Installing an updated OpenWRT image.
OpenWRT has a command,
sysupgrade, that is used to upgrade the flash
image from an update file. I have not been able to get this to work, and
have ended up installing LUCI, the web configuration interface,
every time I need to update the root file system.
opkg install luci
This opens another can of worms, since lighttpd is happily serving pages
on port 80, where LUCIs web server, uHTTPd,
wants to be. To get around this, I told uHTTPd to use some other ports.
To do this, change the ports in the lines containing
/etc/config/uhttpd, like so:
config uhttpd 'main' list listen_http '0.0.0.0:8080' list listen_http '[::]:8080' list listen_https '0.0.0.0:4430' list listen_https '[::]:4430'
Then restart uHTTPd:
LUCI will now be available on the current IP address, on port 8080 and
encrypted on 4430. Use the root user/password to login in, and use
openwrt-oxnas-stg212-ubifs-sysupgrade.tar to update the device.
After flashing the firmware, all packages need to be reinstalled. Opkg will probably complain about changed config files, but this just means our configuration changes have been kept.
After getting Gentoo to run on the Medion NAS in these posts,
I learned that OpenWRT had been ported to the oxnas platform. This appealed to me, as OpenWRT is installed on the internal flash. Honestly the Gentoo installation I had on the HDD, was better suited as a web server, but I just wanted to play with OpenWRT. The only real reason for using OpenWRT instead of Gentoo, is in the hopes that the OpenWRT folks will keep the kernel updated.
I still have my web page, and the files from which it is generated, on a hard disk drive, connected to the SATA port.
I recommend having a serial connection to the NAS running at all times.
Installing OpenWRT bootstrap.
This operation can only be executed once, and may brick your device, after the bootstrap there is no way to restore the original firmware. Because of this I can not actually check that these steps are exactly right, but they are what i recall.
Setup a HTTP server on a computer to serve
Telnet into the NAS using the backdoor described on
Login to the web-interface on the NAS, then open
(you may have to replace the /rXXXXX,/ with the revision number shown
in the URL after login).
The browser will wait for the CGI script to (never) end, while it’s
doing that telnet into the NAS. Login with user root and the password
also used by the web interface (default is 1234).
telnet (NAS IP)
After logging in, download the OpenWRT image to
/tmp/tmpfs. Look in
/proc/mtd and make sure
kernel is in
/dev/mtd4. Write the image
/dev/mtd4, tell U-Boot to boot from it, and reboot.
cd /tmp/tmpfs wget http://(server IP)/openwrt-oxnas-stg212-u-boot-initramfs.itb cat /proc/mtd nandwrite /dev/mtd4 openwrt-oxnas-stg212-u-boot-initramfs.itb fw_setenv boot_stage2 nand read 64000000 440000 90000\\; go 64000000 fw_setenv bootcmd run boot_stage2 reboot
This is where the serial connection comes in handy, for watching the boot process. If everything went well LUCI, OpenWRT's web interface should be available on the NAS on address 192.168.1.1. When you have compiled a new OpenWRT image you can flash it, by using LUCI.
Since, for now, oxnas support is only in OpenWRT trunk, everything needs to be build.
I build this on a Gentoo system, which seems to need automake-1.14 installed for glib2 to build.
Getting the sources.
Change into the directory where you want the sources to reside and do:
git clone git://git.openwrt.org/openwrt.git cd openwrt
To have the standard set of packages available for OpenWRT copy
cp feeds.conf.default feeds.conf
If you just want a web server, and do not need setuptools for Python 3, or my shiny site generator, you can skip this step.
I have made a couple of custom feeds, that addresses some specific
Python 3 needs I have for my static site
have these packages available add the following to
src-git packages https://github.com/deadbok/packages.git src-git deadbok https://github.com/deadbok/deadbok-openwrt.git
Comment out the original package line in the file.
Update and add the feeds.
Add the packages to the build system.
./scripts/feeds update -a ./scripts/feeds install -a
Configuring the sources.
I have configured a lot of stuff, that I am not using right now, as modules, so that I can later install them if I find a need. This increases the build time, so it is a trade off compared to building just the packages that you want right now. You can download my configuration file, and use it as a basis for your own configuration.
wget https://groenholdt.net/Computers/OpenWRT/openwrt-config mv openwrt-config .config
To configure the OpenWRT build run
make menuconfig in the source
I can not describe every configuration option, but here are some important ones.
First to build OpenWRT for the NAS these tell the build system about the basic hardware:
Target System (PLXTECH/Oxford NAS782x/OX82x) Target Profile (MitraStar STG-212)
Target Images select
ubifsis the file system of the images we will be building for the NAS.
ramdiskI always build a RAM disk as well, since it can be used to unbrick the device, if you can still access the boot loader through the serial connection. Under
xzcompression is selected.
Global build settings I enable at least
Enable shadow password supportto have encrypted passwords for users in
Support for paging of anonymous memory (swap)To enable swap functionality in the kernel.
I disable all kernel debugging features, as this is a production environment.
If you want to develop or debug the build process of packages in
Advanced configuration options (for developers),
some sub-options that I use are:
Automatic rebuild of packagesrebuilds packages when their files changes.
Enable log files during build processlog build output in files under
ca-certificatesbuild as a module for STFP, HTTPS etc.
firewallas you might want to close everything to the outside.
busyboxis customized for the multi user setup we will do later.
Customize busybox optionsenabled.
Support Unicodeenabled to be on the safe side.
Support for SUID/SGID handlingneeded for the su command.
Login/Password Management Utilities.
Support for shadow passwordssame as earlier.
Use internal password and group functions rather than system functionsenabled.
Use internal shadow password functionsenabled, to use busybox functions instead of the
Enable su to write to syslog, enabled. Root access will be logged.
crondwhich I think is enabled by default.
crontabwhich I think is enabled by default.
Kernel modules I believe that everything needed is enabled by
default, but there is a little more stuff that is nice.
- Block Devices
kmod-loopas module. Loop devices are so neat.
Filesystemsenable whatever you may need.
LED modulesthese might be fun.
Languages I enable
setuptools for my
static site generator.
LuCI make sure to enable the basic interface and build it as a
module. LuCI is the only reliable way I have been able to flash a new
image to the NAS.
Network a lot of things like web servers hide.
File Transfer, I have
wgetcompiled as modules.
openssh-sftp-serverfor SFTP access.
Web Serves/Proxiesenable a web server, I use
webalizerif you want site statistics.
The CA-certificates package expect
python to point to a python 2.x
interpreter, my Gentoo system uses Python 3, which leads to missing
certificates. I made a patch, that
you can drop into
packages/system/ca-certificates/patches in your
OpenWRT directory, if you run into this.
To build everything just run
make. To see all output from the build
The images end up in
bin/oxnas, along with the packages. I flash
openwrt-oxnas-stg212-ubifs-sysupgrade.tar using LuCI.
Adding custom packages.
I have chosen to compile most of the software I use, in this installation, as packages that must be installed after flashing the static image. Some of these packages are only installed for my own personal convenience, and some because they are needed for my static site generator.
Serving packages for OpenWRT.
Like when installing the bootstrap image you need a web server with
the package files available to OpenWRT. I assume that the OpenWRT
package tree is copied to the root of the server. You could copy the package
files to the HDD, but I have not tried that.
an adjustment to tell opkg (the package manager) where to find the
dest root / dest ram /tmp lists_dir ext /var/opkg-lists option overlay_root /overlay src/gz base http://serverip/packages/base #src/gz telephony http://serverip/packages/telephony src/gz deadbok http://serverip/packages/deadbok src/gz packages http://serverip/packages/packages src/gz routing http://serverip/packages/routing src/gz luci http://serverip/packages/luci #src/gz management http://serverip/packages/management
severip with the IP address of the computer serving the
Update the package index.
Installing required packages.
opkg install kmod-fs-ext4 swap-utils opkg e2fsprogs modprobe ext4
opkg install ca-certificates opkg install lighttpd lighttpd-mod-accesslog lighttpd-mod-compress opkg install lighttpd-mod-status lighttpd-mod-alias lighttpd-mod-access
lighttpd-mod-accesslog: Log access to the web server to a file.
lighttpd-mod-compress: Compress data before sending them to the client. +
lighttpd-mod-status: Publishes some status information about the server. +
lighttpd-mod-alias: Allows you to point an URL at a specific directory. +
lighttpd-mod-access: Restrict access.
Installing the optional packages.
These are just tools that are nice to have.
opkg install mc
opkg install nano
opkg install openssh-sftp-server
USB mass storage support (aka. USB stick)
opkg install kmod-usb-storage-extras
Installing packages for ssg.
For some reason my package does not pull in the Python 3 dependency
correctly, therefore the package
python3 must be installed first.
opkg install python3 opkg install python3-setuptools
/usr/libexec/git-core/ are wrong, this is corrected by
creating the symlink, see Bug #11930.
opkg install git ln -s $(which git) /usr/libexec/git-core/git
Global configuration is done in
/etc/config/system. I sent the logs to
a file on the HDD, and limited it at 1Mb in size. You should configure
the host name and time zone to your local preferences.
The log levels of different subsystems is configured in this file as
well. Notice that for
klogconloglevel a higher
number means more verbose, while for
cronloglevel it is the other way
I have not touched the time server configuration, I only use the client part, and it worked out of the box.
config system option hostname OpenWRT option log_file /mnt/data/log/messages option log_size 1024 option log_type file option timezone Europe/Copenhagen #Log levels 1-8 #Higher is more verbose option conloglevel 4 #Lower is more verbose option cronloglevel 4 config timeserver ntp list server 0.openwrt.pool.ntp.org list server 1.openwrt.pool.ntp.org list server 2.openwrt.pool.ntp.org list server 3.openwrt.pool.ntp.org option enabled 1 option enable_server 0
There are two "disks" in the system, the internal flash, and the HDD connected to the SATA port.
/OpenWRT on the internal flash.
/mnt/dataRoot of the connected HDD.
/mnt/data/wwwRoot of the pages served by lighttpd.
/mnt/data/logSystem log files.
/etc/config/fstab to configure mount points.
config global option anon_swap '0' option anon_mount '0' option auto_swap '1' option auto_mount '1' option delay_root '5' option check_fs '1'
The global section tells OpenWRT, to not mount any drives that do not have their own section in fstab (anon_). Auto_ to mount any file system and swap space, from the fstab. Delay mounting for 5 seconds, and perform a file system check if needed.
config mount option target '/mnt/data' option fstype 'ext4' option options 'rw,sync' option enabled '1' option device '/dev/sda2' option enabled_fsck '1'
This section configures
/dev/sda2 as an ext4 partition with
read-write access, and mounts it at
config swap option device '/dev/sda3' option enabled '1'
Last is the swap space from `/dev/sda3'.
Create the mount point and mount the partitions.
mkdir /mnt/data block mount
Create directories for web server, logs, and temporary files.
Adding users and groups.
OpenWRT is not build to be a multiuser system, but it is possible to
configure it like that. There are two options, either use
a desktop Linux system, or use busybox build in user handling. I have
used the busybox version, since it is lighter.
User directories are kept on the HDD and linked into the root file system.
mkdir -p /mnt/data/home ln -sf /mnt/data/home /home
Users are added using the
adduser command. Replace
the user name you want.
Next create the user directory and set the permissions.
mkdir /mnt/data/home/username chown -R username /mnt/data/home/username chmod 700 /mnt/data/home/username
I still want root access, but I to log in as a regular user and
the root account, like a desktop system. Busybox needs some setup for
su command to work.
chmod u+s /bin/busybox
[SUID] su = ssx root.root
Disabling root access from ssh.
su works, there is no reason to allow root access through
ssh, if you do not need ssh it would be even better to disable it.
For non root access:
config dropbear option PasswordAuth '1' option RootPasswordAuth '0' option RootLogin '0' option Port '22'
Disable ssh enterily:
File system permissions.
/mnt/data/www/, the directory served by lighttpd.
chown http:www-data /mnt/data/www/
Configuration is done in
#Include the accesslog module to log web site access server.modules = ( "mod_accesslog" ) #Root of the webserver is at /mnt/data/www server.document-root = "/mnt/data/www" #Where uploaded files are stored server.upload-dirs = ( "/mnt/data/tmp" ) #Where errors are logged server.errorlog = "/mnt/data/log/lighttpd/error.log" #Process id server.pid-file = "/var/run/lighttpd.pid" #User and group that the server runs as server.username = "http" server.groupname = "www-data" #Do n ot send server version server.tag = "youdliketoknow" #Use index.html if root is requested index-file.names = ( "index.html" ) #Disable auto index directory listings dir-listing.activate = "disable" #Limit request method "POST" size in kilobytes (KB) server.max-request-size = 1 #Disable multi range requests server.range-requests = "disable" #Disable symlinks server.follow-symlink = "disable" #Debug options debug.log-file-not-found = "enable" #Access log module accesslog.syslog-level = "6" accesslog.filename = "/mnt/data/log/lighttpd/access.log" #Port to bind to server.port = 80 include "/etc/lighttpd/mime.conf" #include_shell "cat /etc/lighttpd/conf.d/*.conf"
I have disabled symlinks in this configuration, which means that the
web root directory, cannot be a symlink. You will get something like
403 Forbidden if you try. The same goes for symlinks inside the web
root directory, they won't work.
You can change this behavior by changing
server.follow-symlink = "disable"
server.follow-symlink = "enable", but i encourage you to read
this answer on Server Fault.
Enable lighttpd at boot.
I did not compile in netfilter in the cross compiled kernel I made in the previous post, so I had to recompile. Here is how to compile and install the kernel natively on the NAS.
u-boot-tools is needed to get the
mkimage command to make an U-Boot kernel image.
Compile the kernel.
Go to the sources and reconfigure them using menuconfig.
cd /usr/src/linux make menuconfig
make zImage ox820-pogoplug-pro.dtb
Compile and install modules.
make modules make modules_install
Create the kernel image.
cat arch/arm/boot/zImage arch/arm/boot/dts/ox820-pogoplug-pro.dtb > arch/arm/boot/zImage.fdt scripts/mkuboot.sh -A arm -O linux -C none -T kernel -a 0x60008000 -e 0x60008000 -n 'Linux-3.11.1+' -d arch/arm/boot/zImage.fdt arch/arm/boot/uImage
Write the image to the disk.
Edit the disk_create script to change the target drive in the variable
Integrate the new kernel into WarheadsSE's tool.
cd /usr/src/disk_create cp /usr/src/linux/arch/arm/boot/uImage uImages/gentoo
Write the image.
A large part of the installation was done on a regular Gentoo x86/x64 PC, using a SATA to USB converter. Start with a clean drive with no partitions, connected to the host computer (Not the NAS).
During the install, I have aimed to have all files needed for a new intall,
located on the NAS drive itself, in the hopes that it will make a reinstall,
easier. You can of course remove these files from
/usr/src, if you do not
Much of this stuff needs root permissions, and all the NAS side stuff is done through a serial connection. If something is unclear, read The Gentoo handbook, this is in essence the same procedure, except I boot into the system instead of chrooting.
A lot of thanks and credit to the people in this thread, without whom I would never have gotten on the right track.
To boot from the SATA disk, a special partition layout is needed. The ox820
reads the start of the drive, to check if it is bootable. A script has been
written to put the right data in the first part of the hard disk.
Download disk creation files created by
WarheadsSE, extract the files somewhere, and
enter that directory. Edit the disk_create script to change the target drive
in the variable
Creating the partitions
Prepare the disk using WarheadsSE's tool.
Fire up fdisk to partition the disk.
fdisk -c=dos /dev/sdb
Create a small partition for U-Boot, stage1, and the kernel. WarheadsSE recommends a 10M partition. This partition must start at sector 2048.
Create a second partition for the root file system, leave a little space left for a swap partition.
Create a third partition for swap space. Set it as swap type.
Format the second and third partition, I use ext4 as the root file system.
mkfs.ext4 /dev/sdb2 mkswap /dev/sdb3
Last, mount the second partition to /mnt/gentoo, your partition may have another
cd /mnt mkdir gentoo mount /dev/sdb2 /mnt/gentoo
Root file system
Download a stage 3 Gentoo for ARM5, and extract it to /mnt/gentoo. Though the processor is ARM6 compatible, I could not get it to boot beyond the kernel using and ARM6 stage 3.
tar -xvjpf stage3-armv5tel-20140115.tar.bz2 -C /mnt/gentoo
Set the baud rate in /mnt/gentoo/etc/inittab to 115200. Change:
#s0:12345:respawn:/sbin/agetty -L 9600 ttyS0 vt100
s0:12345:respawn:/sbin/agetty -L 115200 ttyS0 vt100
resolv.conf from your host
/etc directory, to have DNS working.
cp -L /etc/resolv.conf /mnt/gentoo/etc/resolv.conf
Create a link from
net.eth0 to enable the network at first
cd /mnt/gentoo/etc/init.d ln -sf net.lo net.eth0
/mnt/gentoo/etc/fstab to set the devices for the root and swap file
system. The file should contain something like this:
#/dev/BOOT /boot ext2 noauto,noatime 1 2 /dev/sda2 / ext4 noatime 0 1 /dev/sda3 none swap sw 0 0 #/dev/cdrom /mnt/cdrom auto noauto,ro 0 0 #/dev/fd0 /mnt/floppy auto noauto 0 0
Copy passwd and shadow from the running system to have your logins and passwords when you boot the NAS.
cp /etc/passwd /mnt/gentoo/etc/passwd cp /etc/shadow /mnt/gentoo/etc/shadow cp /etc/group /mnt/gentoo/etc/group
Select mirrors for portage.
mirrorselect -i -o >> /mnt/gentoo/etc/portage/make.conf mirrorselect -i -r -o >> /mnt/gentoo/etc/portage/make.conf
Set the timezone.
echo "Europe/Copenhagen" > /mnt/gentoo/etc/timezone
Set the hostanme.
nano -w /mnt/gentoo/etc/conf.d/hostname nano -w /mnt/gentoo/etc/hosts
Set the keymap (just in case).
nano -w /mnt/gentoo/etc/conf.d/keymaps
Last edit and change
UTC to local if needed.
nano -w /etc/conf.d/hwclock
You will need an ARM cross-compiler, Gentoo's
crossdev comes in handy.
crossdev -t armv5tel-softfloat-linux-gnueabi
Clone linux-oxnas into
cd /mnt/gentoo/usr/src git clone https://github.com/kref/linux-oxnas ln -sf linux-oxnas linux cd linux-oxnas make ARCH=arm ox820_defconfig CROSS_COMPILE=armv5tel-softfloat-linux-gnueabi- make ARCH=arm menuconfig CROSS_COMPILE=armv5tel-softfloat-linux-gnueabi- Boot options ---> [*] Use appended device tree blob to zImage (EXPERIMENTAL) [*] Supplement the appended DTB with traditional ATAG information disable PCI support if you device does not have one
Remember to compile in support for the root file system type, if you did like me this means enabling the ext4 file system.
File system ---> <*> The Extended 4 (ext 4) filesystem
Compile and create kernel image.
make ARCH=arm zImage ox820-pogoplug-pro.dtb CROSS_COMPILE=armv5tel-softfloat-linux-gnueabi- cat arch/arm/boot/zImage arch/arm/boot/dts/ox820-pogoplug-pro.dtb > arch/arm/boot/zImage.fdt scripts/mkuboot.sh -A arm -O linux -C none -T kernel -a 0x60008000 -e 0x60008000 -n 'Linux-3.11.1+' -d arch/arm/boot/zImage.fdt arch/arm/boot/uImage
Final disk creation
Copy WarheadsSE's disk creation files (contents of onax-sata-boot.tar.gz) to the
mkdir /mnt/gentoo/usr/src/disk_create cp -Rv (Where you unpacked the files)/* /mnt/gentoo/usr/src/disk_create
Integrate the new kernel into WarheadsSE's tool.
cd /mnt/gentoo/usr/src/disk_create cp /mnt/gentoo/usr/src/linux-oxnas/arch/arm/boot/uImage uImages/gentoo rm uImage ln -sf uImages/gentoo uImage ./disk_create
Preparing for first boot
Unmount and sync the disk.
cd / umount /mnt/gentoo sync
Remove the drive from the host computer and physically install it in the NAS.
Set the clock. MMDDhhmmCCYY is month, date, hour, minute, century, year
Get the portage tree.
Set the Profile.
eselect profile list
eselect profile set 18
Configure the locales, first put the locales you want supported in
nano -w /etc/locale.gen
Generate the locales and select the system-wide one.
locale-gen eselect locale list eselect locale set *locale nr.* env-update && source /etc/profile
Add the network interface to the startup.
rc-update add net.eth0 default
Update and install some needed stuff.
emerge -uDNv world ntp cronie syslog-ng openssh logrotate dhcpcd
Add it to the startup.
rc-update add syslog-ng default rc-update add cronie default rc-update add sshd default rc-update add ntp-client default rc-update add swclock boot rc-update del hwclock boot
You now have a basic Gentoo system running, from here you can install a web server, a DLNA server, or whatever you want.
Generated on 2018-05-03 01:14:21.918461