You must be signed in to change notification settings - Fork 0
customized chroot builds
This guide takes the user step by step through the process of building and customizing an OpenBSD installation inside of a chroot, and then building a flash-rd image from it.
install a current release of OpenBSD if you don't already have access to one
patch the system
sudo ftp -o /usr/local/sbin/openup https://stable.mtier.org/openup; chmod +x /usr/local/sbin/openup; sudo openup
edit fstab to allow chrooting to a separate OpenBSD operating system folder located on /home partition
sudo vi /etc/fstab
remove the "nodev" option from the /home partition mount line. This allows the chroot /dev/tty device to be created.
save /etc/fstab and then remount the '/home' filesystem
sudo mount -u /home
or simply reboot
Install git and clone the flashrd software
cd ~; pkg_add git; git clone https://github.com/yellowman/flashrd.git
install the OpenBSD system sources. (This takes a while, so pick the fastest mirror available and find something else to do while it runs)
cd /usr; sudo cvs -d [email protected]:/cvs -q get -rOPENBSD_5_7 src
create two folders; one for the OpenBSD chroot system and one for the extracted flashrd image files, then change into the 'chrbsd' dir before downloading install sets
mkdir ~/{chrbsd,imgfiles}; cd ~/chrbsd
Critical /etc files like passwd and group appear to be missing from the 5.7 install sets. As a workaround, get them from the etc56.tgz set, then remove the sendmail config junk no longer used from /etc/mail
ftp -o - http://mirrors.sonic.net/openbsd/5.6/i386/etc56.tgz | sudo pax -rvz -p e; sudo rm ~/chrbsd/etc/mail/*
Now set some variables with the download URL and filenames to make life easier
export MIR=http://mirrors.sonic.net/openbsd/5.7/i386 SETS='base57.tgz man57.tgz comp57.tgz xbase57.tgz' SIG='SHA256 SHA256.sig'
Use these variables in a 'for loop' to automate the download process
for i in $SETS; do ftp $MIR/$i; done; for i in $SIG; do ftp $MIR/$i; done
Check file integrity of downloaded files by first verifying the SHA256 checklist signature
signify -V -p /etc/signify/openbsd-57-base.pub -m SHA256
Then verify the SHA256 checksum for each install set tarball
sha256 -C SHA256 $SETS
extract set tarballs preserving permissions and attributes, then remove tarballs and signature files
for i in $SETS; do sudo pax -rvzf $i -p e; done; rm *.tgz SHA256*
prepare extracted system install set folder for chroot by creating devices
cd ~/chrbsd/dev; sudo ./MAKEDEV std
copy openup to chroot system
sudo cp /usr/local/sbin/openup ~/chrbsd/usr/local/sbin/
enter the chroot system
sudo chroot ~/chrbsd /bin/ksh
fix name resolution
echo "nameserver" > /etc/resolv.conf
patch system with latest updates using openup
remove the openup binpatch files from /var to conserve space
rm -rf /var/db/binpatch/*
install desired software from packages
pkg_add -iv dnstop drill pftop toprump rsync iperf dnscrypt-proxy
# polipo tor whatevs -
Manually add any users and groups needed to run services. dnscrypt-proxy example:
groupadd -g 688 _dnscrypt-proxy
useradd -c 'dnscrypt-proxy user' -d /var/empty -g 688 -s /sbin/nologin -u 688 _dnscrypt-proxy
- Create a working 'src' directory and change into it
mkdir /usr/local/src; cd /usr/local/src
- create tun adapter
touch /etc/hostname.tun0
- install dependency, download source and build with flags to pickup lzo2 library
pkg_add -iv lzo2; ftp -o - https://swupdate.openvpn.org/community/releases/openvpn-2.3.6.tar.gz | pax -rvz
cd openvpn-2.3.6; env CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" ./configure --sysconfdir=/etc; make; make install
- download source
cd /usr/local/src; ftp https://www.opensmtpd.org/archives/opensmtpd-5.4.5.tar.gz
- Verify sha256 checksum against value posted in https://opensmtpd.org/announces/release-5.4.5.txt
sha256 -q opensmtpd-5.4.5.tar.gz
- build
pax -rvzf opensmtpd-5.4.5.tar.gz; cd opensmtpd-5.4.5/smtpd; make; make install
- extract and build
cd /usr/local/src; ftp -o - https://www.torproject.org/dist/tor- | pax -rvz
cd tor-; ./configure --disable-asciidoc --sysconfdir=/etc; make check; make install
- install build tools
pkg_add git gmake
- clone and build
git clone -b openbsd https://github.com/rofl0r/proxychains-ng.git; cd proxychains-ng/
./configure --prefix=/usr/local --sysconfdir=/etc; gmake && gmake install
- remove build tools
pkg_delete git gmake
- remove source files
cd /root; rm -rf /usr/local/src/*
cd ~/flashrd; sudo ./flashrd ~/chrbsd
- customize the flashrd image with things like com0 port, dns server, hostname, etc
sudo cfgflashrd -i flashimg.i386-date -c 38400 -o onetime.tgz -t US/Pacific \
-dns -ntp us.pool.ntp.org -hostname flashrd.local ~/chrbsd/
- insert a flash storage card and then run the following command to determine the media sector size
dmesg|grep sectors
- Note number of sectors for flash device and use that value in this command
cd ~/flashrd;sudo growimg -l <flash-device-sectors> flashimg.i386-<date>
- You'll see some output like this:
Grow completed.
New 1923MB image is located at /tmp/growimg.cAelkm
- Optionally copy or move the re-sized image file out of /tmp for longer term storage and safekeeping
sudo mv /tmp/growimg.cAelkm ~/openbsd-5.7-flashrd-2GB.img
- write the re-sized image directly to the flash device.
might not be the correct device on your system. Usedmesg | grep sd
to find the correct device
sudo dd if=/tmp/growimg.cAelkm of=/dev/rsd3c bs=1M
extract bsd | openbsd.vnd | var.tar files from the flashrd image and move them to 'imgfiles' dir
sudo vnconfig vnd0 ~/flashrd/flashimg.i386-<date>
sudo mount /dev/vnd0a /mnt; cp /mnt/bsd /mnt/openbsd.vnd /mnt/var.tar ~/imgfiles
sudo umount /mnt; sudo vnconfig -u vnd0
move the files from ~/imgfiles on the build system to /flash/new dir on an existing flashrd system using scp
scp ~/imgfiles/* [email protected]:/flash/new/
login into existing flashrd system and backup your config files to /flash/onetime.tgz This way they are automatically extracted by the updated system on first boot
for example.host
tar czf /flash/onetime.tgz -C / /etc/hostname.* /etc/myname /etc/ssh /etc/passwd /etc/master.passwd \
/etc/pwd.db /etc/spwd.db /etc/pf.conf /etc/resolv.conf /etc/rc.conf.local /etc/group \
/etc/mail /var/unbound /var/nsd /etc/rc.flashrd.sub /etc/dhcpd.conf /etc/sysctl.conf \
/etc/ntpd.conf /etc/bgpd.conf /etc/rc.d/dnscrypt_proxy /etc/dhclient.conf
move existing bsd | openbsd.vnd | var.tar files to /flash/old
mv /flash/{bsd,openbsd.vnd,var.tar} /flash/old/
move the updated system files from /flash/new to /flash as per the flashrd faq and reboot
mv /flash/new/* /flash/; reboot
login and sync the system time
rdate -v us.pool.ntp.org
set gateway
vi /etc/mygate
update pkg.conf
vi /etc/pkg.conf