Alright, I think I'm back from the dead. Been a bit stressful here and I didn't have the patience to post
Here's how to get openWRT onto it:
- write down your MAC address as you will need to restore it later
- find the appropriate firmware and bootloader images. For my hardware that's
- hook onto the serial console using one of those TTL to USB UARTs
- write down your MAC address as you will need to restore it later
- find the appropriate firmware and bootloader images. For my hardware that's
zyxel_nsa325-squashfs-factory.bin and u-boot-nsa325/u-boot.kwb and place them on a storage medium like a thumb drive or ssd- hook onto the serial console using one of those TTL to USB UARTs
- the bootloader is a modular system. in order to use parts of the hardware, you have to load the subsystems for it. so, if you use a thumb drive, do
usb reset- to use a sata drive do
ide restart- now, the image files have to be loaded into a section of the RAM first and from there written to the NAND
- for the bootloader do
- and
- for the bootloader do
fatload usb 0 0x1000000 u-boot.kwb
nand erase 0x0 0x100000
nand write 0x1000000 0x00000 0x100000
(note these addresses are only applicable to my device, check the openWRT wiki for information about yours)- and
reset to reboot into the new bootloader- set the correct environment variables
- set the MAC address
setenv mtdparts 'mtdparts=orion_nand:0x00c0000(uboot),0x80000(uboot_env),0x7ec0000(ubi)'
setenv bootcmd 'run setenv bootargs; ubi part ubi; ubi read 0x800000 kernel; bootm 0x800000'
saveenv
- and reset again- set the MAC address
setenv ethaddr AB:CD:EF:00:00:00
saveenv
- enable your storage subsystem againusb reset- flash openWRT itself:
fatload usb 0 0x2000000 zyxel_nsa325-squashfs-factory.bin
nand erase.part ubi
nand write 0x2000000 ubi 0x600000
- and reset one last timeI had to actually use the SSD to hold the images instead of my flash drive, as that was giving me issues. You could also use tftp instead.
Now, I've been using nfs for all my network file sharing needs. And to have some sort of user and host authentication I set up a kerberos on my spinning rust nas. Which I now want to move onto this thing of course. And this is where the fun begins. Kerberos itself works all nicely, however after much fiddling about I found out that the openWRT guys omitted the needed svcgssd and gssd daemons from their nfs package. Without them, nfs cannot use kerberos.
I tried switching to samba, however that has it's own can of problems in that something needed to use it with ext4 (acl?) seems to be missing from the kernel. It just doesn't work right. At all.
I tried switching to samba, however that has it's own can of problems in that something needed to use it with ext4 (acl?) seems to be missing from the kernel. It just doesn't work right. At all.
Setting up the build environment for openWRT is fairly straight forward:
Then kick off make
If you are working on an individual package, say the nfs-kernel-server, you can build it directly using
git clone https://git.openwrt.org/openwrt/openwrt.git source
cd source
git checkout v22.03.3
make distclean
./noscripts/feeds update -a
./noscripts/feeds install -a
From here do make menuconfigand select your target system and profile, in my case that's Marvell Kirkwood and ZyXEL NSA325.
Then kick off make
make -j42I will be using this build environment only to modify packages or compile new ones and transfer them onto the already running system individually.
If you are working on an individual package, say the nfs-kernel-server, you can build it directly using
make package/feeds/packages/nfs-kernel-server/{clean,compile} -j42
If you want to have output during the build process:make package/feeds/packages/nfs-kernel-server/{clean,compile} -j1 V=scNow, to get gssd and svcgssd included with the nfs-kernerl-server package you need to ...
.. edit feeds/packages/libs/libtirpc/Makefile:
@@ -24,18 +24,19 @@
CATEGORY:=Libraries
TITLE:=Library TI RPC for RPC bindings
URL:=http://libtirpc.sourceforge.net/
- DEPENDS:=+libpthread
+ DEPENDS:=+libpthread +krb5-libs
endef
-CONFIGURE_ARGS += --disable-gssapi
+CONFIGURE_ARGS += --enable-gssapi
HOST_CONFIGURE_ARGS += --disable-gssapi
ifeq ($(HOST_OS),Darwin)
HOST_CONFIGURE_ARGS += --disable-symvers
endif
-TARGET_CFLAGS += -DGQ
-HOST_CFLAGS += -DGQ
+
+TARGET_CFLAGS += -DGQ -I$(STAGING_DIR)/usr/include
+HOST_CFLAGS += -DGQ
define Package/libtirpc/install
$(INSTALL_DIR) $(1)/usr/lib
as well as feeds/packages/net/nfs-kernel-server/Makefile:
@@ -40,7 +40,7 @@
define Package/nfs-kernel-server
$(call Package/nfs-kernel-server/Default)
TITLE:=Kernel NFS server support
- DEPENDS+= +kmod-fs-nfsd +kmod-fs-nfs +NFS_KERNEL_SERVER_V4:kmod-fs-nfs-v4 +rpcbind +NFS_KERNEL_SERVER_V4:nfs-utils-libs +NFS_KERNEL_SERVER_V4:libkeyutils +NFS_KERNEL_SERVER_V4:libdevmapper
+ DEPENDS+= +kmod-fs-nfsd +kmod-fs-nfs +NFS_KERNEL_SERVER_V4:kmod-fs-nfs-v4 +rpcbind +NFS_KERNEL_SERVER_V4:nfs-utils-libs +NFS_KERNEL_SERVER_V4:libkeyutils +NFS_KERNEL_SERVER_V4:libdevmapper +NFS_KERNEL_SERVER_V4:libevent2-core
USERID:=nfs:nfs
endef
@@ -104,12 +104,14 @@
CONFIGURE_ARGS += \
--disable-caps \
- --disable-gss \
+ --enable-gss \
+ --enable-svcgss \
--disable-nfsdcld \
--disable-nfsdcltrack \
--enable-shared \
--enable-static \
--with-rpcgen=internal \
+ --with-krb5=$(STAGING_DIR)/usr \
$(if $(CONFIG_NFS_KERNEL_SERVER_V4),--enable,--disable)-nfsv4 \
$(if $(CONFIG_NFS_KERNEL_SERVER_V4),--enable,--disable)-nfsv41
@@ -136,10 +138,10 @@
HOST_CONFIGURE_ARGS += \
--disable-gss \
- --disable-nfsv4 \
- --disable-nfsv41 \
+ --enable-nfsv4 \
+ --enable-nfsv41 \
--without-tcp-wrappers \
- --with-rpcgen=internal
+ --with-rpcgen=internal
HOST_CONFIGURE_VARS += \
ac_cv_lib_event_event_dispatch=yes \
@@ -165,6 +167,11 @@
$(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/bin
$(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/rpcgen/rpcgen $(STAGING_DIR_HOSTPKG)/bin/rpcgen
endef
+#
+# define Build/Compile
+# $(call Build/Compile/Default)
+# $(PKG_BUILD_DIR)/utils/gssd/svcgssd
+# endef
define Package/nfs-kernel-server/install
$(INSTALL_DIR) $(1)/etc/init.d $(1)/usr/sbin
@@ -174,6 +181,8 @@
$(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/statd/statd $(1)/usr/sbin/rpc.statd
$(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/nfsd/nfsd $(1)/usr/sbin/rpc.nfsd
$(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/mountd/mountd $(1)/usr/sbin/rpc.mountd
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/gssd/gssd $(1)/usr/sbin/rpc.gssd
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/gssd/.libs/svcgssd $(1)/usr/sbin/rpc.svcgssd
$(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/exportfs/exportfs $(1)/usr/sbin/
endef
In make menuconfig you also need to enable:
Libraries ->
libevent2-core [M]
Database -> libsqlite3 [M]
Filesystem ->
nfs-kernel-server [M]
krb5-client [M]
krb5-libs [M]
krb5-server [M]
krb5-sever-extras [M]Hit make, transfer the needed packages over from staging_dir/packages/kirkwood to your device:
libtirpc_1.3.2-1_arm_xscale.ipkAnd install them using a forced a reinstall.
nfs-utils-libs_2.5.4-4_arm_xscale.ipk
nfs-kernel-server_2.5.4-4_arm_xscale.ipk
libevent2-core7_2.1.12-1_arm_xscale.ipk
And here are the two needed init noscripts. Make sure to enable them.
/etc/init.d/rpc.gssd
--------------------------------------------------------------------------------
#!/bin/sh /etc/rc.common
# the enabled init noscripts are sorted alphabetically, so 990 starts after 99
START=990
STOP=59
USE_PROCD=1
# /var is a symlink to /tmp on openWRT
PIPEFS_D=/tmp/lib/nfs/rpc_pipefs
start_service() {
mkdir -p $PIPEFS_D
grep -q $PIPEFS_D /proc/mounts || \
mount -t rpc_pipefs rpc_pipefs $PIPEFS_D
procd_open_instance
procd_set_param command /usr/sbin/rpc.gssd -f -p $PIPEFS_D
procd_close_instance
}
service_stopped() {
grep -q $PIPEFS_D /proc/mounts && \
umount $PIPEFS_D
}
/etc/init.d/rpc.svcgssd
--------------------------------------------------------------------------------
#!/bin/sh /etc/rc.common
# the enabled init noscripts are sorted alphabetically, so 990 starts after 99
START=990
STOP=59
USE_PROCD=1
start_service() {
procd_open_instance
procd_set_param command /usr/sbin/rpc.svcgssd -f
procd_close_instance
}
So what do we learn from all of this? openWRT is a router OS. Use Debian instead