Index: /branches/releng-10/nanobsd/cfg/kernel.wleiden.apu =================================================================== --- /branches/releng-10/nanobsd/cfg/kernel.wleiden.apu (revision 12985) +++ /branches/releng-10/nanobsd/cfg/kernel.wleiden.apu (revision 12985) @@ -0,0 +1,196 @@ +# +# WLEIDEN -- Wireless Leiden kernel configuration file for FreeBSD/i386 +# +# For more information on this file, please read the handbook section on +# Kernel Configuration Files: +# +# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html +# +# This config is tweaked for ALIX.APU1C & APU1C4, with +# Atheros Wireless Cards and meant to run an a remote location. +# + +cpu I686_CPU +ident WLEIDEN + +# Uncomment if you like to compile a debugging kernel +#makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols +#options KDB # Kernel debugger related code +#options KDB_TRACE # Print a stack trace for a panic +#options STACK # stack(9) support + +options NO_SWAPPING # Embedded Machines. +options SW_WATCHDOG # Remote emergency reboots. + +options ROUTETABLES=6 # Multiple routing table support + +# To statically compile in device wiring instead of /boot/device.hints +#hints "GENERIC.hints" # Default places to look for devices. + +options SCHED_ULE # ULE scheduler +options PREEMPTION # Enable kernel thread preemption +options INET # InterNETworking +options INET6 # IPv6 communications protocols +options SCTP # Stream Control Transmission Protocol +options FFS # Berkeley Fast Filesystem +options SOFTUPDATES # Enable FFS soft updates support +options NFS_ROOT # Allow NFS to be / mount (testing purposes) +options NFSCLIENT # Network Filesystem Client +options PSEUDOFS # Pseudo-filesystem framework +options GEOM_LABEL # Provides labelization +options KTRACE # ktrace(1) support +options SYSVSHM # SYSV-style shared memory +options SYSVMSG # SYSV-style message queues +options SYSVSEM # SYSV-style semaphores +options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions +options KBD_INSTALL_CDEV # install a CDEV entry in /dev +options INCLUDE_CONFIG_FILE # Include this file in kernel + +# To make an SMP kernel, the next two lines are needed +options SMP # Symmetric MultiProcessor Kernel +device apic # I/O APIC + +# Bus support. +device eisa +device pci +device acpi + +# ATA controllers +device ahci # AHCI-compatible SATA controllers +device ata # Legacy ATA/SATA controllers +#options ATA_CAM # Handle legacy controllers with CAM +options ATA_STATIC_ID # Static device numbering + +# ATA/SCSI peripherals +device scbus # SCSI bus (required for ATA/SCSI) +device da # Direct Access (disks) + +# Add suspend/resume support for the i8254. +device pmtimer + +# PCCARD (PCMCIA) support +# PCMCIA and cardbus bridge support +device cbb # cardbus (yenta) bridge +device pccard # PC Card (16-bit) bus +device cardbus # CardBus (32-bit) bus + +# Serial (COM) ports +device uart # Generic UART driver + +# PCI Ethernet NICs that use the common MII bus controller code. +# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! +device miibus # MII bus support +device vr # VIA Rhine, Rhine II +device sis # SiS 900/SiS 7016 +device re # Realtek RTL8169S/8110S/8211 + +# Wireless NIC cards +device wlan # 802.11 support +options IEEE80211_DEBUG # enable debug msgs +options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's +options IEEE80211_SUPPORT_MESH # enable 802.11s draft support +device ath # Atheros NIC's +device ath_pci # Atheros pci/cardbus glue +device ath_hal # pci/cardbus chip support +options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors +device ath_rate_sample # SampleRate tx rate control for ath +device ral # Ralink Technology RT2500 wireless NICs. +device wi # WaveLan/Intersil/Symbol 802.11 wireless NICs. + +# Pseudo devices. +device loop # Network loopback +device random # Entropy device +device ether # Ethernet support +device vlan # 802.1Q VLAN support +device tun # Packet tunnel. +device pty # BSD-style compatibility pseudo ttys +device md # Memory "disks" +device gif # IPv6 and IPv4 tunneling +device faith # IPv6-to-IPv4 relaying (translation) +device firmware # firmware assist module + +# The `bpf' device enables the Berkeley Packet Filter. +# Be aware of the administrative consequences of enabling this! +# Note that 'bpf' is required for DHCP. +device bpf # Berkeley packet filter + +# USB support +options USB_DEBUG # enable debug msgs +device uhci # UHCI PCI->USB interface +device ohci # OHCI PCI->USB interface +device ehci # EHCI PCI->USB interface (USB 2.0) +device xhci # XHCI PCI->USB interface (USB 3.0) +device usb # USB Bus (required) +device umass # Disks/Mass storage - Requires scbus and da + +# MMC/SD +device mmc # MMC/SD bus +device mmcsd # MMC/SD memory card +device sdhci # Generic PCI SD Host Controller + +# USB Serial devices +device u3g # USB-based 3G modems (Option, Huawei, Sierra) +device uark # Technologies ARK3116 based serial adapters +device ubsa # Belkin F5U103 and compatible serial adapters +device uftdi # For FTDI usb serial adapters +device uipaq # Some WinCE based devices +device uplcom # Prolific PL-2303 serial adapters +device uslcom # SI Labs CP2101/CP2102 serial adapters +device uvisor # Visor and Palm devices +device uvscom # USB serial support for DDI pocket's PHS + +# USB Ethernet, requires miibus +device aue # ADMtek USB Ethernet +device axe # ASIX Electronics USB Ethernet +device cdce # Generic USB over Ethernet +device cue # CATC USB Ethernet +device kue # Kawasaki LSI USB Ethernet +device mos # Mos USB Ethernet +device rue # RealTek RTL8150 USB Ethernet +device udav # Davicom DM9601E USB + +# USB Wireless +device rum # Ralink Technology RT2501USB wireless NICs +device run # Ralink Technology RT2700/RT2800/RT3000 NICs. +device uath # Atheros AR5523 wireless NICs +device upgt # Conexant/Intersil PrismGT wireless NICs. +device ural # Ralink Technology RT2500USB wireless NICs +device urtw # Realtek RTL8187B/L wireless NICs +device zyd # ZyDAS zd1211/zd1211b wireless NICs + +# Authentication, encryption and protection on network layer +device wlan_xauth #802.11 external authenticator support +device enc #IPsec interface +device crypto # core crypto support +device cryptodev # /dev/crypto for access to h/w +device pf #PF OpenBSD packet-filter firewall +device pflog #logging support interface for PF +options IPSEC #IP security (requires device crypto) +options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel + +# glxsb is a driver for the Security Block in AMD Geode LX processors. +# Requires 'device crypto'. +device glxsb # AMD Geode LX Security Block + +# Allow combining interfaces +device if_bridge + +# Needed for VPN and other alternative tunnels +device tap + +# In case we like to limit and play more clever with inet traffic and running +# queues and such. +options ALTQ +options ALTQ_CBQ # Class Bases Queuing (CBQ) +options ALTQ_RED # Random Early Detection (RED) +options ALTQ_RIO # RED In/Out +options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) +options ALTQ_PRIQ # Priority Queuing (PRIQ) + +# Make ipfw firewall with NAT available for use, also see: +# http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html +options IPFIREWALL +options IPFIREWALL_VERBOSE +options IPFIREWALL_VERBOSE_LIMIT=5 +options IPFIREWALL_DEFAULT_TO_ACCEPT +options IPDIVERT Index: /branches/releng-10/nanobsd/cfg/nanobsd.wleiden.apu =================================================================== --- /branches/releng-10/nanobsd/cfg/nanobsd.wleiden.apu (revision 12985) +++ /branches/releng-10/nanobsd/cfg/nanobsd.wleiden.apu (revision 12985) @@ -0,0 +1,372 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +## Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. +## Tweaked for use with 2Gb SDcard, more VAR and TMP space in Alix.APU1C + +# Little hack to allow proper secify of KERNL/PKG location +if [ -n "$NANO_CFG_FILE" ]; then + NANO_CONF_DIR=$(cd $(dirname $NANO_CFG_FILE); pwd -P) +else + NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) +fi + +# object naam in /usr/obj/nanobsd.{obj} +NANO_NAME=wleiden-hybrid +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden.apu # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +NANO_CODESIZE=889200 # 434Mb voor / (889200*1024*1024/512) +NANO_RAM_TMPVARSIZE=81920 # 40Mb Voor /Var en /Tmp(40*1024*1024/512) + +NANO_DRIVE=da0 # Naam van de SD card + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All +NANO_PACKAGE_LIST="*" + + +# Wireless Leiden ports from $WL_PORTSDIR are copied OVER $PORTSDIR +PORTSDIR='/usr/ports' +WL_PORTSDIR="$NANO_CONF_DIR/../ports/" + +# Dirty quirk to allow comments in part below +PACKAGE_LIST=`cat < on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blanc) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry +# Calculated value of PEAK hardware 1GB CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +# Using logical values reported by Alix APU board +# values for PCEngines blanc 2 GB cards +# C/H/S phys 945/64/63, logical 983/32/63 +# drive 0x000f2ab0: PCHS=0/0/0 translation=lba LCHS=945/64/63 s=3813376 +NANO_MEDIASIZE=`expr 1952448512 / 512` +NANO_HEADS=64 +NANO_SECTS=63 + + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + +# Takes a very long time (10+) minutes to generate this file on an ALIX board, +# not practical for quick debugging and configuration. +cust_openvpn_dhparam() ( + DHFILE=${NANO_WORLDDIR}/etc/easy-rsa-keys/dh1024.pem + mkdir -p `dirname $DHFILE` + openssl dhparam -out $DHFILE 1024 +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +#cust_apply_nanobsd_patches() ( +# for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do +# cd `dirname ${PATCHFILE}` +# patch -t -N -p0 -i `basename ${PATCHFILE}` +# #XX: What to with installed patch files? Delete them for the time beeing +# rm -v ${PATCHFILE} +#done + + + +#) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + + +# Enable Serial TTYs and boot serial at 115200 baud +cust_serial_ttys() ( + chroot ${NANO_WORLDDIR} sed -i '' -e '/ttyv[0-9]/s/on /off/' -e '/ttyu0/s/off/on/' -e '/ttyu0/s/dialup/ansi/' /etc/ttys + echo '-h -s115200' > ${NANO_WORLDDIR}/boot.config +) + + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + +# Make tools available for root by default +cust_root_bin_to_tools() { + ln -s /tools ${NANO_WORLDDIR}/root/bin +} + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + +# We actually do need an seperate /tmp, so undo the symlinking done in +# setup_nanobsd() +late_cust_unset_common_var_and_tmp() ( + cd ${NANO_WORLDDIR} + rm tmp + mkdir -m 1777 tmp +) + + +# Fill /cfg wmth custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkgng +customize_cmd cust_install_files +customize_cmd cust_ntpd +customize_cmd cust_serial_ttys +customize_cmd cust_version_tag +customize_cmd cust_root_bin_to_tools +customize_cmd cust_allow_ssh_root +customize_cmd cust_openvpn_dhparam +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +#customize_cmd cust_apply_nanobsd_patches +late_customize_cmd late_cust_unset_common_var_and_tmp + +# Standard overwrite +if [ -r "$NANO_CONF_DIR/nanobsd.local" ]; then + . $NANO_CONF_DIR/nanobsd.local +fi + +# Extra config if existing is not suffient +if [ -n "$EXTRA_NANOBSD_CONFIG" ]; then + for FILE in $EXTRA_NANOBSD_CONFIG; do + # File relative to config directory + if [ "`echo $FILE | cut -c1`" != "/" ]; then + FILE=$NANO_CONF_DIR/$FILE + fi + pprint 1 "Loading $FILE" + . $FILE || exit 1 + done +fi