uImage + setenv x_bootcmd_initrd fatload usb 0 0x6900000 uInitrd setenv x_bootargs_root root=/dev/sda2 rootdelay=10 saveenv reset -- - - - - +# To Make It + +If you want to build your own image yourself, you're more than welcome to. +Whether you're using a USB drive or a microSD card, you'll need to ensure that +it's at least 2 GB in size and that it has two partitons: + +1. The stick must start with a 128 MB FAT partition for the boot directory. + +2. The rest of the stick is an EXT2 partition, for the main installation. + +The rest of the steps you need to follow depend on whether you're using a USB +stick or a microSD card. + +## Building on a USB Stick + +Partition a USB stick to have a small FAT partition and large ext2 partition, +create a /media/freedom mount point, and add entries to /etc/fstab like: + + /dev/sdb1 /media/freedom/boot vfat user,noauto 0 0 + /dev/sdb2 /media/freedom ext2 user,noauto 0 0 + +This will allow the Makefile to mount and unmount the stick at will. + +If you have a favorite Debian mirror, update the file fbx-base.conf setting the +source= line. + +To populate the stick with bits for a DreamPlug, just plug it in to your +computer and type: + + make + +This will build a file tree under build/dreamplug, representing the contents of +a root file system, then that content will be copied to the stick. + +## Building it on a microSD card. + +Changing the image and building your own is a simple 18 step process! Lots of +thanks to Nick Hardiman for putting these instructions together. + +### Get Ready + +1. Start your workstation. + +2. Use a Debian OS, the version doesn't matter. A virtual image, such + as a VirtualBox image, is fine. Usually. + +3. Use the root account. + +### Prepare an SD Card + +4. Find a microSD card with SD card holder. It must be at least 2GB + in size. + +5. Insert the card into your workstation. + +6. Install a partition editor. Install parted if you are a masochist. + + # apt-get install parted + +7. Create 2 partitions. Use cfdisk, parted, gparted or similar. + + # cfdisk /dev/sdb + + a. First partition: 128meg (no smaller or the kernel copy will run + out of room and make - see below - will end with an error). + + b. Second partition: The rest of the card (anything over 600 MB + should work). + +8. Make a note of the SD card’s device name. Mine is /dev/sdb (my + workstation’s layout is simple: one disk called /dev/sda and + nothing else defined). + +9. Format the two partitions. + + a. First partition: FAT + + # mkdosfs /dev/sdb1 + + b. Second partition: ext3 + + # mkfs.ext3 /dev/sdb2 + +10. Create the mountpoints on your workstation. + + # mkdir -p /media/freedom/boot + +11. Mount the second partition. + + # mount /dev/sdb2 /media/freedom/ + +12. Mount the first partition. + + # mount /dev/sdb1 /media/freedom/boot/ + +13. Check your work. + + # mount + + sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) + ... + /dev/sdb2 on /media/freedom type ext3 + (rw,relatime,errors=continue,barrier=1,data=ordered) + /dev/sdb1 on /media/freedom/boot type vfat + (rw,relatime,fmask=0022,dmask=0022,codepage=cp437,iocharset=utf8,shortname=mixed,errors=remount-ro) + +### Clone the Git Repository + +14. Install git. + + # apt-get install git + + Reading package lists... Done + ... + After this operation, 15.3 MB of additional disk space will be used. + Do you want to continue [Y/n]? + ... + +15. Clone Nick Daly’s repository. + + $ git clone https://github.com/NickDaly/freedom-maker.git + + Cloning into 'freedom-maker'... + + +### Create the Debian OS. + +16. Change to the new directory. + + $ cd ~/freedom-maker/ + +17. Kick off: + + $ make weekly-card + +18. Enter your password when asked by "sudo". If that fails, run: + + $ su -c "make weekly-card" + +If you do that, you'll need to enter the root password to build the image. + +The next part took about an hour, but required no input from me. Packages were +downloaded. Lots of commands were run. Many harmless errors were ignored: + + sysvinit: restarting...init: timeout opening/writing control channel /run/initctl + .init: timeout opening/writing control channel /run/initctl + ... + +There was good news: + + Multistrap system installed successfully... + Copying the source directory to the FreedomBox root. + +There was an enormous amount of this: + + bin/bash + 818092 100% 7.07MB/s 0:00:00 (xfer#1, to-check=1102/1123) + bin/cat + 42736 100% 362.91kB/s 0:00:00 (xfer#2, to-check=1101/1123) + bin/chgrp + 54996 100% 383.62kB/s 0:00:00 (xfer#3, to-check=1100/1123) + ... + +Finally an image is copied and zipped up for redistribution: + + dd if=/dev/sdb of="freedombox-unstable_`date +%Y.%m%d`.img" bs=1M + 3781+1 records in + 3781+1 records out + 3965190144 bytes (4.0 GB) copied, 266.174 s, 14.9 MB/s + Image copied. The microSD card may now be removed. + tar -cjvf "freedombox-unstable_`date +%Y.%m%d`.tar.bz2" + "freedombox-unstable_`date +%Y.%m%d`.img" + freedombox-unstable_2012.0705.img + +The end. Hooray! The SD card is ready for the DreamPlug. + +# To Understand It + +Be aware that this is a *very* imcomplete solution for now, suitable only +for developers .. you will want to at least do things like create unique +ssh host keys for your device! + +Digging into the code should be fairly straightforward. There are only six +files you need to be aware of: + +- /Makefile: The makefile that describes and builds the system. +- /mk_dreamplug_rootfs: Builds the DreamPlug's root file-system. +- /bin/projects: The place for external projects to hook into and customize + themselves before they're copied to the image. +- /bin/finalize: Finalizes and prepares the build for booting. +- /source: The root file system. +- /source/install.sh: Pre-boot configuration that needs to be run on the device + itself (from within a chroot). + +## Makefile + +There are three major targets to be aware of: + +- dreamstick: The default target. This loads an image to a USB drive that can + be used to install the FreedomBox without opening up your DreamPlug and + voiding the warranty. You'll need a JTAG, though. +- weekly-card: The target used to produce the weekly FreedomBox test release. + This will copy the image to a card that can be popped directly into the + microSD card slot in the DreamPlug. The DreamPlug will boot happily without + needing a JTAG. +- stamp-dreamplug-rootfs: The root file system itself. It doesn't get installed + anywhere (that's done by the other two targets), but is a good way to test + whether the image will actually build, without waiting for all that pesky + hardware I/O. + +## mk_dreamplug_rootfs + +Starts building the system by creating all the destination directories and +installing the base system. + +## /bin/projects + +Where projects that want to integrate into the FreedomBox should hook into. +Keep in mind, we aren't in a chroot at this point. The only environment +variables you'll probably need are: + +- user: The non-root user's name (uid = 1000). +- homedir: The non-root user's home-directory. + +## /bin/finalize + +Getting the system ready for boot, doing the things that don't need to be done +inside a chroot. You probably don't need to change this. + +## /source -To turn the device into a Torouter you'll want to do the following: - # ssh or login to the router - wget https://gitweb.torproject.org/torouter.git/blob_plain/HEAD:/packages/torouter_easy_setup.sh - bash torouter_easy_setup.sh - reboot +The root file system on the DreamPlug. Modify this, and you're modifying what +ends up on the FreedomBox. -This should result in a proper Torouter without any need for further configuration. +## /source/install.sh -Be aware that this is an imcomplete solution for now .. you will want to at -least do things like create unique ssh host keys for your device! +This is executed from a chroot during the build process to do configuration that +needs to be done on the device itself. You shouldn't need to modify this. If +you're installing a project that needs to change how the system configures +itself, you're probably doing something wrong. diff --git a/freedom-maker/TODO b/freedom-maker/TODO index 32c138d..184aca5 100644 --- a/freedom-maker/TODO +++ b/freedom-maker/TODO @@ -1,13 +1,25 @@ -- re-factor the script(s) to allow building for at least Sheeva and Dream -- fold in use of vmdebootstrap to build x86 image(s) -- there are a few things we really do want to defer to first boot, or at least - make it trivial to fix up per-system - - ssh host keys - - root password -- decide what we're going to do about the provided u-boot .. use or replace? -- decide which kernel we actually want to run and incorporate into the build -- work out recommended process for getting from freedom-maker outputs to bits - installed and running on each target type - - DreamPlug: sh /boot/copy2dream.sh -- add Sheeva as a build target -- add x86 virtualized as a build target (use vmdebootstrap?) +- [ ] initial boot configuration improvements, as there are a few + things we really do want to defer to first boot, or at least make it + trivial to fix up per-system + + - [X] ssh host keys + - [ ] root password +- [ ] add Sheeva as a build target +- [X] add x86 virtualized as a build target (use vmdebootstrap?) +- [ ] investigate and integrate software components that looks interesting + - channel-server, the buddycloud channels service for XMPP + - babeld, loop-free distance-vector routing protocol + - tahoe-lafs, secure distributed filesystem +- [ ] virtualbox should build with dreamplug configuration + +*** stuff to do for first feature release *** + + - [ ] pre-configured user interface + - [X] DHCP and HTTP servers on eth0 and/or eth1 + - [ ] plinth-based initial config interface + + - [ ] freedom buddy installed + - [ ] openvpn server setup + - [ ] the privoxy fork configured as a transparent proxy + - [ ] plinth configured to at display these config details and to + control whatever is feasible diff --git a/freedom-maker/bin/copy2dream.sh b/freedom-maker/bin/copy2dream.sh deleted file mode 100644 index cc800e9..0000000 --- a/freedom-maker/bin/copy2dream.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -# -# this script assumes the current root filesystem is the source, and the -# internal microSD on a DreamPlug is the target .. copy the kernel uImage to -# the FAT partition on sda1, and the root contents to the ext3 on sda2 -# -mount /dev/sda1 /media -mv /media/uImage /media/uImage.old -cp /boot/uImage /media/uImage -umount /media - -mke2fs -j /dev/sda2 -mount /dev/sda2 /media -(cd / ; tar cf - `/bin/ls | grep -v proc | grep -v sys | grep -v media | grep -v dev`) | \ - (cd /media ; tar xvf -) - -mkdir /media/proc /media/sys /media/media - -echo "Creating basic device nodes" -mkdir /media/dev -mknod /media/dev/console c 5 1 -mknod /media/dev/random c 1 8 -mknod /media/dev/urandom c 1 9 -mknod /media/dev/null c 1 3 -mknod /media/dev/ptmx c 5 2 - -umount /dev/sda2 - -echo "interrupt the next boot and change the root path to /dev/sda2" - diff --git a/freedom-maker/bin/finalize b/freedom-maker/bin/finalize new file mode 100755 index 0000000..9995b77 --- /dev/null +++ b/freedom-maker/bin/finalize @@ -0,0 +1,65 @@ +#! /bin/bash +# +# Copyright 2011 by Bdale Garbee <bdale@gag.com> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# based on work by <ivan@sanchezortega.es>, who released his script under +# the following license terms: +# ---------------------------------------------------------------------------- +# "THE BEER-WARE LICENSE" (Revision 42): +# As long as you retain this notice you can do whatever you want with +# this stuff. If we meet some day, and you think this stuff is worth it, +# you can buy me a beer in return. +# ---------------------------------------------------------------------------- + +# finalize +# +# Readies the root filesystem to silently complete package +# configuration on the first boot-up. + +# We don't tolerate errors. +set -e + +# Until udev is configured and run for the first time, dev nodes won't be created, but we need some basic ones for spawning a console (console) and creating RSA keys for SSH (urandom). +echo "Creating basic device nodes" +mknod $target/dev/console c 5 1 +mknod $target/dev/random c 1 8 +mknod $target/dev/urandom c 1 9 +mknod $target/dev/null c 1 3 +mknod $target/dev/ptmx c 5 2 + +# Set up hostname +echo "Setting up hostname." +echo $hostname > $target/etc/hostname + +# prepare to copy, when we do it later. +chown root:root $target/sbin/copy2dream +chmod 744 $target/sbin/copy2dream + +# prepare chroot project finalization +cp bin/projects-chroot $target/ + +echo "Using qemu-user-static to perform first-boot configuration now." +chmod 755 $target/install.sh +cp /usr/bin/qemu-arm-static $target/usr/bin +echo "Running install script from source/install.sh" +chroot $target /install.sh +echo "Running install script from bin/projects-chroot" +chroot $target /projects-chroot + +# clean up. +rm "${target}/projects-chroot" +rm "${target}/usr/bin/qemu-arm-static" diff --git a/freedom-maker/bin/partition-stick b/freedom-maker/bin/partition-stick new file mode 100755 index 0000000..e54dc9a --- /dev/null +++ b/freedom-maker/bin/partition-stick @@ -0,0 +1,37 @@ +#!/bin/sh +# create required partitions on a USB stick + +# Do not tolerate errors. +set -e + +if [ $# -ne 1 ]; then + echo 'Usage: partition-stick <block device>' + exit 1 +fi + +if [ ! -b $1 ]; then + echo "Error: $1 is not a block device." + exit 1 +fi + +if grep -q $1 /etc/mtab; then + echo "Error: $1 is currently mounted." + exit 1; +fi + +repeat=1 +while [ $repeat -eq 1 ]; do + read -p "Do you really want to format (and lose all data on) device $MOUNTED? [y/n] " CONFIRMATION + case "$CONFIRMATION" in + y|Y) repeat=0 ;; + n|N) exit 0 ;; + *) echo "You have to type 'y' or 'n'." ;; + esac +done + +sudo parted -s $1 mklabel msdos +sudo parted -a optimal -s $1 mkpart primary fat16 0 128 +sudo parted -a optimal -s $1 mkpart primary ext2 128 100% + +sudo mkdosfs ${1}1 +sudo mkfs.ext3 -j ${1}2 diff --git a/freedom-maker/bin/projects b/freedom-maker/bin/projects new file mode 100755 index 0000000..2b5ed3c --- /dev/null +++ b/freedom-maker/bin/projects @@ -0,0 +1,33 @@ +#! /bin/bash +# +# Copyright 2012 by Nick Daly <nick.m.daly@gmail.com> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# projects +# +# Installs external projects to the system. + +# We don't tolerate errors. +set -e + + +echo "Adding a few FreedomBox projects to the image." + +git clone git://github.com/NickDaly/Plinth.git $homedir/plinth +git clone git://github.com/jvasile/freedombox-privoxy $homedir/freedombox-privoxy +git clone git://github.com/jvasile/withsqlite.git $homedir/withsqlite +# hg clone https://hg@bitbucket.org/nickdaly/plugserver $homedir/plugserver +chown -R 1000:1000 $homedir diff --git a/freedom-maker/bin/projects-chroot b/freedom-maker/bin/projects-chroot new file mode 100755 index 0000000..50d4884 --- /dev/null +++ b/freedom-maker/bin/projects-chroot @@ -0,0 +1 @@ +#! /bin/sh diff --git a/freedom-maker/fbx-base.conf b/freedom-maker/fbx-base.conf deleted file mode 100644 index 3412768..0000000 --- a/freedom-maker/fbx-base.conf +++ /dev/null @@ -1,13 +0,0 @@ -[General] -cleanup=false -noauth=false -unpack=true -aptsources=Debian -debootstrap=Debian - -[Debian] -packages=base-files netbase openssh-server zile wget iproute net-tools hostname module-init-tools wget resolvconf udev isc-dhcp-client ifupdown rsyslog libertas-firmware apt -source=http://ftp.ba.debian.org/debian -keyring=debian-archive-keyring -suite=squeeze -components=main contrib non-free diff --git a/freedom-maker/freedombox-customize b/freedom-maker/freedombox-customize new file mode 100755 index 0000000..1f3ee69 --- /dev/null +++ b/freedom-maker/freedombox-customize @@ -0,0 +1,49 @@ +#!/usr/bin/python + +import crypt +import os +import subprocess +import sys + + +user = "fbx" +password = "frdm" +rootdir = sys.argv[1] +home = "/home/{0}/".format(user) + + +def runchroot(argv): + return runcmd(["chroot", rootdir] + argv) + +def runcmd(argv, stdin='', ignore_fail=False, **kwargs): + p = subprocess.Popen(argv, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, + **kwargs) + out, err = p.communicate(stdin) + if p.returncode != 0: + msg = 'command failed: %s\n%s\n%s' % (argv, out, err) + if not ignore_fail: + print (msg) + raise Exception(msg) + return out + +if __name__ == "__main__": + print 'Customizing freedombox' + + # Create a fboxlite account. + runchroot(['adduser', '--gecos', user, '--disabled-password', user]) + encrypted = crypt.crypt(password, '..') + runchroot(['usermod', '-p', encrypted, user]) + + # Create all projects + runchroot(['git', 'clone', 'git://github.com/NickDaly/Plinth.git', + home + 'plinth']) + runchroot(['git', 'clone', 'git://github.com/jvasile/freedombox-privoxy', + home + 'freedombox-privoxy']) + runchroot(['git', 'clone', 'git://github.com/jvasile/withsqlite.git', + home + 'withsqlite']) + runchroot(['hg', 'clone', 'https://hg@bitbucket.org/nickdaly/plugserver', + home + 'plugserver']) + + # change home directory ownership appropriately + runchroot(['chown', '-R', '1000:1000', home]) diff --git a/freedom-maker/mk_dreamplug_rootfs b/freedom-maker/mk_dreamplug_rootfs index 5f11bc9..5b56e08 100755 --- a/freedom-maker/mk_dreamplug_rootfs +++ b/freedom-maker/mk_dreamplug_rootfs @@ -29,157 +29,76 @@ # # Runs multistrap and readies the resulting root filesystem to silently # complete package configuration on the first boot-up. +# +# Accepts the multistrap config file name as an argument. -# where to build images, etc -basedir=`pwd`/build -target=$basedir/dreamplug -tmpdir=$basedir/tmp -pkgcache=$tmpdir/aptcache - -mkdir -p $target -mkdir -p $tmpdir -mkdir -p $pkgcache - -hostname='freedombox' -rootpassword='freedom' - -kernelimage=http://www.newit.co.uk/kernels/Dreamplug/Dreamplug-prerelease/uImage -kernelmodules=http://www.newit.co.uk/kernels/Dreamplug/Dreamplug-prerelease/Modules.tar.gz +# We don't tolerate errors. +set -e -if [ ! -f $tmpdir/uImage ] +architecture=armel +if [ -n "$1" ] then - wget -c $kernelimage --output-document="$tmpdir/uImage" + architecture=$1 fi -if [ ! -f $tmpdir/linux.tar.gz ] + +config=multistrap-configs/fbx-$architecture.conf +if [ -n "$2" ] then - wget -c $kernelmodules --output-document="$tmpdir/linux.tar.gz" + config=$2 fi -rm -rf $target/* +# users +hostname='freedombox' +rootpassword='freedom' +user='fbx' +userpassword='frdm' +export hostname +export rootpassword +export user +export userpassword +# where to build images, etc +basedir=`pwd`/build +source=`pwd`/source +target=$basedir/$architecture +tmpdir=$basedir/tmp +pkgcache=$tmpdir/aptcache +homedir=$target/home/$user +export basedir +export source +export target +export tmpdir +export pkgcache +export homedir + +# make the directories we'll need. +mkdir -p $target +rm -rf $target/* +mkdir -p $tmpdir +mkdir -p $pkgcache mkdir -p $target/var/cache/apt/ && mount -o bind $pkgcache $target/var/cache/apt/ +mkdir -p $target/var/cache/apt/archives +mkdir -p $target/usr/bin +# multistrap echo "Multistrapping..." -multistrap -f fbx-armel.conf --no-auth -d $target +multistrap -f $config -d $target +rm -f $target/etc/apt/sources.list.d/multistrap-debian.list +# un-do the bind mount so we don't trip over it later umount $target/var/cache/apt/ -mkdir $target/var/cache/apt/archives - -echo "Unpacking kernel modules..." -mkdir -p $target/lib/modules/ -tar -C $target/lib/ -zxvf $tmpdir/linux.tar.gz | tail -echo "copy uImage to target filesystem" -mkdir -p $target/boot -cp build/tmp/uImage $target/boot/uImage -echo "copy copy2dream.sh script to target filesystem" -cp bin/copy2dream.sh $target/boot/copy2dream.sh +# copy! +echo "Copying the source directory to the FreedomBox root." +rsync -av $source/ $target -# Until udev is configured and run for the first time, dev nodes won't be created, but we need some basic ones for spawning a console (console) and creating RSA keys for SSH (urandom). -echo "Creating basic device nodes" -mknod $target/dev/console c 5 1 -mknod $target/dev/random c 1 8 -mknod $target/dev/urandom c 1 9 -mknod $target/dev/null c 1 3 -mknod $target/dev/ptmx c 5 2 +# add projects to the image to make it a useful FreedomBox. +bin/projects -# Basic fstab & mtab.. -echo "Setting up basic fstab & mtab" -echo " -rootfs / rootfs relatime,rw 0 0 -proc /proc proc none 0 0 -sys /sys sysfs none 0 0 -none /dev/pts devpts defaults 0 0 -tmpfs /tmp tmpfs rw,nosuid,nodev 0 0 -" > $target/etc/fstab - -touch $target/etc/mtab - -# Set up hostname -echo "Setting up hostname, /etc/network/interfaces, nameservers, persistent-net-generator rules" -echo $hostname > $target/etc/hostname - -# Create /etc/network/interfaces -echo "# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -# The loopback network interface -auto lo -iface lo inet loopback - -# The primary network interface -allow-hotplug eth0 -iface eth0 inet dhcp - -allow-hotplug eth1 -iface eth1 inet dhcp - " > $target/etc/network/interfaces - -# Override the above stuff - we know better -cp ../packages/torouter-prep/configs/interfaces $target/etc/network/interfaces - -# Stop the libertas module from loading -cp ../packages/torouter-prep/configs/modprobe.d-blacklist.conf $target/etc/modprobe.d/blacklist.conf - -# Setup nameserver (use OpenDNS by default) -echo "nameserver 208.67.222.222 -nameserver 208.67.220.220" > $target/etc/resolv.conf - -# Touch the net generator udev so that eth0 won't be reassigned in case the user -# changes the MAC address - this may happen if you change the rootfs between plugs. -touch $target/etc/udev/rules.d/75-persistent-net-generator.rules - -# generate configuration script - -echo "Create script to configure packages in qemu-user-static" - -echo " -echo \"Preconfiguring dash - else dash and bash will be left in a broken state\" -/var/lib/dpkg/info/dash.preinst install - -echo \"Configuring all packages\" -export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true -export LC_ALL=C LANGUAGE=C LANG=C -dpkg --configure -a - -# Establish an initial root password -echo \"Set root password to \"$rootpassword -echo root:$rootpassword | /usr/sbin/chpasswd - -# By default, spawn a console on the serial port -echo \"Adding a getty on the serial port\" -echo \"T0:12345:respawn:/sbin/getty -L ttyS0 115200 vt100\" >> /etc/inittab - -echo \"Tweaks to reduce flash writes as per http://www.plugcomputer.org/plugwiki/index.php/Reduce_Flash_Writes\" -echo \" -# Reduce writes to flash drives -vm.laptop_mode=5 -vm.swappiness=0 -vm.dirty_writeback_centisecs=1500 -vm.dirty_expire_centisecs=1500 -\" >> /etc/sysctl.conf - -echo \"Deleting this very same script\" -rm -f /install.sh - -echo \"Syncing filesystem just in case something didn't get written\" -sync - -echo \"End configuration progress by exiting from the chroot\" -exit - -" > $target/install.sh - -chmod 755 $target/install.sh - -echo "Use qemu-user-static to perform first-boot configuration now" - -mkdir -p $target/usr/bin -cp /usr/bin/qemu-arm-static $target/usr/bin -chroot $target /install.sh -rm $target/usr/bin/qemu-arm-static +# cleanup and finalize the image so it boots correctly. +bin/finalize +# finish! echo "Syncing..." sync - echo "Finished. You may now copy the rootfs to the plug." diff --git a/freedom-maker/mk_virtualbox_image b/freedom-maker/mk_virtualbox_image new file mode 100755 index 0000000..abdd730 --- /dev/null +++ b/freedom-maker/mk_virtualbox_image @@ -0,0 +1,31 @@ +#!/bin/bash + +# Ensure git\VBoxManage is installed +# Get vmdebootstrap code +# Run vmdebootstrap script to create image +# Convert image to vdi hard drive + +# don't tolerate errors. +set -e + +basedir=`pwd` +IMAGE=$1 + +# Get vmdebootstrap code +rm -rf vmdebootstrap +git clone git://gitorious.org/~nickdaly/vmdebootstrap/nickdalys-vmdebootstrap.git + +# Run vmdebootstrap script to create image +sudo ./vmdebootstrap/vmdebootstrap --log freedombox.log --log-level debug --image $IMAGE.img --hostname freedombox \ + --size 1G --verbose --enable-dhcp --package ssh --package apache2 --package git --package mercurial \ + --package build-essential --package checkinstall --package python-simplejson \ + --mirror http://ftp.uk.debian.org/debian/ --package pandoc --package python-cheetah \ + --package python-argparse \ + --customize=$basedir/freedombox-customize --root-password=password1 --arch=i386 + +# Convert image to vdi hard drive +VBoxManage convertdd $IMAGE.img $IMAGE.vdi + +#mkdir testing +#sudo mount -o loop,offset=1048576 freedombox.img testing/ +#sudo umount testing/ diff --git a/freedom-maker/fbx-armel.conf b/freedom-maker/multistrap-configs/fbx-amd64.conf index a6a7d6c..857fad5 100644 --- a/freedom-maker/fbx-armel.conf +++ b/freedom-maker/multistrap-configs/fbx-amd64.conf @@ -1,3 +1,3 @@ [General] -arch=armel +arch=amd64 include=fbx-base.conf diff --git a/freedom-maker/multistrap-configs/fbx-armel.conf b/freedom-maker/multistrap-configs/fbx-armel.conf new file mode 100644 index 0000000..aeb64a7 --- /dev/null +++ b/freedom-maker/multistrap-configs/fbx-armel.conf @@ -0,0 +1,14 @@ +[General] +include=fbx-base.conf +arch=armel +aptsources=Debian armel +debootstrap=Debian armel + +[armel] +packages=linux-image-3.2.0-3-kirkwood flash-kernel u-boot-tools u-boot +source=http://http.debian.net/debian/ +keyring=debian-archive-keyring +suite=wheezy +components=main +omitdebsrc=false + diff --git a/freedom-maker/multistrap-configs/fbx-base.conf b/freedom-maker/multistrap-configs/fbx-base.conf new file mode 100644 index 0000000..be65b72 --- /dev/null +++ b/freedom-maker/multistrap-configs/fbx-base.conf @@ -0,0 +1,14 @@ +[General] +cleanup=true +noauth=false +unpack=true +debootstrap=Debian +aptsources=Debian + +[Debian] +packages=base-files netbase openssh-server zile wget iproute net-tools hostname module-init-tools wget resolvconf udev isc-dhcp-client ifupdown rsyslog devio initramfs-tools uboot-mkimage parted dosfstools apt jwchat prosody liblua5.1-sec1 monkeysphere iputils-ping haveged python python-cheetah pandoc python-simplejson make isc-dhcp-server dialog locales-all uaputl dnsmasq iptables +source=http://http.debian.net/debian/ +keyring=debian-archive-keyring +suite=wheezy +components=main +omitdebsrc=false diff --git a/freedom-maker/multistrap-configs/fbx-i386.conf b/freedom-maker/multistrap-configs/fbx-i386.conf new file mode 100644 index 0000000..888c46b --- /dev/null +++ b/freedom-maker/multistrap-configs/fbx-i386.conf @@ -0,0 +1,3 @@ +[General] +arch=i386 +include=fbx-base.conf diff --git a/freedom-maker/source/etc/apt/sources.list b/freedom-maker/source/etc/apt/sources.list new file mode 100644 index 0000000..c06710c --- /dev/null +++ b/freedom-maker/source/etc/apt/sources.list @@ -0,0 +1,2 @@ +deb http://http.debian.net/debian wheezy main +deb-src http://http.debian.net/debian wheezy main diff --git a/freedom-maker/source/etc/dhcp/dhcpd.conf b/freedom-maker/source/etc/dhcp/dhcpd.conf new file mode 100644 index 0000000..ec502c6 --- /dev/null +++ b/freedom-maker/source/etc/dhcp/dhcpd.conf @@ -0,0 +1,32 @@ +# +# FreedomBox ISC dhcpd configuration +# +# + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# option definitions common to all supported networks... +option domain-name "free.dom"; +option domain-name-servers ns1.free.dom, ns2.free.dom; + +default-lease-time 600; +max-lease-time 7200; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +log-facility local7; + +# basic subnet configuration for the 'downstream' wired network + +subnet 192.168.1.0 netmask 255.255.255.0 { + range 192.168.1.10 192.168.1.100; + option routers 192.168.1.1; +} diff --git a/freedom-maker/source/etc/dnsmasq.conf b/freedom-maker/source/etc/dnsmasq.conf new file mode 100644 index 0000000..71403d7 --- /dev/null +++ b/freedom-maker/source/etc/dnsmasq.conf @@ -0,0 +1,24 @@ +log-facility=DAEMON + +local=/fbx/ +local=/freedombox/ + +# Upstream DNS server +# FIXME this should be updated on boot. +server=192.168.0.1@eth1 + +# We will serve this DNS domain +# (DHCP hosts will receive a .lan suffix in DNS) +domain=lan + +# We're the authoritative dhcpd +# Read the manpage for a good explanation of what this does +dhcp-authoritative + +# We are going to serve hosts for: +# - LAN (192.168.1.0/24) (Only static hosts) +# - WLAN (192.168.2.0/24) +# New clients will receive an IP from the WLAN range. + +dhcp-range=interface:eth0,set:lan,192.168.1.10,192.168.1.100,255.255.255.0,2h +# dhcp-range=interface:uap0,set:lan,192.168.2.10,192.168.2.100,255.255.255.0,2h diff --git a/freedom-maker/source/etc/fstab b/freedom-maker/source/etc/fstab new file mode 100644 index 0000000..7c48827 --- /dev/null +++ b/freedom-maker/source/etc/fstab @@ -0,0 +1,6 @@ +/dev/sdc2 / auto relatime,rw 0 0 +proc /proc proc none 0 0 +sys /sys sysfs none 0 0 +none /dev/pts devpts defaults 0 0 +tmpfs /tmp tmpfs rw,nosuid,nodev 0 0 +/dev/sdc1 /boot vfat defaults 0 0 diff --git a/freedom-maker/source/etc/hosts b/freedom-maker/source/etc/hosts new file mode 100644 index 0000000..e252996 --- /dev/null +++ b/freedom-maker/source/etc/hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost freedombox fbx +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + diff --git a/freedom-maker/source/etc/init.d/first-run b/freedom-maker/source/etc/init.d/first-run new file mode 100755 index 0000000..8df2c2d --- /dev/null +++ b/freedom-maker/source/etc/init.d/first-run @@ -0,0 +1,71 @@ +#!/bin/bash +# +# Script to complete the post-install process on first FBX boot. + +### BEGIN INIT INFO +# Provides: first-run +# Default-Start: 1 2 +# Required-Start: 2 +# Required-Stop: +# Default-Stop: +# Short-Description: Finish FBX install on DreamPlug +### END INIT INFO + +function tweak-kernel { + # Update the kernel unless requested otherwise. + + if [ -e /var/freedombox/dont-tweak-kernel ] + then + rm /var/freedombox/dont-tweak-kernel + else + kernel_version="$(/bin/ls $mountpoint/boot/vmlinuz-*-kirkwood | sort -rn | head -n1 | sed s#$mountpoint/boot/vmlinuz-##)" + + mount -t proc proc /proc + flash-kernel $kernel_version + umount /proc + fi +} + +function wifi-ap-setup { + # configure wireless access point with spinifex's prebuilt firmware + + echo "Sleeping 30s for DHCP" + sleep 30 # wait for dhcp + + echo "Installing UAP Firmware." + wget -O /tmp/marvell_wifi_firmware.tar.gz http://www.spinifex.com.au/plugs/downloads/dreamplug/marvell_wifi_firmware.tar.gz + tar -C /tmp -zxf /tmp/marvell_wifi_firmware.tar.gz + mkdir -p /lib/firmware/mrvl + cp /tmp/lib/firmware/mrvl/* /lib/firmware/mrvl +} + +function create-keys { + echo "Creating Keys." + + echo "Creating SSH keys." + rm /etc/ssh/ssh_host_* + dpkg-reconfigure openssh-server + + echo "Need to create other keys." + # gpg --batch --gen-key + # see http://lists.gnupg.org/pipermail/gnupg-users/2003-March/017376.html +} + +function remove-self { + rm -f /etc/init.d/first-run + rm -f /etc/rc1.d/S01first-run + rm -f /etc/rc2.d/S01first-run + rm /etc/init.d/first-run + rm /etc/rc1.d/S01first-run + rm /etc/rc2.d/S01first-run +} + +create-keys +# wifi-ap-setup + +# the last things we do before quitting. +tweak-kernel +remove-self + +echo "Kernel flashed. Rebooting." +reboot diff --git a/freedom-maker/source/etc/init.d/proxy b/freedom-maker/source/etc/init.d/proxy new file mode 100755 index 0000000..901507b --- /dev/null +++ b/freedom-maker/source/etc/init.d/proxy @@ -0,0 +1,61 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: proxy +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Proxy for clients. +### END INIT INFO + +set -e + +INTIF1="eth0" +INTIF2="uap0" +EXTIF="eth1" +EXTIP="`/sbin/ifconfig $EXTIF | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" + +loadModules() { + depmod -a + modprobe ip_tables + modprobe ip_conntrack + modprobe ip_conntrack_ftp + modprobe ip_conntrack_irc + modprobe iptable_nat + modprobe ip_nat_ftp +} + +setProc() { + echo "1" > /proc/sys/net/ipv4/ip_forward + echo "1" > /proc/sys/net/ipv4/ip_dynaddr +} + +configIpTables() { + iptables -P INPUT ACCEPT + iptables -F INPUT + iptables -P OUTPUT ACCEPT + iptables -F OUTPUT + iptables -P FORWARD DROP + iptables -F FORWARD + iptables -t nat -F + + iptables -A FORWARD -i $EXTIF -o $INTIF1 -m state --state ESTABLISHED,RELATED -j ACCEPT + iptables -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED -j ACCEPT + iptables -A FORWARD -i $INTIF1 -o $EXTIF -j ACCEPT + iptables -A FORWARD -i $INTIF2 -o $EXTIF -j ACCEPT + + iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE +} + +case "$1" in + start) + loadModules + setProc + configIpTables + ;; + *) + log_success_msg "Usage: /etc/init.d/proxy {start}" + exit 1 + ;; +esac diff --git a/freedom-maker/source/etc/mtab b/freedom-maker/source/etc/mtab new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/freedom-maker/source/etc/mtab diff --git a/freedom-maker/source/etc/network/interfaces b/freedom-maker/source/etc/network/interfaces new file mode 100644 index 0000000..9680bed --- /dev/null +++ b/freedom-maker/source/etc/network/interfaces @@ -0,0 +1,25 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto eth0 +iface eth0 inet static + address 192.168.1.1 + netmask 255.255.255.0 + +allow-hotplug eth1 +iface eth1 inet dhcp + +# auto uap0 +# iface uap0 inet static +# address 192.168.2.1 +# netmask 255.255.255.0 +# post-up uaputl sys_cfg_ssid "freedombox" +# post-up uaputl sys_cfg_protocol 32 # WPA2 +# post-up uaputl sys_cfg_wpa_passphrase "freedombox123" +# post-up uaputl sys_cfg_cipher 8 8 # AES CCMP +# post-up uaputl bss_start diff --git a/freedom-maker/source/etc/openvpn/client.conf b/freedom-maker/source/etc/openvpn/client.conf new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/freedom-maker/source/etc/openvpn/client.conf diff --git a/freedom-maker/source/etc/openvpn/static.key b/freedom-maker/source/etc/openvpn/static.key new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/freedom-maker/source/etc/openvpn/static.key diff --git a/freedom-maker/source/etc/rc1.d/S01first-run b/freedom-maker/source/etc/rc1.d/S01first-run new file mode 120000 index 0000000..e24a808 --- /dev/null +++ b/freedom-maker/source/etc/rc1.d/S01first-run @@ -0,0 +1 @@ +../init.d/first-run
\ No newline at end of file diff --git a/freedom-maker/source/etc/rc2.d/S01first-run b/freedom-maker/source/etc/rc2.d/S01first-run new file mode 120000 index 0000000..e24a808 --- /dev/null +++ b/freedom-maker/source/etc/rc2.d/S01first-run @@ -0,0 +1 @@ +../init.d/first-run
\ No newline at end of file diff --git a/freedom-maker/source/etc/rc2.d/S50proxy b/freedom-maker/source/etc/rc2.d/S50proxy new file mode 120000 index 0000000..9855df4 --- /dev/null +++ b/freedom-maker/source/etc/rc2.d/S50proxy @@ -0,0 +1 @@ +../init.d/proxy
\ No newline at end of file diff --git a/freedom-maker/source/etc/resolv.conf b/freedom-maker/source/etc/resolv.conf new file mode 100644 index 0000000..af9304d --- /dev/null +++ b/freedom-maker/source/etc/resolv.conf @@ -0,0 +1,2 @@ +nameserver 208.67.222.222 +nameserver 208.67.220.220 diff --git a/freedom-maker/source/etc/sysctl.conf b/freedom-maker/source/etc/sysctl.conf new file mode 100644 index 0000000..916e972 --- /dev/null +++ b/freedom-maker/source/etc/sysctl.conf @@ -0,0 +1,5 @@ +# Reduce writes to flash drives +vm.laptop_mode=5 +vm.swappiness=0 +vm.dirty_writeback_centisecs=1500 +vm.dirty_expire_centisecs=1500 diff --git a/freedom-maker/source/etc/udev/rules.d/75-persistent-net-generator.rules b/freedom-maker/source/etc/udev/rules.d/75-persistent-net-generator.rules new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/freedom-maker/source/etc/udev/rules.d/75-persistent-net-generator.rules diff --git a/freedom-maker/source/install.sh b/freedom-maker/source/install.sh new file mode 100644 index 0000000..76547ba --- /dev/null +++ b/freedom-maker/source/install.sh @@ -0,0 +1,76 @@ +echo "Preconfiguring dash - else dash and bash will be left in a broken state" +/var/lib/dpkg/info/dash.preinst install + +# don't leave target image containing apt config of the build host +echo "Configuring all packages" +export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true +export LC_ALL=C LANGUAGE=C LANG=C + +# allow flash-kernel to work without valid /proc contents +# ** this doesn't *really* work, since there are too many checks that fail +# in an emulated environment! We'll have to do it by hand below anyway... +export FK_MACHINE="Globalscale Technologies Dreamplug" + +# configure all packages unpacked earlier by multistrap +dpkg --configure -a + +echo "Adding source packages to filesystem" +dpkg --get-selections > /tmp/selections +mkdir -p /sourcecode +cd sourcecode +cut -f 1 < /tmp/selections | cut -d ':' -f 1 > /tmp/packages +apt-get source --download-only `cat /tmp/packages` + +# sshd may be left running by the postinst, clean that up +/etc/init.d/ssh stop + +# process installed kernel to create uImage, uInitrd, dtb +# using flash-kernel would be a good approach, except it fails in the cross +# build environment due to too many environment checks... +#FK_MACHINE="Globalscale Technologies Dreamplug" flash-kernel +# so, let's do it manually... + +# flash-kernel's hook-functions provided to mkinitramfs have the unfortunate +# side-effect of creating /conf/param.conf in the initrd when run from our +# emulated chroot environment, which means our root= on the kernel command +# line is completely ignored! repack the initrd to remove this evil... + +mkdir /tmp/initrd-repack +(cd /tmp/initrd-repack ; \ + zcat /boot/initrd.img-3.2.0-3-kirkwood | cpio -i ; \ + rm -f conf/param.conf ; \ + find . | cpio --quiet -o -H newc | \ + gzip -9 > /boot/initrd.img-3.2.0-3-kirkwood ) +rm -rf /tmp/initrd-repack + +(cd /boot ; \ + cp /usr/lib/linux-image-3.2.0-3-kirkwood/kirkwood-dreamplug.dtb dtb ; \ + cat vmlinuz-3.2.0-3-kirkwood dtb >> temp-kernel ; \ + mkimage -A arm -O linux -T kernel -n 'Debian kernel 3.2.0-3-kirkwood' \ + -C none -a 0x8000 -e 0x8000 -d temp-kernel uImage ; \ + rm -f temp-kernel ; \ + mkimage -A arm -O linux -T ramdisk -C gzip -a 0x0 -e 0x0 \ + -n 'Debian ramdisk 3.2.0-3-kirkwood' \ + -d initrd.img-3.2.0-3-kirkwood uInitrd ) + +# Establish an initial root password +echo "Set root password to "$rootpassword +echo root:$rootpassword | /usr/sbin/chpasswd + +# Create a default user +echo "Creating fbx user, password: $userpassword" +useradd $user +echo $user:$userpassword | /usr/sbin/chpasswd + +# By default, spawn a console on the serial port +echo "Adding a getty on the serial port" +echo "T0:12345:respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab + +echo "Deleting this very same script" +rm -f /install.sh + +echo "Syncing filesystem just in case something didn't get written" +sync + +echo "End configuration progress by exiting from the chroot" +exit diff --git a/freedom-maker/source/sbin/copy2dream b/freedom-maker/source/sbin/copy2dream new file mode 100644 index 0000000..267c2b6 --- /dev/null +++ b/freedom-maker/source/sbin/copy2dream @@ -0,0 +1,47 @@ +#!/bin/sh +# +# this script assumes the current root filesystem is the source, and the +# internal microSD on a DreamPlug is the target .. all existing content on +# the microSD card will be lost. +# + +# partition microSD card inside DreamPlug +echo "=> partition internal microSD card" +parted -s /dev/sda mklabel msdos +parted -s /dev/sda mkpart primary fat16 0 128 +parted -s /dev/sda mkpart primary ext2 128 100% + +# create filesystems on new partitions +echo "=> create filesystems on internal microSD card" +mkdosfs /dev/sda1 +mke2fs -j /dev/sda2 + +echo "=> mount target partitions" +mount /dev/sda2 /media +mkdir -p /media/boot +mount /dev/sda1 /media/boot + +echo "=> copy filesystem content from USB stick to target partitions" +(cd / ; tar cpSf - `/bin/ls | grep -v boot | grep -v proc | grep -v sys | grep -v media | grep -v dev`) | (cd /media ; tar xpf -) +# the following intentionally ignores subdirectories +cp /boot/* /media/boot/ + +echo "=> touch up target root partition" +mkdir /media/proc /media/sys /media/media /media/dev +mknod /media/dev/console c 5 1 +mknod /media/dev/random c 1 8 +mknod /media/dev/urandom c 1 9 +mknod /media/dev/null c 1 3 +mknod /media/dev/ptmx c 5 2 + +# patch up /etc/fstab entry for /boot +sed -e 's/sdc/sda/g' < /etc/fstab > /media/etc/fstab + +# flash the kernel and create the device's keys +chroot /media /etc/init.d/first-run + +echo "unmount target partitions" +umount /dev/sda1 +umount /dev/sda2 + +echo "=> installation complete, see docs to boot from internal microSD" |