SheevaPlug as a tiny Linux server

CHECK

Managing the NAND Flash memory

Hardware infos

Check "dmesg" for NAND-related infos

cat /proc/mtd

dev:    size   erasesize  name

mtd0: 00100000 00020000 "u-boot"

mtd1: 00400000 00020000 "uImage"

mtd2: 1fb00000 00020000 "root"

mtd-utils package

/usr/sbin/doc_loadbios

/usr/sbin/docfdisk

/usr/sbin/flash_erase

/usr/sbin/flash_eraseall

/usr/sbin/flash_lock

/usr/sbin/flash_otp_dump

/usr/sbin/flash_otp_info

/usr/sbin/flash_otp_lock

/usr/sbin/flash_otp_write

/usr/sbin/flash_unlock

/usr/sbin/flashcp

/usr/sbin/ftl_check

/usr/sbin/ftl_format

/usr/sbin/jffs2dump

/usr/sbin/jffs2reader

/usr/sbin/mkfs.jffs2

/usr/sbin/mkfs.ubifs

/usr/sbin/mtd_debug

/usr/sbin/mtdinfo

/usr/sbin/mtdpart

/usr/sbin/nanddump

/usr/sbin/nandtest

/usr/sbin/nandwrite

/usr/sbin/nftl_format

/usr/sbin/nftldump

/usr/sbin/recv_image

/usr/sbin/rfddump

/usr/sbin/rfdformat

/usr/sbin/serve_image

/usr/sbin/sumtool

/usr/sbin/ubiattach

/usr/sbin/ubiblock

/usr/sbin/ubicrc32

/usr/sbin/ubidetach

/usr/sbin/ubiformat

/usr/sbin/ubimkvol

/usr/sbin/ubinfo

/usr/sbin/ubinize

/usr/sbin/ubirename

/usr/sbin/ubirmvol

/usr/sbin/ubirsvol

/usr/sbin/ubiupdatevol

 

Nand errors

[Thu Jul 26 13:16:59 2018] ntfs: driver 2.1.32 [Flags: R/O MODULE].

[Thu Jul 26 13:16:59 2018] ntfs: (device mmcblk0p1): is_boot_sector_ntfs(): Invalid boot sector checksum.

[Thu Jul 26 13:16:59 2018] ntfs: (device mmcblk0p1): read_ntfs_boot_sector(): Primary boot sector is invalid.

[Thu Jul 26 13:16:59 2018] ntfs: (device mmcblk0p1): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover.

[Thu Jul 26 13:16:59 2018] ntfs: (device mmcblk0p1): ntfs_fill_super(): Not an NTFS volume.

[Thu Jul 26 13:17:18 2018] FAT-fs (mmcblk0p1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] blk_update_request: I/O error, dev mtdblock0, sector 8

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] blk_update_request: I/O error, dev mtdblock0, sector 8

[Thu Jul 26 13:19:01 2018] Buffer I/O error on dev mtdblock0, logical block 1, async page read

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] blk_update_request: I/O error, dev mtdblock1, sector 8064

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] blk_update_request: I/O error, dev mtdblock1, sector 8064

[Thu Jul 26 13:19:01 2018] Buffer I/O error on dev mtdblock1, logical block 1008, async page read

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] blk_update_request: I/O error, dev mtdblock2, sector 0

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] __nand_correct_data: uncorrectable ECC error

[Thu Jul 26 13:19:01 2018] blk_update_request: I/O error, dev mtdblock2, sector 0

[Thu Jul 26 13:19:01 2018] Buffer I/O error on dev mtdblock2, logical block 0, async page read

USB keydrive fails

Consider getting an SSD and a SATA-to-USB adapter

Why can't start nmbd at boot time?

vim 8.0.707

- still prints letters when using the keypad!

Also through SSH, or just through COM?

- keeps text selected even when moving mouse

Introduction

The SheevaPlug (I used the 003-SP1001) is a tiny "walwart" Linux appliance based on the Kirkwood SoC with an ARM embedded Marvell Sheeva (88F6281, ARM9E ARMv5TE;  "E" processors include DSP instructions; Sometimes referenced as ARMv5TEL) CPU core running at 1.2Ghz.

As of September 2009, the SheevaPlug that ships with the SDK has 512MB RAM and 512M flash memory, an Ethernet connector, a mini-USB 2.0 plug and an SD slot so you can have more storage space.

As of 2010, the SheevaPlug part of the Development Kit ships with Ubuntu 9.04 pre-installed ("Ubuntu 9.10 Karmic Koala is not going to work on the sheevaplug because as of Karmic, Ubuntu builds with ARMv6+VFP instructions (and as of 10.04 with ARMv7 instructions), which the ARMv5TE processor on the sheevaplug can't do." source) You should upgrade to Debian (or Android, for the more adventurous.)

The PogoPlug is the first commercial version of the SheevaPlug. It only has 256M RAM, doesn't have the USB and SD ports, and its software is proprietary (OpenPogo is an open-source alternative.)

Note to European users: Instead of ordering it in the US through Globalscale Technologies, the Sheevaplug can be bought directly in Europe through New IT, its exclusive distributor (as of June 2010.)

Managing Uboot and Linux

As the SheevaPlug originally ships with Ubuntu which no longer supports the ARM processor used in this device, the only way to keep it up-to-date is to migrate from Ubuntu to Debian (or some other OS that supports that processor).

Upgrading Uboot

If you are using the Marvell version of Uboot, you need to upgrade it before upgrading to Debian. Based on Martin Michlmayr's Upgrading SheevaPlug's U-Boot:

  1. Connect both the Plug and a host PC to a LAN
  2. Connect the Plug to a computer through its mini-USB port, and log on to it. On Windows, you can use Putty to connect to the USB COM port (Use Device Manager to find the right COM port)
  3. If the Plug is waiting at the Linux prompt, type "reboot", let it reboot, and hit the ESC key to prevent Uboot from booting Linux
  4. Once at the "Marvell>" prompt, type "version". Mine said "U-Boot 1.1.4 (Mar 19 2009 - 16:06:59) Marvell version: 3.4.16"
  5. Type "print ethaddr" and write down the Plug's Ethernet address
  6. It's safer to upgrade through TFTP rather than a USB stick. For Windows users, use Tftpd32
  7. Download the latest Uboot u-boot.kwb, copy this file in the TFTP server's directory, and launch the TFTP server
  8. On the Plug, type the following commands:

    # IP of your TFTP server
    setenv serverip 192.168.0.1
    # Plug's IP address
    setenv ipaddr 192.168.0.10

    print env

    #Download the u-boot.kwb file, and copy it into RAM at this location
    tftpboot 0x0800000 u-boot.kwb

    #Erase NAND between 0x0 and 0x60000
    nand erase 0x0 0x60000

    #Here, we copy the Uboot code from RAM to the NAND memory
    nand write 0x0800000 0x0 0x60000

    reset

  9. At the next reboot, hit the ESC key again, and type:

    setenv ethaddr 00:50:43:01:69:B7 # Type your Plug's MAC address
    saveenv

    reset
     
  10. Finally, at the next reboot, hit the ESC key again, and type:

    #Check that Uboot was successfully upgraded to 2011.12
    version

Installing Debian on a USB keydrive

Here's the procedure as explained in Matthias Blaicher's Installing Debian on a Sheevaplug into Flash:

  1. The Plug and the remote computer must be connected through the LAN, and the remote computer must be running a TFTP server; Internet access is required this time, as the installer will download files from the Net
  2. From this page, download Martin Michlmayr's installer (uImage and uInitrd), and put those two files in the TFTP server's directory. Make sure to use the latest and greatest, as older distros might be removed from mirrors
  3. Connect to the Plug through its mini-USB port using eg. Putty, reboot the unit, and hit ESC to get the Uboot prompt
  4. Type those commands:

    # TFTP server IP
    setenv serverip 192.168.0.12
    # Plug IP
    setenv ipaddr 192.168.0.15

    #Download uImage at RAM location 0x00800000
    tftpboot 0x00800000 uImage
    #Download uInitrd at RAM location 0x01100000
    tftpboot 0x01100000 uInitrd

  5. Next, let's launch the installer:

    setenv bootargs console=ttyS0,115200n8 base-installer/initramfs-tools/driver-policy=most
    #Run uImage and uInitrd
    bootm 0x00800000 0x01100000
     
  6. Follow the on-screen instrutions to install Debian on an empty USB keydrive, and let the installer download stuff from the Net. When you get to the final screen ("Finish the installation"), let it reboot, and check that you can log on as the root account you created
  7. Next, reboot, and hit ESC to get into Uboot
  8. Here's how to tell u-boot to boot Debian automatically from the USB keydrive:

    setenv bootargs_console console=ttyS0,115200
    setenv bootcmd_usb 'usb start; ext2load usb 0:1 0x00800000 /uImage; ext2load usb 0:1 0x01100000 /uInitrd'
    setenv bootcmd 'setenv bootargs $(bootargs_console); run bootcmd_usb; bootm 0x00800000 0x01100000'
    saveenv
    run bootcmd
     
  9. At the Debian prompt, log on again with the root account you created while in the installer
  10. If need be, install and start SSH
  11. From a remote host, connect through SSH over Ethernet.

Upgrading Debian

Upgrading from Debian 7 to Debian 9

Since Debian 7 only offers Samba 3 which is nearing its EOL and Debian 7 is getting old… I figured I should upgrade to the latest and greatest. It is recommended to proceed by steps, ie. upgrading to Debian 8, and then from 8 to 9.

Infos
root@sheevaplug:~# uname -a
Linux sheevaplug 3.2.0-4-kirkwood #1 Debian 3.2.89-2 armv5tel GNU/Linux
 
root@sheevaplug:~# cat /etc/debian_version
7.11
 
root@sheevaplug:~# smbd -V
Version 3.6.6
 
root@sheevaplug:~# cat /etc/apt/sources.list
# deb http://ftp.fr.debian.org/debian/ wheezy main
deb http://ftp.fr.debian.org/debian/ wheezy main
deb-src http://ftp.fr.debian.org/debian/ wheezy main
deb http://security.debian.org/ wheezy/updates main
deb-src http://security.debian.org/ wheezy/updates main
# wheezy-updates, previously known as 'volatile'
deb http://ftp.fr.debian.org/debian/ wheezy-updates main
deb-src http://ftp.fr.debian.org/debian/ wheezy-updates main
Files to backup

 

Procedure

Upgrading the kernel

To upgrade the kernel, simply run "apt-get update && apt-get upgrade", connect to the Sheevaplug through the mini-USB port and a serial terminal emulator, and type "reboot". You should then be running the latest and greatest.

You can also connect through SSH, hit "reboot", wait for the new kernel to start, and reconnect: If you can't connect, connect in Serial mode, and investigate.

Run "uname -a" to check that you are indeed running the latest release.

Installing Debian in NAND + SD card

LATER

Here's how to install a fresh SD card, install Debian into the 512MB NAND flash memory, install user writable files in the SD card, and configure Linux to put temporary files in RAM to reduce wear on the NAND and SD card:

How to partition MTD to hold Uboot, and Debian?

How to partition SD card?

How to configure Debian so that files in NAND are read-only (except during upgrades), temporary files lives in RAM or SD card, and user files are located on SD card?

How to check health of NAND and SD card?

Upgrading from Ubuntu to Debian

Debian installer does not support installation to MTD.  You must first install Debian on a USB stick or an SD card before copying the contents of the USB stick/SD card into the NAND memory.

First, install Debian onto a USB keydrive as explained above. Next, copy the system onto the NAND flash memory:

  1. Format the NAND flash memory as ubifs:

    apt-get install mtd-utils

    ubiformat /dev/mtd2 -s 512
    ubiattach /dev/ubi_ctrl -m 2
    ubimkvol /dev/ubi0 -N rootfs -m
    mount -t ubifs ubi0:rootfs /mnt
     
  2. Copy Debian from the USB stick into the NAND:

    mkdir /tmp/rootfs
    mount -o bind / /tmp/rootfs/
    cp -a /tmp/rootfs/* /mnt/
    cp -a /boot /mnt/
     
  3. cd /mnt/etc ; mv fstab fstab.orig ; vi fstab

    # /etc/fstab: static file system information.
    #
    # Use 'blkid' to print the universally unique identifier for a
    # device; this may be used with UUID= as a more robust way to name devices
    # that works even if disks are added and removed. See fstab(5).
    #
    # <file system> <mount point>   <type>  <options>       <dump>  <pass>
    proc            /proc           proc    defaults        0       0
    ubi0:rootfs  /               ubifs   defaults,noatime,rw                    0 0
    tmpfs      /var/run        tmpfs   size=1M,rw,nosuid,mode=0755              0 0
    tmpfs      /var/lock       tmpfs   size=1M,rw,noexec,nosuid,nodev,mode=1777 0 0
    tmpfs      /tmp            tmpfs   defaults,nosuid,nodev                    0 0
     
  4. Finally, reboot, get into Uboot, unplug the USB stick, and configure it to boot from the NAND:

    # Set uboot to boot from ubi
    setenv mtdids nand0=orion_nand

    setenv mtdparts mtdparts=orion_nand:0xa0000@0x0(u-boot),0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs)
    setenv bootargs_ubi 'console=ttyS0,115200 ubi.mtd=2 root=ubi0:rootfs rootfstype=ubifs'

    setenv bootcmd_ubi 'ubi part nand0,2; ubifsmount rootfs; ubifsload 0x1100000 /boot/uInitrd; ubifsload 0x800000 /boot/uImage'

    setenv bootcmd 'setenv bootargs $(bootargs_ubi); run bootcmd_ubi; bootm 0x00800000 0x01100000'

    saveenv

    reset

You should know be a happy Debian 6.0 user.

Installing Debian on an SD card

NOT RECOMMENDED: BETTER USE A USB KEYDRIVE

On the Sheevaplug, install a tested and reliable SD card in the slot

On an external host, install a TFTP server and the two following files

Connect the external host to the Sheevaplug through the mini-USB port, and connect to it with a terminal emulator (eg. for Windows: Putty)

Use a pin to restart the Sheevaplug (The reset hole is on the right of the SD slot), and, before Uboot starts the current OS, hit any key when you see the Uboot prompt

Type the following commands to tell Uboot to download the two files from the external host:

Launch the Debian installer:

Once Debian is installed on the SD, type "reboot" and hit any key when you see the Uboot prompt

Run the following command to save the boot code to ????

Running fsck on the USB keydrive

By moving the USB to a remote Linux host

  1. Log onto the Sheevaplug as root through the COM port
  2. Hit "reboot"
  3. Hit the ESC key to prevent UBoot from booting Linux
  4. Remove the USB keydrive, and plug it into a Linux host
  5. Run fsck
  6. Plug the USB keydrive back onto the Sheevaplug, and restart the appliance by typing "boot" in UBoot, or hitting Reset with a pin

By aborting the Debian installer

BAD ! STOCK Busybox contains no fsck, and found no way to download additional software without partitioning disk

"There's a menu item to "install more installer components" or something like that.

Use that to install e2fsprogs-udeb

https://packages.debian.org/stretch/e2fsprogs-udeb"

"Go back"

NO Download installer components

NO Configure the package manager

NO Select and install software

  1. Follow the instructions in the "Installing Debian on a USB keydrive" section above to provide the Sheevaplug with a Linux image through a TFTP server.
  2. Connect to the Sheevaplug through the COM port
  3. Run "fdisk -l" and note down the list of partitions that live on the keydrive
  4. Type "reboot", and then hit the ESC key to prevent UBoot from loading Linux from the keydrive
  5. BAD !!!! Download and launch the Linux image from the TFTP server using the instructions above. Just navigate the install UI to run a command ("Go back" > "Execute a shell")
  6. To perform a file check, just run "fsck /dev/s?" on each partition. To avoid having to answer "yes" for every repair, you can add the "-y" switch
  7. Hit "reboot", and let UBoot load Linux off the USB keydrive.

Preserving NAND

To reduce the number of writes to the NAND memory

www.plugcomputer.org/plugwiki/index.php/Reduce_Flash_Writes

Move root filesystem to SDHC card

"By default, the SheevaPlug has 512MB of NAND flash memory for storage, and 512MB or RAM. When you boot your plug from NAND it copies the necessary files to a RAM disk (a virtual disk on RAM which disappears when the plug is powered off). If I understand correctly, this will in effect reduce the available RAM since some of it is used by the file system."

http://theblawblog.wordpress.com/2009/04/18/turning-my-sheevaplug-into-a-web-server/

Updating to the latest Ubuntu version

Important: Ubuntu 9.04 is the last version that will run on the SP because later editions of ARM Ubuntu are compiled in such a way as to be incompatible with the SP ("Ubuntu no longer supports the ARMv5 line of processors"), so upgrading to a more recent Linux release requires moving to a different distro. Debian seems to be the favorite distro to move from Ubuntu, although other distros can run (Gentoo, Fedora, etc.).

Alternative Debian install

The alternative Debian install method: "The script is a method of building your own SheevaInstaller or EISA root filesystem image based on the latest files from the Debian repository. To deploy it, you need to use sheeva installer or EISA "

  1. Installed Ubuntu on PC
  2. Plugged empty USB stick into PC. Make sure it's not mounted, check its drive name ("fdisk -l"), format it
  3. mkfs -t vfat /dev/sdb1 ; mount /dev/sdb1 /mnt/usb
  4. tar.gz the script + ./debian sub-directory, and copy archive to USB stick
  5. Unplug stick, and plug it into the SheevaPlug
  6. SSH into the Plug, untar the archive into /tmp (NOT ANY FASTER!), and run the Debian.sh script. Will install "binutils debootstrap wget"
  7. Once the script is done, install the Sheevaplug Installer

I didn't actually go further since the procedure above worked.

SheevaPlug Installer 1.0

Sheevaplug installer - version 1.0

Sheevaplug installer 1.0 (last updated 2009)

Lots of people have problems running either runme.php (Linux) or runme.exe (Windows). Didn't try the SP Installer.

Easy Plug Computer Installer (ESIA) 2.0.5

New QT based installer: Easy Plug Computer Installer (ESIA)

Easy Plug Computer Installer (ESIA). Discontinued. QT-based, Windows appplication.

  1. On a Windows host, connect the Sheevaplug through its mini-USB port
  2. Still on the Windows host, download and install ESIA
  3. When LibUSB runs the post-install test, make sure it detects "SheevaPlug JTAGKey FT2232D B"
  4. ESIA says "New Device: The device information is not available. Please turn this device off and again on". Closed ESIA, rebooted Sheevaplug: Same result. I can successfully connect to the Plug through Putty and the USB COM 6 port, however. Tried from other XPSP3 host (do not install when prompted by Windows): Device not detected
  5. Tried from W7 host: Test empty (No device found whatsoever). Gave up.

Update Globalscale Ubuntu to Squeeze on NAND

Didn't try but could be useful:

www.plugcomputer.org/plugforum/index.php?topic=6177.0

Getting Started

Connecting to the SheevaPlug

Important: If the blue LED on top, next to the green LED, doesn't light up, the unit could have a faulty power supply, and you won't be able to connect to it. If you know enough about electronics, you can replace the faulty capacitors yourself, and if not, order a new PSU from either GlobalScale (USA) or NewIT (UK). More information here and here, and in "How to replace AD-DC power supply module for SheevaPlug" (with hands-on infos).

Windows

Connect the USB key to Windows, and let P'nP do its thing. If you need drivers, here they are (alternative here and here) and more information. Also, here's a howto on connecting to the SheevaPlug from Windows. Yet another tutorial.

  1. Power up the Sheevaplug, and using the mini-USB cable, connect the device to Windows
  2. Open Device Manager, and check in the Ports section that a new "USB Serial Port" is installed. Write down the COM port it uses (eg. COM6)
  3. Launch your favorite terminal, and connect to the COM port used by Sheevaplug
  4. Log in (default: root / nosoup4u)

Linux

  1. To connect to the SheevaPlug through its mini-USB port, we'll use a Linux x86 workstation running Ubuntu and install the required software (as root)
    1. Make sure the mini-USB end of the cable is securily connected: It easily disconnects, causing you to scratch your head about why you are not/no longer connected...
    2. apt-get install cu
    3. modprobe ftdi_sio vendor=0x9e88 product=0x9e8f. You can check that the module was loaded with "lsmod | grep -i ftdi_sio" and check log messages through "dmesg"
  2. Check which device is available: ls -al /dev/ttyUSB*, eg. ttyUSB0. Check who owns this device, and, if needed, run "chown uucp /dev/ttyUSB*"
  3. cu -s 115200 -l /dev/ttyUSB0.

You should be able to log on as root / nosoup4u

Unplug, replug the SheevaPlug, and watch it launch the UBoot boot-loader

A warm reboot of the SP while in Uboot can be done through "reset"; A warm reboot while in Linux requires "reboot". If you need to perform a cold reboot by unplugging and replugging the SP, on the workstation, you'll have to run chown + cu again

Once Ubuntu is up and running, you can connect to its SSHd server instead of working through the USB connection, using the same login/password as when connecting through the USB connection.

FYI, the device takes about 2mn to boot the whole Ubuntu until you can connect through SSH.

Note:

"Notice that on my Ubuntu machine, the device is writable by anyone in the dialout group. So I added myself to that group -- I had to log out and back in for the change to take effect. Of course you can run sudo chmod a+rw /dev/ttyUSB0 as a temporary fix." (source)

Next, follow those tips to fix issues in Ubuntu as shipped with the SheevaPlug.

Removing unneeded services

netstat -tunlp

/etc/init.d/exim4 stop

apt-get --purge remove exim4 exim4-base exim4-config exim4-daemon-light

apt-get --purge remove openbsd-inetd

apt-get --purge remove nfs-kernel-server nfs-common portmap

apt-get --purge remove rpcbind

apt-get autoremove

Setting up unzip, MC, etc.

apt-get install unzip

apt-get install mc

Setting up NTP

  1. apt-get install ntp
  2. date : If the time is wrong, check /etc/timezone

What's the difference between ntp and nptdate?

Vi prints "x x q q x etc." when typing numbers on keypad

First, upgrade to Vim, and see if it solves the problem.

apt-get install vim

which vi

vi --version

echo $TERM

vim 8.0.707 still prints letters when using the keypad!

Adding system-wide aliases

vi /etc/profile

For some reason, this doesn't work when logging on through SSH: You need to add aliases in ~/.bashrc as well. Alternatively, log on and "source /etc/profile".

Uploading files to the SheevaPlug

WinSCP

Samba

FTP

Through the SD card

Editing /etc/fstab to mount external devices at boot time

Note that chmod only works with Linux filesystems, and won't work with vfat/NTFS by default.

  1. Find the device id through "blkid"

    /dev/mmcblk0p1: UUID="BF90-FE5B" TYPE="vfat" PARTUUID="40c68308-01"
     
  2. Edit /etc/fstab

    #SD card
    UUID=BF90-FE5B  /mnt/sdcard     vfat    dmask=000,fmask=0177,user       0       0

Using cron to copy files from USB to SD card

This command will run tar every day at 10PM to back up some files onto the SD card:

  1. Create a Bash script such as this one:

    #/bin/bash

    tar --exclude='/usr/share/nginx/modules-available' --exclude='/usr/share/nginx/modules' -zcvf /mnt/sdcard/backup.tar.gz /usr/share/nginx /etc/samba/smb.conf /etc/nginx/nginx.conf
     
  2. chmod 700 /root/backupjob.bash
  3. Check that it works: /root/backupjob.bash
  4. crontab -e
  5. * 22 * * * /root/backupjob.bash
  6. crontab -l

root@sheevaplug:~# rm /mnt/sdcard/backup.tar.gz

rm: cannot remove '/mnt/sdcard/backup.tar.gz': Read-only file system

umount /mnt/sdcard/

apt-get install dosfstools

mkfs.vfat -c /dev/mmcblk0p1

Note: No feedback while running

mount /dev/mmcblk0p1 /mnt/sdcard/

Saving power

Turn off USB

Installing netstat

apt-get install net-tools

Installing SSHd

apt-get update

apt-get install openssh-server

HOW TO SECURE

/etc/ssh/sshd_config

ListenAddress 192.168.0.15

AllowUsers you@192.168.0.0/16

PermitRootLogin no

Port 1234

 

https://help.ubuntu.com/community/SSH/OpenSSH/Configuring#Disable_Password_Authentication

https://help.ubuntu.com/community/SSH/OpenSSH/Keys

https://www.thegeekstuff.com/2011/05/openssh-options/?utm_source=pulsenews&utm_medium=referral&utm_campaign=Feed%253A+TheGeekStuff+(The+Geek+Stuff)

Setting up Nginx

  1. apt-get install Nginx
  2. Check that the server is listening on TCP80 : netstat -tunlp
  3. Copy web contents under /usr/share/nginx/www
  4. Edit /etc/nginx/sites-available/default
  5. /etc/init.d/nginx restart

To watch access:

tail -f /var/log/nginx/access.log
tail -f /var/log/nginx/error.log

Securing

Infos

https://www.upguard.com/blog/how-to-build-a-tough-nginx-server-in-15-steps

https://geekflare.com/nginx-webserver-security-hardening-guide/

https://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html

Test the configuration with "nginx -t"

Hiding the server banner

http {

        #OK to hide version #
        server_tokens off;

        #NOK: Still says "nginx"
        more_clear_headers Server;

Other items in nginx.conf

? Remove * in include /etc/nginx/modules-enabled/*.conf; ?

 

?Edit all server blocks in sites-available/default to handle infos returned by 4x and 5x errors

error_page 401 403 404 /404.html;

error_page 500 502 503 504 /50x.html;

        location = /50x.html {
            root /usr/share/nginx/www;
        }

 

? Edit the server section in nginx.conf: add_header X-Frame-Options "SAMEORIGIN";
https://geekflare.com/add-x-frame-options-nginx/

I don't have a server section in nginx.conf: OK to add this to http section?

? Edit conf to add add_header X-XSS-Protection "1; mode=block";

 

! Added this to "http" block in nginx.conf:

### Directive describes the zone, in which the session states are stored i.e. store in slimits. ###

### 1m can handle 32000 sessions with 32 bytes/session, set to 5m x 32000 session ###

       limit_zone slimits $binary_remote_addr 5m;

 

### Control maximum number of simultaneous connections for one session i.e. ###

### restricts the amount of connections from a single ip address ###

        limit_conn slimits 5;

=> Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

 

Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

 

 

Harden the server with eg. SELinux

For a read-only web site, disable HTTP methods other than GET and HEAD; POST is probably not needed either.

Use SSL if users need to send sensitive data

Restrict access through IP to access eg. WordPress

Instead of using a packaged release, compile your very own Nginx witht the mininum features required (eg. remove PHP if you don't need it)

Hide the 401/403 error messages

Protect the server through eg. Naxsi and Fail2Ban

Run a security audit using eg. Wapiti

Monitor the server with eg. Monit

File ownership

Per nginx.conf file, www-data should own the data files in /usr/share/nginx. Make sure the directories are 766 so Nginx can cd into them.

Since Samba uses nobody:nogroup by default for the Bad User account, either application must be reconfigured to use a common user:group.

Password-protecting a directory

  1. mkdir /usr/share/nginx/www/mydir
  2. chown -R www-data:www.data /usr/share/nginx/www/mydir
  3. apt-get install apache2-utils
  4. To create password : htpasswd -c /etc/nginx/.htpasswd joe

    To update password : htpasswd /home/user/.htpasswd username

    You can also use the -m parameter to force the md5 encryption of the password as opposed to just the basic apache authentication method
  5. vi /etc/nginx/sites-enabled/default

    server {

        …

        location /mydir/ {

                auth_basic "Restricted";

                auth_basic_user_file /etc/nginx/.htpasswd;

        }

Setting up Samba

apt-get install samba

By default, "Bad User" is nobody:nogroup (can be changed with the "guest account" option), while Nginx uses www-data:www-data to fork processes. Make sure the files in /usr/share/nginx/ are owned by the right user.

Important: As Samba runs as root, it's not a good idea to use it to let Windows users edit files if the server also runs Nginx and it's accessible from the Net. In that case, remove Samba and consider ssh/sftp instead.

To allow write access from Windows, check those smb.conf examples.

HOW TO SECURE?

Running Nginx and uWSGI

Nginx is actively supported for ARM processors and is available directly from the Nginx site: Just update /etc/apt/sources.list, update, and install.

Installing with apt-get

  1. apt-cache show nginx | grep Version
  2. apt-get install nginx
  3. Check Nginx: service nginx start; http://localhost. The HTML files are in /usr/share/nginx/www/
  4. apt-cache show uwsgi | grep Version

Note: "nginx -V" might not include "http_uwsgi_module" but still have been compiled with support for uWSGI.

Nginx keeps its docroot in /usr/share/nginx/html/.

I failed cross-compiling Nginx, but compiling directly on the SheevaPlug did work. But then, since the ARM port of Nginx is actively maintained, there's no need for compiling your own unless the official port is missing some bits.

uWSGI includes an HTTP which could be good enough for moderate use, but Nginx, Apache, or Lighttpd could be set up as front-end for more heavy-duty use.

Manually compiling Nginx

  1. apt-get install libpcre3 libpcre3-dev libssl-dev
  2. wget -c http://nginx.org/download/nginx-1.2.6.tar.gz
  3. tar xzvf nginx-1.2.6.tar.gz (Pay no attention to the "Cannot change ownership to uid 1001, gid 1001: Operation not permitted" errors)
  4. cd nginx-1.2.6
  5. ./configure
  6. make (binary in objs/; should take about 3mn to compile)
  7. make install

uWSGI

The project got its name because Python was the first supported plug-in, but uWSGI handles more languages such as Lua or PHP.

Also, there's a confusion between the application (uWSGI) and one of the protocols it supports to talk to the web server (uwsgi, in addition to HTTP, FastCGI, and SCGI). Note that uWSGI can run as an HTTP server, or sit behind an HTTP server. As of April 2013, Nginx and Cherokee speak uwsgi natively.

Note: Compiling uWSGI directly on the SheevaPlug only takes a few minutes.

  1. apt-get install build-essential psmisc python python-dev libxml2 libxml2-dev python-setuptools
  2. wget -c http://projects.unbit.it/downloads/uwsgi-latest.tar.gz
  3. tar xzvf uwsgi-latest.tar.gz
  4. cd uwsgi-<version number>
  5. make
  6. Create a basic WSGI Python script, and launch uWSGI:

    uwsgi --http :9090 --wsgi-file foobar.py

Here's how to write a WSGI script to call through uWSGI:

def application(env, start_response):
    start_response('200 OK', [('Content-Type','text/html')])
    return "Hello World"

To make sure the syntax in the Python script is OK: "python -m py_compile foobar.py". When copy/pasting from a web page, an easy way to get rid of wrong invisible characters (tabs, carriage-returns) is to paste into eg. Windows Notepad before pasting it into vi on the SheevaPlug. Also check PyLint, PyFlakes, and PEP8.

If you get "Fatal Python error: exceptions bootstrapping error" when running uWSGI: Apparently, it's an old issue that pops up when starting uWSGI with a Python script and that's never been fixed. The work-around is to provide support for Python as a plugin instead of compiling it directly in the uWSGI binary:

  1. As a work-around for old bug, recompile uWSGI:

    make clean
    UWSGI_PROFILE=core make
     
  2. Run this once to build the two plugins:

    python uwsgiconfig.py --plugin plugins/python core
    python uwsgiconfig.py --plugin plugins/http core
     
  3. From then on, uWSGI must always be configured/run with "--plugin=python", eg.

    uwsgi --http-socket :9090 --plugin=python --wsgi-file foobar.py

    Note: When running uWSGI on an appliance, "--http-socket" uses less resource than "--http", and http-socket is part of the uWSGI binary while http is a plug-in.

Here's some info about recompiling Python, which seems to solve this issue.

Configuring Nginx and uWSGI to run Python apps

What is a uWSGI process? Python interpreter + opcode version of Python script?

How does uWSGI work, stand-alone or with Nginx?

Web server with Lighttpd

  1. apt-get update
  2. apt-get install lighttpd
  3. lighttpd-enable-mod cgi
  4. /etc/init.d/lighttpd force-reload
  5. Check that the server works

Python

FastCGI + Flup

Gunicorn, uWSGI: Better option that FastCGI

We'll use FastCGI instead of CGI, as CGI is too slow on an appliance like the SheevaPlug.

Through Unix domain socket

  1. (source) Edit lighttpd.conf:

    fastcgi.server = (
        ".py" =>
        (
            "python-fcgi" =>
            (
             "socket" => socket_dir + "fastcgi.python.socket",
             "bin-path" => "test.py",
             "check-local" => "disable",
             "max-procs" => 1,
            )
        ))
     
  2. Write the Python script:
    #!/usr/bin/python2.5
    def myapp(environ, start_response):
        start_response('200 OK', [('Content-Type', 'text/plain')])
        return ['Hello World!\n']
     
    if __name__ == '__main__':
        from flup.server.fcgi import WSGIServer

        WSGIServer(myapp).run()
     
  3. Reload Lighttpd

Through TCP

fastcgi.server = (

".php" => ((

"bin-path" => "/usr/bin/php5-cgi",

"socket" => "/tmp/php.socket"

)),

"django.fcgi" => (

"main" => (

"host" => "127.0.0.1",

"port" => 9090, #set the port numbers to what-eva you want

),

),

"admin.fcgi" => (

"admin" => (

"host" => "127.0.0.1",

"port" => 9091,

)

)

)

PHP

  1. apt-get install php5-cgi
  2. vi /etc/php5/cgi/php.ini

    cgi.fix_pathinfo = 1
     
  3. vi /etc/lighttpd/lighttpd.conf

    In the server.modules section, uncomment or add:
    "mod_fastcgi"

    Uncomment or add:

    fastcgi.server = ( ".php" => ((
    "bin-path" => "/usr/bin/php5-cgi",
    "socket" => "/tmp/php.socket"
    )))
  4. vi /var/www/test.php

    <?php phpinfo(); ?>

  5. If needed, install common PHP5 modules: apt-get install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite sqlite php5-tidy php5-xmlrpc php5-xsl php5-common
  6. /etc/init.d/lighttpd restart

Asterisk on the SheevaPlug

"PlugPBX was started to provide the world with an easy way of getting FreePBX and Asterisk working on the SheevaPlug."

http://plugcomputer.org/plugforum/index.php?topic=98.0

http://plugcomputer.org/plugforum/index.php?topic=988.0

http://pbxinaflash.com/forum/forumdisplay.php?f=2

http://www.slashgear.com/plugpbx-turns-marvell-sheevaplug-into-asterisk-voip-system-2070688/

Freeswitch on the SheevalPlug

http://wiki.freeswitch.org/wiki/Download_%26_Installation_Guide#Cross_Compiling_for_ARM_on_Linux

Cross-compiling from PC-based Ubuntu to SheevaPlug Ubuntu (SD Card)

VoIP with FreeSWITCH

Prerequisites

http://wiki.freeswitch.org/wiki/Download_%26_Installation_Guide#Common_Prerequisites

apt-get install git-core build-essential autoconf automake libtool libncurses5 libncurses5-dev gawk libjpeg-dev libz-dev pkg-config

Compiling Linux Kernel for the Plug Computer

Prebuilt cross-compiler

CodeSourcery or Embdebian

Porting applications to the SheevaPlug

Marvell provides a binary toolchain for Linux ("Host SW Support Package For Linux").

Note that release 1.1 from 26 March 2010 contains two files, but the second file (Linux Host Filesystem - rootfs.tar.bz2), besides having spaces in its filename, isn't actually a BZ2 file but a regular tar.gz: Rename the file to eg. rootfs.tar.gz and decompress it with the usual "tar xzvf".

Once decompressed with "unzip", it creates two directories in LinuxHost/:

Download either "Host SWSupport" or the rootfs tar. Inside one there will be a shadow usr/include and usr/lib directory. You must point the host tools to these directories when compiling so they don't pick-up your development host versions. You need the headers and static/shared libraries as deployed to the SheevaPlug.

When using the toolchain, there's apparently no need to tell the compiler where to find the includes and libraries, as it is compiled with those paths included:

./arm-none-linux-gnueabi-gcc -print-search-dirs

The compiler was compiled against Linux 2.6.14 ("file myfile").

Start by cross-compiling the "Hello, world!" sample using LinuxHost/gcc/bin/arm-none-linux-gnueabi-gcc as the compiler.

Some applications will cross-compile by just setting the CC environment variable:

CC=/root/LinuxHost/gcc/bin/arm-none-linux-gnueabi-gcc make

Others might require editing the PATH variable to include the full-path to the gcc/bin/ directory:

export PATH=$PATH:/root/LinuxHost/gcc/arm-none-linux-gnueabi/bin

To save space, embedded Linux usually uses uClibc instead of glibc, and busybox to pack a bunch of user-space binaries into a single binary.

Some useful articles in the Howtos section of Marvell's PlugComputer site.

How to check if an application really works as well as on x86, with no memory leaks, etc.?

Other solutions to compile your own toolchain:

Choose toolchain for armel instead of armhf ("Debian officially provides two ARM architectures, armel and armhf. armel is for lower end hardware, supports the ARMv4 instruction set and hardware floating-point though a compatibility mode which slows performance but allows compatiblity with code written for processors without floating point units. armhf is for higher end hardware and supports ARMv7 and faster, direct hardware floating point support without backwards compatibility. These are roughly analogous to the i386 and i686 architectures.

Note that in Ubuntu, both armel and armhf are compiled for ARMv7 and above, so neither will work on the Raspberry Pi.")
www.memetic.org/raspbian-benchmarking-armel-vs-armhf/

Cross-compiling from PC-based Ubuntu to SheevaPlug Ubuntu (SD Card)

For inspiration, here's the script to build the cross toolchain for the Xilka systems:

www.xilka.com/sheeva/tools/BuildCrossArm-4.7-2013.03.sh

Here's an example:

./configure CC="your path of gcc" --target=arm-none-linux-gnueabi --host=armv5tel-none-linux-gnueabi

Cross-compiling can be difficult or even impossible with some applications. If all else fails, try compiling the application directly on the SheevaPlug: If you're concerned about wearing out the NAND flash memory, use an SD card, a USB stick or an external hard drive instead.

Add SD card

Type? Biggest size allowed?

Q&A

The terminal looks weird

If the display doesn't work well when connecting through COM/SSH, type "echo $TERM" and check that it matches what is set in the terminal emulator you are using, eg. "vt220" instead of "xterm".

How to format an SD card in FAT32?

  1. apt-get install dosfstools
  2. fdisk -l : Check device name for SD card, eg. /dev/mmcblk0p1
  3. mkfs.vfat /dev/mmcblk0p1
  4. mkdir /mnt/sdcard
  5. mount /dev/mmcblk0p1 /mnt/sdcard

Privoxy refuses remote connections

Edit /etc/privoxy/config, where 192.168.0.1 is the IP address of the host running Privoxy:

listen-address  192.168.0.1:8118

apt-get update stuck at "[Connecting to ports.ubuntu.com (91.189.88.36)]"

Edit /etc/apt/sources.list to comment out the single line and change it to this:

#BAD deb http://ports.ubuntu.com jaunty main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu jaunty main restricted universe multiverse

How to close the USB serial connection properly?

If using cu (Taylor UUCP) 1.07, log on to the embedded Linux, and type "~.<ENTER>"

How to keep an eye for NAND wearing out?

How to configure uucp as owner of /dev/ttyUSB0?

To avoid running chown uucp /dev/ttyUSB0 after every reboot

How to close cu connection?

root@debian:~# exit

logout

 

Ubuntu 9.04 debian ttyS0

 

debian login: ~é[Unrecognized.  Use ~~ to send ~]

 

Ubuntu 9.04 debian ttyS0

 

debian login: ~

Ubuntu 9.04 debian ttyS0

 

debian login:

My SP no longer works!

The original PSU is known to fry easily. Order a new PSU from GlobalScale/NewIT or change the electronics yourself.

Resources