なんとか、ちゃんとブートするCFイメージが作れるようになったので、次はカーネルや、インストールされるツールから出来る限り不要なものを削ったものを作ります。
CFは4GBの大きさがあるので、容量的にはいろいろ削る必要性は無いのですが、セキュリティ上のリスクを軽減したり、実メモリを有効活用するりはカーネルやインストールされるツールを削減する必要があると思って、出来る限りスリムなイメージファイルを作ることにしました。
今回使ったカーネルコンフィグファイルは以下の通り。
cpu I586_CPU
cpu I686_CPU
options CPU_GEODE
ident ALIX3D3
options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty)
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
options FLOWTABLE # per-cpu routing cache
# CPU frequency control
device cpufreq
# Bus support.
device pci
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device kbdmux # keyboard multiplexer
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Power management support (see NOTES for more options)
device apm
device apm_saver
# Add suspend/resume support for the i8254.
device pmtimer
# Serial (COM) ports
device uart # Generic UART driver
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device vr # VIA Rhine, Rhine II
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device tun # Packet tunnel.
device pty # BSD-style compatibility pseudo ttys
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
device uhid # "Human Interface Devices"
device ukbd # Keyboard
そして、NanoBSDのBuildに使ったコンフィグファイルは以下の通り。
NANO_NAME=alix3d3
NANO_KERNEL=ALIX3D3
NANO_MEDIASIZE=7835184
NANO_HEADS=16
NANO_SECTS=63
NANO_BOOT0CFG="-o nopacket -s 1 -m 3"
NANO_BOOTLOADER="boot/boot0"
CONF_WORLD='
WITHOUT_ACCT=YES
WITHOUT_ACPI=YES
WITHOUT_AMD=YES
WITHOUT_ATM=YES
WITHOUT_BLUETOOTH=YES
WITHOUT_CALENDAR=YES
WITHOUT_CTM=YES
WITHOUT_CVS=YES
WITHOUT_DICT=YES
WITHOUT_EXAMPLES=YES
WITHOUT_FLOPPY=YES
WITHOUT_FREEBSD_UPDATE=YES
WITHOUT_GAMES=YES
WITHOUT_GCOV=YES
WITHOUT_GDB=YES
WITHOUT_GPIB=YES
WITHOUT_GROFF=YES
WITHOUT_HTML=YES
WITHOUT_INFO=YES
WITHOUT_IPFILTER=YES
WITHOUT_IPFW=YES
WITHOUT_IPX=YES
WITHOUT_IPX_SUPPORT=YES
WITHOUT_NCP=YES
WITHOUT_LOCALES=YES
WITHOUT_LOCATE=YES
WITHOUT_LPR=YES
WITHOUT_MAIL=YES
WITHOUT_MAILWRAPPER=YES
WITHOUT_SENDMAIL=YES
WITHOUT_MAKE=YES
WITHOUT_MAN=YES
WITHOUT_NDIS=YES
WITHOUT_NETCAT=YES
WITHOUT_NETGRAPH=YES
WITHOUT_NETGRAPH_SUPPORT=YES
WITHOUT_NIS=YES
WITHOUT_OBJC=YES
WITHOUT_PF=YES
WITHOUT_AUTHPF=YES
WITHOUT_PKGTOOLS=YES
WITHOUT_PORTSNAP=YES
WITHOUT_PPP=YES
WITHOUT_PROFILE=YES
WITHOUT_QUOTAS=YES
WITHOUT_RCS=YES
WITHOUT_ROUTED=YES
WITHOUT_SHAREDOCS=YES
WITHOUT_SYSINSTALL=YES
WITHOUT_WIRELESS=YES
WITHOUT_WIRELESS_SUPPORT=YES
WITHOUT_ZFS=YES
'
CONF_INSTALL='
WITHOUT_CXX=YES
WITHOUT_TOOLCHAIN=YES
WITHOUT_INSTALLLIB=YES
'
customize_cmd cust_install_files
0 件のコメント:
コメントを投稿