Tag: dockstar

linux read only root filesystem

To create a read only root file system we need to know which processes access which files and which files must be accessible. So here is a list of files to take care of. Everything below /var is assumed of being accessible as it makes no sense from my point of view to restrict access for everything, which could nevertheless also be achieved by following this instructions.

There are already some special file systems available in a standard linux installation, so we do not need to take care about:

  • /tmp – tmpfs
  • /sys – sysfs
  • /proc – procfs
  • /dev – udev

So we finally will have:

/  root as extended fs read only mounted

/var as exteneded fs mounted read writable

/tmp as temp fs ounted read writable

And now to the tricks. We need to take care about /etc as there are some files which need special preparation:

adjtime – should be linked to somewhere beyond /var; /etc/init.d/hwclockfirst.sh and hwclock.sh should be adjusted to show the option –noadjtime

 

blkid.tab – should be linked to somewhere beyond /var; the environement variable BLKID_FILE must be set to  /var/local/blkid.tab in /etc/environment

 

mtab – Create a symlink from /etc/mtab to /proc/self/mounts

 

network/run – ifupdown links /etc/network/run to /dev/shm/network in postinst if /dev/shm exists and /etc/network/run does not; my installation was not successful without an existing network/run/ifstates, so I copied the complete directory once the network was up and running.

 

nologin – This should already be a symlink to /var/lib/initscripts/nologin

 

resolv.conf – no problem with static nameserver configurations

 

passwd, shadow – may be modified by user interaction

 

apt-get could be modified to remount before installing anything:

DPkg {
    // Auto re-mounting of a readonly /
    Pre-Invoke { "mount -o remount,rw /"; };
    Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o remount,ro / || true"; };
};

Use lsof to find processes blocking the readonly mount.


There are some additional tricks to check:
  • reduce swappiness in /proc/sys/vm/swappiness
  • enable laptop mode
  • reduce cache writeback time /proc/sys/vm/dirty_writeback_centisecs and dirty_expire_centisecs
  • filesystem relatime
  • reduce syslog file syncing by putting a “-” in front of the syslog lines

 

dockstar – PS2 modding

Some time ago I bought a damaged PS2 to use the housing for a coming project and now the project is here. I installed a dockstar inside of the PS2 housing and pimped everything a little bit. Additionally to the dockstar there is a 500GB 3,5″ harddisk, a USB card reader for a 1GB SD card which I use for var and home directories and finally a picture frame for getting output signals.Please find below some pictures of the build.

dockstar – Target filesystem doesn't have requested /sbin/init-ro

The error “Target filesystem doesn’t have requested /sbin/init-ro” may come up when the USB stick was not cleanely unmounted. The simple solution is to do a file system check with fsck. To find the correct device to perform the fsck on just type fdisk -l which gives an overview on all attached devices and their structure. The file system check should follow as “fsck.ext2 /dev/sda1” for example.

updating uboot on the dockstar

I copied the installation instructions and files from the wonderful website of Jeff Doozan who made an excellent job at:
http://jeff.doozan.com/debian/uboot/
by copying the installation script and executying.
cd /tmp
wget http://jeff.doozan.com/debian/uboot/install_uboot_mtd0.sh
chmod +x install_uboot_mtd0.sh
./install_uboot_mtd0.sh

install debian on dockstar

I just followed the instructions from http://jeff.doozan.com/debian/ by copying his installation script to a local tmp directory:

cd /tmp
wget http://jeff.doozan.com/debian/dockstar.debian-squeeze.sh
chmod +x dockstar.debian-squeeze.sh
export PATH=$PATH:/usr/sbin:/sbin
./dockstar.debian-squeeze.sh

after this the system is gathering stuff from the internet and is installing it on the attached USB stick. And it succeeded with a newly running debian squeeeze on my dockstar

uboot install on dockstar

-bash-3.2# cd /tmp/
-bash-3.2# wget http://jeff.doozan.com/debian/uboot/install_uboot_mtd0.sh
Connecting to jeff.doozan.com (69.163.187.226:80)
wget: cannot connect to remote host (69.163.187.226): Network is unreachable
-bash-3.2# route add default gw 192.168.4.250
-bash: route: command not found
-bash-3.2# /sbin/route add default gw 192.168.4.250
-bash-3.2# wget http://jeff.doozan.com/debian/uboot/install_uboot_mtd0.sh
Connecting to jeff.doozan.com (69.163.187.226:80)
install_uboot_mtd0.s 100% |******************************************************************************************************************************************| 15859 00:00:00 ETA
-bash-3.2# ls
install_uboot_mtd0.sh resolv.conf var
-bash-3.2# chmod +x install_uboot_mtd0.sh
-bash-3.2# ./install_uboot_mtd0.sh

!!!!!! DANGER DANGER DANGER DANGER DANGER DANGER !!!!!!

If you lose power to your device while running this script,
it could be left in an unusable state.

This script will replace the bootloader on /dev/mtd0.

This installer will only work on a Seagate Dockstar or Pogoplug Pink.
Do not run this installer on any other device.

By typing ok, you agree to assume all liabilities and risks
associated with running this installer.

If you agree, type ‘ok’ and press ENTER to continue: ok

DISABLE POGOPLUG SERVICES

The pogoplug service includes an auto-update feature which could
be used to cripple or disable your device. It is recommended
that you disable this service.

NOTE: The pogoplug service is proprietary software
created by Cloud Engines. It is not available for use
in other distributions and will not be available in
your new linux installation even if you choose not to disable it.

Would you like to disable the pogoplug services? [Y/n] Y
Applying fixes to the pogoplug environment…
Disabling the pogoplug service…
Done fixing pogoplug environment.

# checking for /uboot-original-mtd0.kwb…

# Installing /uboot-original-mtd0.kwb…
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot-original-mtd0. 100% |******************************************************************************************************************************************| 49 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot-original-mtd0. 100% |******************************************************************************************************************************************| 512k 00:00:00 ETA
# Successfully installed /uboot-original-mtd0.kwb.
# checking for /usr/sbin/blparam…

# Installing /usr/sbin/blparam…
Connecting to jeff.doozan.com (69.163.187.226:80)
blparam.md5 100% |******************************************************************************************************************************************| 42 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
blparam 100% |******************************************************************************************************************************************| 14168 00:00:00 ETA
# Successfully installed /usr/sbin/blparam.
# checking for /usr/sbin/nandwrite…

# Installing /usr/sbin/nandwrite…
Connecting to jeff.doozan.com (69.163.187.226:80)
nandwrite.md5 100% |******************************************************************************************************************************************| 44 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
nandwrite 100% |******************************************************************************************************************************************| 11500 –:–:– ETA
# Successfully installed /usr/sbin/nandwrite.
# checking for /usr/sbin/nanddump…

# Installing /usr/sbin/nanddump…
Connecting to jeff.doozan.com (69.163.187.226:80)
nanddump.md5 100% |******************************************************************************************************************************************| 43 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
nanddump 100% |******************************************************************************************************************************************| 21286 –:–:– ETA
# Successfully installed /usr/sbin/nanddump.
# checking for /usr/sbin/flash_erase…

# Installing /usr/sbin/flash_erase…
Connecting to jeff.doozan.com (69.163.187.226:80)
flash_erase.md5 100% |******************************************************************************************************************************************| 46 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
flash_erase 100% |******************************************************************************************************************************************| 12819 –:–:– ETA
# Successfully installed /usr/sbin/flash_erase.
# checking for /usr/sbin/fw_printenv…

# Installing /usr/sbin/fw_printenv…
Connecting to jeff.doozan.com (69.163.187.226:80)
fw_printenv.md5 100% |******************************************************************************************************************************************| 46 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
fw_printenv 100% |******************************************************************************************************************************************| 652k 00:00:00 ETA
# Successfully installed /usr/sbin/fw_printenv.
# checking for /etc/fw_env.config…

# Installing /etc/fw_env.config…
Connecting to jeff.doozan.com (69.163.187.226:80)
fw_env.config.md5 100% |******************************************************************************************************************************************| 48 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
fw_env.config 100% |******************************************************************************************************************************************| 329 –:–:– ETA
# Successfully installed /etc/fw_env.config.

# Attempting to auto-detect your device…Dockstar detected

# Installing uBoot
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot.mtd0.kwb.md5 100% |******************************************************************************************************************************************| 49 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot.mtd0.kwb 100% |******************************************************************************************************************************************| 512k 00:00:00 ETA
Erase Total 4 Units
Performing Flash Erase of length 131072 at offset 0x60000 done
Writing data to block 0 at offset 0x0
Writing data to block 1 at offset 0x20000
Writing data to block 2 at offset 0x40000
Writing data to block 3 at offset 0x60000
Block size 131072, page size 2048, OOB size 64
Dumping data starting at 0x00000000 and ending at 0x00080000…
## Verifying new uBoot…
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot.mtd0.kwb.md5 100% |******************************************************************************************************************************************| 49 –:–:– ETA
# Verified successfully!

# Installing uBoot environment
Warning: Bad CRC, using default environment
## Error: “ethaddr” not defined
Warning: Bad CRC, using default environment
## Error: “rescue_installed” not defined
Warning: Bad CRC, using default environment
## Error: “bootcmd_rescue” not defined
Warning: Bad CRC, using default environment
## Error: “rescue_custom_params” not defined
Warning: Bad CRC, using default environment
## Error: “usb_custom_params” not defined
Warning: Bad CRC, using default environment
## Error: “ubifs_custom_params” not defined
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot.environment.md 100% |******************************************************************************************************************************************| 52 –:–:– ETA
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot.environment 100% |******************************************************************************************************************************************| 128k 00:00:00 ETA
Erase Total 1 Units
Performing Flash Erase of length 131072 at offset 0xc0000 done
Writing data to block 6 at offset 0xc0000

# Verifying uBoot environment
ECC failed: 6
ECC corrected: 0
Number of bad blocks: 0
Number of bbt blocks: 0
Block size 131072, page size 2048, OOB size 64
Dumping data starting at 0x000c0000 and ending at 0x000e0000…
Connecting to jeff.doozan.com (69.163.187.226:80)
uboot.environment.md 100% |******************************************************************************************************************************************| 52 –:–:– ETA

# uBoot installation has completed successfully.
-bash-3.2# /usr/bin/f
fdformat find flash_eraseall fold free ftpget ftpput fuser
-bash-3.2# /usr/sbin/fw_
fw_printenv fw_setenv
-bash-3.2# /usr/sbin/fw_printenv
ethact=egiga0
bootdelay=3
baudrate=115200
arcNumber=2097
mainlineLinux=yes
console=ttyS0,115200
led_init=green blinking
led_exit=green off
led_error=orange blinking
mtdparts=mtdparts=orion_nand:1M(u-boot),4M(uImage),32M(rootfs),-(data)
mtdids=nand0=orion_nand
partition=nand0,2
stdin=serial
stdout=serial
stderr=serial
rescue_installed=0
rescue_set_bootargs=setenv bootargs console=$console ubi.mtd=2 root=ubi0:rootfs ro rootfstype=ubifs $mtdparts $rescue_custom_params
rescue_bootcmd=if test $rescue_installed -eq 1; then run rescue_set_bootargs; nand read.e 0x800000 0x100000 0x400000; bootm 0x800000; else run pogo_bootcmd; fi
pogo_bootcmd=if fsload uboot-original-mtd0.kwb; then go 0x800200; fi
force_rescue=0
force_rescue_bootcmd=if test $force_rescue -eq 1 || ext2load usb 0:1 0x1700000 /rescueme 1 || fatload usb 0:1 0x1700000 /rescueme.txt 1; then run rescue_bootcmd; fi
ubifs_mtd=3
ubifs_set_bootargs=setenv bootargs console=$console ubi.mtd=$ubifs_mtd root=ubi0:rootfs rootfstype=ubifs $mtdparts $ubifs_custom_params
ubifs_bootcmd=run ubifs_set_bootargs; if ubi part data && ubifsmount rootfs && ubifsload 0x800000 /boot/uImage && ubifsload 0x1100000 /boot/uInitrd; then bootm 0x800000 0x1100000; fi
usb_scan=usb_scan_done=0;for scan in $usb_scan_list; do run usb_scan_$scan; if test $usb_scan_done -eq 0 && ext2load usb $usb 0x800000 /boot/uImage 1; then usb_scan_done=1; echo “Found bootable drive on usb $usb”; setenv usb_device $usb; setenv usb_root /dev/$dev; fi; done
usb_scan_list=1 2 3 4
usb_scan_1=usb=0:1 dev=sda1
usb_scan_2=usb=1:1 dev=sdb1
usb_scan_3=usb=2:1 dev=sdc1
usb_scan_4=usb=3:1 dev=sdd1
usb_init=run usb_scan
usb_device=0:1
usb_root=/dev/sda1
usb_rootfstype=ext2
usb_rootdelay=10
usb_set_bootargs=setenv bootargs console=$console root=$usb_root rootdelay=$usb_rootdelay rootfstype=$usb_rootfstype $mtdparts $usb_custom_params
usb_bootcmd=run usb_init; run usb_set_bootargs; run usb_boot
usb_boot=mw 0x800000 0 1; ext2load usb $usb_device 0x800000 /boot/uImage; if ext2load usb $usb_device 0x1100000 /boot/uInitrd; then bootm 0x800000 0x1100000; else bootm 0x800000; fi
bootcmd=usb start; run force_rescue_bootcmd; run ubifs_bootcmd; run usb_bootcmd; usb stop; run rescue_bootcmd; run pogo_bootcmd; reset
ethaddr=00:10:75:1A:D3:B0