{"id":21,"date":"2006-11-03T11:29:03","date_gmt":"2006-11-03T10:29:03","guid":{"rendered":"\/Blog\/?p=21"},"modified":"2011-03-15T13:56:46","modified_gmt":"2011-03-15T12:56:46","slug":"debian-gnulinux-on-the-pc-engines-wrap","status":"publish","type":"post","link":"https:\/\/seegras.discordia.ch\/Blog\/debian-gnulinux-on-the-pc-engines-wrap\/","title":{"rendered":"Debian GNU\/Linux on the PC Engines WRAP"},"content":{"rendered":"<p>I finally decided to replace my Firewall, an UltraSparc 5 running Linux with something which is smaller, consumes less energy and produces less noise. I cam upon the <a href=\"http:\/\/www.pcengines.ch\/wrap.htm\">PC Engines WRAP<\/a> which is with 15x15x2cm considerably smaller than the Sparc. It has a serial port, three ethernet-ports and runs its OS from a Compact Flash II Card. <\/p>\n<p>There&#8217;s a tutorial on <a href=\"http:\/\/www.debian-administration.org\/articles\/179\">Installing Debian on a USB flash<\/a> with everything encrypted. After a first try, I decided to leave out the &#8220;encrypted&#8221; part, its complicated and I have no decent way of entering any passwords at boot. <\/p>\n<p>For the WRAP, there some things which differ from some USB-media wich you have to take care of: <\/p>\n<p>There is no real-time clock. Therefore you need to turn off the filesystem-check by time gone unchecked:<br \/>\n<code><br \/>\ntune2fs -i 0 \/dev\/whatever<br \/>\n<\/code><\/p>\n<p>Clock-source should be pit or jiffies, with scx200_hrt I got me a running clock of a one-minute deviation per second.<br \/>\n<code><br \/>\necho pit jiffies > \/sys\/devices\/system \\<br \/>\n\/clocksource\/clocksource0\/current_clocksource<br \/>\n<\/code><\/p>\n<p>You want to minimize writes on the Flash, thus you best put \/var\/lock, \/var\/tmp, \/var\/run and \/tmp onto a tmpfs, as described in the above tutorial. <\/p>\n<p>The Kernel sometimes is a bit too verbose, this will fix that:<br \/>\n<code><br \/>\necho 5 > \/proc\/sys\/kernel\/printk<br \/>\n<\/code><\/p>\n<p>It&#8217;s also slow, and the new apt feature to download diffs of the package-indices does heavily use disk and cpu to save bandwidth. Not a good idea in this case. Turn it off in \/etc\/apt\/apt.conf:<br \/>\n<code><br \/>\nAcquire<br \/>\n{<br \/>\n    Pdiffs \"false\";<br \/>\n};<br \/>\n<\/code><\/p>\n<p>Finally, you might want a kernel which does only that which is needed, loads no modules (which puts the brake on some rootkits which want to install themselves as kernel-modules). You can try and err, but as it happens, somebody else (me) already did, so heres the <a href=\"\/Programs\/wrap-dot.config\">.config for a pc engines WRAP<\/a>, kernel 2.6.18 with the <a href=\"http:\/\/grsecurity.net\/\">grsecurity<\/a> kernel patch. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>I finally decided to replace my Firewall, an UltraSparc 5 running Linux with something which is smaller, consumes less energy and produces less noise. I cam upon the PC Engines WRAP which is with 15x15x2cm considerably smaller than the Sparc. It has a serial port, three ethernet-ports and runs its OS from a Compact Flash [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,93],"tags":[],"class_list":["post-21","post","type-post","status-publish","format-standard","hentry","category-computers","category-terminal"],"_links":{"self":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/21","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/comments?post=21"}],"version-history":[{"count":1,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/21\/revisions"}],"predecessor-version":[{"id":364,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/21\/revisions\/364"}],"wp:attachment":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/media?parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/categories?post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/tags?post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}