- now, the image files have to be loaded into a section of the RAM first and from there written to the NAND
- for the bootloader do
fatload usb 0 0x1000000 u-boot.kwb
nand erase 0x0 0x100000
nand write 0x1000000 0x00000 0x100000
(note these addresses are only applicable to my device, check the openWRT wiki for information about yours)
- and reset to reboot into the new bootloader

- set the correct environment variables
setenv mtdparts 'mtdparts=orion_nand:0x00c0000(uboot),0x80000(uboot_env),0x7ec0000(ubi)'
setenv bootcmd 'run setenv bootargs; ubi part ubi; ubi read 0x800000 kernel; bootm 0x800000'
saveenv
- and reset again
- set the MAC address
setenv ethaddr AB:CD:EF:00:00:00
saveenv
- enable your storage subsystem again

usb reset

- flash openWRT itself:
fatload usb 0 0x2000000 zyxel_nsa325-squashfs-factory.bin
nand erase.part ubi
nand write 0x2000000 ubi 0x600000
- and reset one last time

I had to actually use the SSD to hold the images instead of my flash drive, as that was giving me issues. You could also use tftp instead.

If you goofed up, and I surely did, and bricked your bootloader, you can recover by feeding the bootloader through the serial port by running
kwboot -t -B 115200 /dev/ttyUSB00 -b u-boot.kwb -p
on your pc.

that was the easy part. From here you can switch to ssh.

Power usage is pretty low. That's under full CPU load. 5W

Now, I've been using nfs for all my network file sharing needs. And to have some sort of user and host authentication I set up a kerberos on my spinning rust nas. Which I now want to move onto this thing of course. And this is where the fun begins. Kerberos itself works all nicely, however after much fiddling about I found out that the openWRT guys omitted the needed svcgssd and gssd daemons from their nfs package. Without them, nfs cannot use kerberos.

I tried switching to samba, however that has it's own can of problems in that something needed to use it with ext4 (acl?) seems to be missing from the kernel. It just doesn't work right. At all.

Setting up the build environment for openWRT is fairly straight forward:

git clone https://git.openwrt.org/openwrt/openwrt.git source
cd source
git checkout v22.03.3
make distclean
./noscripts/feeds update -a
./noscripts/feeds install -a

From here do

make menuconfig

and select your target system and profile, in my case that's Marvell Kirkwood and ZyXEL NSA325.
Then kick off make

make -j42

I will be using this build environment only to modify packages or compile new ones and transfer them onto the already running system individually.

If you are working on an individual package, say the nfs-kernel-server, you can build it directly using

make package/feeds/packages/nfs-kernel-server/{clean,compile} -j42

If you want to have output during the build process:

make package/feeds/packages/nfs-kernel-server/{clean,compile} -j1 V=sc

Now, to get gssd and svcgssd included with the nfs-kernerl-server package you need to ...

.. edit feeds/packages/libs/libtirpc/Makefile:

@@ -24,18 +24,19 @@
   CATEGORY:=Libraries
   TITLE:=Library TI RPC for RPC bindings
   URL:=http://libtirpc.sourceforge.net/
-  DEPENDS:=+libpthread
+  DEPENDS:=+libpthread +krb5-libs
 endef
 
-CONFIGURE_ARGS += --disable-gssapi
+CONFIGURE_ARGS += --enable-gssapi
 HOST_CONFIGURE_ARGS += --disable-gssapi
 
 ifeq ($(HOST_OS),Darwin)
 HOST_CONFIGURE_ARGS += --disable-symvers
 endif
 
-TARGET_CFLAGS += -DGQ
-HOST_CFLAGS += -DGQ
+
+TARGET_CFLAGS += -DGQ -I$(STAGING_DIR)/usr/include
+HOST_CFLAGS += -DGQ 
 
 define Package/libtirpc/install
        $(INSTALL_DIR) $(1)/usr/lib

as well as feeds/packages/net/nfs-kernel-server/Makefile:

@@ -40,7 +40,7 @@
 define Package/nfs-kernel-server
        $(call Package/nfs-kernel-server/Default)
        TITLE:=Kernel NFS server support
-       DEPENDS+= +kmod-fs-nfsd +kmod-fs-nfs +NFS_KERNEL_SERVER_V4:kmod-fs-nfs-v4 +rpcbind +NFS_KERNEL_SERVER_V4:nfs-utils-libs +NFS_KERNEL_SERVER_V4:libkeyutils +NFS_KERNEL_SERVER_V4:libdevmapper
+       DEPENDS+= +kmod-fs-nfsd +kmod-fs-nfs +NFS_KERNEL_SERVER_V4:kmod-fs-nfs-v4 +rpcbind +NFS_KERNEL_SERVER_V4:nfs-utils-libs +NFS_KERNEL_SERVER_V4:libkeyutils +NFS_KERNEL_SERVER_V4:libdevmapper +NFS_KERNEL_SERVER_V4:libevent2-core
        USERID:=nfs:nfs
 endef
 
@@ -104,12 +104,14 @@
 
 CONFIGURE_ARGS += \
        --disable-caps \
-       --disable-gss \
+       --enable-gss \
+       --enable-svcgss \
        --disable-nfsdcld \
        --disable-nfsdcltrack \
        --enable-shared \
        --enable-static \
        --with-rpcgen=internal \
+       --with-krb5=$(STAGING_DIR)/usr \
        $(if $(CONFIG_NFS_KERNEL_SERVER_V4),--enable,--disable)-nfsv4 \
        $(if $(CONFIG_NFS_KERNEL_SERVER_V4),--enable,--disable)-nfsv41
 
@@ -136,10 +138,10 @@
 
 HOST_CONFIGURE_ARGS += \
        --disable-gss \
-       --disable-nfsv4 \
-       --disable-nfsv41 \
+       --enable-nfsv4 \
+       --enable-nfsv41 \
        --without-tcp-wrappers \
-       --with-rpcgen=internal
+       --with-rpcgen=internal 
 
 HOST_CONFIGURE_VARS += \
        ac_cv_lib_event_event_dispatch=yes \
@@ -165,6 +167,11 @@
        $(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/bin
        $(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/rpcgen/rpcgen $(STAGING_DIR_HOSTPKG)/bin/rpcgen
 endef
+# 
+# define Build/Compile
+#      $(call Build/Compile/Default)
+#      $(PKG_BUILD_DIR)/utils/gssd/svcgssd
+# endef
 
 define Package/nfs-kernel-server/install
        $(INSTALL_DIR) $(1)/etc/init.d $(1)/usr/sbin
@@ -174,6 +181,8 @@
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/statd/statd $(1)/usr/sbin/rpc.statd
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/nfsd/nfsd $(1)/usr/sbin/rpc.nfsd
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/mountd/mountd $(1)/usr/sbin/rpc.mountd
+       $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/gssd/gssd $(1)/usr/sbin/rpc.gssd
+       $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/gssd/.libs/svcgssd $(1)/usr/sbin/rpc.svcgssd
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/utils/exportfs/exportfs $(1)/usr/sbin/
 endef

In make menuconfig you also need to enable:

Libraries ->
libevent2-core [M]
Database -> libsqlite3 [M]

Filesystem ->
nfs-kernel-server [M]

krb5-client [M]
krb5-libs [M]
krb5-server [M]
krb5-sever-extras [M]

Hit make, transfer the needed packages over from staging_dir/packages/kirkwood to your device:

libtirpc_1.3.2-1_arm_xscale.ipk
nfs-utils-libs_2.5.4-4_arm_xscale.ipk
nfs-kernel-server_2.5.4-4_arm_xscale.ipk
libevent2-core7_2.1.12-1_arm_xscale.ipk

And install them using a forced a reinstall.

And here are the two needed init noscripts. Make sure to enable them.

/etc/init.d/rpc.gssd
--------------------------------------------------------------------------------
#!/bin/sh /etc/rc.common

# the enabled init noscripts are sorted alphabetically, so 990 starts after 99
START=990
STOP=59
           
USE_PROCD=1
                                      
# /var is a symlink to /tmp on openWRT
PIPEFS_D=/tmp/lib/nfs/rpc_pipefs
                 
start_service() {         
        mkdir -p $PIPEFS_D                 
        grep -q $PIPEFS_D /proc/mounts || \       
          mount -t rpc_pipefs rpc_pipefs $PIPEFS_D
                           
        procd_open_instance                                       
        procd_set_param command /usr/sbin/rpc.gssd -f -p $PIPEFS_D
        procd_close_instance
}
                   
service_stopped() {
                                           
        grep -q $PIPEFS_D /proc/mounts && \
          umount $PIPEFS_D
}


 
 
/etc/init.d/rpc.svcgssd
--------------------------------------------------------------------------------
#!/bin/sh /etc/rc.common

# the enabled init noscripts are sorted alphabetically, so 990 starts after 99
START=990
STOP=59

USE_PROCD=1

start_service() {                     
        procd_open_instance     
        procd_set_param command /usr/sbin/rpc.svcgssd -f          
        procd_close_instance                                      
}

So what do we learn from all of this? openWRT is a router OS. Use Debian instead

Alright. So I wasn't able to write to my kerberized nfsv4 share. Guess why? Because even more things weren't included in openWRT's build of nfs. With nfsv4 and kerberos, no_all_squash has no effect, there is always some user ID mapping going on with the help of libnfsidmap and the rpc.idmapd daemon. After including those in the package, I'm now stuck here ..

Here are the modified Makefiles and the needed init noscripts. Except it doesn't work because of that bad binary.

Okay, I have given up on openWRT (as you probably guessed already). Time to install Gentoo Debian

There is a ready made rootfs and kernel available here:
https://forum.doozan.com/read.php?2,12096
Which includes a patch set that provides device trees for various NAS devices as well as the odd code patch needed to get things going on this or that device. This is being maintained by Tony Dinh (bodhi).

However, I'll build my own kernel.

Since I already have a working openWRT system, I'll build from there.

In the openWRT build environment, I do:

make menuconfig

    Administration ->
        [M] debian-archive-keyring
        [M] debootstrap
    Utilities ->
        Encryption ->
            [M] gpgv

That should pull in those dependencies:
Development ->
[M] ar
Utilities ->
Compression ->
[M] xz-utils
[M] coreutils ->
[M] coreutils-chroot
[M] coreutils-sha1sum
gpgv should be a requirement and pulled in automatically, but it isn't. openWRT things.

I also enabled:
Utilities ->
Compression ->
[M] bzip2
[M] gzip

Hit make -j$((2*$(nproc))). The package files can then be found in build_dir/target-arm_xscale_musl_eabi/openwrt-imagebuilder-kirkwood.Linux-x86_64/packages:

scp debian-archive-keyring* xz* liblzma* base-files* libbfd* ar* coretuils* debootstrap* libbz2* bzip2* gzip* libexpat* libarchive* libdevmapper* libreadline* gpgv* root@mininas:/root

and then just do an

opkg install *ipk

I left space on my SSD (had a hunch I gonna need it). While formatting make sure you disable lazy initialization (I heard it can throw off uboot):

mkfs.ext4 -E lazy_itable_init=0 -L rootfs /dev/sda2

The Marvell 88F6282 SoC in this NAS has an ARMv5TE CPU core. Debian still supports 5T with its ARM EABI (armel) port.

Mount the new file system somewhere

mkdir /mnt/rootfs
mount /dev/sda2 /mnt/rootfs

And kick off the bootstrap

debootstrap --verbose --arch armel bullseye /mnt/rootfs/ http://ftp.de.debian.org/debian

You don't need to bootstrap from within an ARM system. You could also crossbootstrap, when you mount the partition with a PC. See https://wiki.debian.org/EmDebian/CrossDebootstrap

Now, enter the chroot environment:
mount -t proc none /mnt/rootfs/proc/
mount -o bind /dev /mnt/rootfs/dev
mount -t devpts devpts /mnt/rootfs/dev/pts

chroot /mnt/rootfs /bin/bash --login

Set your local, install your needed goodies, set the root password, install ssh and enable root login.

apt install locales
dpkg-reconfigure locales

apt install vim zsh screen
apt install ssh

vim /etc/ssh/sshd_config:
    PermitRootLogin yes

passwd
systemctl enable ssh

You can exit the chroot by hitting CTRL+D or with exit