1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
|
See also [new_domain]().
### TODO
On reboot, need to:
/etc/init.d/network restart
mount /cgroup/
lxc-start -n wheezy -f /data/wheezy/config -d
lxc-start -n social -f /data/social/config -d
lxc-start -n library -f /data/library/config -d
### Recompiling Generic OpenWRT Attitude Adjustment from upstream
Note: can skip the patching below if you just use
http://github.com/bnewbold/openwrt branch "soekris" and copy rooter.config to
.config.
Note: GRUB2-based builds from trunk don't seem to work, so make sure the
Attitude Adjustment branch is used and the grub2 build option is not enabled.
The official OpenWRT build documentation contains a set of host-system package
dependancies (build-essential, etc):
http://wiki.openwrt.org/doc/howto/buildroot.exigence
http://wiki.openwrt.org/doc/howto/build
Git clone:
git://nbd.name/openwrt.git
In base directory, fetch package feeds:
./scripts/feeds update -a
# TODO: maybe this is too much?
./scripts/feeds install -a
# or,
./scripts/feeds install -d m build-essential
Apply the two following patches (unless they have been unstreamed) (patch -p0 <
file.patch):
https://dev.openwrt.org/ticket/10525
https://dev.openwrt.org/ticket/12262
"make menuconfig", select x86 and net6501 as target, save config, run "make
defconfig" to automatically setup target specific stuff (?).
"make kernel_menuconfig CONFIG_TARGET=subtarget" and ensure the following is
checked:
Device Drivers --->
<*> Serial ATA and Parallel ATA drivers --->
[*] AHCI SATA support
ext2 no longer necessary by default... "Use ext4 for ext2/ext3 file systems"?
## rooter-Specific OpenWRT Build Tweaks
In menuconfig:
global build settings
disable binary stripping
advanced
toolchain options
eglibc (not ulibc)
gcc 4.7.0 (not gcc 4.6.x with Linaro enhancements)
target build settings:
root fs archives: tar.gz
root filesystem images: ext4
38400 serial port baud rate
don't gzip images
16 kernel partition size (MB)
196 root partition size
base system
bridge
libpthread
qos-scripts
wireless-tools
ipv6
firewall
traceroute6
ndisc6
6rd
6scripts
ahcpd
ipv6calc-mini
radvd
radvdump
luci
luci, luci-ssl
luci-app-ahcp
luci-app-ddns
luci-app-diag-devinfo
luci-app-qos
luci-app-radvd
luci-app-statistics
kernel
kmod-usb-acm
kmod-usb-net
kmod-usb-storage
all intel wireless, as optional modules
fs-vfat, fs-msdosfs
ralink usb
network
version control
git
subversion client
file transfer
wget
bmon
ifconfig
hostname
mtr
netstat
nisdomainname
netcat
netperf
netstat-nat
ngrep
utilities
vim
gzip
gnupg
e2fsprogs
mkdosfs
resize2fs
tune2fs
fdisk
cfdisk
lsblk
hdparam
bonniexx
development
build-essentials
libraries
libgmp (else gcc compile errors)
TODO: actually get build-essentials compiling
TODO: mkdosfs download link is dead
if compiling build-essentials, might need:
bnewbold@ziggy:~/code/openwrt_trunk$ cat /home/bnewbold/code/openwrt_trunk/toolchain/gcc/patches/4.7.0/209-automake-bullshit.patch
--- a/config/override.m4
+++ b/config/override.m4
@@ -29,7 +29,7 @@
dnl Ensure exactly this Autoconf version is used
m4_ifndef([_GCC_AUTOCONF_VERSION],
- [m4_define([_GCC_AUTOCONF_VERSION], [2.64])])
+ [m4_define([_GCC_AUTOCONF_VERSION], [2.68])])
dnl Test for the exact version when AC_INIT is expanded.
dnl This allows to update the tree in steps (for testing)
## Install an OpenWRT image (first time)
Use unetbootin to write a generic linux distro (like debian stable or arch
linux) to a USB stick. Edit the syslinux.cfg file so it looks like:
default menu.c32
default arch
menu title UNetbootin
timeout 30
serial 0 38400
console 0
prompt 0
label arch
menu label Arch
kernel /ubnkern
append vga=normal initrd=/ubninit ../../ -- quiet console=ttyS0,38400 earlyprint=serial,ttyS0,38400
Copy over all the .img files required to the root directory of this device,
then boot up (connect via serial to select boot device). Wait until you get to
either a login or a prompt, then copy over the entire image to the device:
# dd if=openwrt-x86-net6501-combined-squashfs.img of=/dev/sda bs=1M
Reboot with all defaults!
## Misc OpenWRT notes
To allow remote SSH logins on port 22, add the following custom firewall rule:
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
iptables -A input_wan -p tcp --dport 22 -j ACCEPT
To allow all incoming requests to the router, add the following to
/etc/config/firewall:
config redirect
option src wan
option proto all
option dest_ip 192.168.1.1
To do a sysupgrade, use a full combined .img file, eg scp and run:
sysupgrade openwrt-x86-net6501-combined-squashfs.img
NOTE: sysupgrade does not seem to work across ulibc/eglibc change?
## LXC Compilation notes
Make sure the following packages are installed (if they weren't from above):
lsblk
perl
file
vim
util > coreutils
admin > debootstrap (has requirements)
block-mount
Select the "getopt" function in busybox:
base system > busybox > getopt and support option -l
Put the lxc and attr packages in ./package, then run:
./scripts/feeds install libattr
./scripts/feeds install libcap
./scripts/feeds install lxc
Do menuconfig and select these (in Utilities), and also the bash shell.
To compile individual packages, try:
make package/lxc/compile
make package/lxc/install
make package/index
NOTE: "cgroup namespace support" is not an option in kernel configuration any
more, but shows up as a requirement in lxc-checkconfig. LXC works regardless,
may be some security issues though? See also:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/827798
## LXC Configuration notes
Ok, once all the above is compiled and loaded up, ready to configure the
OpenWRT host.
Create /cgroups directory and a mount point like /data.
Edit /etc/conf/fstab:
config 'mount'
option 'target' '/data'
option 'device' '/dev/sda3'
option 'fstype' 'ext4'
option 'options' 'rw,sync'
option 'enabled' '1'
option 'enabled_fsck' '1'
config 'mount'
option 'target' '/cgroup'
option 'device' 'cgroup'
option 'fstype' 'cgroup'
option 'options' 'none'
option 'enabled' '1'
option 'enabled_fsck' '0'
Enable block-mount ("/etc/init.d/fstab enable") and start it
("/etc/init.d/fstab start").
Copy the devices.tar.gz file to /usr/share/debootstrap/devices.tar.gz.
Next build a debian rootfs. This is rather slow the first time around. Make
sure /data is mounted, then run the rooter-optimized version of lxc-wheezy:
mkdir -p /data/wheezy
mkdir -p /data/wheezy/mnt
./lxc-wheezy -p /data/wheezy
Edit /data/wheezy/config and add (or edit) two lines:
lxc.utsname = wheezy
lxc.mount.entry=/data/pub /data/wheezy/rootfs/pub none bind 0 0
Might need to change SSH listen port:
vi /data/wheezy/rootfs/etc/ssh/sshd_config
# edit "Port" line
Try starting lxc-start:
lxc-start -n wheezy -f /data/wheezy/config
If you are SSH'd in and get an error about file descriptor fd 7, you may need
to do:
lxc-start -n wheezy -f /data/wheezy/config 7<&- 8<&-
Horray!
## Blueprints
git clone /data/blueprints/ /data/social/rootfs/root/.blueprint --bare -b rooter-wheezy
## TODOs
create a set of rooter-x86-net6501 images with:
- set local subnet to 192.168.42.1
- overlay devices.tar.gz (?)
- default mounted /data and /cgroup (via base-files)
- lxc wheezy init script, start by default
ttt functionality:
- *.ttt.rooter.is DNS
- openvpn tunnel
- remote ipv4 reverse proxy
- remote netcat ssh proxy/tunnel
- some kind of media sharing
- local hostname DNS
TODO: remove excess kernel modules for faster/cleaner boot
NOTE: dd if=openwrt-x86-net6501-rootfs-squashfs.img of=/dev/sda2 bs=1M
- move ./files content to packages
- clean up and upstream net6501 directions, notes, patches
- clean up and upstream libattr and lxc stuff patches
TODO: zgrep, IKCONFIG_PROC
TODO: mtr broken?
### CONFIG BACKUP
/data/wheezy/conf:
lxc.utsname = ttt.rooter.is
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /data/wheezy/rootfs
lxc.rootfs.mount = /data/wheezy/mnt
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
lxc.mount.entry=proc /data/wheezy/rootfs/proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=sysfs /data/wheezy/rootfs/sys sysfs defaults 0 0
lxc.mount.entry=/data/pub /data/wheezy/rootfs/pub none bind 0 0
### Wireless
Want at least:
wpa-supplicant
wpa-cli
hostapd-mini
wireless-tools
collectd-mod-wireless
iw
iwconfig
kmod-mac80211
kmod-cfg80211
crda
iwinfo
libiwinfo-lua
Possibly want:
wavemon (monitoring)
TODO: configure open throttled guest WLAN:
http://wiki.openwrt.org/doc/recipes/guest-wlan#step.5limit.bandwidth.of.the.connection
|