Hi Guys,
I am looking at getting a Norhtec server (http://www.norhtec.com/index.html) to act as my firewall. It comes with an internal HD, but no CD-ROM. I will be using a USB floppy drive. I am still waiting for the hardware, so I can't test things yet.
I already figure that I will have to recompile my kernel to support the USB floppy. Not a problem.
I also wanted to keep alot of the security of having the packages on CD, so I was thinking of using an ISO image on the HD. Normally you need to add the loopback device, which I don't think will be a problem.
I figure that I will boot from the floppy, and then treat the ISO image on /dev/hda1/dachimg.iso as the CD-Rom. That will hopefully give me the BOBW (Best of Both Worlds), using the hard drive (since I don't have a CD-Rom) and having the security of the CD-Rom (or most of it). This will also make the upgrade easier when Dachstein is updated, as I only have to replace the isoimage on the harddrive.
Does anyone know off hand if a pkgpath option of /dev/hda1/dachimg.iso:loop or /dev/hda1/dachimg.iso:iso9660 should work in syslinux.cfg? I currently have /dev/hda:iso9660.
After the system starts booting, I figure I can easily mount (via fstab) the image as /cdrom, so I am just concerned what happens during the boot process, prior to reading fstab.
If you want to load packages via an iso image mounted on a loopback device, I believe you're going to have to modify the startup script (/linuxrc). The startup script currently expects to be able to directly run a mount command, passing it parameters extracted from the pkgpath parameter for fstype and device. Since there's no way to specify to use the loopback device, you'll either have to add that functionality, get someone to do it for you, or live without it.
NOTE: A "trick" that might work for you would be to copy the iso image to a seperate partition on your HDD, and mount it from there. Something like:
dd if=/dev/cdrom of=/dev/hda2
Then use something like PKGPATH=/dev/hda2:iso9660, and keep configuration data on /dev/hda1 or the usb floppy like normal. I don't think it will matter if the HDD partition is larger than your iso image.
If this works (I haven't tried it), you'll have a bit more security than simply loading packages off a standard hard-disk partition, as there are no convinent tools for making an iso image on LEAF, but remember an attacker can still simply store "cracked" utilities on your configuation media which would overwrite the clean versions from the psudo-cd.
Regardless, this could still be an interesting way to setup your system, with the big plus (to me, anyway) of keeping the "upgradability" of the CD version. You could even keep a few CD images around on your HDD (as various unique partitions), in case you had to revert to a previous version or something. It could make maintaining several boxes easier than doing a traditional HDD install.
Note that if this techinque works with Dachstein, it should also work with Bering, should you choose to migrate.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
