On Thu, Mar 17, 2005 at 12:36:42PM +0000, Chris Boot wrote:
> Hi all,
Hi,
> First of all, let me apologise about cross-posting to the Soekris Tech
> and Debian User mailing lists.
I reply to you directly because my mail isn't specifically related to
Soekris hardware but more about Debian on Soekris.
Actually, I've been doing something like you did since 2003 but never
had the time to publish it. I used LRP / LEAF to create my own "Debian
on Soekris distribution". Just like you, I took a look at Pebble but
decided not to use it. I also didn't like everything about LRP /
LEAF. This was the reason to start from scratch.
Basically, what I did was:
- created a minimal root filesystem i.e. an initrd with a "smart"
linuxrc script
- used busybox to get as many of the utilities I needed into a small
binary (busybox is in the initrd)
- created a kernel image with the watchdog patch, both for the net4501
and the net4801 (as I have them both)
- created a small packaging system:
- based on cpio rather than tar files (LEAF) because this makes it
very easy, using a table of contents, to determine which files
belong to which package (X.pkg is actually X.cpio.gz) and make
that you can add files to and remove files from a package on
target
- allows you to use a config.pkg package which overrides all
"standard" configuration files etc. so that you can separate
binaries (cfr. firmware on routers) and configuration stuff
- created a set of packages I want to use on my Soekris boxes; these
packages are based on their Debian versions i.e. they are actually
stripped down Debian packages
For my net4501 connected to a broadband line, the list looks like
this: base config djbdns dmntls ez-ipupd fwbfw icmpinfo initrd
iproute iptables latm1 lcap1 ldb3 llzo1 lncurses log lpam0g lpammdls
lpamrntm lpcap lreadln lssl097 lwrap0 lz1g make ntpdate ntpsrvr
openssl openvpn pkgtools sc520wd ssh ssmtp tcpdump tcshaper udhcpc
- created a system to build everything in one go; for this, you need a
Debian box but it uses a separate apt cache etc. i.e. what you build
does not have to be in sync with what the host runs (I want to be
able to build the thing using Sid while the host runs Sarge and vice
versa)
- ascii documented the bootstrap process (installation using PXE) and
configuration process (using the serial console)
> I have owned a Soekris[1] net4801[2] for many months now, and so far it
> has been running Debian Sarge (testing) off an internal laptop hard
> drive. Since I wasn't happy with this approach (for many reasons) I
> decided to move to a read-only filesystem on a CF card. With very little
> effort on my part, I managed to get a rather small root filesystem that
> includes a plethora of goodies from ISC BIND and DHCP to OpenVPN (and
> many more). Its main advantage though is that it will easily fit on a
> 32MB CF card, and could be shrunk even further with the removal of a few
> extra goodies that I chose to include.
>
> I've called my mini-sarge PicoDebian[3], mostly because my net4801 is
> called Piccolo. I overcame my main obstacle of the read-only filesystem
> with the help of Pebble[4] (which I didn't want to use because I needed
> slightly more up-to-date packages). More information is available on my
> site.
Looking at your site, our things look similar but the implementation
is different. I made a quick comparison:
- you use squashfs while I use minix filesystems (because this is part
of busybox)
- you run with a read-only CF while I run everything in a tmpfs
filesystem
- you use an ext2 filesystem for grub while I use a minix filesystem
(cfr. above)
- size is different: you seem to have a large CF (256MB) with 10
partitions of about 25MB while I'm using a 64MB partition with 1
partition of 5MB (grub only, too much, I know) and 6 partitions of
about 10MB
- we are both able to store multiple versions on CF
- I unpack everything in RAM (tmpfs) at runtime: the 15MB root
filesystem (with the packages listed above) is used for about 80
percent; your root filesystem is larger but does not take up that
much RAM as things are linked to the read-only CF (Note: I preferred
not to use a read-only CF because I noticed that, even when the CF
card is mounted ro, when the power disappears, an fsck is necessary)
- your build process seems to produce 1 image while my build process
produces an initrd, a kernel and a list of packages
- there are some differences in packages:
- bind9 versus djbdns and tinydns
- dhcpd: I don't have it
- monit versus busybox init and daemontools
- ntp, openssh, openvpn are similar
- perl: I don't have it
- shorewall versus a firewall builder generated script (Note: my
initial version used shorewall)
- snort: I don't have it
- watchdog support is similar
- wondershaper is similar to my script (studied and modified
lartc.org scripts)
- LCD daemon: I don't have it
- I also include udhcpc, ez-ipupdate, tcpdump, icmpinfo, ssmtp,
openssl; previous releases also included ipsec-tools, racoon but I
replaced this with openvpn
> I must admit at the moment it's not fit for release, I'm mostly trying
> to judge how much interest there is in such a thing before I go a
> register a project on SourceForge or the like.
You're at least thinking about releasing it, that's good. I have it
running for quite some time, improved it, etc. but it never got
out. That's actually worse because nobody has the chance to use
it.
Because it is actually a toolchain to build a Debian for Soekris, I
had been thinking about sending a mail to the
debian-embedded@lists.debian.org list but as the Soekris is actually
just a stripped down PC, I didn't consider it "embedded" enough.
I Cc-ed this mail to that mailinglist[1] to see if someone else might
consider this interesting or not. It could be that most of the people
buying a Soekris, do so to play with it rather than just putting some
software on it;-)
[1] Not (yet) subscribed.
> Regards,
cu,
> Chris
>
> References:
> 1. http://www.soekris.com/
> 2. http://www.soekris.com/net4801.htm
> 3. http://www.bootc.net/picodebian/
> 4. http://www.nycwireless.net/pebble/
--
lenaerts.frank@pandora.be
gpg fingerprint: A41E A399 5160 BAB9 AEF1 58F2 B92A F4AB 9FFB 3707
gpg key id: 9FFB3707
Those who do not understand Unix are condemned to reinvent it, poorly."
-- Henry Spencer
Attachment:
signature.asc
Description: Digital signature