The Wandering Star/Setup

From Hackerspace Brussels
Jump to: navigation, search

Parent: The Wandering Star


Base

The distribution used is a 64 bits Debian "Squeeze", which is in the "testing" branch. It has been installed via debootstrap from the left over Ubuntu installation on the hard disk.

System modifications

Here are the modifications made to the default install.

/etc/fstab:

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>               <dump>  <pass>
proc            /proc           proc    defaults                0       0
/dev/sdb1       /               ext3    errors=remount-ro,noatime 0       1
var/cache/apt   /var/cache/apt  tmpfs   defaults                0       0
apt/lists       /var/lib/apt/lists      tmpfs   defaults        0       0
/tmp            /tmp            tmpfs   defaults                0       0

/etc/default/rcS

#
# /etc/default/rcS
#
# Default settings for the scripts in /etc/rcS.d/
#
# For information about these variables see the rcS(5) manual page.
#
# This file belongs to the "initscripts" package.

TMPTIME=0
SULOGIN=no
DELAYLOGIN=no
UTC=yes
VERBOSE=no
FSCKFIX=no
RAMRUN=yes
RAMLOCK=yes

/etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

## 2010-07-13: apt cache directory to ramdisk
mkdir -p /var/cache/apt/archives/partial
## 2010-07-13: apt lists cache directory to ramdisk
mkdir -p /var/lib/apt/lists/partial

exit 0

Login banner

The machine will need a nice customized banner to replace the boring default full of legalese red tape provided by Debian. The banner is ASCII text and should be 80x24 chars in size (think of the hardcore console users out there) The_Wandering_Star/Banner

/usr/share/doc and /usr/share/man

Those two directories are useless in our case and take valuable flash space. They have been deleted and replaced by symbolic links to /tmp, which is flushed clean at every reboot. If you need the provided Debian documentation or the man pages, use the huge library better known as the internet.

/var/tmp

Deleted and symlinked to /tmp: This directory is used for the temporary-but-not-that-temporary files that should be preserved across reboots. Flash space is precious -> delete at every boot

/tmp

Flash is fragile: avoid writing to it for no reason. /tmp has a tmpfs mounted over it, so the temporary files are kept in RAM.

/var/run and /var/lock

This is a good example of directory where the content is meaningless after a reboot. Debian and Ubuntu have a built-in option in the init scripts that allow to mount a tmpfs over those directories. That option is disabled by default. To enable that, edit the file /etc/default/rcS and set the variables RAMRUN and RAMLOCK to yes. It is possible that they are absent from the file: just add the variables if you need them.

Package manager modifications

apt use a lot of valuable disk space for storing repository infos and downloaded packages. It is possible to make it leaner.

  • /var/cache/apt contains the .deb files that are being downloaded during an installation. They are usually kept around just in case you want to reinstall a package, so you don't download it over and over again. Left unchecked, that directory can hold several gigabytes of useless data. You can manually clean it up by issuing the command apt-get clean.
  • /var/lib/apt/lists contains a compiled database of packages from the chosen repositories. The files are regenerated whenever you use apt-get update. It is several megabytes in size. Since it is easily regenerated, mounting a tmpfs over it is not an issue.

Mounting a tmpfs over those directories will make the cleaning part fully automatic while preserving the flash from useless writes. Unfortunately, they contain an empty partial subdirectory that is needed by apt. The trick is to recreate them during the boot sequence after the tmpfs are mounted. /etc/rc.local is a nice place for that.

ssh

Password authentication is disabled: you need to have your public key in the authorized_keys file to log in. The following two lines have been modified in /etc/ssh/sshd_config:

PermitRootLogin without-password
PasswordAuthentication no

Users accounts

A script is used to create user accounts and generate random passwords.

#!/bin/sh
HOME_BASE="/home"
USER=$1
PASSWORD=`pwgen -cn -1 10`
PW_HASH=`openssl passwd -1 ${PASSWORD}`
useradd  -m -b ${HOME_BASE} -s /bin/bash -p ${PW_HASH} ${USER}
echo Your new user account has been created with the username \"${USER}\", and the password \"${PASSWORD}\".
echo ${PASSWORD} > ${HOME_BASE}/${USER}/.pwd.txt

Kernel

A new kernel has been compiled using make-kpkg, found in the kernel-package package. The resulting package built for the project can be found here. To use this repository, create the file /etc/apt/sources.list.d/apt.askarel.be.list:

deb http://apt.askarel.be/ squeeze main non-free contrib

/etc/login.defs

This set the permission of user home directories to drwx------

UMASK 077

/etc/skel

mkdir /etc/skel/.ssh
touch /etc/skel/.ssh/authorized_keys
chmod 700 /etc/skel/.ssh