| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
I've been working on running network services on virtual user-mode-linux |
| 5 |
servers for added security (I get about 1000+ ssh breakin attempts/week |
| 6 |
and a good deal of apache exploit attempts as well, but I have |
| 7 |
legitimate ssh users and a rather large amount of old, shaky PHP that is |
| 8 |
still in the process of being rewritten in ruby.) At this point, i've |
| 9 |
got a nice 463-line bash script hacked together to build my UML root |
| 10 |
filesystems by basically doing "env ROOT=... emerge glibc baselayout ... |
| 11 |
etc." and then tweaking a bunch of stuff in /etc to make Gentoo play |
| 12 |
nice with UML. |
| 13 |
|
| 14 |
The problem is that I'm still generating a "live" system... it needs to |
| 15 |
run off a writable root fs. i'd like to get something more like the |
| 16 |
livecd, with a read-only root (i.e. squashfs) and tmpfs links for |
| 17 |
anything that needs to be writable, but I don't need alot of the live-cd |
| 18 |
generation process, in particular the kernel build and bootable-ISO |
| 19 |
generation, among other things. |
| 20 |
|
| 21 |
Also, I was wondering how realistic it is to replace bash, grep, sed, |
| 22 |
awk, tail, procps, psutil, etc. with busybox. I know that the |
| 23 |
initscripts in baselayout rely on these various text- and shell-utils |
| 24 |
and obviously on bash... is it possible to get them to run using busybox |
| 25 |
and its builtin applets? if so that would cut down on the root-fs size |
| 26 |
and complexity, not to mention my build time, by alot. |
| 27 |
|
| 28 |
I know catalyst is designed to do this sort of thing, and from what I |
| 29 |
gather, the embedded target, although meant for real (as in hw) embedded |
| 30 |
systems, is pretty close to what I need, but when it comes to python, i |
| 31 |
know very little, so examining the source in /usr/lib/catalyst/modules/ |
| 32 |
hasn't been too helpful. Which target is closest to what I'm looking |
| 33 |
for, and if the embedded target is it, where can I find some good info |
| 34 |
and an example .spec for it? I found this link: |
| 35 |
[http://dev.gentoo.org/~mutex/catalyst-doc], but at the end there's |
| 36 |
nothing after the line, "Links to sample spec files:" ;) |
| 37 |
|
| 38 |
I'm willing to take the plunge and learn python if nescessary to do some |
| 39 |
hacking on one of the existing target modules to get it to do what i |
| 40 |
need. Basically just wondering if anyone else is interested in automated |
| 41 |
building of this kind of system, and if anyone can suggest where to |
| 42 |
start and what might need to be done in order to get catalyst to do |
| 43 |
this. I don't mean to pester the developers; this is not intended as a |
| 44 |
"feature request" or a "how do I ..." help-desk call ;) |
| 45 |
|
| 46 |
Thanks -- V. M. Condino |
| 47 |
|
| 48 |
-----BEGIN PGP SIGNATURE----- |
| 49 |
Version: GnuPG v1.4.1 (GNU/Linux) |
| 50 |
|
| 51 |
iD8DBQFCwwzNW5g8mX2/4TYRApdbAJ42OQ6baGeGTjPy6YfcFMacIrtpigCfciR+ |
| 52 |
LmwiFd3/Rkmw9SpT9Wqmyhc= |
| 53 |
=K42M |
| 54 |
-----END PGP SIGNATURE----- |
| 55 |
-- |
| 56 |
gentoo-catalyst@g.o mailing list |
Archives