Setting up optware feed

From WebOS Internals
Revision as of 09:02, 16 August 2010 by RodWhitby (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The new, automated setup of Optware and users can be found here.


Manual Setup of Optware, Users and Access

After you have gained initial access to linux on your Pre, you will want to install a secure access mechanism for use in the future. There are several steps you should take immediately:

  • Install the Optware package manager so that you can install software onto the Pre. The Optware package feed gives access to over 1300 prebuilt command-line packages for the Pre, and does so without causing conflicts with the built-in Palm package manager.
  • Create a new username and password so that you don't need to connect to the Pre as root. This provides an extra layer of security for your Pre. Our secure access mechanism by default does not allow direct root password login (however you can log in as root using secure ssh access keys).
  • Configure a secure firewall so that your Pre is not open to everyone in the universe, but can still be accessed securely by you. **If you do not secure the network, your device will be accessible by anyone on the internet until it is rebooted.**

Note: If you are using the Palm Emulator you don't need to follow these steps to get ssh installed. The emulator is already running a ssh server (dropbear) on that you can connect to on localhost 5522. The optware/cs08q1armel feed is built for the ARM arch, but the emulator is actually a build of the palm pre software for x86, and optware/i686g25 is the correct feed (replace cs08q1armel with i686g25 for emulator).


This page assumes that you have just finished the procedure on the Accessing Linux page, and are still logged in as root via telnet, novaterm, or novaproxy.

If you have never used Linux before please look at Basic Linux Use to get an idea of linux usage before proceeding.

Setting up ipkg-opt to access the Optware package feed

ipkg-opt is a self contained version of ipkg that only touches files under /opt, which means it will not interfere with the built-in ipkg from Palm. We want to do this to avoid potential issues with Palm's update process.

* Procedure

* 1. Make the root filesystem writeable, so that we may make some minimal changes to it:

rootfs_open -w

* 2. Create a place to put Optware's ipkg.

This step has been split into two different ways. You can do the simple method (easier, safer, recommended) in 2a or the advanced way (not recommended for faint of heart and may break when Palm does an OTA upgrade) in 2b.

* 2a. Create your new opt directory in /var, and arrange for it to be mounted at boot:

mkdir /var/opt
mkdir /opt
mount -o bind /var/opt /opt
echo '/var/opt /opt bind defaults,bind 0 0' >>/etc/fstab

* 2b. Alternatively, you can resize an existing LVM volume and create a new one specifically for the new packages. See [[[alt-optmedia]]] for this alternative method.

* 3. Get the ipkg-opt package from the Optware package feed:

cd /tmp

Note: If the above step is failing with a "wget: bad address" error and you are on a mac, you made a mistake by selecting USB on step 8 of the OS X Accessing Linux via USB cable page. To recover: on your mac, eject the pre drive, then unplug the USB cable and plug it back in. Don't select anyting (or select "Just Charge" if not selecting anything really bothers you). Now repeat step 3 above.

* 4. Manually unpack the package (do *not* use the built-in ipkg command for this):

mkdir /tmp/ipkg
cd /tmp/ipkg
tar xvzf ../ipkg-opt_0.99.163-10_arm.ipk

* 5. Unpack the contents of data.tar.gz into your /opt directory, starting at the root directory (the filenames in data.tar.gz start with ./opt/...):

cd /
tar xvzf /tmp/ipkg/data.tar.gz

* 6. Clean up the files we temporarily placed in /tmp:

rm /tmp/ipkg-opt_0.99.163-10_arm.ipk
rm -rf /tmp/ipkg

* 7. Configure the Optware feeds:

Please note that the second line has one > while the third and fourth lines have two.

mkdir -p /opt/etc/ipkg
echo "src/gz cross" > /opt/etc/ipkg/optware.conf
echo "src/gz native" >> /opt/etc/ipkg/optware.conf
echo "src/gz kernel" >> /opt/etc/ipkg/optware.conf

* 8. For the root shell session that you're using ipkg-opt, add /opt/bin to the front of your PATH

export PATH=/opt/bin:$PATH

* 9. Update the Optware package database:

ipkg-opt update

* 10. Arrange for /opt/bin and /opt/sbin (when root) to be on your $PATH

mkdir /etc/profile.d/
cd /etc/profile.d/

Create an unprivileged user account to be used when logging in:

In the code below, change "preuser" to your prefered login name. You will be creating a variable called "MYUSER" in the first line. From that point on do _not_ type your username, type $MYUSER as it says in the code blocks.

export MYUSER=preuser  # You should change "preuser" to something else (your preferred username)...
adduser -h /var/home/$MYUSER $MYUSER # You'll be asked to set your password here.

If the Pre complains that your password is weak, then you should really use a more secure password. If you specifically wish to have weak password, just repeat it to confirm and it will take it. It does not reject weak passwords, it just warns about them. Remember that your Pre will contain your personal information, so you really do want a strong secure password.

Enable a method for your new unprivileged user account to gain root privileges.

Install the sudo package and then configure sudo to allow your newly created user to run commands as the root user. This method of running commands with root privileges has been made popular by Ubuntu.

# install portion
ipkg-opt install sudo
# configure portion
chmod 640 /opt/etc/sudoers
echo "$MYUSER ALL=(ALL) ALL" >> /opt/etc/sudoers
chmod 440 /opt/etc/sudoers

Now to run commands with root privileges when logged in as you new unprivileged user, simply run sudo the_command. When prompted for a password, enter the password for your new user.

Install a secure method to connect to the Pre

Telnet is unencrypted and unsecure. Anyone watching the packets going past can get your username and password. This is "bad". Therefore, you want to immediately create a secure method to attach to the Pre. There are two alternatives:

  • The dropbear package is lightweight, fully featured and simple to install. It provides an SSH connection to the Pre.
  • The openSSH package does the same and is well understood by many linux users, but uses twice as much memory as dropbear when running.

These links take you to pages for each of those installs. At the bottom, they link back to this point.

Dropbear Install

OpenSSH Install

Optionally install USBnet

USBnet allows you to create an IP network over the USB cable. This will allow you to talk to your Pre without WiFi or Bluetooh, and it keeps the battery charged.

USBnet Setup

Disable Developer Mode (Recommended)

Once you have verified that ssh access is enabled and working, you should turn off Developer mode.

Where to go from here: