[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

repost: Debian Live Net ready for public eyes

Sorry to everyone on the list; Mailman's archive software gobbled my
first post of this message. You can safely disregard this if you got the
first one. Please note that the message sent at 4:57 PM CST is the one
with the most current patch.

--- snip ---

Well, it's not usable yet but I am ready to show everyone what we've
got. Hopefully another set of eyes will help us catch some bugs.

I am attaching to this message a .diff against the Debian source for the
live-package Debian package. I am also attaching a .deb which anyone can
install. It contains the modifcations. make-live now has the ability to
create network-bootable images and also to generate example config

== To Create a Debian Live Net System

One can enter:

# make-live net

Which results in:
* a flat filesystem will be created in live/chroot
* an example /tftpboot/ directory is created in live/tftpboot, it
     * a copy of the initrd.gz and vmlinuz
     * the pxelinux.0 file from syslinux
     * a default pxelinux.cfg/default file (kinda like a Grub config
* an example DHCP config file in live/etc/dhcp3/dhcpd.conf

== What One Needs to Do to Test It

Install and configure xinetd and the tftpd-hpa packages. Set /tftpboot/
as your TFTP server's root directoy. Move the contents of live/tftpboot/
in to /tftpboot/. Edit /tftpboot/pxelinux.cfg/default to point to the
correct server IP address.

Install dhcp3-server package and move the live/etc/dhcp3/dhcpd.conf file
over the top of the default file in /etc/dhcp3/dhcpd.conf. WARNING: you
need to edit this file and replace any %% values with the values that
are applicable to your network.

Install the samba package and configure /etc/samba/smb.conf. You need to
add this to the global section:

secuirty = user
map to guest = Bad Password
guest account = root

WARNING WARNING WARNING: "guest account = root" can open a huge security
hole if you already have some samba shares configured. Due to a
limitation of Samba, you will need to add "guest ok = no" to be sure
that you do not allow root access to any share. "guest ok = yes" is
required for the chroot share. I need to do some more secuirty auditing
here to make sure that this is safe.

And at the end of the file add a stanza like this:

   comment = Safedesk Chroot
   path = /var/live/chroot
   read only = yes
   guest ok = yes
   locking = no

Where /var/live/chroot is the path to the live/chroot that you have

== Work Still Needed

Disable the networking stuff during the "second" init sequence.
Networking is already configure so we need to NOT kill networking and


This works on my system and I am resonably sure it does what it supposed
to do but this is EXPERIMENTAL with NO WARRANTY, etc, etc. If it eats
your files or destroys your system I cannot be held responsible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.debian-unofficial.org/pipermail/live/attachments/20060510/8022d893/attachment.pgp

Reply to: