Difference between pages "Netbsd vpn gateway basic setup" and "Linux wishlist"

From ENTS
(Difference between pages)
Jump to: navigation, search
m (prep to recompile the kernel)
 
m
 
Line 1: Line 1:
  
===basic setup after vanilla install===
+
runit
 +
compiled against ulibc/dietlibc/musl wherever possible?
 +
minimum install. kernel + superminimal system distributed as single package?
 +
    kernel + runit/gcc/binutils/pkgtool/udev/coreutils/sh/?  basically trimmed contents of A?
 +
modular kernel as much as possible
 +
tcb shadow passwords, pam, blowfish
 +
mariadb
 +
lvm, mdadm
 +
carp
 +
pkgsrc (ports?)
 +
smartd
 +
lighttpd | nginx > apache
 +
perl, php
 +
udev
 +
cgroups (seems awesome) (other resource limits?)
 +
chaosvpn, tun, openssl
 +
bsd-ish /etc configs?
 +
lynx nano screen
  
---
 
  
vi /root/.profile
+
[[wishlist filesystem hierarchy]]
  
change the path for the pkgsrc repo to:<br />
 
ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/5.0/All/
 
  
  pkg_add lynx<br />
+
  http://www.kegel.com/c10k.html
pkg_add pico<br />
+
pkg_add screen
+
  
---
 
  
vi /etc/ifconfig.fxp0
 
  
192.168.0.20{1,2} netmask 255.255.255.0
+
mininmum install.
 +
should be able to clean this up a lot by replace init scripts.  
  
---
+
A packages
  
vi /etc/sysctl.conf
+
aaa_base
 
+
aaa_elflibs
  net.inet.ip.forwarding=1
+
  aaa_terminfo
 
+
acl  (not sure if this is really needed for min inst)
---
+
attr
 
+
bash (once init scripts replaced with bsd-style, will not need this)
vi /etc/resolv.conf
+
bin (dunno whats in here yet)
 
+
coreutils
  nameserver 64.59.184.13
+
cxxlibs
 
+
  dcron (not sure if this is really needed for min inst)
---
+
devs
 
+
dialog (not needed but convenient while testing)
vi /etc/rc.conf
+
e2fsprogs
 
+
elvis (not sure if this is really needed for min inst)
  hostname=chaosvpn{1,2}.440bx.net<br />
+
etc
  defaultroute=192.168.0.1<br />
+
  getty-ps
  sshd=yes
+
  grep
 
+
  gzip
---
+
kernel-* (will figure out whats up later)
 
+
less
  useradd -m -G wheel chaosvpn_user<br />
+
mkinitrd (not sure if actually req'd for min inst)
  passwd chaosvpn_user
+
  module-init-tools
 
+
  openssl-solibs (not sure if really reqd for min inst)
---
+
pkgtools
 
+
procps (not sure if this should be reqd)
continue with the steps at:
+
sed
 
+
shadow (may or may not be needed after replaced by tcb?)
https://wiki.hamburg.ccc.de/ChaosVPN:NetBSDHowto
+
sharutils
 
+
sysvinit (will be replaced by runit?)
 
+
sysvinit-scripts (hopefully to replace)
---
+
  tar
 
+
  udev
===prep to recompile the kernel===
+
  usbutils (for keybaords and miec)
 
+
  util-linux
make directories
+
  xz
 
+
  mkdir /usr/src
+
  chown chaosvpn_user /usr/src
+
 
+
get the actual source
+
   
+
  ftp -i ftp://ftp.NetBSD.org/pub/NetBSD/NetBSD-5.2/source/sets/
+
  mget *.tgz
+
 
   
 
   
extract
 
  
for i in *.tgz
+
AP packages
do
+
tar -xzf $i
+
done
+
  
after you realize youve extracted to the wrong dir
+
autoconf
 +
automake
 +
binutils
 +
bison
 +
flex
 +
gcc
 +
gcc-g++
 +
kernel-headers
 +
m4
 +
make
  
mv /usr/src/usr/src/* /usr/src
 
  
copy config stuff
+
N packages
  
  cd /usr/src/sys/arch/i386
+
  dhcp ?
  cp GENERIC i686_CVPN_x300
+
  dhcpd
 +
iputils
 +
net-tools
 +
network-scripts
 +
traceroute
 +
wget
  
start editing
 
  
pico i686_CVPN_x300
 
  
reference
+
----
 
+
http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
+
 
+
CFLAGS:
+
 
+
CPUFLAGS="-march=pentium3m -mtune=pentium3m"
+
+
Uncommented:
+
  
PERFCTRS #since this is going to be non-smp kernel (may or may not ever use this)
 
GATEWAY
 
IPSEC
 
IPSEC_ESP
 
IPSEC_NAT_T
 
  
Might dig more into "tuning" later.
+
work items to convert init system to operate simpler:
  
Time to start building the new kernel
+
# install runit
  
config ./i686_CVPN_x300
+
# look at inittab from netbsd and see what can be used
cd ../compile/i686_CVPN_x300
+
# split rc.S, rc.K, and rc.M into seperate files - one per task - like netbsd
make depend && make
+
# runlevel 4 can be removed as this will be non-X machine
 +
# rc.modules* will not be needed as non-udev will not be an option. will put in some sort of posterity folder?
 +
# how to deal with runlevel 1 (single user)?

Revision as of 09:23, 12 August 2013

runit
compiled against ulibc/dietlibc/musl wherever possible?
minimum install. kernel + superminimal system distributed as single package? 
   kernel + runit/gcc/binutils/pkgtool/udev/coreutils/sh/?  basically trimmed contents of A?
modular kernel as much as possible
tcb shadow passwords, pam, blowfish 
mariadb
lvm, mdadm
carp
pkgsrc (ports?)
smartd
lighttpd | nginx > apache
perl, php
udev
cgroups (seems awesome) (other resource limits?)
chaosvpn, tun, openssl
bsd-ish /etc configs?
lynx nano screen


wishlist filesystem hierarchy


http://www.kegel.com/c10k.html


mininmum install. should be able to clean this up a lot by replace init scripts.

A packages

aaa_base
aaa_elflibs
aaa_terminfo
acl  (not sure if this is really needed for min inst)
attr
bash (once init scripts replaced with bsd-style, will not need this)
bin (dunno whats in here yet)
coreutils
cxxlibs
dcron (not sure if this is really needed for min inst)
devs
dialog (not needed but convenient while testing)
e2fsprogs
elvis (not sure if this is really needed for min inst)
etc
getty-ps
grep
gzip
kernel-* (will figure out whats up later)
less
mkinitrd (not sure if actually req'd for min inst)
module-init-tools
openssl-solibs (not sure if really reqd for min inst)
pkgtools
procps (not sure if this should be reqd)
sed 
shadow (may or may not be needed after replaced by tcb?)
sharutils
sysvinit (will be replaced by runit?)
sysvinit-scripts (hopefully to replace)
tar
udev
usbutils (for keybaords and miec)
util-linux
xz

AP packages

autoconf
automake
binutils
bison
flex
gcc
gcc-g++
kernel-headers
m4
make


N packages

dhcp ?
dhcpd 
iputils
net-tools
network-scripts
traceroute
wget




work items to convert init system to operate simpler:

  1. install runit
  1. look at inittab from netbsd and see what can be used
  2. split rc.S, rc.K, and rc.M into seperate files - one per task - like netbsd
  3. runlevel 4 can be removed as this will be non-X machine
  4. rc.modules* will not be needed as non-udev will not be an option. will put in some sort of posterity folder?
  5. how to deal with runlevel 1 (single user)?
Personal tools
Namespaces

Variants
Actions
Navigation
Members
Toolbox