SOURCEMAGE GNU/LINUX POST-INSTALL

assuming you got the XEN guest up and running already

POST-INSTALL

original motd says

 - remove vendor sshd keys: `rm -f /etc/ssh/ssh_host_*`
 - and rebuild openssh to generate your own: `cast -c openssh`
 - configure architecture-optimization settings: `sorcery`
 - run `sorcery -r` to rebuild all spells
 - run `cat /dev/null > /etc/motd` to remove this annoying TODO ;^)

which not that a bad idea, so let’s proceed.

Did the init depmod -a?

uname -r
ls -lF /lib/modules/5.2.14.domureiser4/modules.dep

We don’t need those

telinit disable hwclock.sh
telinit disable fuse

All optimizations in da place

sorcery --> Option --> Optimize Architecture

o
o

No ping available yet

#telinit run network restart
wget -qO - http://nethence.com/ | head

Deploy a decent editor and minimal network tools

cast -c sysfsutils #libsysfs.h required by iputils-base
cast -c elvis net-tools iputils-base
#git dhcpcd nvi vi

(0) trash /etc/profile.d/editor.sh and install over it

dispel nano #nano is sustained.  WHAT?

Switch to LibreSSL

mv /etc/ssl/certs/ /etc/ssl/certs.dist/
cast -c libressl #to be used by openssh^^
diff -rbu /etc/ssl/certs.dist/ /etc/ssl/certs/
#update-ca-certificates

and deploy OpenSSH against it

ls -lF /etc/ssh/ssh_host_*
ps auxww | grep ssh
rm -f /etc/ssh/ssh_host_*

cast -c openssh
#telinit run sshd start

#cat ~/.ssh/id_ed25519.pub
mkdir /root/.ssh/
cat > /root/.ssh/authorized_keys <<EOF
...
EOF
chmod 700 /root/.ssh/
chmod 600 /root/.ssh/authorized_keys

Finish-up

cat /dev/null > /etc/motd
updatedb
history -c
poweroff

REMARKS

Pros

• funny old-school SysV-style init
• interfaces(5)
• NSCD is a nice thing to have enabled by default

Cons

• no dhclient nor dhcpcd in the base image
• no ping command in the base image
• nano is default shell WTF

TOFIX

• sysfsutils required by iputils-base

RESOURCES

Source Mage documentation https://sourcemage.org/Docs

Source Mage init system design https://sourcemage.org/Init

/etc/ssl/certs/

[Buildroot] [PATCH 11/13] ca-certificates: fix installation against libressl http://lists.busybox.net/pipermail/buildroot/2017-October/204772.html

[11/13] ca-certificates: fix installation against libressl https://patchwork.ozlabs.org/patch/827416/

OBSOLETE (v0.62)

cp -pi /usr/sbin/update-ca-certificates /usr/sbin/update-ca-certificates.dist
vi /usr/sbin/update-ca-certificates

:%s/c_rehash/openssl certhash/g