Next
Previous
Contents
This section will attempt to describe how to create a custom Sentry Firewall
CDROM. Unfortunately, I do not have time to go into every detail. But at
the very least I will try and provide for you an overview of the CD creation
process.
My development system consists of two separate Linux installations of the
same distribution, depending on what branch I'm working on. First, I have a
very complete <insert Linux distro here> installation on my main hard
drive(/dev/hda). I then have /dev/hdb1, upon which I have another, bare bones,
installation - this installation generally has no compiling tools or X stuff.
I usually have /dev/hdb1 mounted on /mnt, that's not a critical element,
but I thought I'd mention it since I will refer to /mnt alot from now on. I
then have a directory called /CD-FW on the /dev/hdb1 installation, that is, if
/dev/hdb1 is mounted on /mnt, then the directory would be called /mnt/CD-FW/.
Throughout this entire process, the installation on /dev/hda is the live running
system, and it is from here that I compile the needed tools, kernels, etc and
basically run everything.
To make this easy for you, the Sentry Firewall CD ISO is basically an exact
copy of what's in /mnt/CD-FW/ on my hard drive. I simply use the 'mkisofs'
utility on /mnt/CD-FW to create the ISO image.
If you simply want to get started, perhaps try the following steps:
NOTE: The above commands may spit out errors when working with certain
files(ie. hard links). These errors are annoying, but they're not critical at all.
You now have a development system like, or similar to, my own :-)
Now, if you ever want to install an rpm update or a Slackware package update(with
upgradpkg), you can do the following:
root@mybox:~# cd /mnt; chroot /mnt
root@mybox:/# upgradepkg update.tgz
or
root@mybox:/# rpm --upgrade update.rpm
$ exit
Then, all I need to do is re-run the script mentioned above, the one that
copies all those files, to update the /mnt/CD-FW directory.
That's all nifty, but now comes the hard part... making the ramdisk. If you
take a look at the /isolinux directory on the CDROM, you will see a bunch of
files, one of them is called 'initrd.img' - there are several others as well,
such as isolinux.cfg, message.txt, and isolinux.bin. These files are required
by isolinux in order to work properly. Take a look at those files and the
documentation that comes with syslinux to get a better idea of what all that
does. In any case, the 'initrd.img' file is, in fact, the compressed ramdisk
image.
To take a look at the image, do something like the following:
blah@wherever:~$ cp /cdrom/isolinux/initrd.img /tmp/initrd.img.gz
blah@wherever:~$ gzip -d /tmp/initrd.img.gz
blah@wherever:~$ mount -o loop /tmp/initrd.img /MOUNT_POINT
In a nutshell, I use the file '/SENTRY/scripts/MK-CD/mkrootdsk.sh' to create
the rootdisk. Please read that file and the disclaimer before you decide to
use it. It runs perfectly on my system, but may not run well at all on yours.
It basically attempts to create a rootdisk image to use with the Sentry CD, but
it is very long and may be somewhat difficult to comprehend at times. This is
what happens when I start hacking around and fail to utilize proper child safety
restraints.
The next file I use is called 'mkiso.sh'. The script generally just
declares a few variables and runs the 'mkisofs' utility. The command I normally
run looks like the following:
root@mybox:~# cd /mnt/CD-FW
root@mybox:/mnt/CD-FW# mkisofs -o sentrycd.iso -R -V "Sentry Firewall CD [v1.x.x]" -v \
-T -d -D -N \
-b isolinux/isolinux.bin \
-c isolinux/eltorito.cat \
-no-emul-boot -boot-load-size 4 -boot-info-table \
-A "Sentry Firewall CD v1.x.x" .
........
And that's it, I burn the CD and test it. For reference, the following
files are available on the CDROM and online at
http://www.SentryFirewall.com/
- /SENTRY/scripts/MK-CD/mkrootdsk.sh (builds the rootdisk)
- /SENTRY/scripts/MK-CD/mkiso.sh (builds final ISO image)
- /SENTRY/scripts/MK-CD/record-cd.sh (burns the ISO to a CD)
Next
Previous
Contents
|