STEP 1:
First, much of my process was provided by this site Howto install debian on WRAP : http://www.lxtreme.nl/index.pl/blog/1105205685
The majority of my contribution to that little tutorial is in the system for updating and setting up the tmpfs and CF disk directories.
All files and scripts referred to in this page as being written or needing to be written can be found in the files section for this project on this site
Second, let me say that what you'll be creating with the instructions below is something like a 50-55MB ext2 CF filesystem that uses about 14MB of ram for write access and at most 96MB of ram (if everything is full). The WRAP1e.1 available from mini-box.com comes with 128. Also, wifi is not covered here, I haven't bought any wifi cards for WRAP yet. You can tune the max sizes of the writable tmpfs "partitions" as you see fit to use less memory, like in a 64MB version. Only 14MB will be required following the steps in this guide.
There are some things missing from the above link's description. I followed his process for using debootstrap and chroot, though i used a local mirror for debian. Also, for the purposes of this guide, we'll be using /root/cf_linux as the directory we are constructing
debootstrap --arch i386 sid /root/cf_linux ftp://ftp.us.debian.org/debian/
At the time of writing, the resulting /dev directory was broken. Missing files.
First chroot into the directory that was just downloaded. All further commands should be assumed to be done inside chroot
chroot /root/cf_linux /bin/sh
mount /proc
cd /dev
MAKEDEV pty
MAKEDEV tty
MAKEDEV rtc
MAKEDEV i2c
MAKEDEV hda
MAKEDEV hd# where # is the drive letter that you'll have the CF card attached to on the host computer. If scsi/usb create that device
You'll also need to make any devices in your host computer that you currently have mounted or lilo cries. These can be removed after lilo is run
base-config
create a directory in /dev named pts if it's not already there. This is where the virtual devpts will be mounted
Remove any unecessary hda/hd# tty etc devices that you'll never use. Any hd devices > 1 likely wont be used, tty devices > 9 probably wont be used either.
Note:
lilo will complain about hda-d etc partitions and devices existing on the host machine but not in the chroot'd dev directory even if they have nothing to do with lilo.conf. Temporarily create anything it complains about and remove them upon final installation of lilo to the CF's mbr. lilo -t inside the chroot will tell you what you need.
Note:
Once base-config is run you'll probably notice how your hostname is screwed up in any new terminals or programs you open, dont worry, it's not permanantly messed up.
you'll then probably want to run apt-get update and apt-get dist-upgrade. install any other program you can think of wanting. I grabbed mc and iptraf, You may want to grab pciutils and anything else you'll find useful. Grabbing sensors will require downloading a lot of extra stuff that it's dependent on. You can get away with creating a tiny script to pull temperatures. Whatever you end up getting, you'll likely have plenty of room for it on a 128MB card.
Right now you should have added at least one user, set their password and your root password. Got your programs installed and ran apt-get clean.
STEP 2:
I dont use debian kernels, never have and never will. Go grab either a vanilla or mm kernel ....latest or your preferred 2.6 version. Download it to your host machine, not inside the chroot.
Once everything is downloaded, You can use the config from the files section to start from with your kernel.
This doesn't have any wifi support configured in.
Compile the kernel with make deb-pkg, this packages up the kernel and required boot files along with the modules. I use mc to traverse the deb and then manually copy the files to where they're supposed to go, though you could copy the deb to the /root/cf_linux directory and chroot in and install it with dpkg directly. Either way, will work, just make sure you dont run lilo yet. (I suggest not to use dpkg as it may do that)
By the end of this step, you should have the kernel setup for the WRAP box
STEP 3:
Remove /usr/share/locale if you dont require foreign language support. You may also decide to remove the apt file lists /var/cache/apt/pkgcache.bin and srcpkgcache.bin. and all the repository files in /var/lib/apt/lists
Remove /usr/share/man , /usr/share/man-db, /usr/share/doc, /usr/doc if you have it. Basically, you want to remove any sort of directory that simply has info. from within the chroot, you can apt-get remove man and such tools, as we'll likely not need them.
Also, here is where you would remove any pkgs you find unecessary
STEP 4:
/etc/fstab :
I'll describe what's going on here. in my CF fs I have a directory used simply for mountpoints (rw) of tmpfs "partitions" I gave them arbituary max limits (tmpfs will only use what it needs for the files up to the size you give it). You can change those max sizes to your liking. You can grow tmpfs directories as well without destroying their contents
now for the script that we'll use for setting up the tmpfs directories and for updating back the changed contents to the CF fs.
/etc/init.d/copytoram:
Ok, hopefully that looks really simple to you. All we're doing is copying the contents of the CF directories that we want write access to, to the tmpfs directories then binding those directories back over the / so that no PATHS or links need to be changed. in the restart function, we are updating the CF disk. This is the function you'll want to copy to another bash script and place in a cron directory of your choice for updating either daily, weekly, monthly or hourly if you wish, otherwise this will only occur when you execute it manually.
We purposely dont copy the apt repositories in /var over because they're only necessary to be written to when we're updating the CF filesystem and that means we'll need write access to the CF disk anyway. they take up a large portion of memory if you copy them over with the rest of /var, so copying around them saves us a lot.
The overview of what's going on in the restart section is as follows:
We created a directory in /tmp to mount --bind our / fs over to in order to access the directories that we'll later bind over with tmpfs's. When we want to update the CF fs, we remount / to rw, if necessary, which allows us to write to /tmp/root_cf_fs, so we copy only the updated files in the tmpfs directories to the /tmp/root_cf_fs directory. sync to make sure it all got there, and remount / to ro,noatime again, or whatever it was in prior. That's it. You can keep this section in a cron file to automate it par whatever schedule you want, or keep it just in this file to do it manually.
Note:
Make sure ntpdate has been run so that the date of any changed files is current, as cp will not copy back files that have a date older than the ones you put on the CF disk from the host system. And WRAP doesn't have a battery to hold the system clock if you poweroff.
You'll need to make a symlink to rcS.d named S37copytoram so that copytoram's start function is executed directly after all the filesystems are mounted and before anything else is started.
Next is lilo.conf , stolen directly from the guide i linked to at the top of this page.
/etc/lilo.conf:
Note:
In this example, on the host system, the CF disk is on hdd. We dont run lilo though, not until we have the CF disk formatted, and the files installed and we chroot over to it. Then run lilo from within the chroot.
STEP 5:
This step is highly dependent on the network topology that you're setting the WRAP up in and on the type of WRAP you got. Mine has 2 ethernet ports, and I'm setting this up for a home with a cable modem using dhcp and a lan with fixed ip's.
/etc/network/interfaces:
eth0 should be the modem line, eth1 should be the line going to your switch.
Here we set eth0 to be the interface connected to your "modem"
and operates via dhcp. If it's static then you mimic the section that I have setup for the LAN interface. If you have pppoe then hopefully you already know how to set that up because I've never touched it and never will.
Then we have to setup some basic iptables rules. There are several ways of playing with iptables. You can do it the right way and have it work via the iptables init.d script or you can write your own init.d script and set it up to load the iptables rules or you can use some program todo the rules for you.
first off, we want to use SNAT, not MASQUERADE for dhcp, because SNAT retains connection tracking over short downages.
At the top of your script you setup, add this to determine the ip dhcp gives you.
AWK=/usr/bin/awk
IFCONFIG=/sbin/ifconfig
EXTIF="eth0"
EXTIP="`$IFCONFIG $EXTIF | $AWK /$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
echo "IP detected as $EXTIP"
So now $EXTIP contains the dhcp assigned ip, set up some basic SNAT rule
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to $EXTIP
This SNATs the entire subnet for your LAN, assuming you are using the class C 192.168.1... You can instead specify each node you want, but they'll all follow the same format. Note: if you use the subnet method, be sure to specify a specific ip allowed to access your WRAP's ssh server to login, if you're on an unsecure network or using wifi, it can't hurt.
Then we want to add a rule to forward established connections across interfaces
iptables -A FORWARD -t filter -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
Then we want to allow the lan to access the WRAP box. You can edit this as you see fit
iptables -A INPUT -j ACCEPT -s 192.168.1.0/24 -i eth1
iptables -A OUTPUT -j ACCEPT -d 192.168.1.0/24 -o eth1
Ok, add any other rules related to your network for DNAT'ing or accepting traffic on ports you want open and DROP everything else. When you are finished, if you decided to make your own init.d script, make sure you symlink this to the rc2.d directory after your network init.d script is run (so the interfaces are actually up)
Again, this is a very basic and simplistic way to deal with iptables, for real security, you'll want to be much more thorough and specific with what gets forwarded and what gets dropped and such. You may also want to play with iproute2 and traffic shaping. How to use any of these tools and it's syntax is beyond the scope of this sad tutorial. Just make sure you have your ssh server running on a port your WRAP box is accepting on, and make sure it's only listening on the lan interface, unless you want internet access to it.
Well, by now you should have networking, ro/rw updating of CF fs, lilo, and just about everything else set up and ready to be written to the cf disk.
STEP 6:
fdisk /dev/hdd ( or whatever device you have your CF disk as in your host system) Make sure you're not chrooted for this
then mkfs.ext2 /dev/hdd1 mount it somewhere rw. like in the tutorial, /root/cf
cd /root/cf_linux && tar -cf - . | ( cd /root/cf && tar -xBf -)
sync. Now is when we chroot into the CF disk's fs and get lilo up
chroot /root/cf /bin/sh
mount /proc
lilo -t && lilo -v
exit your chroot and umount the cf disk. Reboot and you should have a CF disk that will boot your WRAP box, at the very least, enough to ssh in.
there are various modules related to gpio, watchdog, and sensors that you'll have to load up after you ssh in, perhaps add them to some init scripts.
cat /sys/devices/platform/i2c-1/1-0048/temp1_input to read the current temp.
The i2c device will change and there are multiple paths to get to the same info ... You could install sensors and all the pkgs it requires or hunt around in sysfs to find it
Note:
If you have to work around some network configs to get the internet connection working, you'll have to run ntpdate and "re-edit" the files you changed before you update the CF disk with the changed files, otherwise they'll have alteration times that pre-date the times on the original files.