1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
I've been working on running network services on virtual user-mode-linux |
5 |
servers for added security (I get about 1000+ ssh breakin attempts/week |
6 |
and a good deal of apache exploit attempts as well, but I have |
7 |
legitimate ssh users and a rather large amount of old, shaky PHP that is |
8 |
still in the process of being rewritten in ruby.) At this point, i've |
9 |
got a nice 463-line bash script hacked together to build my UML root |
10 |
filesystems by basically doing "env ROOT=... emerge glibc baselayout ... |
11 |
etc." and then tweaking a bunch of stuff in /etc to make Gentoo play |
12 |
nice with UML. |
13 |
|
14 |
The problem is that I'm still generating a "live" system... it needs to |
15 |
run off a writable root fs. i'd like to get something more like the |
16 |
livecd, with a read-only root (i.e. squashfs) and tmpfs links for |
17 |
anything that needs to be writable, but I don't need alot of the live-cd |
18 |
generation process, in particular the kernel build and bootable-ISO |
19 |
generation, among other things. |
20 |
|
21 |
Also, I was wondering how realistic it is to replace bash, grep, sed, |
22 |
awk, tail, procps, psutil, etc. with busybox. I know that the |
23 |
initscripts in baselayout rely on these various text- and shell-utils |
24 |
and obviously on bash... is it possible to get them to run using busybox |
25 |
and its builtin applets? if so that would cut down on the root-fs size |
26 |
and complexity, not to mention my build time, by alot. |
27 |
|
28 |
I know catalyst is designed to do this sort of thing, and from what I |
29 |
gather, the embedded target, although meant for real (as in hw) embedded |
30 |
systems, is pretty close to what I need, but when it comes to python, i |
31 |
know very little, so examining the source in /usr/lib/catalyst/modules/ |
32 |
hasn't been too helpful. Which target is closest to what I'm looking |
33 |
for, and if the embedded target is it, where can I find some good info |
34 |
and an example .spec for it? I found this link: |
35 |
[http://dev.gentoo.org/~mutex/catalyst-doc], but at the end there's |
36 |
nothing after the line, "Links to sample spec files:" ;) |
37 |
|
38 |
I'm willing to take the plunge and learn python if nescessary to do some |
39 |
hacking on one of the existing target modules to get it to do what i |
40 |
need. Basically just wondering if anyone else is interested in automated |
41 |
building of this kind of system, and if anyone can suggest where to |
42 |
start and what might need to be done in order to get catalyst to do |
43 |
this. I don't mean to pester the developers; this is not intended as a |
44 |
"feature request" or a "how do I ..." help-desk call ;) |
45 |
|
46 |
Thanks -- V. M. Condino |
47 |
|
48 |
-----BEGIN PGP SIGNATURE----- |
49 |
Version: GnuPG v1.4.1 (GNU/Linux) |
50 |
|
51 |
iD8DBQFCwwzNW5g8mX2/4TYRApdbAJ42OQ6baGeGTjPy6YfcFMacIrtpigCfciR+ |
52 |
LmwiFd3/Rkmw9SpT9Wqmyhc= |
53 |
=K42M |
54 |
-----END PGP SIGNATURE----- |
55 |
-- |
56 |
gentoo-catalyst@g.o mailing list |