[Soekris] OpenBSD on Soekris

Nicholas Lee nic-lists at plumtree.co.nz
Thu Apr 22 02:27:13 UTC 2004

On Mon, Apr 19, 2004 at 08:05:20PM -0400, Chuck Yerkes wrote:
> > -Mount a read-only filesystem on the CF Card for everything but /var
> > -MFS for /var (symlink /tmp to /var/tmp) and /dev
> /var is too much.  95% of it is fine on "disk." There's about 500k
> that you really want in an MFS.  Oh and I have 200k in /dev/ (which
> is rsync'd from /DEV/ on boot).

Based on Chris's flashdist.

[pool:/home/nic] du -hs /dev/
23K     /dev/

[pool:/home/nic] sudo du -hs /tmp/var/*
314K    /tmp/var/log
41K     /tmp/var/run
19K     /tmp/var/dnscache
2.0K    /tmp/var/tmp
1.0K    /tmp/var/db
1.0K    /tmp/var/empty
1.0K    /tmp/var/spool

[pool:/home/nic] df -h
Filesystem    Size   Used  Avail Capacity  Mounted on
/dev/wd0a      58M    35M    21M    63%    /
mfs:9410       15M   385K    14M     3%    /tmp
kernfs        120M   212K     0B   100%    /kern

> > -Have a r/w filesystem to store configuration bits (think /etc/pf.conf 
> > and ssh host keys) (perhaps make this fs MSDOS)
> Eww.  These almost NEVER change.
> mount -uw /   covers you for the occasional change.

Definitely. In fact a ro fs can probably provide further protection
against crackers.

I've been using my own modified version of flashdist, but I find it
difficult to manage remote binary upgrades. Particularly sybc kernel and

What I'd really like is a method to do core/kernel upgrades on a system
and be 99% certain that it'll be accessible after a reboot.  

I thinking now that a method based on flashboot, with the just
networking core (enough for direct accessibility) and kernel in the

You could then add things like dhcpd, openvpn, ipsec, dnscache in a
seperate application tgz file.

You'd keep these things seperate so you could do updates of the
applications without having to replace the kernel or reboot.


More information about the Soekris-tech mailing list