定制微型linux实现基于帐号密码登录、提供ssh服务,提供Nginx服务(下)
9.为自己定制的linux提供ssh服务
9.1编译安装dropbear-2014.63
# tar -xf dropbear-2014.63.tar.bz2
# cd dropbear-2014.63
# ./configure
# make PROGRAMS="dropbear dbclient dropbearkey scp"
# make PROGRAMS="dropbear dbclient dropbearkey scp" install
9.2使用cpcommand.sh脚本移植dropbear
9.3手动移植认证时所需的名称解析框架(nsswitch)
# cp -d /lib/libnss_files* /mnt/sysroot/lib/
# mkdir /mnt/sysroot/usr/lib
# cp -d /usr/lib/libnss_files.so /mnt/sysroot/usr/lib/
9.4提供名称解析框架所需的配置文件
# vim /mnt/sysroot/etc/nsswitch.conf # # /etc/nsswitch.conf # passwd: files shadow: files group: files #hosts: db files nisplus nis dns hosts: files dns
9.5为目标机提供安全shell
# vim etc/shells /bin/bash 上面已经已经移植bash /bin/sh /bin/hush /bin/ash /bin/
9.6为目标机提供dropbearkey和运行dropbear所需的目录
# mkdir etc/dropbear
# dropbearkey -t dss -f etc/dropbear/dropbear_dss_host_key
# dropbearkey -t rsa -s 2048 -f etc/dropbear/dropbear_rsa_host_key
# mkdir var/run
9.7开机自动挂载远程虚拟终端设备文件以及所需要的目录
在系统初始化脚本中添加如下一行,是目标系统启动时创建/dev/pts目录
mkdir /dev/pts
在目标机中的fstab添加如下一行
devpts /dev/pts devpts defaults 0 0
9.8使dropbea开机能够自动启动服务,关机自动关闭服务
# cd /mnt/sysroot/etc 1.创建运行dropbear服务时所需要的目录 # mkdir rc.d/init.d # mkdir -pv var/lock/subsys 2.为dropbear提供服务脚本 #!/bin/bash # # description: dropbear ssh daemon # chkconfig: 2345 66 33 # dsskey=/etc/dropbear/dropbear_dss_host_key rsakey=/etc/dropbear/dropbear_rsa_host_key lockfile=/var/lock/subsys/dropbear pidfile=/var/run/dropbear.pid dropbear=/usr/local/sbin/dropbear dropbearkey=/usr/local/bin/dropbearkey [ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions [ -r /etc/sysconfig/dropbear ] && . /etc/sysconfig/dropbear keysize=${keysize:-1024} port=${port:-22} gendsskey() { [ -d /etc/dropbear ] || mkdir /etc/dropbear echo -n "Starting generate the dss key: " $dropbearkey -t dss -f $dsskey &> /dev/null RETVAL=$? if [ $RETVAL -eq 0 ]; then success echo return 0 else failure echo return 1 fi } genrsakey() { [ -d /etc/dropbear ] || mkdir /etc/dropbear echo -n "Starting generate the rsa key: " $dropbearkey -t rsa -s $keysize -f $rsakey &> /dev/null RETVAL=$? if [ $RETVAL -eq 0 ]; then success echo return 0 else failure echo return 1 fi } start() { [ -e $dsskey ] || gendsskey [ -e $rsakey ] || genrsakey if [ -e $lockfile ]; then echo -n "dropbear daemon is already running: " success echo exit 0 fi echo -n "Starting dropbear: " daemon --pidfile="$pidfile" $dropbear -p $port -d $dsskey -r $rsakey RETVAL=$? echo if [ $RETVAL -eq 0 ]; then touch $lockfile return 0 else rm -f $lockfile $pidfile return 1 fi } stop() { if [ ! -e $lockfile ]; then echo -n "dropbear service is stopped: " success echo exit 1 fi echo -n "Stopping dropbear daemon: " killproc dropbear RETVAL=$? echo if [ $RETVAL -eq 0 ]; then rm -f $lockfile $pidfile return 0 else return 1 fi } status() { if [ -e $lockfile ]; then echo "dropbear is running..." else echo "dropbear is stopped..." fi } usage() { echo "Usage: dropbear {start|stop|restart|status|gendsskey|genrsakey}" } case $1 in start) start ;; stop) stop ;; restart) stop start ;; status) status ;; gendsskey) gendsskey ;; genrsakey) genrsakey ;; *) usage ;; esac 3.给dropbear脚本可执行权限 # chmod +x rc.d/init.d/dropbear 4.复制宿主机中的functions至目标磁盘 # cp /etc/rc.d/init.d/functions rc.d/init.d/ 5.创建连接文件以便于开机自动启动,关机自动停止 # cd rc.d/ # ln -sv init.d/dropbear dropbear.start # ln -sv init.d/dropbear dropbear.stop 6.编辑为目标提供的rc.sysinit,在最后一行添加如下代码,使其开机后自动启动服务 #vim rc.sysinit /etc/rc.d/*.start start 7.编辑rc.sysdown使其能够关机之前自动关闭服务 # vim rc.sysdown #!/bin/bash # sync sleep 3 sync /etc/rc.d/*.stop stop /bin/umount -a -r poweroff 8.在inittab中将最后一行改为如下行 # vim ../inittab ::shutdown:/etc/rc.d/rc.sysdown
9.9成功移植dropbear,并能够提供ssh服务
10.移植Nginx,提供web服务
10.1编译安装Nginx-1.5.9
编译安装Nginx # groupadd -r nginx # useradd -r -g nginx -s /bin/nologin nginx # tar -xf nginx-1.5.9.tar.gz # cd nginx-1.5.9 # ./configure --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --group=nginx --without-http_rewrite_module --without-pcre --without-http_geo_module --without-http_uwsgi_module --without-http_fastcgi_module --without-http_scgi_module --without-http_memcached_module # make && make install # /usr/local/nginx/sbin/nginx # ss -ntl | grep ":80" LISTEN 0 128 *:80 *:*
10.2宿主机完成编译安装,并成功启动
10.3移植Nginx到目标机中
1为Nginx提供属主和属组,使其能正常启动 grep "^nginx" /etc/passwd >> passwd #grep "^nginx" /etc/group >> group # grep "^nginx" /etc/shadow >> shadow 2自定以脚本移植nginx # bash /study/cpcommand.sh Enter a available Command OR quit (quit):/usr/local/nginx/sbin/nginx Copy /usr/local/nginx/sbin/nginx Successful!!! Copy /lib/libpthread.so.0 Successful!!! LibFile Exist! .....Enter Again! Copy /usr/lib/libcrypto.so.10 Successful!!! LibFile Exist! .....Enter Again! LibFile Exist! .....Enter Again! LibFile Exist! .....Enter Again! LibFile Exist! .....Enter Again! LibFile Exist! .....Enter Again! Enter a available Command OR quit (quit):quit quit wait 1 second..... 3.将nginx的配置文件移植目标系统 # cp -r /etc/nginx /mnt/sysroot/etc/ 4.为属主机提供web服务的根目录和测试页 mkdir /mnt/sysroot/usr/local/html # vim /mnt/sysroot/usr/local/index.html <h1> Tiny Linux </h1> 5.为宿主机提供服务启动脚本 # vim /mnt/sysroot/etc/rc.d/init.d/nginx #!/bin/sh # # nginx - this script starts and stops the nginx daemon # # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # pidfile: /var/run/nginx.pid # Source function library. # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # pidfile: /var/run/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/etc/nginx/nginx.conf" [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx lockfile=/var/lock/subsys/nginx make_dirs() { # make required directories user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -` options=`$nginx -V 2>&1 | grep 'configure arguments:'` for opt in $options; do if [ `echo $opt | grep '.*-temp-path'` ]; then value=`echo $opt | cut -d "=" -f 2` if [ ! -d "$value" ]; then # echo "creating" $value mkdir -p $value && chown -R $user $value fi fi done } start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac 6.给服务脚本提供可执行权限 # chmod +x /mnt/sysroot/etc/rc.d/init.d/nginx 7.使Nginx能够开机自动启动,关机自动关闭 # cd /mnt/sysroot/etc/rc.d # ln -sv init.d/nginx nginx.start # ln -sv init.d/nginx nginx.stop 8.创建启动nginx所需要的目录 # mkdir /mnt/sysroot/var/log/nginx # mkdir /mnt/sysroot/usr/local/logs
10.4多执行几次sync然后关闭宿主机然进行测试
将目标标机的根文件系统重新挂载为读写(如果使其开机自动启动则修改目标机中的fstab)
# mount -o remount,rw /
# /usr/local/sbin/nginx
nginx已然启动 -bash-4.1# netstat -antl Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp 0 232 172.16.19.10:22 172.16.19.254:49889 ESTABLISHED
11验证每一个用户新建立的连接
# bash /study/cpcommand.sh Enter a available Command OR quit (quit):xauth Copy xauth Successful!!! Copy /usr/lib/libXau.so.6Successful!!! Copy /usr/lib/libXext.so.6Successful!!! Copy /usr/lib/libXmuu.so.1Successful!!! Copy /usr/lib/libX11.so.6Successful!!! LibFile Exist! .....Enter Again! Copy /usr/lib/libxcb.so.1Successful!!! LibFile Exist! .....Enter Again! LibFile Exist! .....Enter Again! Enter a available Command OR quit (q # mkdir /mnt/sysroot/usr/bin/X11 cp /mnt/sysroot/usr/bin/xauth /mnt/sysroot/usr/bin/X11
12为新定制系统提供提示符,显示连接到当前系统的IP
在目标机的根目录下提供.bash_profile文件
# vi .bash_profile export PS1='[\u@`ifconfig | grep 'inet' | head -1 | cut -d: -f2 | cut -d" " -f1` \W]\$ ' export PATH=/sbin:/usr/sbin:/usr/loacl/bin:/usr/local/sbin:$PATH
命令移植脚本
#!/bin/bash # # Input the command that need copying Input_Command(){ while true;do read -p "Enter a available Command OR quit (quit):" command [ "$command" == "quit" ] && echo -e "\033[31m quit wait 1 second.....\033[0m" && sleep 1 && exit 0 if which $command &>/dev/null ;then break else echo -e "\033[31m Command is wrong \033[0m" continue fi done } #Copying command to destion directory CopyCommand(){ Dir=/mnt/sysroot [ -d $Dir ] || mkdir $Dir Filename=`which --skip-alias $command` FDir=`dirname $Filename` [ -d ${Dir}$FDir ] || mkdir -p ${Dir}$FDir #echo "Filename:$Filename" if [ -e ${Dir}$Filename ];then echo -e "\033[32m Commomd Exist! .....Enter Again!\033[0m" return 2 fi if cp -i $Filename ${Dir}$FDir ;then echo -e "\033[32m Copy $command Successful!!!\033[0m" fi } #Copying Lib of depedenting on command to destion directory CopyLib(){ Input_Command CopyCommand for i in `ldd $Filename | grep -o "[[:space:]]\{1,\}/[^[:space:]]*"` ;do LDir=`dirname $i` [ -d ${Dir}$LDir ] || mkdir -p ${Dir}$LDir if [ -e ${Dir}$i ];then echo -e "\033[32m LibFile Exist! .....Enter Again!\033[0m" continue fi if cp -i $i ${Dir}$LDir ;then echo -e "\033[32m Copy $i Successful!!!\033[0m" fi done } main(){ while true;do CopyLib done } main
新定制的微型linux系统能正常运行,并能启用虚拟终端,够实现多用户基于用户帐号和密码登录,
并能够提供ssh服务和web服务,该系统可以自行添加应用程序以及所需的服务。
总结:
当使用make menuconfig 定制linux统时,如果出现与系统配置相关的错误时,修改.config文件不会生效,必须使用make clean 或make mrproper清除编译生成的文件,重新编译内核。
在定制自己的linux系统时出现了很多问题,一下是自己解决问题过程(我的系统编译环境是32位,使用的AMDP6100的cpu):
1.在启动新定制的微型linux系统时,出现如下错误VFS:Cannot open root device “sda2” or unkonwn-block(0,0):errpr -6
Kernel panic - not syncing:VFS:Unable to mount root fs on unknown-block(0,0)时,开始我
修改grub配置文件,发现不是grub配置文件的问题,最后通过网上查找资料,找到是编译时的问题,然后重新进行编译执行make menuconfig时选择则选择以下两个选项就能上面的解决问
Device Drivers --->[*] Fusion MPT device support ---><*> Fusion MPT ScsiHost drivers for SPI
Device Drivers --->[*] Fusion MPT device support ---><*> Fusion MPT misc device (ioctl) driver
2.当系统出现Filesystem with huge files cannot be mounted rdwr without config_lbdaf错误时
只需要在执行make menuconfig选择-*- Enable the block layer --->[*] Support for large (2TB+) block devices and files
选样就能解决问题