Create your own Live Linux CD
These steps will show you how to create a functioning Linux system, with the
latest 2.6 kernel compiled from source, and how to integrate the BusyBox utilities including the installation of DHCP. Plus, how to compile in the OpenSSH package. The system will have full ssh capabilities. The techniques for compiling and installing software can be universally applied to your own packages. So, once you understand the process, you are free to recreate your own system -- there is a lot of free space. On system boot-up a filesystem will be created and the contents from the CD will be uncompressed and completely loaded into RAM -- the CD could be removed at this point for boot-up on a second computer. You can take over any PC assuming you have configured the kernel with the appropriate drivers and the PC can boot from a CD. FOR COMPLETE DOCUMENT (Could Not Completely Post Here) http://souptonuts.sourceforge.net/cdrom.htm QUICK INSTALL: Confirmation that Everything Works - Before Rolling You Own Quick step 1: Download "cdrom_linux_boot_proj1.iso" and burn this iso on your cdrom. Next, reboot the system. This is a check to see if the current kernel has been compiled with the necessary network, video, and keyboard (USB included) drivers. If critical drivers are not recognized they can be added into the kernel. Quick step 2: Download the complete project environment "proj1.tar.gz." This includes everything used to build and customize "cdrom_linux_boot_proj1.iso", including the BusyBox source, libraries, and ssh. The directory "_install" contains the necessary libraries for ssh, init and tcpdump. The 2.6.11 kernel ".config" can be found in the documents directory. The staging area contains a copy of the kernel bzImage, along with the isolinux boot loader. The "proj1.tar.gz" file is about 13M, since it includes everything you need, except the kernel source, which can be downloaded from the following link: http://www.kernel.org/pub/linux/kernel/v2.6/ Step 8 covers the configuration and installation of the latest kernel. At this stage, download the project environment "proj1.tar.gz" from the following link: http://prdownloads.sourceforge.net/s...s/proj1.tar.gz You must "tar -xzf" this file as root to get all the necessary character and block devices. Standard user accounts cannot create all the necessary block and character devices that will be needed. Try "tar -xzf" under an account without root privileges to see the differences in the files created under "_install/dev". If you're curious about the difference between character devices and block devices, you may want to reference the Linux Journal article http://www.linuxjournal.com/article/2890 In summary, only block devices can mount filesystems. But character devices, such as a tape drive can contain data found on a block device. Checking the download: a. Check the md5sum to make sure you got the full copy, then, "tar -xzf" the package. $ md5sum proj1.tar.gz b. Now as root, so that you will get all "dev/" devices, execute the following command. [Must be done as root] $ su - # cd <to project directory> # tar -xzf proj1.tar.gz If you did the above as root, then you should have the following: [root@third-fl-71 _install]# ls -l dev total 8 crw------- 1 root root 5, 1 Feb 25 20:41 console lrwxrwxrwx 1 root root 11 Mar 6 09:22 core -> /proc/kcore brw-rw-rw- 1 root floppy 2, 0 Feb 20 17:37 fd0 brw-rw---- 1 root disk 3, 0 Mar 5 04:32 hda brw-rw---- 1 root disk 3, 1 Mar 5 20:37 hda1 brw-rw---- 1 root disk 3, 2 Mar 5 20:38 hda2 brw-rw---- 1 root disk 3, 3 Mar 5 21:02 hda3 brw-rw---- 1 root disk 3, 4 Mar 5 21:02 hda4 drwxr-xr-x 2 root root 4096 Mar 5 21:13 mapper crw-rw-rw- 1 root root 1, 3 Feb 20 17:37 null crw-rw-rw- 1 root tty 5, 2 Feb 26 12:54 ptmx drwxr-xr-x 2 root root 4096 Mar 4 05:33 pts brw------- 1 root disk 1, 0 Feb 20 17:37 ram0 brw-rw-rw- 1 root disk 1, 1 Feb 20 17:37 ram1 brw-rw-rw- 1 root disk 1, 2 Feb 20 17:37 ram2 brw-rw-rw- 1 root disk 1, 3 Feb 20 17:37 ram3 crw-rw-rw- 1 root root 1, 8 Feb 26 03:23 random brw-rw---- 1 root disk 8, 0 Mar 5 04:32 sda brw-rw---- 1 root disk 8, 1 Mar 5 04:32 sda1 brw-rw---- 1 root disk 8, 2 Mar 5 04:32 sda2 brw-rw---- 1 root disk 8, 3 Mar 5 21:02 sda3 brw-rw---- 1 root disk 8, 4 Mar 5 21:02 sda4 lrwxrwxrwx 1 root root 15 Mar 6 09:22 stderr -> /proc/self/fd/2 lrwxrwxrwx 1 root root 15 Mar 6 09:22 stdin -> /proc/self/fd/0 lrwxrwxrwx 1 root root 15 Mar 6 09:22 stdout -> /proc/self/fd/1 crw-rw-rw- 1 root root 5, 0 Feb 21 18:32 tty crw-rw-rw- 1 root root 4, 0 Feb 20 17:37 tty0 crw-rw-rw- 1 root root 4, 1 Feb 20 22:38 tty1 crw-rw-rw- 1 root root 4, 2 Feb 26 08:24 tty2 crw-rw-rw- 1 root root 4, 3 Feb 26 08:24 tty3 crw-rw-rw- 1 root root 4, 4 Feb 26 08:24 tty4 crw-rw-rw- 1 root root 4, 5 Feb 26 08:24 tty5 crw------- 1 root root 4, 6 Mar 1 19:34 tty6 crw-rw---- 1 root root 4, 7 Mar 1 14:33 tty7 crw-rw---- 1 root root 4, 8 Mar 1 14:33 tty8 crw-rw---- 1 root tty 4, 9 Mar 1 14:33 tty9 cr--r--r-- 1 root root 1, 9 Feb 26 03:23 urandom crw------- 1 vcsa tty 7, 0 Mar 1 14:33 vcs crw-rw-rw- 1 root root 1, 5 Feb 26 03:23 zero If you repeat the steps above using a standard account, a lot of the files will be missing. c. Take a look at the file "proj1/createiso". This will create a filesystem on a loop back device with the mount point "./cdrom". Copy the contents of "_install", which has already been compiled with the necessary busybox code. Once it is copied, umount "./cdrom" so that it can be compressed. This will then get copied to the staging area where "mkisofs" will create a bootable CD image. The boot loader isolinux, along with the needed config files can be found in "proj1/staging_iso_image/boot/isolinux/" There is a bash script "createiso" that performs the above tasks. $ cd proj1 $ su # ./createiso Take a look at "createiso". This bash script creates a virtual filesystem. For details on creating a virtual filesystem reference the following article on Freshmeat [ http://freshmeat.net/articles/view/1387/ ] COMPREHENSIVE TUTORIAL: Building Everything from Downloaded Source You may want to keep the results of the quick install steps above in a separate directory to compare against the completion of each step below. STEP 1: Download BusyBox Download BusyBox (http://www.busybox.net/downloads/). These examples were created with http://www.busybox.net/downloads/busybox-1.00.tar.gz. $ wget http://www.busybox.net/downloads/busybox-1.00.tar.gz $ wget http://www.busybox.net/downloads/bus...00.tar.gz.sign $ md5sum busybox-1.00.tar.gz fa62459e098fc00b22772aaf2e75bc98 busybox-1.00.tar.gz Next expand the files: $ tar -xzf busybox-1.00.tar.gz Note if you want to verify Erik's key: $ wget http://codepoet.org/andersen/erik/gpg.asc $ gpg --import gpg.asc $ gpg --verify busybox-1.00.tar.gz.sign Now look inside busybox-1.00.tar.gz.sign for the md5sum. Note, he has done it differently than it's done with the 2.6 kernel (reference step 9). STEP 2: Configuring BusyBox You may want to download my config for BusyBox and rename it to ".config". I have the needed features turned on. My config download can be found here: http://prdownloads.sourceforge.net/s...busybox.config $ cd busybox-1.00 [Note you may need to select another mirror] $ wget http://osdn.dl.sourceforge.net/sourc...busybox.config $ cp chiricobusybox.config .config You should take a look at the options that I have set by running "make menuconfig" or take a look at "chiricobusybox.config" directly. $ make menuconfig In particular, "Support version 2.6.x Linux kernels" is checked. Under "Login/Password Management Utilities" everything is checked EXCEPT "Use internal password and group functions". Note, at this stage you do NOT want to select this option because "/etc/passwd", "/etc/shadow" and "/etc/shadow-", will be copied to the "_install/etc" directory, and used instead. Also, "lsmod", "modprobe", "rmmod" are checked. Although not essential for the initial build, this system, you are building, will support networking. You may eventually want to scp in modules and load them, once you get the system running, of course. There is plenty of space for these modules. After taking a look at ".config", run "make" and "make install", which by default will install everything under "_install". $ make $ make install During the final stages of "make install" the following message will be displayed. -------------------------------------------------- You will probably need to make your busybox binary setuid root to ensure all configured applets will work properly. -------------------------------------------------- The next command must be executed after each "make install" to setuid root on the BusyBox binary. $ chmod 4755 ./_install/bin/busybox STEP 3: Needed Directories Several directories need to be created under "_install". Take a look at the current contents. $ cd _install $ ls bin linuxrc sbin usr Next create "dev" for "device entries", which will be populated later, "etc", "lib", "proc", "tmp", "var" and "sys" with the following commands. $ mkdir -p dev sys etc/init.d lib proc tmp var/lib/misc var/lock var/log var/run var/tmp $ chmod 1777 tmp $ chmod 1777 var/tmp STEP 4: Device Entries The "dev" directory needs to be populated with device entries. They can either be copied from the current system or created with the "mknod -m " command. The following will have to be done as root. Since there are a lot of files, and you may want to rebuild you "_install", it is recommended that these be put in a file. Below the file "createdev" is created with the following contents: #!/bin/bash # put this in a file called createdev # cp -avp /dev/console dev cp -avp /dev/core dev cp -avp /dev/fd0 dev cp -avp /dev/null dev cp -avp /dev/ptmx dev cp -avp /dev/pts dev cp -avp /dev/ram0 dev cp -avp /dev/ram1 dev cp -avp /dev/ram2 dev cp -avp /dev/ram3 dev cp -avp /dev/random dev cp -avp /dev/stderr dev cp -avp /dev/stdin dev cp -avp /dev/stdout dev cp -avp /dev/tty dev cp -avp /dev/tty0 dev cp -avp /dev/tty1 dev cp -avp /dev/tty2 dev cp -avp /dev/tty3 dev cp -avp /dev/tty4 dev cp -avp /dev/tty5 dev cp -avp /dev/tty6 dev cp -avp /dev/tty7 dev cp -avp /dev/tty8 dev cp -avp /dev/tty9 dev cp -avp /dev/urandom dev cp -avp /dev/vcs dev cp -avp /dev/zero dev Now run the command, as root, in "_install" $ su # pwd /home/chirico/busybox/busybox-1.00/_install # chmod 700 createdev # ./createdev The "ls -al" command now shows the following contents. # ls -l dev total 4 crw------- 1 root root 5, 1 Feb 17 14:49 console crw------- 1 root root 1, 6 Jan 30 2003 core brw-rw---- 1 root floppy 2, 0 Jan 30 2003 fd0 crw-rw-rw- 1 root root 1, 3 Jan 30 2003 null crw-rw-rw- 1 root root 5, 2 Mar 5 17:16 ptmx drwxr-xr-x 2 root root 4096 Feb 17 09:48 pts brw-rw---- 1 root disk 1, 0 Jan 30 2003 ram0 brw-rw---- 1 root disk 1, 1 Jan 30 2003 ram1 brw-rw---- 1 root disk 1, 2 Jan 30 2003 ram2 brw-rw---- 1 root disk 1, 3 Jan 30 2003 ram3 crw-r--r-- 1 root root 1, 8 Jan 30 2003 random lrwxr-xr-x 1 root root 17 Mar 5 17:16 stderr -> ../proc/self/fd/2 lrwxr-xr-x 1 root root 17 Mar 5 17:16 stdin -> ../proc/self/fd/0 lrwxr-xr-x 1 root root 17 Mar 5 17:16 stdout -> ../proc/self/fd/1 crw-rw-rw- 1 root root 5, 0 Mar 3 21:20 tty crw--w---- 1 root root 4, 0 Jan 30 2003 tty0 crw------- 1 root root 4, 1 Feb 17 14:49 tty1 crw------- 1 root root 4, 2 Feb 17 14:49 tty2 crw------- 1 root root 4, 3 Feb 17 14:49 tty3 crw------- 1 root root 4, 4 Feb 17 14:49 tty4 crw------- 1 root root 4, 5 Feb 17 14:49 tty5 crw------- 1 root root 4, 6 Feb 17 14:49 tty6 crw--w---- 1 root root 4, 7 Oct 24 2003 tty7 crw--w---- 1 root root 4, 8 Jan 30 2003 tty8 crw--w---- 1 root tty 4, 9 Jan 30 2003 tty9 crw-r--r-- 1 root root 1, 9 Feb 17 14:49 urandom crw--w---- 1 vcsa tty 7, 0 Jan 30 2003 vcs crw-rw-rw- 1 root root 1, 5 Jan 30 2003 zero These files could all have been created with the "mknod" command. Taking a look at "tty" above, about half way down, it is a character device with a major number of 5 and a minor number of 0. It has rights rw-rw-rw. So the "tty" device could have been created with the command "mknod -m 666 dev/tty c 5 0" . So, if you want to mount disk drives, ide (hda) and scsi (sda) consider executing the following commands: mknod -m 660 dev/hda b 3 0 mknod -m 660 dev/hda1 b 3 1 mknod -m 660 dev/hda2 b 3 2 mknod -m 660 dev/hda3 b 3 3 mknod -m 660 dev/hda4 b 3 4 chown root.disk dev/hda* mknod -m 660 dev/sda b 8 0 mknod -m 660 dev/sda1 b 8 1 mknod -m 660 dev/sda2 b 8 2 mknod -m 660 dev/sda2 b 8 3 mknod -m 660 dev/sda2 b 8 4 chown root.disk dev/sda* After the PC is booted from the CD, you can mount these devices after creating a directory as the mount point "mkdir /h", then, it gets mounted as "mount -t ext2 /dev/hda2 /h". It is also possible to create volume groups mkdir -p dev/mapper mknod -m 600 dev/mapper/VolGroup00-LogVol00 b 253 0 mknod -m 600 dev/mapper/VolGroup00-LogVol01 b 253 1 chown -R root.root dev/mapper Create a directory "/v1" mkdir -p /v1 The VolGroup would be mounted as ext3, most likely by doing the following after creating a mount point "/v1", then, "mount -t ext3 /dev/VolGroup00/LogVol01 /v1". But, would require the proper device drivers to be loaded in the kernel module, and the needed configuration in "/etc/rc.sysinit", notably the section under "# LVM2 initializtion". All of this will be discussed in a future update of this article. STEP 5: Needed Files and Directories (files and directories in "etc" and "var") Create the necessary files in "etc". Exit out of root at this point, so that there is no chance of over-writing you system "/etc" -- note disaster is only a "/" away. WARNING: Never copy anything into a directory that starts with "/", since that is your current running system. [Exit out of root] The "etc/passwd" file is shown below. Since the ssh daemon will run, an account will be created for it. Note for sshd that login is set to "/bin/false" [etc/passwd] root:x:0:0:Linux User,,,:/root:/bin/sh sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/bin/false Below "root" and "sshd" have been added to the group. [etc/group] root:x:0:root sshd:x:74: Note below that there is a password for the account root. This encrypted password is "root". You could create your own password here by copying an existing account password from "/etc/shadow" and "/etc/shadow-". The account "sshd" should have "*" for the password. [etc/shadow] root:$1$$oCLuEVgI1iAqOA8pwkzAg1:12439:0:99999:7::: sshd:*:11880:0:99999:7:-1:-1:0 [etc/shadown-] root:$1$$hCYnkWaG0VVCE9xJiIJwU/:12439:0:99999:7::: sshd:*:11880:0:99999:7:-1:-1:0 Interesting question regarding sshd: Why is "/dev/pts" necessary when sshing into this computer? If you are uncertain, remove this line and observe the results of the command "ps aux", when attempting to ssh in. [etc/fstab] /dev/ram0 / ext2 defaults 0 0 proc /proc proc defaults 0 0 sysfs /sys sysfs defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 The file "etc/inittab" is called by the init program. There are no run levels with BusyBox. The lines "tty2::respawn:/sbin/getty 38400 tty2" allow you to enter "ctl-alt-F2" and get a login screen. [etc/inittab] # This is run first except when booting in single-user mode. # ::sysinit:/etc/init.d/rcS # # ::respawn:/sbin/getty 38400 tty1 # # /sbin/getty invocations for selected ttys # #tty1::respawn:/sbin/getty 38400 tty1 tty2::respawn:/sbin/getty 38400 tty2 tty3::respawn:/sbin/getty 38400 tty3 tty4::respawn:/sbin/getty 38400 tty4 tty5::respawn:/sbin/getty 38400 tty5 tty6::respawn:/sbin/getty 38400 tty6 tty7::respawn:/sbin/getty 38400 tty7 tty8::respawn:/sbin/getty 38400 tty8 tty9::respawn:/sbin/getty 38400 tty9 # # # Example of how to put a getty on a serial line (for a terminal) # #::respawn:/sbin/getty -L ttyS0 9600 vt100 #::respawn:/sbin/getty -L ttyS1 9600 vt100 # # Example how to put a getty on a modem line. #::respawn:/sbin/getty 57600 ttyS2 # # Stuff to do when restarting the init process ::restart:/sbin/init # # Stuff to do before rebooting ::ctrlaltdel:/sbin/reboot ::shutdown:/bin/umount -a -r ::shutdown:/sbin/swapoff -a Note above, "inittab" calls "etc/init.d/rcS". The ram drive must be remounted; otherwise, it will be read only. Also, when the system boots, DHCP will be enabled. If the computer is not going to be connected to the network, comment this out, since it will repeatedly attempt to acquire an IP address. Also, if the proper NIC (Network Interface Card) is not found, you will inundated with messages. [etc/init.d/rcS] #!/bin/sh /bin/mount -a # below getting rid of ram being mounted ro /bin/mount -o remount / # # The following is for dhcp # ifconfig eth0 0.0.0.0 /sbin/udhcpc # # Instead, if you want static IP address # #ifconfig eth0 192.168.1.13 netmask 255.255.252.0 #route add default gw 192.168.1.1 # # Run ssh daemon /sbin/sshd The file below, along with libraries /lib/libnss_* are necessary for password authentication, since the recent version of GNU Libc (glibc) uses Name Service Switch (NSS). This file can probably be copied from your system's "/etc/nsswitch.conf" file. If you don't have this file on your system, take the necessary files from "proj1.tar.gz". [etc/nsswitch.conf] # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files shadow: files group: files #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus This file contains device names that permit root logins. For now, it makes sense for root to have lots of capabilities, for testing. "vc/1","vc/2" stands for virtual consoles. [etc/securetty] console tty vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty0 tty1 tty2 tty3 tty4 tty5 tty6 Below is a minimal hosts file. If you are running on a local LAN without a DNS server, then, add in additional names. Note, if you ping localhost and get nothing, then, lo may need to be configured: "ifconfig lo 127.0.0.1". If you are not sure what is defined where "ifconfig" will give you a listing. [etc/hosts] 127.0.0.1 localhost # Additional names can be added #192.168.1.106 squeezel This is BusyBox's minimal conf. [etc/busybox.conf] [SUID] su = ssx root.0 # applet su can be run by anyone and runs with euid=0/egid=0 su = ssx # exactly the same The following is used for acquiring an IP address via dhcp. The important setting here is the interface, which should be set to "eth0". The script that gets run "_install/usr/share/udhcpc/default.script" is the default BusyBox script for acquiring a dhcp address. Note, "etc/init.d/rcS" runs "/sbin/udhcpc", on bootup. You could remove this and assign a static IP address instead. FOR COMPLETE DOCUMENT (Could Not Completely Post Here) http://souptonuts.sourceforge.net/cdrom.htm |
Forest, I think you got the wrong forum...
|
Cool how to, but it would go better (and more completely) in Tutorials. Could I ask that you submit it there so it doesn't get lost among the other posts.
|
All times are GMT -5. The time now is 07:22 PM. |