Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Mar 2012 08:48:04 +0000
From: Zenny <garbytrash@...il.com>
To: owl-users@...ts.openwall.com
Subject: Re: Customizing Owl to fit in a small sized USB Stick or CF

On 3/28/12, gremlin@...mlin.ru <gremlin@...mlin.ru> wrote:
> On 26-Mar-2012 12:48:05 +0400, Solar Designer wrote:
>
>  > > > Gremlin had patches to add a new make target that would
>  > > > generate flash images instead of ISOs. I think those were
>  > > > primarily intended for installing systems from, and they
>  > > > were for larger flash devices (1 GB being considered the
>  > > > minimum anyone would likely happen to have handy anyway).
>  > > Great info. Do you mean this one:
>  > > ftp://ftp.gremlin.people.openwall.com/pub/linux/Owl/INSTALL/?
>  > Almost. IIRC, Gremlin also produced a patch to our Owl/build/
>  > tree to automatically generate flash images like that.
>
> Not yet. There was only /etc/lilo-flash.conf file for booting
> from a flash device.

It would be awesome if you could create a wiki page about the way that
you manage your compilation in flash. ;-) Appreciate that if you could
manage to post a small documentation, subject to your convenience.

>
>  > Gremlin, please post that patch to owl-dev now such that we
>  > could refer to it at least.
>
> It's small and may be useful for many people, so here it is:
>
> ==== /etc/lilo-flash.conf ====
>
> boot=/dev/sdh
> read-only
> lba32
> prompt
> timeout=600
> menu-title="Openwall GNU/*/Linux boot menu"
> menu-scheme=kw:Wk:kw:kw
> append="rootdelay=10 panic=10"
>
> image=/boot/vmlinuz
>         root=/dev/sda1
>         label=sda
>
> # ...
>
> image=/boot/vmlinuz
>         root=/dev/sdh1
>         label=sdh
>
> ==== /etc/lilo-flash.conf ====
>
> Install it with `chroot /owl lilo -C /etc/lilo-flash.conf -b /dev/sde`
> (or whatever is your flash device).

Thanks!

>
>  > > With ZFS on Linux (ZoL) and BTRFS in the horizon, it seemed
>  > > as such a script would be nice to separate OS from the data.
>  > > With ro CF/USB with an encrypted data volume implemented in
>  > > Owl would indeed be awesome!
>  > Owl already supports encryption for loopback devices, so you can
>  > use an encrypted ext4 filesystem with it currently (with our
>  > pre-built kernels and tools).
>
> Yes, `losetup -e twofish -k 256 /dev/loop0 /dev/md0` works just fine.

Thanks for the hint ;-)

>
>  > Meanwhile, we support DRBD in our kernel builds (and we need
>  > to add the corresponding userspace tools to Owl), and we may
>  > add support for some additional filesystems that are already
>  > supported on Linux. BTW, of the less common ones, I'd consider
>  > POHMELFS.
>
> Why not GFS?

After witnessing the limitation following the takeover of Sun and
MySQL by Oracle, I feel it safe to work with the people than big corps
including RH (don't know when it would be acquired by another giant
and everything goes amok as in the case of Oracle).

A question that strike me is how GFS excels compared to let us say
Solar's favorite PHLMELFS, ZFS and HAMMER (the latter two with icsitgt
patch for SAN?

>
>
> --
> Alexey V. Vissarionov aka Gremlin from Kremlin
> <gremlin ПРИ gremlin ТЧК ru>
> GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
> GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.