From 497c37597387d5c3b28bd5f7a35baf7db053dbce Mon Sep 17 00:00:00 2001 From: Ivan Davidov Date: Sun, 15 May 2016 23:27:20 +0300 Subject: [PATCH] Size optimizations (remove debug symbols). Added 'Dropbear SSH' as additional overlay software. Added '/var/log/' log files. Added support for '/dev/pts' (required by Dropbear). --- src/.config | 6 ++ src/02_build_kernel.sh | 3 + src/09_generate_rootfs.sh | 7 +++ src/README | 13 +++- src/build_minimal_linux_overlay.sh | 2 + src/minimal_rootfs/etc/01_prepare.sh | 5 ++ src/minimal_rootfs/etc/02_overlay.sh | 3 +- src/minimal_rootfs/var/log/btmp | 0 src/minimal_rootfs/var/log/lastlog | 0 src/minimal_rootfs/var/log/messages | 0 src/minimal_rootfs/var/log/utmp | 0 src/minimal_rootfs/var/log/wtmp | 0 src/overlay_02_build_links.sh | 11 +++- src/overlay_03_get_dropbear.sh | 39 ++++++++++++ src/overlay_04_build_dropbear.sh | 93 ++++++++++++++++++++++++++++ 15 files changed, 177 insertions(+), 5 deletions(-) create mode 100644 src/minimal_rootfs/var/log/btmp create mode 100644 src/minimal_rootfs/var/log/lastlog create mode 100644 src/minimal_rootfs/var/log/messages create mode 100644 src/minimal_rootfs/var/log/utmp create mode 100644 src/minimal_rootfs/var/log/wtmp create mode 100755 src/overlay_03_get_dropbear.sh create mode 100755 src/overlay_04_build_dropbear.sh diff --git a/src/.config b/src/.config index 65729dcdd..d7d4f54ac 100644 --- a/src/.config +++ b/src/.config @@ -44,6 +44,12 @@ SYSLINUX_SOURCE_URL=http://kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.0 # LINKS_SOURCE_URL=http://links.twibright.com/download/links-2.12.tar.bz2 +# You can find the latest Dropbear source bundles here: +# +# http://matt.ucc.asn.au/dropbear/dropbear.html +# +DROPBEAR_SOURCE_URL=http://matt.ucc.asn.au/dropbear/releases/dropbear-2016.73.tar.bz2 + #################################################### diff --git a/src/02_build_kernel.sh b/src/02_build_kernel.sh index ec10013b3..07a5d5a1e 100755 --- a/src/02_build_kernel.sh +++ b/src/02_build_kernel.sh @@ -55,6 +55,9 @@ else sed -i "s/.*CONFIG_LOGO_LINUX_CLUT224.*/\\# CONFIG_LOGO_LINUX_CLUT224 is not set/" .config echo "Boot logo is disabled." fi + + # Disable debug symbols in kernel => smaller kernel binary. + sed -i "s/^CONFIG_DEBUG_KERNEL.*/\\# CONFIG_DEBUG_KERNEL is not set/" .config fi # Compile the kernel with optimization for 'parallel jobs' = 'number of processors'. diff --git a/src/09_generate_rootfs.sh b/src/09_generate_rootfs.sh index f9f9bba21..472b8bde2 100755 --- a/src/09_generate_rootfs.sh +++ b/src/09_generate_rootfs.sh @@ -63,6 +63,13 @@ cp $GLIBC_PREPARED/lib/libnss_dns.so.2 lib # Copy all necessary 'glibc' libraries to '/lib' END. +strip -g \ + $SRC_ROOT/work/rootfs/bin/* \ + $SRC_ROOT/work/rootfs/sbin/* \ + $SRC_ROOT/work/rootfs/lib/* \ + 2>/dev/null +echo "Size of libraries and executables has been reduced." + echo "The initramfs area has been generated." cd $SRC_ROOT diff --git a/src/README b/src/README index d885d62ff..bf1b838fb 100644 --- a/src/README +++ b/src/README @@ -15,10 +15,17 @@ have additional software being downloaded, built and installed on the ISO image. Available overlay software: - * Links - text based browser. Requires ~3MB additional space. Use the 'links' - command to activate the browser. + * Links - text based browser. Requires ~1MB additional space. Use the + 'links' command to activate the browser. -In time there might be other overlay software packages available. + * Dropbear - SSH server/client. Requires ~1MB additional space. The build + process creates user 'root' with password 'toor'. These are + sample commands which demonstrate how to use Dropbear: + + SSH server (Alt + F1): dropbear -E -F + SSH client (Alt + F2): dbclient 10.0.2.15 -l root + +In time there may be other overlay software packages available. ### ### ### diff --git a/src/build_minimal_linux_overlay.sh b/src/build_minimal_linux_overlay.sh index 57c898fd0..4decfe703 100755 --- a/src/build_minimal_linux_overlay.sh +++ b/src/build_minimal_linux_overlay.sh @@ -3,4 +3,6 @@ sh overlay_00_clean.sh sh overlay_01_get_links.sh sh overlay_02_build_links.sh +sh overlay_03_get_dropbear.sh +sh overlay_04_build_dropbear.sh diff --git a/src/minimal_rootfs/etc/01_prepare.sh b/src/minimal_rootfs/etc/01_prepare.sh index 7ef3ade65..a7f9ace72 100755 --- a/src/minimal_rootfs/etc/01_prepare.sh +++ b/src/minimal_rootfs/etc/01_prepare.sh @@ -33,5 +33,10 @@ mount -t devtmpfs none /dev mount -t proc none /proc mount -t tmpfs none /tmp -o mode=1777 mount -t sysfs none /sys + +mkdir -p /dev/pts + +mount -t devpts none /dev/pts + echo "Mounted all core filesystems. Ready to continue." diff --git a/src/minimal_rootfs/etc/02_overlay.sh b/src/minimal_rootfs/etc/02_overlay.sh index 8247fbe3c..5ea2f0db2 100755 --- a/src/minimal_rootfs/etc/02_overlay.sh +++ b/src/minimal_rootfs/etc/02_overlay.sh @@ -34,11 +34,12 @@ mkdir /mnt/dev mkdir /mnt/sys mkdir /mnt/proc mkdir /mnt/tmp +mkdir /mnt/var echo "Created folders for all critical file systems." # Copy root folders in the new mountpoint. echo "Copying the root file system to /mnt..." -cp -a bin etc lib lib64 root sbin src usr /mnt 2>/dev/null +cp -a bin etc lib lib64 root sbin src usr var /mnt 2>/dev/null DEFAULT_OVERLAY_DIR="/tmp/minimal/overlay" DEFAULT_UPPER_DIR="/tmp/minimal/rootfs" diff --git a/src/minimal_rootfs/var/log/btmp b/src/minimal_rootfs/var/log/btmp new file mode 100644 index 000000000..e69de29bb diff --git a/src/minimal_rootfs/var/log/lastlog b/src/minimal_rootfs/var/log/lastlog new file mode 100644 index 000000000..e69de29bb diff --git a/src/minimal_rootfs/var/log/messages b/src/minimal_rootfs/var/log/messages new file mode 100644 index 000000000..e69de29bb diff --git a/src/minimal_rootfs/var/log/utmp b/src/minimal_rootfs/var/log/utmp new file mode 100644 index 000000000..e69de29bb diff --git a/src/minimal_rootfs/var/log/wtmp b/src/minimal_rootfs/var/log/wtmp new file mode 100644 index 000000000..e69de29bb diff --git a/src/overlay_02_build_links.sh b/src/overlay_02_build_links.sh index 7347dff89..ba20ed7d3 100755 --- a/src/overlay_02_build_links.sh +++ b/src/overlay_02_build_links.sh @@ -10,6 +10,8 @@ cd $(ls -d links-*) echo "Preparing Links work area. This may take a while..." make clean 2>/dev/null +rm -rf ../links_installed + echo "Configuring Links..." ./configure \ --prefix=../links_installed \ @@ -19,12 +21,19 @@ echo "Configuring Links..." --without-ssl \ --without-x +# Set CFLAGS directly in Makefile. +sed -i "s/^CFLAGS = .*/CFLAGS = \\-Os \\-s \\-fno\\-stack\\-protector \\-U_FORTIFY_SOURCE/" Makefile + echo "Building Links..." make +echo "Installing Links..." make install + +echo "Reducing Links size..." +strip -g ../links_installed/bin/* 2>/dev/null + cp -r ../links_installed/bin $SRC_DIR/work/src/minimal_overlay - echo "Links has been installed." cd $SRC_DIR diff --git a/src/overlay_03_get_dropbear.sh b/src/overlay_03_get_dropbear.sh new file mode 100755 index 000000000..fd764c870 --- /dev/null +++ b/src/overlay_03_get_dropbear.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +SRC_DIR=$(pwd) + +# Grab everything after the '=' character. +DOWNLOAD_URL=$(grep -i DROPBEAR_SOURCE_URL .config | cut -f2 -d'=') + +# Grab everything after the last '/' character. +ARCHIVE_FILE=${DOWNLOAD_URL##*/} + +# Read the 'USE_LOCAL_SOURCE' property from '.config' +USE_LOCAL_SOURCE="$(grep -i USE_LOCAL_SOURCE .config | cut -f2 -d'=')" + +if [ "$USE_LOCAL_SOURCE" = "true" -a ! -f $SRC_DIR/source/overlay/$ARCHIVE_FILE ] ; then + echo "Source bundle $SRC_DIR/source/overlay/$ARCHIVE_FILE is missing and will be downloaded." + USE_LOCAL_SOURCE="false" +fi + +cd source/overlay + +if [ ! "$USE_LOCAL_SOURCE" = "true" ] ; then + # Downloading Dropbear source bundle file. The '-c' option allows the download to resume. + echo "Downloading Links source bundle from $DOWNLOAD_URL" + wget -c $DOWNLOAD_URL +else + echo "Using local Dropbear source bundle $SRC_DIR/source/overlay/$ARCHIVE_FILE" +fi + +# Delete folder with previously extracted Dropbear. +echo "Removing Dropbear work area. This may take a while..." +rm -rf ../../work/overlay/dropbear +mkdir ../../work/overlay/dropbear + +# Extract Dropbear to folder 'work/overlay/dropbear'. +# Full path will be something like 'work/overlay/dropbear/dropbear-2016.73'. +tar -xvf $ARCHIVE_FILE -C ../../work/overlay/dropbear + +cd $SRC_DIR + diff --git a/src/overlay_04_build_dropbear.sh b/src/overlay_04_build_dropbear.sh new file mode 100755 index 000000000..845e60f3e --- /dev/null +++ b/src/overlay_04_build_dropbear.sh @@ -0,0 +1,93 @@ +#!/bin/sh + +SRC_DIR=$(pwd) + +if [ ! -d $SRC_DIR/work/glibc/glibc_prepared ] ; then + echo "Cannot continue - Dropbear SSH depends on GLIBC. Please buld GLIBC first." + exit 1 +fi + +cd work/overlay/dropbear + +# Change to the Dropbear source directory which ls finds, e.g. 'dropbear-2016.73'. +cd $(ls -d dropbear-*) + +echo "Preparing Dropbear work area. This may take a while..." +make clean 2>/dev/null + +rm -rf ../dropbear_installed + +echo "Configuring Dropbear..." +./configure \ + --prefix=$SRC_DIR/work/overlay/dropbear/dropbear_installed \ + --disable-zlib \ + --disable-loginfunc \ + CFLAGS="-Os -s -fno-stack-protector -U_FORTIFY_SOURCE" + +echo "Building Dropbear..." +make + +echo "Installing Dropbear..." +make install + +mkdir -p ../dropbear_installed/lib + +# Copy all dependent GLIBC libraries. +cp $SRC_DIR/work/glibc/glibc_prepared/lib/libnsl.so.1 ../dropbear_installed/lib +cp $SRC_DIR/work/glibc/glibc_prepared/lib/libnss_compat.so.2 ../dropbear_installed/lib +cp $SRC_DIR/work/glibc/glibc_prepared/lib/libutil.so.1 ../dropbear_installed/lib +cp $SRC_DIR/work/glibc/glibc_prepared/lib/libcrypt.so.1 ../dropbear_installed/lib + +mkdir -p ../dropbear_installed/etc/dropbear + +# Create Dropbear SSH configuration BEGIN + +# Create RSA key. +../dropbear_installed/bin/dropbearkey \ + -t rsa \ + -f ../dropbear_installed/etc/dropbear/dropbear_rsa_host_key + +# Create DSS key. +../dropbear_installed/bin/dropbearkey \ + -t dss \ + -f ../dropbear_installed/etc/dropbear/dropbear_dss_host_key + +# Create ECDSA key. +../dropbear_installed/bin/dropbearkey \ + -t ecdsa \ + -f ../dropbear_installed/etc/dropbear/dropbear_ecdsa_host_key + +# Create user/group configuration files. +touch ../dropbear_installed/etc/passwd +touch ../dropbear_installed/etc/group + +# Add group 0 for root. +echo "root:x:0:" \ + > ../dropbear_installed/etc/group + +# Add user root with password 'toor'. +echo "root:AprZpdBUhZXss:0:0:Minimal Root,,,:/root:/bin/sh" \ + > ../dropbear_installed/etc/passwd + +# Create home folder for root user. +mkdir -p ../dropbear_installed/root + +# Create Dropbear SSH configuration END + +echo "Reducing Dropbear size..." +strip -g \ + ../dropbear_installed/bin/* \ + ../dropbear_installed/sbin/* \ + ../dropbear_installed/lib/* + +cp -r \ + ../dropbear_installed/etc \ + ../dropbear_installed/bin \ + ../dropbear_installed/sbin \ + ../dropbear_installed/lib \ + $SRC_DIR/work/src/minimal_overlay + +echo "Dropbear has been installed." + +cd $SRC_DIR +