The Wandering Star/Setup
Parent: The Wandering Star
Contents
Base
The distribution used is a 64 bits Debian "Squeeze", which is in the "testing" branch. It has been installed via debootstrap from the left over Ubuntu installation on the hard disk.
System modifications
Here are the modifications made to the default install.
/etc/fstab:
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/sdb1 / ext3 errors=remount-ro,noatime 0 1 var/cache/apt /var/cache/apt tmpfs defaults 0 0 apt/lists /var/lib/apt/lists tmpfs defaults 0 0 /tmp /tmp tmpfs defaults 0 0
/etc/default/rcS
# # /etc/default/rcS # # Default settings for the scripts in /etc/rcS.d/ # # For information about these variables see the rcS(5) manual page. # # This file belongs to the "initscripts" package. TMPTIME=0 SULOGIN=no DELAYLOGIN=no UTC=yes VERBOSE=no FSCKFIX=no RAMRUN=yes RAMLOCK=yes
/etc/rc.local
#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. ## 2010-07-13: apt cache directory to ramdisk mkdir -p /var/cache/apt/archives/partial ## 2010-07-13: apt lists cache directory to ramdisk mkdir -p /var/lib/apt/lists/partial exit 0
Login banner
The machine will need a nice customized banner to replace the boring default full of legalese red tape provided by Debian. The banner is ASCII text and should be 80x24 chars in size (think of the hardcore console users out there) The_Wandering_Star/Banner
Those two directories are useless in our case and take valuable flash space. They have been deleted and replaced by symbolic links to /tmp, which is flushed clean at every reboot. If you need the provided Debian documentation or the man pages, use the huge library better known as the internet.
/var/tmp
Deleted and symlinked to /tmp: This directory is used for the temporary-but-not-that-temporary files that should be preserved across reboots. Flash space is precious -> delete at every boot
/tmp
Flash is fragile: avoid writing to it for no reason. /tmp has a tmpfs mounted over it, so the temporary files are kept in RAM.
/var/run and /var/lock
This is a good example of directory where the content is meaningless after a reboot. Debian and Ubuntu have a built-in option in the init scripts that allow to mount a tmpfs over those directories. That option is disabled by default. To enable that, edit the file /etc/default/rcS and set the variables RAMRUN and RAMLOCK to yes. It is possible that they are absent from the file: just add the variables if you need them.
Package manager modifications
apt use a lot of valuable disk space for storing repository infos and downloaded packages. It is possible to make it leaner.
- /var/cache/apt contains the .deb files that are being downloaded during an installation. They are usually kept around just in case you want to reinstall a package, so you don't download it over and over again. Left unchecked, that directory can hold several gigabytes of useless data. You can manually clean it up by issuing the command apt-get clean.
- /var/lib/apt/lists contains a compiled database of packages from the chosen repositories. The files are regenerated whenever you use apt-get update. It is several megabytes in size. Since it is easily regenerated, mounting a tmpfs over it is not an issue.
Mounting a tmpfs over those directories will make the cleaning part fully automatic while preserving the flash from useless writes. Unfortunately, they contain an empty partial subdirectory that is needed by apt. The trick is to recreate them during the boot sequence after the tmpfs are mounted. /etc/rc.local is a nice place for that.
ssh
Password authentication is disabled: you need to have your public key in the authorized_keys file to log in. The following two lines have been modified in /etc/ssh/sshd_config:
PermitRootLogin without-password PasswordAuthentication no
Users accounts
A script is used to create user accounts and generate random passwords.
#!/bin/sh HOME_BASE="/home" USER=$1 PASSWORD=`pwgen -cn -1 10` PW_HASH=`openssl passwd -1 ${PASSWORD}` useradd -m -b ${HOME_BASE} -s /bin/bash -p ${PW_HASH} ${USER} echo Your new user account has been created with the username \"${USER}\", and the password \"${PASSWORD}\". echo ${PASSWORD} > ${HOME_BASE}/${USER}/.pwd.txt
Kernel
A new kernel has been compiled using make-kpkg, found in the kernel-package package. The resulting package built for the project can be found here. To use this repository, create the file /etc/apt/sources.list.d/apt.askarel.be.list:
deb http://apt.askarel.be/ squeeze main non-free contrib
/etc/login.defs
This set the permission of user home directories to drwx------
UMASK 077
/etc/skel
mkdir /etc/skel/.ssh touch /etc/skel/.ssh/authorized_keys chmod 700 /etc/skel/.ssh