#!/usr/bin/perl -w # # A program to make a netbootable image from a LRP firewall floppy # # Tested on a Dachstein Linux floppy image available from # http://lrp1.steinkuehler.net/ or via http://leaf.sourceforge.net/ # The most recent version of this script and a companion HowTo is available at # http://members.optushome.com.au/graybeard/linux/netboot.html # # Modified from the mklrpnb file found in the contrib/mklrpnb directory of the # Etherboot source at http://etherboot.sourceforge.net/ # # Modifications by Glenn McK <graybeard@users.sourceforge.net> # $Id$ ##################################### # this entry will need changing $image = "/home/graybeard/etherboot/dachstein-v1.0.2-1680.bin"; # these can remain, but change them if desired # # the next argument defaults to firewall if no other name is passed via the # command line, this will be the directory where distribution will be expanded # under $base and also the directory in /tftpboot for lrp.nb my $uniqdir = shift || 'firewall'; $mntdir = "/mnt/floppy"; # where the above image file can be mounted $tftpbase = "/tftpboot"; $tftpboot = "$tftpbase/$uniqdir"; # where the netboot images will be available $base = "/usr/src/LRP"; $dachorg = "$base/dach-org-$uniqdir"; # a copy required to make the distribution $dachnew = "$base/lrp-$uniqdir"; # the base files for the new distribution $packages = "$dachnew/var/lib/lrpkg"; # list to allow lrcfg to display Packages # everything below should be okay ###################################### if ( !-e $image ) { print "\n\tA valid LRP file and directory are required\n\tdownload one then edit $0\n\n"; exit 1; } if ( !-d $base ) { mkdir( $base, 0700 ); } if ( !-d $dachorg ) { mkdir( $dachorg, 0700 ); } if ( !-d $dachnew ) { mkdir( $dachnew, 0700 ); `umount $mntdir`; `mount -o ro,loop $image $mntdir`; `cp -vr $mntdir/* $dachorg/`; @cfg = `cat $mntdir/syslinux.cfg`; unless ( defined(@cfg) ) { print "Cannot find syslinux.cfg on $mntdir\n"; exit 1; } print "cfg = @cfg\n"; ($append) = grep( /append/, @cfg ); # find the append= line print "append = \n$append\n"; chomp($append); # remove trailing newline $append =~ s/append=//; # remove the append= at beginning print "strip append = \n$append\n\n"; @args = split ( / /, $append ); # split into arguments at whitespace ($root) = grep( /^initrd=/, @args ); # find the initrd= argument $root =~ s/^initrd=//; # remove the initrd= at beginning $root =~ s/\.lrp$//; # cleanup for paclages list print "strip initrd = \n$root\n\n"; ($lrp) = grep( /^LRP=/, @args ); # find the LRP= argument $lrp =~ s/^LRP=//; # remove the LRP= at beginning print "strip LRP =\n$lrp\n\n"; @lrp = split ( /,/, $lrp ); # split into filenames at , unshift ( @lrp, $root ); # prepend the root LRP filename @pack = @lrp; print "LRP =\n@lrp\n\n"; $append = ''; foreach $i (@args) { # rebuild the append string next if ( $i =~ /^initrd=/ ); # minus the unneeded parameters next if ( $i =~ /^LRP=/ ); next if ( $i =~ /^boot=/ ); next if ( $i =~ /^PKGPATH=/ ); print "$i = i\n"; $append .= "$i "; } print "final append = \n$append\n"; chdir($dachnew) or die "$dachnew: $!\n"; foreach $i (@lrp) { $i .= '.lrp' if $i !~ /\.lrp$/; print "\n\n\nUnpacking $i\n"; system("ln -svf $dachorg/$i ${dachorg}/${i}.tar.gz"); chmod 0600, "$dachorg/$i"; system("cat $mntdir/$i | tar zxvf -"); } # create file for lrcfg to display packages open( PACKAGES, ">$packages/packages" ) || print "unable to modify $packages:$!\n"; foreach $line (@pack) { print PACKAGES "$line\n"; } close PACKAGES; # prevent previous file from being overwritten during installation # and also mess with some values in /linuxrc to hide non errors open( LINUXRC, "$packages/root.linuxrc" ); @text = <LINUXRC>; close LINUXRC; open( LINUXRC, ">$packages/root.linuxrc" ); foreach $line (@text) { $line =~ s/PFX\/packages/PFX\/packages-old \ \t\t\t\t# packages changed to packages-old for netboot setup/; $line =~ s/^rc=1/# rc=1 changed to rc=0 to suppress error messages for netboot setup \ rc=0/; $line =~ s/echo -n \" \(nf\!\)\"/#echo -n \" \(nf\!\)\" changed to reflect ToDo list \ \t\t\techo -n \" netboot setup - No backups possible from this machine - ToFix ?"/; print LINUXRC $line; } close LINUXRC; # swap interfaces around in network config file # eth1 is the new external eth0 is OUR internal server access open( NETWORK, "$dachnew/etc/network.conf" ) || print "Unable to modify NETWORK:$!\n"; @text = <NETWORK>; close NETWORK; open( NETWORK, ">$dachnew/etc/network.conf" ) || print "Unable to modify NETWORK:$!\n"; foreach $line (@text) { $line =~ s/eth0/eth00/; $line =~ s/eth1/eth0/; $line =~ s/eth00/eth1/; print NETWORK $line; } close NETWORK; `echo $append > $dachorg/appendstr`; `umount /mnt/floppy`; print "\nThe files have been extracted to $dachnew\n"; system("ls -al $dachnew"); } else { print "\n\n\t$image \n \thas already been extracted to $dachnew \ \tNow skipping to the next step where the netboot file\ \twill be created.\n"; $append = `cat $dachorg/appendstr`; print "\nThe new append string will be...\n$append\n"; chdir($dachnew); if ( !-d $tftpbase ) { mkdir( $tftpbase, 0710 ); system("chgrp nobody $tftpbase"); } unlink($tftpboot); # these permissions really need changing to something secure mkdir( $tftpboot, 0710 ); system("chgrp nobody $tftpboot"); print "\tRepacking to $tftpboot/lrp.lrp\n"; system("tar zcf $tftpboot/lrp.lrp *"); print "\tExtracting kernel image from $dachorg\n"; system("cat $dachorg/linux > $tftpboot/lrp.ker"); print "\tCreating netboot image $tftpboot/lrp.nb\n"; system( "mknbi-linux --append='$append' --output=$tftpboot/lrp.nb $tftpboot/lrp.ker $tftpboot/lrp.lrp" ); chmod 0604, "$tftpboot/lrp.nb", "$tftpboot/lrp.ker", "$tftpboot/lrp.lrp"; print "\nThese netboot files are in $tftpboot\n"; system("ls -al $tftpboot"); print "\n The owner and permissions for $tftpboot \ and files should be checked for security. The above\ permissions assume that tftp is running chroot (nobody) drwx--r--- root:nobody /tftpboot\n\n"; } exit 0;