[Soekris] OpenBSD on Soekris

Nicholas Lee nic-lists at plumtree.co.nz
Thu Apr 22 02:27:13 UTC 2004


On Mon, Apr 19, 2004 at 08:05:20PM -0400, Chuck Yerkes wrote:
> > -Mount a read-only filesystem on the CF Card for everything but /var
> > -MFS for /var (symlink /tmp to /var/tmp) and /dev
> /var is too much.  95% of it is fine on "disk." There's about 500k
> that you really want in an MFS.  Oh and I have 200k in /dev/ (which
> is rsync'd from /DEV/ on boot).

Based on Chris's flashdist.

[pool:/home/nic] du -hs /dev/
23K     /dev/

[pool:/home/nic] sudo du -hs /tmp/var/*
314K    /tmp/var/log
41K     /tmp/var/run
19K     /tmp/var/dnscache
2.0K    /tmp/var/tmp
1.0K    /tmp/var/db
1.0K    /tmp/var/empty
1.0K    /tmp/var/spool


[pool:/home/nic] df -h
Filesystem    Size   Used  Avail Capacity  Mounted on
/dev/wd0a      58M    35M    21M    63%    /
mfs:9410       15M   385K    14M     3%    /tmp
kernfs        120M   212K     0B   100%    /kern


> > -Have a r/w filesystem to store configuration bits (think /etc/pf.conf 
> > and ssh host keys) (perhaps make this fs MSDOS)
> Eww.  These almost NEVER change.
> mount -uw /   covers you for the occasional change.

Definitely. In fact a ro fs can probably provide further protection
against crackers.



I've been using my own modified version of flashdist, but I find it
difficult to manage remote binary upgrades. Particularly sybc kernel and
userland.


What I'd really like is a method to do core/kernel upgrades on a system
and be 99% certain that it'll be accessible after a reboot.  

I thinking now that a method based on flashboot, with the just
networking core (enough for direct accessibility) and kernel in the
ramdisk.

You could then add things like dhcpd, openvpn, ipsec, dnscache in a
seperate application tgz file.

You'd keep these things seperate so you could do updates of the
applications without having to replace the kernel or reboot.



Nicholas



More information about the Soekris-tech mailing list