Charles, Thanks for releasing the Dachstein-CD. I have had fun playing with it. I have not created a LEAF CD before so I may be able to provide some newbie impressions:
Since it is a CD and the current ISO is only 17M, it would be nice to include say a dosutils directory with rawrite.exe. Attached is a file called mkfloppy. It calls rawrite using all the correct command line arguments along with the bootdisk.bin file. You describe three configuration options depending on if your BIOS allows you to boot from a CD. I believe bootdisk.bin will work for both one and two. I realize it would be overkill, but you could provide an image file for people transitioning from eigersteinbeta2. LOL I realize it would just have the lrpkg.cfg file with etc:R,local,modules,ramlog,dhclient,dnscache,dhcpd,weblet,lncurses,vim in it but it might make it easier for new people using the CD. Besides its nice going into lrcfg and seeing a list of packages to configure when you first boot the CD. I was hacking around. I went into 1, Network Settings, and then 9, Additional networking daemon, start-up. This promptly changed the characters on the screen to graphic characters. There appears to be something wrong with this file. I thought it would be clearer to describe just one of the CD-ROM boot configurations at a time from start to finish. That way a user would not have to remember which variation he was trying to configure as he read--worked for me. ;-) Attached is a proposed README.TXT file with most of it this section rewritten. I don't believe the second configuration is complete. Moreover, I had fun playing with the image. I have documented many other tasks in the readme.txt file. I started a FAQ with one of the questions on the devel mailing list. One section is a quick how to on configuring a cd burner under Redhat. I even describe how to customize the image, but I appear to be boot challenged. LOL...my modified disk image did not boot after I added a dosutils directory, etc. I realize there are many ways and tools to create a boot able ISO image, but I would be happy, if there was a complete example under Linux. Would someone please look at the readme.txt and show me what is missing to make the iso boot? I realize that the random number seed is not saved on existing LEAF systems. I am thinking this might be a security weakness (it might make it easier to guess sequence numbers, etc). Is there a way to save this seed on the config floppy as the system is halted or rebooted? Thanks again, I hope the feedback is useful, Greg Charles Steinkuehler wrote: > I have released a preliminary version of Dachstein-CD. Based on Dachstein, > LRP-CD, and extensive modifications to the backup scripts, it's getting > easier than ever to boot from a CD. The files, and some documentation are > available from my website: > http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/ > > But if you're grabbing the CD image, you'll probably have better luck with > the faster mirrors: > http://lrp1.steinkuehler.net/files/diskimages/dachstein-CD/ > http://lrp2.steinkuehler.net/files/diskimages/dachstein-CD/ > > The mods are described in the README file, and the new backup system should > be pretty easy to understand. The big change is you can now select the > desired backup type and destination on a per-package basis, making it easy > to control the generation of full or partial (config information only) > backups, and to save them to floppy, hard-disk, or where-ever. > > I'm headed out of town for a long weekend (back Wedensday), so I may not be > able to answer questions immediately. Don't let that worry you though...the > new system is much easer to use than the previous LRP-CD release, and I > think anyone reasonably familiar with LRP won't get too lost. The main > thing to watch is getting your package path setting correct (remember, the > kernel parameter is overridden by the pkgpath.cfg file on your floppy...see > the README). > > I don't have time to update my website to reflect the changes, so keep the > links above handy for now, and get a jump on the rest of the world for being > a LEAF list member! > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) >
WARNING! You need to be reasonably familiar with LRP to use this CD based distribution. It's getting easier all the time, but until a real packaging system designed to handle ramdisk based setups booting from read-only media is created, there will always be some oddities with using the CD version you won't have when running floppies. You can find additional information here: http://lrp.steinkuehler.net/Packages/LRP-CD.htm LRP-CD Contents: LaBrea.lrp A package to slow down port-scanners and Internet worm propagation README.txt This file bash.lrp The bash shell bootdisk.bin The 1.44 Meg floppy disk image used to make the CD bootable. If your system cannot boot directly from the CD, you can make a floppy disk out of this image, and use that to boot, instead. bwidth22.lrp User-space QoS tools dhclient.lrp dhcpd.lrp ISC DHCP client and server dnscache.lrp The dns caching portion of djbdns (tinydns) etc.lrp The Dachstein firewall scripts and other contents of /etc lib /lib/modules contains all available kernel modules, and can be loaded directly from the CD (no need to copy modules to your floppy). See /etc/modules for details. libm.lrp libpcap.lrp lncurses.lrp Libraries required for some of the other packages local.lrp everything in /usr/local (currently just directory placeholders) log.lrp replaced by ramlog...included in case you don't want logs on their own partition lrdline2.lrp library required by bash lynx.lrp a small console based web-browser mawk.lrp GNU version of awk modules.lrp kernel module loader & configuration nmap.lrp handy port-scanning utility nmbd-207.lrp the wins name-server portion of samba ramdisk.lrp creates and mounts additional ramdisk partitions at boot time ramlog.lrp combines ramdisk.lrp and log.lrp to create additional ramdisks at boot and populate /var/log with the required files root.lrp the core filesystem rsync.lrp the only way to copy snmp.lrp a snmp server and some utilities socks5-c.lrp socks5.lrp A socks server for 'difficult' applications ssh-1.lrp ssh1-key.lrp sshd-1.lrp SSH from Koon's website tcpdump.lrp handy packet sniffing tool vim.lrp vi-improved editor weblet.lrp shell-based web-server Using LRP-CD: First, create a CD-Rom. Just burn the ISO image on a CD using your favorite CD-Rom burner software. Once you've got the CD burned, you need to figure out how your system is going to boot. There are three possibilities: 1.) Your system won't boot off a CD-Rom at all: 2.) Your system boots off a CD, but not if there's a floppy disk inserted 3.) Your system boots off a CD, even if you've got a floppy disk loaded 1.) Your system won't boot off a CD-Rom at all: DESCRIPTION: If this is the case, you need to make a boot disk from the bootdisk.bin file on the CD-Rom, using rawrite, winimage, dd, or your favorite disk image tool. Once you've created the boot disk, you need to configure some boot parameters. Edit syslinux.cfg on the floppy, and verify the boot= parameter is correct (it probably is, it's pre-set to /dev/fd0), and make sure PKGPATH= is set to point to your CD-ROM (you may have to change this from the default, /dev/hda). If you don't have PKGPATH set properly, the system will NOT boot, as there is not a complete LRP system on the boot floppy, just the kernel and root.lrp. NOTE: You may want to change to a larger format floppy to get a bit more space, since you have to save the kernel and root.lrp along with your configuration files... BOOT: Now it's time to boot your LRP-CD system. Your system should come up and eventually get to the login prompt (if not, you probably miss configured the syslinux.cfg parameters on your boot disk, or you are not using an IDE CD-ROM drive). You'll see lots of errors along the way, but that's OK for now (no NIC modules configured, etc). CONFIGURATION: Now that LRP-CD is booting, you need to configure the system for your particular application. First, you need to verify the PKGPATH= parameter is correct for your system. You just edit syslinux.cfg on the floppy, when you boot from a floppy disk. Second, you now need to configure which LRP packages to load. Again, floppy booters can edit syslinux.cfg. 2.) Your system boots off a CD, but not if there's a floppy disk inserted: DESCRIPTION: You can boot off the LRP-CD to get started, but you will have to make a boot disk (see above), since you'll need to store configuration information on a floppy disk. NOTE: You might want to experiment with some BIOS settings. I've got some old Pentium machines that will boot from CD, but default to the floppy disk. In the BIOS, however, you can disable floppy booting, so the system always boots from CD. BOOT: Now it's time to boot your LRP-CD system. Your system should come up and eventually get to the login prompt (if not, you probably miss configured the syslinux.cfg parameters on your boot disk, or you are not using an IDE CD-ROM drive). You'll see lots of errors along the way, but that's OK for now (no NIC modules configured, etc). NOTE: If you're booting directly off the CD, and the CD is not /dev/hda, you'll have to REMOVE ANY FLOPPY DISK before booting, or the system will not find the packages on the CD-ROM. CONFIGURATION: Now that LRP-CD is booting, you need to configure the system for your particular application. First, you need to verify the PKGPATH= parameter is correct for your system. 3.) Your system boots off a CD, even if you've got a floppy disk loaded: DESCRIPTION: You don't need to make a boot disk, just have a blank floppy handy for saving your configuration information. BOOT: Now it's time to boot your LRP-CD system. Your system should come up and eventually get to the login prompt (if not, you probably miss configured the syslinux.cfg parameters on your boot disk, or you are not using an IDE CD-ROM drive). You'll see lots of errors along the way, but that's OK for now (no NIC modules configured, etc). NOTE: If you're booting directly off the CD, and the CD is not /dev/hda, you'll have to REMOVE ANY FLOPPY DISK before booting, or the system will not find the packages on the CD-ROM. CONFIGURATION: Now that LRP-CD is booting, you need to configure the system for your particular application. First, you need to verify the PKGPATH= parameter is correct for your system. You can't change the syslinux.cfg file on the CD, when you boot from CD. To over-ride the PKGPATH setting from the CD's syslinux.cfg, add the file 'pkgpath.cfg' to your floppy disk. The contents of this file are EXACTLY what you would put after the PKGPATH= line in syslinux.cfg (ie a comma seperated list of device names, ALL ON ONE LINE): device[:filesystem][,device[:filesystem]] Second, you now need to configure which LRP packages to load. You can't change the syslinux.cfg file on the CD, when you boot from CD. To over-ride the default setting from the CD's syslinux.cfg, add the file 'lrpkg.cfg' to your floppy disk. The contents of this file are EXACTLY what you would put after the LRP= line in syslinux.cfg (i.e. a comma separated list of package names, ALL ON ONE LINE): package[:searchorder][,package[:searchorder]] For example if your are transitioning from edgersteinbeta2 to dachstein and wanted to add vim, your lrpkg.cfg file would look like this: etc:R,local,modules,ramlog,dhclient,dnscache,dhcpd,weblet,lncurses,vim NOTE: 1.) LRP= from edgersteinbeta2 was dropped 2.) ramlog replaces log 3.) lncurses must preceed vim because vim uses the curses library. Detail Package Path Syntax: package[:searchorder][,package[:searchorder]] package is an LRP package file (without the .lrp extension) searchorder controls the package load behavior, and is one of: f forward search, load multiple packages *DEFAULT* F forward search, load first package found and stop r reverse search, load multiple packages R reverse search, load first package found and stop A "forward search" starts with the PKGPATH entries (read right to left) and looks at the boot= device last A "reverse search" starts with the boot= device, and goes through the PKGPATH entries (read left to right) New ramlog Package NOTE: This CD image includes an ramlog.lrp, which is intended to REPLACE log.lrp. Make sure you have a mount entry for /var/log in /etc/fstab, and you have a secondary ramdisk defined. The etc.lrp and ramdisk.lrp provided will mount /var/log on a 4 Meg ramdisk (/dev/ram1) if left unchanged. New Backup Commands At this point, you can configure your system normally, however when you go to backup packages you'll notice some dramatic changes from earlier versions. The backup scripts now support selecting both destination and backup type on a per-package basis. This means you can save just the configuration data to your floppy, but do a full backup of the package when you want to export it to another LRP system or burn a new CD-ROM. Currently, the three backup types supported are: full - Backs up everything none - Backs up nothing. Before you tell me this is worthless, allow me to point out that if you've got a lot of packages you load from CD that don't require configuration or backing up (like vim or bash) You can set their backup type to none and a backup of all packages will handily skip right over them :) partial - This is the fun new backup type. It is an expanded version of the previous CD backup scripts. By default, it will backup any files that are part of the package that exist either in the /etc directory or the /var/lib/lrpkg directory. The version for this release has been enhanced, however, and supports the use of a <package>.local file in the /var/lib/lrpkg directory. The format of this file is similar to the format of the <package>.list file (a list of filenames...wildcards OK), with the addition of a flag before the filename. Currently supported flags are: i I - The file(s) are included in a partial backup (used to create the INCLUDE file) x X e E - The file(s) are excluded from a partial backup (added to the EXCLUDE file) This should make it possible to meet fairly complex backup requirements NOTE: If you don't like the warning messages about missing <package>.local files, just copy the <package>.list file to <package>.local, put an 'I ' (note the space) in front of every line, and delete any files that you don't think you're going to change (like the binaries). modified - This FUTURE (it's not implemented yet, so don't e-mail me about it unless you've gotten it working and are sending me code :) This will use file dates and/or MD5 checksums to only backup those files that actually changed. If I ever get around to writing this, it will be really cool :) NOTES: - The backup type is saved in <package>.bktype and is saved along with the package. - The backup destination defaults to the last filesystem a package was loaded from One of my system configuration disks: firewall: -root- # ls -l /mnt -rwxr-xr-x 1 root root 46736 Oct 10 12:25 etc.lrp -rwxr-xr-x 1 root root 52 Oct 10 16:08 lrpkg.cfg -rwxr-xr-x 1 root root 1271 Oct 10 15:51 modules.lrp -rwxr-xr-x 1 root root 3223 Oct 10 12:04 sshd-1.lrp firewall: -root- # cat /mnt/lrpkg.cfg etc:R,local,modules,ramlog,sshd-1,ssh-1,lncurses,vim firewall: -root- # Secure Shell Issues: NOTE: To use ssh, you will need to manually load ssh1-key from the CD-ROM and create a host key: mount -t iso9660 -r /dev/hdc /mnt cd /mnt lrpkg -i ssh1-key mkhostkey cd / umount /mnt Then backup sshd-1 Other uses of the CD: If for some reason you need to customize the CD, get a copy of the CD-Contents directory on a linux box, and run the following command: mkisofs -b bootdisk.bin -r -o <outputfile> <path>/CD-Contents/ Replace dachstein-CD.iso with the current name of the dachstein ISO file. It is also possible to use other software to create a bootable disk image...see the instructions that came with whatever software you use if you don't have access to a linux system. Customizing the CD: One possible customization is to burn a CD with your entire configuration on the CD. This is especially useful if your configuration is fairly static. Moreover, if your LEAF box is a regular PC with a power supply fan and CPU fan in a dusty environment like Arizona, customizing an ISO is a great way to keep 1680 formatted floppies from being eaten by the dust bunnies. 1.) You will need to make a full backup of all the packages that you modified on your LEAF system. 2.) You will need to put the ISO image on a linux box. Replace dachstein-CD.iso with the name of the current dachstein ISO image. Make or find a safe directory to issue the following commands. Use these commands: cd mysafedirectory mkdir origimage cd origimage mount dachstein-CD.iso -r -t iso9660 -o loop ./origimage mkdir newimage cd newimage cp -R ../origimage/* . cd .. umount ./origimage 3.) Copy your modified lrp packages to the newimage directory. Use these commands: mount -t msdos /dev/fd0 /mnt/floppy cp /mnt/floppy/* newimage 4.) You will need to replace the original ISO's module list with your list from lrpkg.cfg. (Need to find original ISO module list) 5.) Create the ISO with your customizations. Use these commands: rm mydachstein.iso mkisofs -R -o mydachstein.iso newimage 6.) Burn your customized ISO using your favorite CD-Rom burner software. 7.) Boot your new system with a floppy as may be required depending on your hardware limitations. Configuring an ATA/IDE CD-RW Drive Under Linux: Adding a CD-RW drive under Windows can be a straight foward task. However, Linux adds a little twist to the configuration. The writing software is written to work with SCSI devices. This can be a challenge to Linux newbies especially when the person is configuring an ATA/IDE drive. All you have to do is load the driver for the IDE to SCSI conversion. In later releases of Linux, a kernel recompile may not be required. Here are the steps to configure a ATA/ICE CD-RW drive under Redhat Linux 7.1. Redhat compiles millions of modules in a stock installation. You don't have to compile a custom kernel to support that brand new CD-RW. Just send some append arguments to lilo. These steps were tested on Redhat 7.1 with Redhat kernel 2.4.3 and the SGI XFS file system 1.01. 1.) vi /etc/lilo.conf as root. 2.) Add the append line to each image stanza. NOTE: My cdrom-RW is on /dev/hdc so I added append="hdc=ide-scsi" The complete lilo image stanza looks like this: image=/boot/vmlinuz-2.4.3-SGI_XFS_1.0.1 label=linux read-only root=/dev/hda5 append="hdc=ide-scsi" Your stanza will vary depending on your version of the kernel and other options you or the distribution have selected for you. 3.) Execute lilo /sbin/lilo at the command prompt as root. Remember after you make changes to /etc/lilo.conf you have to execute /sbin/lilo to create a new boot sector with your changed configuration. The Linux boot sector can span more than one 512 sector. So lilo writes those sectors and points to your lilo.conf file and any message files you want displayed at startup. 4.) reboot 5.) Make sure the modules are loaded. See the scsi_mod modules listed below in the lsmod output? [root]# lsmod Module Size Used by sr_mod 15470 0 (autoclean) soundcore 5999 0 (autoclean) autofs 11260 1 (autoclean) 3c59x 26737 1 (autoclean) ipchains 35092 0 (unused) ide-scsi 9018 0 scsi_mod 97570 2 [sr_mod ide-scsi] ide-cd 30171 0 cdrom 32777 0 [sr_mod ide-cd] 6.) Test. Xcdroast just passes commands to Linux command line program cdrecord. So just use the scanbus option of cdrecord to make sure everything is detected properly. [root]# cdrecord -scanbus Cdrecord 1.9 (i686-pc-linux-gnu) Copyright (C) 1995-2000 Jörg Schilling Linux sg driver version: 3.1.17 Using libscg version 'schily-0.1' scsibus0: 0,0,0 0) 'BTC ' 'BCE1610IM ' '0.17' Removable CD-ROM 0,1,0 1) * 0,2,0 2) * 0,3,0 3) * 0,4,0 4) * 0,5,0 5) * 0,6,0 6) * 0,7,0 7) * 7.) Your mileage may vary with other versions of Redhat and other linux distributions. FAQ > Regarding /etc/network.conf, what are the differences between LRP-CD and > Dachstein-CD? > > Or, are all of the differences in the other scripts that call variables > instantiated in network.conf? > > I ask this, because I am interested in quickly converting several > instances of LRP-CD to Dachstein-CD -- of course, *after* extensive > testing -- and I need to gauge the amount of effort required to convert > network.conf . . . In general, the Dachstein scripts are a superset of LRP-CD, which was based on Eiger. For upgrading, you have a few options: 1) Keep all of your existing configuration files. You *should* be able to simply replace the LRP-CD with a Dachstein-CD, and reboot, although you'll probably have to modify etc in the lrpkg.cfg file on your floppy to be etc:R, due to the new packaging scheme. The big drawback to this is you won't have the new network scripts, but there's nothing wrong with the eiger-based LRP-CD scripts, if you don't need the extra functionality. You may also need to be careful about packages with init scripts. If the init scripts changed (I think this only applies to IPSec) you may have to merge the changes manually. I will typically boot w/o loading my local config in this case, and manually unpack the config files to /tmp, then move them to the appropriate location. Of course many packages (like ssh) haven't changed at all, so you can use your old configuration w/o worry. 2) Migrate the configuration information to the new CD. This is mainly merging the contents of /etc/network.conf to the new network.conf file. There should be little or no change required to the variables in your existing network.conf...the settings should just copy over. 3) Re-configure the system from scratch. This really isn't too hard, but you'll loose things like your ssh host ID, and IPSec private keys (assuming you're using RSA keys for authentication). What I would probably do, on a per-package basis: bwidth22.lrp - No configuration needed dhcpd.lrp - Identical...keep existing config etc.lrp - create from scratch using Dachstein base & old config files ipsec.lrp - manually copy old /etc/ipsec.* files to new package (when it comes out :) local.lrp - keep old config log.lrp - no config necessary modules.lrp - create from scratch using Dachstein base nmbd-207.lrp - Identical...keep existing config ramdisk.lrp - edit from Dachstein base, if required root.lrp - no config required...use the new one :) snmp.lrp - Identical...keep old config socks5-c.lrp - Identical...keep old config socks5.lrp - Identical...keep old config ssh-1.lrp - Identical...keep old config ssh1-key.lrp - Identical...keep old config sshd-1.lrp - Identical...keep old config update.lrp - Not required anymore...do not load So...take a look at etc, modules, and ipsec from a configuration standpoint, and edit your lrpkg.cfg file, removing update, changing etc to etc:R, and adding any new packages you want. I think that will do it...
@echo off rawrite -f bootdisk.bin -d a: