<link>http://people.skolelinux.org/pere/blog/</link>
<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Teaching vmdebootstrap to create Raspberry Pi SD card images</title>
+ <link>http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html</guid>
+ <pubDate>Sun, 27 Oct 2013 17:00:00 +0100</pubDate>
+ <description><p>The
+<a href="http://packages.qa.debian.org/v/vmdebootstrap.html">vmdebootstrap</a>
+program is a a very nice system to create virtual machine images. It
+create a image file, add a partition table, mount it and run
+debootstrap in the mounted directory to create a Debian system on a
+stick. Yesterday, I decided to try to teach it how to make images for
+<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi</a>, as part
+of a plan to simplify the build system for the FreedomBox project.
+The FreedomBox project already uses vmdebootstrap for the virtualbox
+images, but its home made multistrap based system for Dreamplug
+images, and it is lacking support for Raspberry Pi.</p>
+
+<p>Armed with the knowledge on how to build "foreign" (aka non-native
+architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap
+code and adjusted it to be able to build armel images on my amd64
+Debian laptop. I ended up giving vmdebootstrap five new options,
+allowing me to replicate the image creation process I use to make
+<a href=http://people.skolelinux.org/pere/blog/A_Raspberry_Pi_based_batman_adv_Mesh_network_node.html"">Debian
+Jessie based mesh node images for the Raspberry Pi</a>. First, the
+<tt>--foreign /path/to/binfm_handler</tt> option tell vmdebootstrap to
+call debootstrap with --foreign and to copy the handler into the
+generated chroot before running the second stage. This allow
+vmdebootstrap to create armel images on an amd64 host. Next I added
+two new options <tt>--bootsize size</tt> and <tt>--boottype
+fstype</tt> to teach it to create a separate /boot/ partition with the
+given file system type, allowing me to create an image with a vfat
+partition for the /boot/ stuff. I also added a <tt>--variant
+variant</tt> option to allow me to create smaller images without the
+Debian base system packages installed. Finally, I added an option
+<tt>--no-extlinux</tt> to tell vmdebootstrap to not install extlinux
+as a boot loader. It is not needed on the Raspberry Pi and probably
+most other non-x86 architectures. The changes were accepted by the
+upstream author of vmdebootstrap yesterday and today, and is now
+available from
+<a href="http://git.liw.fi/cgi-bin/cgit/cgit.cgi/vmdebootstrap/">the
+upstream project page</a>.</p>
+
+<p>To use it to build a Raspberry Pi image using Debian Jessie, first
+create a small script (the customize script) to add the non-free
+binary blob needed to boot the Raspberry Pi and the APT source
+list:</p>
+
+<p><pre>
+#!/bin/sh
+set -e # Exit on first error
+rootdir="$1"
+cd "$rootdir"
+cat <<EOF > etc/apt/sources.list
+deb http://http.debian.net/debian/ jessie main contrib non-free
+EOF
+# Install non-free binary blob needed to boot Raspberry Pi. This
+# install a kernel somewhere too.
+wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
+ -O $rootdir/usr/bin/rpi-update
+chmod a+x $rootdir/usr/bin/rpi-update
+mkdir -p $rootdir/lib/modules
+touch $rootdir/boot/start.elf
+chroot $rootdir rpi-update
+</pre></p>
+
+<p>Next, fetch the latest vmdebootstrap script and call it like this
+to build the image:</p>
+
+<pre>
+sudo ./vmdebootstrap \
+ --variant minbase \
+ --arch armel \
+ --distribution jessie \
+ --mirror http://http.debian.net/debian \
+ --image test.img \
+ --size 600M \
+ --bootsize 64M \
+ --boottype vfat \
+ --log-level debug \
+ --verbose \
+ --no-kernel \
+ --no-extlinux \
+ --root-password raspberry \
+ --hostname raspberrypi \
+ --foreign /usr/bin/qemu-arm-static \
+ --customize `pwd`/customize \
+ --package netbase \
+ --package git-core \
+ --package binutils \
+ --package ca-certificates \
+ --package wget \
+ --package kmod
+</pre></p>
+
+<p>The list of packages being installed are the ones needed by
+rpi-update to make the image bootable on the Raspberry Pi, with the
+exception of netbase, which is needed by debootstrap to find
+/etc/hosts with the minbase variant. I really wish there was a way to
+set up an Raspberry Pi using only packages in the Debian archive, but
+that is not possible as far as I know, because it boots from the GPU
+using a non-free binary blob.</p>
+
+<p>The build host need debootstrap, kpartx and qemu-user-static and
+probably a few others installed. I have not checked the complete
+build dependency list.</p>
+
+<p>The resulting image will not use the hardware floating point unit
+on the Raspberry PI, because the armel architecture in Debian is not
+optimized for that use. So the images created will be a bit slower
+than <a href="http://www.raspbian.org/">Raspbian</a> based images.</p>
+</description>
+ </item>
+
<item>
<title>Det er jo makta som er mest sårbar ved massiv overvåkning av Internett</title>
<link>http://people.skolelinux.org/pere/blog/Det_er_jo_makta_som_er_mest_s_rbar_ved_massiv_overv_kning_av_Internett.html</link>
</description>
</item>
- <item>
- <title>Recipe to test the Freedombox project on amd64 or Raspberry Pi</title>
- <link>http://people.skolelinux.org/pere/blog/Recipe_to_test_the_Freedombox_project_on_amd64_or_Raspberry_Pi.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Recipe_to_test_the_Freedombox_project_on_amd64_or_Raspberry_Pi.html</guid>
- <pubDate>Tue, 10 Sep 2013 14:20:00 +0200</pubDate>
- <description><p>I was introduced to the
-<a href="http://www.freedomboxfoundation.org/">Freedombox project</a>
-in 2010, when Eben Moglen presented his vision about serving the need
-of non-technical people to keep their personal information private and
-within the legal protection of their own homes. The idea is to give
-people back the power over their network and machines, and return
-Internet back to its intended peer-to-peer architecture. Instead of
-depending on a central service, the Freedombox will give everyone
-control over their own basic infrastructure.</p>
-
-<p>I've intended to join the effort since then, but other tasks have
-taken priority. But this summers nasty news about the misuse of trust
-and privilege exercised by the "western" intelligence gathering
-communities increased my eagerness to contribute to a point where I
-actually started working on the project a while back.</p>
-
-<p>The <a href="https://alioth.debian.org/projects/freedombox/">initial
-Debian initiative</a> based on the vision from Eben Moglen, is to
-create a simple and cheap Debian based appliance that anyone can hook
-up in their home and get access to secure and private services and
-communication. The initial deployment platform have been the
-<a href="http://www.globalscaletechnologies.com/t-dreamplugdetails.aspx">Dreamplug</a>,
-which is a piece of hardware I do not own. So to be able to test what
-the current Freedombox setup look like, I had to come up with a way to install
-it on some hardware I do have access to. I have rewritten the
-<a href="https://github.com/NickDaly/freedom-maker">freedom-maker</a>
-image build framework to use .deb packages instead of only copying
-setup into the boot images, and thanks to this rewrite I am able to
-set up any machine supported by Debian Wheezy as a Freedombox, using
-the previously mentioned deb (and a few support debs for packages
-missing in Debian).</p>
-
-<p>The current Freedombox setup consist of a set of bootstrapping
-scripts
-(<a href="https://github.com/petterreinholdtsen/freedombox-setup">freedombox-setup</a>),
-and a administrative web interface
-(<a href="https://github.com/NickDaly/Plinth">plinth</a> + exmachina +
-withsqlite), as well as a privacy enhancing proxy based on
-<a href="http://packages.qa.debian.org/privoxy">privoxy</a>
-(freedombox-privoxy). There is also a web/javascript based XMPP
-client (<a href="http://packages.qa.debian.org/jwchat">jwchat</a>)
-trying (unsuccessfully so far) to talk to the XMPP server
-(<a href="http://packages.qa.debian.org/ejabberd">ejabberd</a>). The
-web interface is pluggable, and the goal is to use it to enable OpenID
-services, mesh network connectivity, use of TOR, etc, etc. Not much of
-this is really working yet, see
-<a href="https://github.com/NickDaly/freedombox-todos/blob/master/TODO">the
-project TODO</a> for links to GIT repositories. Most of the code is
-on github at the moment. The HTTP proxy is operational out of the
-box, and the admin web interface can be used to add/remove plinth
-users. I've not been able to do anything else with it so far, but
-know there are several branches spread around github and other places
-with lots of half baked features.</p>
-
-<p>Anyway, if you want to have a look at the current state, the
-following recipes should work to give you a test machine to poke
-at.</p>
-
-<p><strong>Debian Wheezy amd64</strong></p>
-
-<ol>
-
-<li>Fetch normal Debian Wheezy installation ISO.</li>
-<li>Boot from it, either as CD or USB stick.</li>
-<li><p>Press [tab] on the boot prompt and add this as a boot argument
-to the Debian installer:<p>
-<pre>url=<a href="http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat">http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat</a></pre></li>
-
-<li>Answer the few language/region/password questions and pick disk to
-install on.</li>
-
-<li>When the installation is finished and the machine have rebooted a
-few times, your Freedombox is ready for testing.</li>
-
-</ol>
-
-<p><strong>Raspberry Pi Raspbian</strong></p>
-
-<ol>
-
-<li>Fetch a Raspbian SD card image, create SD card.</li>
-<li>Boot from SD card, extend file system to fill the card completely.</li>
-<li><p>Log in and add this to /etc/sources.list:</p>
-<pre>
-deb <a href="http://www.reinholdtsen.name/freedombox/">http://www.reinholdtsen.name/freedombox</a> wheezy main
-</pre></li>
-<li><p>Run this as root:</p>
-<pre>
-wget -O - http://www.reinholdtsen.name/freedombox/BE1A583D.asc | \
- apt-key add -
-apt-get update
-apt-get install freedombox-setup
-/usr/lib/freedombox/setup
-</pre></li>
-<li>Reboot into your freshly created Freedombox.</li>
-
-</ol>
-
-<p>You can test it on other architectures too, but because the
-freedombox-privoxy package is binary, it will only work as intended on
-the architectures where I have had time to build the binary and put it
-in my APT repository. But do not let this stop you. It is only a
-short "<tt>apt-get source -b freedombox-privoxy</tt>" away. :)</p>
-
-<p>Note that by default Freedombox is a DHCP server on the
-192.168.1.0/24 subnet, so if this is your subnet be careful and turn
-off the DHCP server by running "<tt>update-rc.d isc-dhcp-server
-disable</tt>" as root.</p>
-
-<p>Please let me know if this works for you, or if you have any
-problems. We gather on the IRC channel
-<a href="irc://irc.debian.org:6667/%23freedombox">#freedombox</a> on
-irc.debian.org and the
-<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss">project
-mailing list</a>.</p>
-
-<p>Once you get your freedombox operational, you can visit
-<tt>http://your-host-name:8001/</tt> to see the state of the plint
-welcome screen (dead end - do not be surprised if you are unable to
-get past it), and next visit <tt>http://your-host-name:8001/help/</tt>
-to look at the rest of plinth. The default user is 'admin' and the
-default password is 'secret'.</p>
-</description>
- </item>
-
</channel>
</rss>
projects / homepage.git / blobdiff