Context Navigation

nanobsd.wleiden@ 11036

Last change on this file since 11036 was 11036, checked in by rick, 13 years ago
Nog eentje die niet op de nodes mag ontbreken, handig voor pf monitoring.
File size: 14.0 KB

Line
1	## Dit is een NanoBSD configuratie-template voor WirelessLeiden.
2	## Instellingen weergegeven binnen dit bestand gelden als
3	## standaard binnen de organisatie.
4
5	# Little hack to allow proper secify of KERNL/PKG location
6	if [ -n "$NANO_CFG_FILE" ]; then
7	NANO_CONF_DIR=$(cd $(dirname $NANO_CFG_FILE); pwd -P)
8	else
9	NANO_CONF_DIR=$(cd $(dirname $2); pwd -P)
10	fi
11
12	# object naam in /usr/obj/nanobsd.{obj}
13	NANO_NAME=wleiden-hybrid
14	NANO_SRC=/usr/src # nanobsd source tree
15	NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand
16	NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2)
17
18	NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs)
19	NANO_DATASIZE=0 # volume van de data slice, 0 = not configured
20	NANO_CODESIZE=819200
21	NANO_RAM_TMPVARSIZE=20480
22
23	NANO_DRIVE=ada0
24
25	#XXX: Eeks, fixed packages, needs building a hook to allow building the package
26	# of the shelfs if needed, copy to right directory, done. With only input needed
27	# a list of ports in the format like net/net-snmp
28	NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All
29
30	# Wireless Leiden ports from $WL_PORTSDIR are copied OVER $PORTSDIR
31	PORTSDIR='/usr/ports'
32	WL_PORTSDIR="$NANO_CONF_DIR/../ports/"
33
34	# Dirty quirk to allow comments in part below
35	PACKAGE_LIST=`cat <<EOF \| sed -e 's/#.*$//g' \| xargs
36	benchmarks/iperf
37	devel/py-Jinja2
38	devel/py-yaml
39	dns/dnsmasq
40	editors/vim-lite
41	ftp/curl
42	lang/python
43	net-mgmt/iftop
44	net-mgmt/net-snmp
45	net-mgmt/nrpe2
46	net/mtr
47	net/isc-dhcp42-server
48	net/pen
49	net/sixxs-aiccu
50	security/nmap
51	security/openvpn
52	security/sudo
53	shells/bash-static
54	sysutils/screen
55	sysutils/pftop
56	sysutils/ucspi-tcp
57	www/thttpd
58	www/tinyproxy
59
60	# Extra WL ports
61	net/lvrouted
62	`
63	# Package target
64	# Dirty quirk to allow comments in part below
65	PKG_MAKE_ARGS=`cat <<EOF \| sed 's/#.*$//g' \| xargs
66	PACKAGES=$(dirname $NANO_PACKAGE_DIR)
67	BATCH=yes PACKAGE_BUILDING=yes
68	# www/py-cherrypy
69	WITH_APACHE=yes
70	# net-mgmt/net-snmp
71	WITHOUT_PERL=yes
72	WITHOUT_PERL_EMBEDDED=yes
73	# net-mgmt/nagios-plugins
74	WITH_FPING=yes
75	# threads is broken in the version (atleast up to 9.0 - 20120213)
76	# Should be fix in current version in linux, but for some reason
77	# Not yet in BSD. We don't need threads
78	WITHOUT_THREADS=yes
79	# shells/bash-static
80	WITH_SYSLOG=yes
81	# net/mtr
82	WITHOUT_X11=yes
83	`
84
85	##NANO_PACKAGE_LIST=
86
87	# Warning: set to 1 to debug make build errors
88	# Number of recurrent parrallel make builds
89	if `grep -q 'acpi0: <PRLS PRLS_OEM> on motherboard' /var/run/dmesg.boot`; then
90	# Mac OS X Parallels virtual machine
91	NANO_PMAKE="make -B"
92	else
93	# Default 2 times number of CPU's inside machine
94	NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2`
95	NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}"
96	fi
97
98	# Starting from soekris bios version 1.31 upwards boot0sio does not seems work
99	# anymore, but boot0 does (weird)
100	NANO_BOOTLOADER="boot/boot0"
101
102	# Strip down to a more acceptable size
103	# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB)
104	NANO_PRUNE="$NANO_PRUNE usr/share/examples"
105	NANO_PRUNE="$NANO_PRUNE usr/share/syscons"
106	NANO_PRUNE="$NANO_PRUNE usr/share/calendar"
107	# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it.
108	# NANOBSD_PRUNE += usr/share/misc
109	NANO_PRUNE="$NANO_PRUNE usr/share/pcvt"
110	NANO_PRUNE="$NANO_PRUNE usr/share/me"
111	NANO_PRUNE="$NANO_PRUNE usr/share/doc"
112
113
114
115
116
117	# Opties parsed gedurende build & install world
118	# Also check man 3 src.conf for details
119	# Some flags are misleading, e.g. could only be installworld (e.g.), for details:
120	# http://phk.freebsd.dk/misc/build_options/
121	# For details on make options also check:
122	# /usr/src/share/mk/bsd.own.mk
123	CONF_COMMON='
124	# Specific enabled options
125	#WITHOUT_ACPI=YES # geen advanced configuration power interface
126	#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd
127	#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries.
128	#WITHOUT_GROFF=YES # Set to not build groff(1).
129	#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur
130	#WITHOUT_INFO=YES # geen info bestanden, readable online docs
131	#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd
132	#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules
133	#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail
134	#WITHOUT_MAN=YES # geen handleidingen gecompileerd
135	#WITHOUT_MISC=YES # geen misc sub directory
136	#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules
137	#WITHOUT_PAM=YES # geen ondersteuning pa modules
138	#WITHOUT_PF=YES # geen packet filtering geinstalleerd
139	#WITHOUT_SHARE=YES # geen share sub directory
140	#WITHOUT_USB=YES # geen ondersteuning usb modules
141	# Specific disabled options
142	WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode
143	WITHOUT_AUDIT=YES # geen event auditing / audit trails
144	WITHOUT_AUTHPF=YES # geen authenticating gateway user shell
145	WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules
146	WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd
147	WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS)
148	WITHOUT_CPP=YES # Set to not build cpp(1).
149	WITHOUT_CVS=YES # geen cvs tools geinstalleerd
150	WITHOUT_DICT=YES # geen dictionary ondersteuning
151	WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden
152	WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers
153	WITHOUT_GAMES=YES # geen games gecompileerd
154	WITHOUT_GCOV=YES # geen gcov test coverage program
155	WITHOUT_GDB=YES # geen gnu debugger gecompileerd
156	WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten
157	WITHOUT_HTML=YES # geen html help bestanden gecompileerd
158	WITHOUT_I4B=YES # geen ondersteuning voor isdn
159	WITHOUT_IPX=YES # geen ondersteuning ipx protocols
160	WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie
161	WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie
162	WITHOUT_LPR=YES # geen ondersteuning print services
163	WITHOUT_NIS=YES # geen ondersteuning network information system
164	WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries.
165	WITHOUT_RCMDS=YES # geen ondersteuning rcmds,
166	WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd
167	WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd
168	WITHOUT_SHAREDOCS=YES # geen share/docs directories
169	WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd
170	'
171
172	CONF_BUILD="
173	${CONF_COMMON}
174	"
175
176	CONF_INSTALL="
177	${CONF_COMMON}
178	WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain
179	"
180
181
182	# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards
183	#FlashDevice sandisk 1g # nanobsd flashdevice entry
184	#FlashDevice sandisk 512mb # nanobsd flashdevice entry
185	#FlashDevice transcend 2g # nanobsd flashdevice entry
186	# Calculated value of PEAK hardware 1GB CF card
187	# C/H/S phys 1954/16/63, logical 977/32/63
188	# Mediasize is calculated as CHS*512
189
190	# Using logical values reported by ALIX board
191	# values for PCEngines blanc 1 GB cards
192	# C/H/S phys 1966/16/63, logical 983/32/63
193	NANO_MEDIASIZE=`expr 1008451584 / 512`
194	NANO_HEADS=32
195	NANO_SECTS=63
196
197
198	# Version tagging
199	cust_version_tag() (
200	VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt"
201	(
202	echo "Generated by `id -un`@`hostname -f` at `date`"
203	echo ""
204	echo "=== CONFIG specifics ==="
205	svn info ${NANO_CONF_DIR}/../ \|\| exit 0
206	svn diff ${NANO_CONF_DIR}/../ \|\| exit 0
207	echo "=== BEGIN CONFIG specifics ==="
208	) > $VERSION_FILE
209	)
210
211	# Takes a very long time (10+) minutes to generate this file on an ALIX board,
212	# not practical for quick debugging and configuration.
213	cust_openvpn_dhparam() (
214	DHFILE=${NANO_WORLDDIR}/etc/easy-rsa-keys/dh1024.pem
215	mkdir -p `dirname $DHFILE`
216	openssl dhparam -out $DHFILE 1024
217	)
218
219
220
221	# Assuming we are running a safe envirionment where snooping could occur during or after the build
222	cust_set_root_password() (
223	if [ -n "${CFG_ROOT_PASSWORD}" ]; then
224	pprint 2 "Set root password using CFG_ROOT_PASSWORD variable"
225	chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' \| pw usermod -h 0 -u root"
226	else
227	pprint 2 "Root password is <blank>, no password provided at variable CFG_ROOT_PASSWORD"
228	fi
229	)
230
231
232
233	# EXPERIMENTAL patch like envirionment
234	# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to
235	# keep us as close as possible to the base OS
236	# Patches are applied to the directory they live in
237	cust_apply_nanobsd_patches() (
238	for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do
239	cd `dirname ${PATCHFILE}`
240	patch -t -N -p0 -i `basename ${PATCHFILE}`
241	#XX: What to with installed patch files? Delete them for the time beeing
242	rm -v ${PATCHFILE}
243	done
244
245
246
247	)
248
249
250
251	# Compile & install lvroute daemon vanuit source in svn
252	cust_install_lvrouted() (
253	svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted
254	cd /tmp/lvrouted && autoconf && autoheader && ./configure && make \|\| true
255	cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin
256	)
257
258
259
260	# Customize ntpd
261	cust_ntpd() (
262	chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift"
263	)
264
265
266	# Enable Serial TTYs
267	cust_serial_ttys() (
268	chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyv[0-9]/s/on /off/' -e '/ttyu0/s/off/on/' -e '/ttyu0/s/dialup/ansi/' /etc/ttys
269	)
270
271
272
273	# Install files from specific relative location
274	cust_install_files () (
275	cd ${NANO_CONF_DIR}/../files
276	find . -print \| grep -v -e /CVS -e .svn \| cpio -dumpv ${NANO_WORLDDIR}
277	)
278
279
280	# pkgdb should live on persistent storage only
281	cust_alternate_pkg_db () (
282	mkdir -p ${NANO_WORLDDIR}/usr/local/var/db/pkg ${NANO_WORLDDIR}/usr/local/tmp
283	touch ${NANO_WORLDDIR}/usr/local/tmp/.hack-to-avoid-pruning-directory
284	# sh profile
285	( echo 'PKG_DBDIR=/usr/local/var/db/pkg; export PKG_DBDIR'; \
286	echo 'PKG_TMPDIR=/usr/local/tmp; export PKG_TMPDIR' ) >> ${NANO_WORLDDIR}/etc/profile
287	# csh profile
288	( echo 'setenv PKG_DBDIR /usr/local/var/db/pkg'; \
289	echo 'setenv PKG_TMPDIR /usr/local/tmp' ) >> ${NANO_WORLDDIR}/etc/csh.cshrc
290
291	rmdir ${NANO_WORLDDIR}/var/db/pkg
292	ln -s /usr/local/var/db/pkg ${NANO_WORLDDIR}/var/db/pkg
293	)
294
295	# Make tools available for root by default
296	cust_root_bin_to_tools() {
297	ln -s /tools ${NANO_WORLDDIR}/root/bin
298	}
299
300	# Directly stolen from /usr/src/tools/tools/nanobsd/nanobsd.sh, and make sure
301	# to source /etc/profile in chroot to get PKG_* included, for alternate installs
302	cust_pkg () (
303	# If the package directory doesn't exist, we're done.
304	if [ ! -d ${NANO_PACKAGE_DIR} ]; then
305	echo "DONE 0 packages"
306	return 0
307	fi
308
309	# Make sure to enable /dev as easy_install requires it for example
310	mount -t devfs devfs ${NANO_WORLDDIR}/dev
311	trap "umount ${NANO_WORLDDIR}/dev" 0
312	trap "exit 1" 1 2 3 15
313
314	# Copy packages into chroot
315	mkdir -p ${NANO_WORLDDIR}/Pkg
316	(
317	cd ${NANO_PACKAGE_DIR}
318	find ${NANO_PACKAGE_LIST} -print \|
319	cpio -Ldumpv ${NANO_WORLDDIR}/Pkg
320	)
321
322	# Count & report how many we have to install
323	todo=`ls ${NANO_WORLDDIR}/Pkg \| wc -l`
324	echo "=== TODO: $todo"
325	ls ${NANO_WORLDDIR}/Pkg
326	echo "==="
327	NANO_PKG_DBDIR=${NANO_WORLDDIR}/`chroot ${NANO_WORLDDIR} sh -c '. /etc/profile; echo ${PKG_DBDIR:-/var/db/pkg}'`
328	while true
329	do
330	# Record how many we have now
331	have=`ls ${NANO_PKG_DBDIR} \| wc -l`
332
333	# Attempt to install more packages
334	# ...but no more than 200 at a time due to pkg_add's internal
335	# limitations.
336	chroot ${NANO_WORLDDIR} sh -c \
337	'. /etc/profile; ls Pkg/*tbz \| xargs -n 200 pkg_add -F' \|\| true
338
339	# See what that got us
340	now=`ls ${NANO_PKG_DBDIR} \| wc -l`
341	echo "=== NOW $now"
342	ls ${NANO_PKG_DBDIR}
343	echo "==="
344
345
346	if [ $now -eq $todo ] ; then
347	echo "DONE $now packages"
348	break
349	elif [ $now -eq $have ] ; then
350	echo "FAILED: Nothing happened on this pass"
351	exit 2
352	fi
353	done
354	rm -rf ${NANO_WORLDDIR}/Pkg
355
356	# Return normal trap behaviour
357	trap - 1 2 3 15
358	)
359
360
361	# Prune no needed directories of image
362	cust_nano_prune () (
363	cd ${NANO_WORLDDIR}
364	for ENTRY in ${NANO_PRUNE}; do
365	rm -vfR ${ENTRY}
366	done
367	)
368
369	# We actually do need an seperate /tmp, so undo the symlinking done in
370	# setup_nanobsd()
371	late_cust_unset_common_var_and_tmp() (
372	cd ${NANO_WORLDDIR}
373	rm tmp
374	mkdir -m 1777 tmp
375	)
376
377
378	# Fill /cfg wmth custom files, based on 'create_i386_diskimage ( )'
379	last_nano_fill_cfg () (
380	# Variables to be used
381	IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME}
382	MNT=${MAKEOBJDIRPREFIX}/_.mnt
383
384	# Mount '/cfg' slize in image
385	MD=`mdconfig -a -t vnode -f ${IMG}`
386	mount /dev/${MD}s3 ${MNT}
387
388	# Location of '/cfg' directory
389	cd ${NANO_CONF_DIR}/../cfg-files
390	find . -print \| grep -v -e /CVS -e .svn \| cpio -dumpv ${MNT}
391
392
393	# Leave in nice end state
394	umount ${MNT}
395	mdconfig -d -u ${MD}
396	) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1
397
398	last_nano_disk_usage () (
399	# Variables to be used
400	IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME}
401	MNT=${MAKEOBJDIRPREFIX}/_.mnt
402
403	# Mount root slize
404	MD=`mdconfig -a -t vnode -f ${IMG}`
405	mount /dev/${MD}s1a ${MNT}
406
407	# Show disk usage (percent free) inc header
408	pprint 2 $(df -h \| head -1)
409	pprint 2 "$(df -h \| grep /dev/${MD})"
410
411	# Leave in nice end state
412	umount ${MNT}
413	mdconfig -d -u ${MD}
414	)
415
416	last_orders () (
417	last_nano_fill_cfg
418	last_nano_disk_usage
419	)
420
421	# Ugly hack to 'escaping' pprint from inside a customize_cmd to output
422	# instead of a file
423	exec 3>/dev/stdout
424	# Progress Print
425	# Print $2 at level $1
426	pprint() {
427	if [ "$1" -le $PPLEVEL ]; then
428	printf "%.${1}s %s\n" "#####" "$2" 1>&3
429	fi
430	}
431
432	# Cust macro`s gestart in onderstaande volgorde
433	# XXX: Determine size before installing all find of additions to see how much
434	# base we are actually using ## du -h -d 0
435	customize_cmd cust_alternate_pkg_db
436	customize_cmd cust_pkg
437	customize_cmd cust_install_files
438	customize_cmd cust_ntpd
439	customize_cmd cust_serial_ttys
440	customize_cmd cust_version_tag
441	customize_cmd cust_root_bin_to_tools
442	customize_cmd cust_allow_ssh_root
443	customize_cmd cust_openvpn_dhparam
444	customize_cmd cust_nano_prune
445	customize_cmd cust_set_root_password
446	customize_cmd cust_apply_nanobsd_patches
447	late_customize_cmd late_cust_unset_common_var_and_tmp
448
449	# Standard overwrite
450	if [ -r "$NANO_CONF_DIR/nanobsd.local" ]; then
451	. $NANO_CONF_DIR/nanobsd.local
452	fi
453
454	# Extra config if existing is not suffient
455	if [ -n "$EXTRA_NANOBSD_CONFIG" ]; then
456	for FILE in $EXTRA_NANOBSD_CONFIG; do
457	# File relative to config directory
458	if [ "`echo $FILE \| cut -c1`" != "/" ]; then
459	FILE=$NANO_CONF_DIR/$FILE
460	fi
461	pprint 1 "Loading $FILE"
462	. $FILE \|\| exit 1
463	done
464	fi

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format