Index: 2.0/nanobsd/nanobsd/cfg/nanobsd.wleiden.peak =================================================================== --- 2.0/nanobsd/nanobsd/cfg/nanobsd.wleiden.peak (revision 7607) +++ 2.0/nanobsd/nanobsd/cfg/nanobsd.wleiden.peak (revision 7607) @@ -0,0 +1,322 @@ +## Dit is een NanoBSD configuratie-template voor WirelessLeiden. +# Instellingen weergegeven binnen dit bestand gelden als +## standaard binnen de organisatie. + +# Little hack to allow proper secify of KERNL/PKG location +NANO_CONF_DIR=$(cd $(dirname $2); pwd -P) + +NANO_NAME=wleiden # object naam in /usr/obj/nanobsd.{obj} +NANO_SRC=/usr/src # nanobsd source tree +NANO_KERNEL=$NANO_CONF_DIR/kernel.wleiden # naam van het kernel configuratiebestand +NANO_IMAGES=2 # aantal nanobsd code slices/installs (1/2) +#NANO_DRIVE=ad1 # NanoBSD disk id, default is ad0 + +NANO_CONFSIZE=8192 # volume van de config slice, default 2048 (512bs) +NANO_DATASIZE=0 # volume van de data slice, 0 = not configured +# 200MB should is suffient of every image we might as well use all available +# space, but that increases update times +#NANO_CODESIZE=409600 # volume van de code slice, default = max beschikbaar +NANO_CODESIZE=819200 +#NANO_RAM_ETCSIZE= # volume van de /etc ramdisk, default 10240 (512bs) +#NANO_RAM_TMPVARSIZE= # volume van de /var ramdisk, default 10240 (512bs) + +#XXX: Eeks, fixed packages, needs building a hook to allow building the package +# of the shelfs if needed, copy to right directory, done. With only input needed +# a list of ports in the format like net/net-snmp +NANO_PACKAGE_DIR=$NANO_CONF_DIR/../pkg/All + +# XXX: Create function which populate the right packages and fixes the +# dependencies. Package build script could benefit from this list, as it +# could build this list beforehand +## pkg_info -qr pkg/All/* +##NANO_PACKAGE_LIST= + +# Warning: set to 1 to debug make build errors +# Number of recurrent parrallel make builds +if `grep -q 'acpi0: on motherboard' /var/run/dmesg.boot`; then + # Mac OS X Parallels virtual machine + NANO_PMAKE="make -B" +else + # Default 2 times number of CPU's inside machine + NANO_PARALLEL_MAKE=`expr $(sysctl -n hw.ncpu) \* 2` + NANO_PARALLEL_MAKE="1" + NANO_PMAKE="make -j ${NANO_PARALLEL_MAKE}" +fi + +# LET OP, optie nodig bij het gebruik van Alix bordjes ivm tinybios & LBA +# ondersteuning. Specifieke flash-geometrie instellingen vereist. +#NANO_BOOT0CFG="-o nopacket -s 1 -m 3" + +# +# Starting from soekris bios version 1.31 upwards boot0sio does not seems work +# anymore, but boot0 does (weird) +NANO_BOOTLOADER="boot/boot0" + +# Strip down to a more acceptable size +# hints from http://people.freebsd.org/~phk/nanobsd/soekris_4x26/make.soekris_4x26.conf (46MB) +# 46MB +# NB! usr/share/misc contains termcap, vi(1) etc fails to work without it. +# NANOBSD_PRUNE += usr/share/misc +NANO_PRUNE="$NANO_PRUNE usr/share/examples" +NANO_PRUNE="$NANO_PRUNE usr/share/syscons" +NANO_PRUNE="$NANO_PRUNE usr/share/calendar" +NANO_PRUNE="$NANO_PRUNE usr/share/mk" +NANO_PRUNE="$NANO_PRUNE usr/share/pcvt" +NANO_PRUNE="$NANO_PRUNE usr/share/me" +NANO_PRUNE="$NANO_PRUNE usr/share/doc" + + + + + +# Opties parsed gedurende build & install world +# Also check man 3 src.conf for details +# Some flags are misleading, e.g. could only be installworld (e.g.), for details: +# http://phk.freebsd.dk/misc/build_options/ +# For details on make options also check: +# /usr/src/share/mk/bsd.own.mk +CONF_COMMON=' +# Specific enabled options +#WITHOUT_ACPI=YES # geen advanced configuration power interface +#WITHOUT_BIND=YES # geen bind tools, dns/named geinstalleerd +#WITHOUT_CXX=YES # Set to not build g++(1) and related libraries. +#WITHOUT_GROFF=YES # Set to not build groff(1). +#WITHOUT_INET6=YES # geen ondersteuning inet versie 6 architectuur +#WITHOUT_INFO=YES # geen info bestanden, readable online docs +#WITHOUT_IPFILTER=YES # geen ip filtering geinstalleerd +#WITHOUT_KLDLOAD=YES # do not allow loading of kernel modules +#WITHOUT_MAILWRAPPER=YES # geen mailwrapper bij gebruik sendmail +#WITHOUT_MAN=YES # geen handleidingen gecompileerd +#WITHOUT_MISC=YES # geen misc sub directory +#WITHOUT_MODULES=YES # geen ondersteuning toevoegen modules +#WITHOUT_PAM=YES # geen ondersteuning pa modules +#WITHOUT_PF=YES # geen packet filtering geinstalleerd +#WITHOUT_SHARE=YES # geen share sub directory +#WITHOUT_USB=YES # geen ondersteuning usb modules +# Specific disabled options +WITHOUT_ATM=YES # geen ondersteuning Asynchronous Transfer Mode +WITHOUT_AUDIT=YES # geen event auditing / audit trails +WITHOUT_AUTHPF=YES # geen authenticating gateway user shell +WITHOUT_BLUETOOTH=YES # geen ondersteuning Bluetooth modules +WITHOUT_CALENDAR=YES # geen calendar reminder service gecompileerd +WITHOUT_CDDL=YES # Set to not build code licensed under Sun CDDL. (also ZFS) +WITHOUT_CPP=YES # Set to not build cpp(1). +WITHOUT_CVS=YES # geen cvs tools geinstalleerd +WITHOUT_DICT=YES # geen dictionary ondersteuning +WITHOUT_EXAMPLES=YES # geen voorbeeld configuratiebestanden +WITHOUT_FORTRAN=YES # geen ondersteuning fortran compilers +WITHOUT_GAMES=YES # geen games gecompileerd +WITHOUT_GCOV=YES # geen gcov test coverage program +WITHOUT_GDB=YES # geen gnu debugger gecompileerd +WITHOUT_GPIB=YES # geen ondersteuning gpib kaarten +WITHOUT_HTML=YES # geen html help bestanden gecompileerd +WITHOUT_I4B=YES # geen ondersteuning voor isdn +WITHOUT_IPX=YES # geen ondersteuning ipx protocols +WITHOUT_KERBEROS=YES # geen ondersteuning Kerberos authenticatie +WITHOUT_LOCALES=YES # geen ondersteuning lokalisatie +WITHOUT_LPR=YES # geen ondersteuning print services +WITHOUT_NIS=YES # geen ondersteuning network information system +WITHOUT_PROFILE=YES # Set to avoid compiling profiled libraries. +WITHOUT_RCMDS=YES # geen ondersteuning rcmds, +WITHOUT_RESCUE=YES # geen rescue bestanden gecompileerd +WITHOUT_SENDMAIL=YES # geen sendmail geinstalleerd +WITHOUT_SHAREDOCS=YES # geen share/docs directories +WITHOUT_SYSCONS=YES # geen syscon devices gecompileerd +' + +CONF_BUILD=" +${CONF_COMMON} +" + +CONF_INSTALL=" +${CONF_COMMON} +WITHOUT_TOOLCHAIN=YES # geen freebsd toolchain +" + + +# Flash disks arrived, sandisk 1g seems to match the geometry of the (blank) cards +#FlashDevice sandisk 1g # nanobsd flashdevice entry +#FlashDevice sandisk 512mb # nanobsd flashdevice entry +#FlashDevice transcend 2g # nanobsd flashdevice entry + +# Calculated value of PEAK hardware 1g CF card +# C/H/S phys 1954/16/63, logical 977/32/63 +# Mediasize is calculated as C*H*S*512 + +NANO_MEDIASIZE=`expr 1008451584 / 512` +#using phys values reported by Alix board +#NANO_HEADS=64 +NANO_HEADS=16 +#NANO_SECTS=32 +NANO_SECTS=63 + +#values for PCEngines blank 1 GB cards +#NANO_MEDIASIZE='expr 1014644736 / 512' +#C/H/S phys 1966/16/63, logical 983/32/63 + +# Version tagging +cust_version_tag() ( + VERSION_FILE="${NANO_WORLDDIR}/tools/wl-release.txt" + ( + echo "Generated by `id -un`@`hostname -f` at `date`" + echo "" + echo "=== CONFIG specifics ===" + svn info ${NANO_CONF_DIR}/../ || exit 0 + svn diff ${NANO_CONF_DIR}/../ || exit 0 + echo "=== BEGIN CONFIG specifics ===" + ) > $VERSION_FILE +) + + + +# Assuming we are running a safe envirionment where snooping could occur during or after the build +cust_set_root_password() ( + if [ -n "${CFG_ROOT_PASSWORD}" ]; then + pprint 2 "Set root password using CFG_ROOT_PASSWORD variable" + chroot ${NANO_WORLDDIR} sh -c "echo '${CFG_ROOT_PASSWORD}' | pw usermod -h 0 -u root" + else + pprint 2 "Root password is , no password provided at variable CFG_ROOT_PASSWORD" + fi +) + + + +# EXPERIMENTAL patch like envirionment +# Using '*-nanobsd.patch' files to only specify the bare differences between the base/default file to +# keep us as close as possible to the base OS +# Patches are applied to the directory they live in +cust_apply_nanobsd_patches() ( + for PATCHFILE in `find ${NANO_WORLDDIR} -regex '.*-nanobsd\.patch$'`; do + cd `dirname ${PATCHFILE}` + patch -t -N -p0 -i `basename ${PATCHFILE}` + #XX: What to with installed patch files? Delete them for the time beeing + rm -v ${PATCHFILE} + done + + + +) + + + +# Compile & install lvroute daemon vanuit source in svn +cust_install_lvrouted() ( + svn co http://svn.wirelessleiden.nl/svn/node-config/other/lvrouted/trunk/ /tmp/lvrouted + cd /tmp/lvrouted && autoconf && autoheader && ./configure && make || true + cp src/lvrouted.opt ${NANO_WORLDDIR}/usr/local/sbin +) + + + +# Customize ntpd +cust_ntpd() ( + chroot ${NANO_WORLDDIR} sh -c "ln -fs /usr/local/etc/ntp.drift /var/db/ntp.drift" +) + +# Customize Security +cust_security() ( + chroot ${NANO_WORLDDIR} sh -c "chown -R bind /var/db/nsd" + chroot ${NANO_WORLDDIR} sh -c "chmod u+x /usr/local/etc/rc.d/nsd" + chroot ${NANO_WORLDDIR} sh -c "chmod u+x /usr/local/libexec/nagios/check_wlsnmp" + chroot ${NANO_WORLDDIR} sh -c "chmod u+x /usr/local/dense/dense.sh" + chroot ${NANO_WORLDDIR} sh -c "chmod 400 /usr/local/sshtun/sshkey" + chroot ${NANO_WORLDDIR} sh -c "chmod u+x /usr/local/etc/rc.d/maradns" +) + + +# Install files from specific relative location +cust_install_files () ( + cd ${NANO_CONF_DIR}/../files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${NANO_WORLDDIR} +) + + + +# Prune no needed directories of image +cust_nano_prune () ( + cd ${NANO_WORLDDIR} + for ENTRY in ${NANO_PRUNE}; do + rm -vfR ${ENTRY} + done +) + +cust_disable_ssh_password () { + chroot ${NANO_WORLDDIR} sh -c "mv /etc/ssh/sshd_config /tmp" + chroot ${NANO_WORLDDIR} sh -c "cat /tmp/sshd_config | sed -e 's/\#UsePAM\ yes/UsePAM\ no/g' > /etc/ssh/sshd_config" + chroot ${NANO_WORLDDIR} sh -c "rm /tmp/sshd_config" +} + +cust_move_files () { + chroot ${NANO_WORLDDIR} sh -c "mv /usr/local/etc/nagios/send_nsca.cfg-sample /usr/local/etc/nagios/send_nsca.cfg" +} + +# Fill /cfg with custom files, based on 'create_i386_diskimage ( )' +last_nano_fill_cfg () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount '/cfg' slize in image + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s3 ${MNT} + + # Location of '/cfg' directory + cd ${NANO_CONF_DIR}/../cfg-files + find . -print | grep -v -e /CVS -e .svn | cpio -dumpv ${MNT} + + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) > ${MAKEOBJDIRPREFIX}/_.fc 2>&1 + +last_nano_disk_usage () ( + # Variables to be used + IMG=${NANO_DISKIMGDIR}/${NANO_IMGNAME} + MNT=${MAKEOBJDIRPREFIX}/_.mnt + + # Mount root slize + MD=`mdconfig -a -t vnode -f ${IMG}` + mount /dev/${MD}s1a ${MNT} + + # Show disk usage (percent free) inc header + pprint 2 $(df -h | head -1) + pprint 2 "$(df -h | grep /dev/${MD})" + + # Leave in nice end state + umount ${MNT} + mdconfig -d -u ${MD} +) + +last_orders () ( + last_nano_fill_cfg + last_nano_disk_usage +) + +# Ugly hack to 'escaping' pprint from inside a customize_cmd to output +# instead of a file +exec 3>/dev/stdout +# Progress Print +# Print $2 at level $1 +pprint() { + if [ "$1" -le $PPLEVEL ]; then + printf "%.${1}s %s\n" "#####" "$2" 1>&3 + fi +} + + +# Cust macro`s gestart in onderstaande volgorde +# XXX: Determine size before installing all find of additions to see how much +# base we are actually using ## du -h -d 0 +customize_cmd cust_pkg +customize_cmd cust_install_files +customize_cmd cust_ntpd +#customize_cmd cust_install_lvrouted +customize_cmd cust_version_tag +customize_cmd cust_allow_ssh_root +customize_cmd cust_disable_ssh_password +customize_cmd cust_nano_prune +customize_cmd cust_set_root_password +customize_cmd cust_apply_nanobsd_patches +customize_cmd cust_security +customize_cmd cust_move_files