2013年12月31日火曜日

obsA7-007 exim4でsmtp.google.comに

前回のobsA7-006 exim4とmydns.jp に続いて、スマートホスト先をsmtp.google.comにして見た。

1.yahooとgoogleの差分

dc_relay_はコメントにして、dc_smarthostをsmtp.mail.yahoo.co.jpからsmtp.gmail.comにする。
#ためしているだけで、通常はyahoo.co.jpを使用する予定。
# diff update-exim4.conf.conf_yahoo update-exim4.conf.conf
23c23
< dc_relay_domains='smtp.mail.yahoo.co.jp'
---
> #dc_relay_domains='smtp.mail.yahoo.co.jp'
25c25
< dc_relay_nets='local_sample.or.jp:*.local_sample.or.jp:*.mail.yahoo.co.jp'
---
> #dc_relay_nets='local_sample.or.jp:*.local_sample.or.jp:*.mail.yahoo.co.jp'
28c28
< #dc_smarthost='smtp.gmail.com::587'
---
> dc_smarthost='smtp.gmail.com::587'
30c30
< dc_smarthost='smtp.mail.yahoo.co.jp::587'
---
> #dc_smarthost='smtp.mail.yahoo.co.jp::587'
SMTP-AUTH認証用 passwd.client の変更
# egrep -v '^#' /etc/exim4/passwd.client
*.google.com:GUSERID@gmail.com:PASSWORD
ここが、*.google.comでなく smtp.google.comだと、
SMTP>> STARTTLS でReady to start TLSになるものの
SMTP>> AUTH PLAIN ******************************
のAUTH PLAINにならずに、
SMTP>> MAIL FROM:
となって送信出来なかった。
送信サーバは gmail-smtp-msa.l.google.com になるのかと思われる。

2.メール送信テスト

<toGoogle.sh>
#! /bin/sh
set -x
export DT="TEST_test `date`"
(echo "Subject: $DT"; echo "To: au_user@ezweb.ne.jp";\
 echo "From: GUSERID@gmail.com"; echo ""; echo "$DT" ;\
 echo "from `hostname`") | \
/usr/sbin/exim4 -v -f GUSERID@gmail.com au_user@ezweb.ne.jp

# このスクリプトを実行
% ./toGoogle.sh                  [82] (13-12-31 Tue 14:00:59 PM)
+ date
+ export DT=TEST_test Tue Dec 31 14:01:01 JST 2013
+ /usr/sbin/exim4+  -v -f GUSERID@gmail.com au_user@ezweb.ne.jp
echo Subject: TEST_test Tue Dec 31 14:01:01 JST 2013
+ echo To: GUSERID@gmail.com
+ echo From: GUSERID@gmail.com
+ echo
+ echo TEST_test Tue Dec 31 14:01:01 JST 2013
+ hostname
+ echo from obsa7
LOG: MAIN
  <= GUSERID@gmail.com U=a7user P=local S=399
delivering 1VxrRt-0003XY-GO
R: smarthost for au_user@ezweb.ne.jp
T: remote_smtp_smarthost for au_user@ezweb.ne.jp
Transport port=25 replaced by host-specific port=587
Connecting to gmail-smtp-msa.l.google.com [74.125.129.108]:587 ... connected
  SMTP<< 220 mx.google.com ESMTP ae5sm111949890pac.18 - gsmtp
  SMTP>> EHLO obsa7
  SMTP<< 250-mx.google.com at your service, [106.172.137.192]
         250-SIZE 35882577
         250-8BITMIME
         250-STARTTLS
         250-ENHANCEDSTATUSCODES
         250 CHUNKING
  SMTP>> STARTTLS
  SMTP<< 220 2.0.0 Ready to start TLS
  SMTP>> EHLO obsa7
  SMTP<< 250-mx.google.com at your service, [106.172.137.192]
         250-SIZE 35882577
         250-8BITMIME
         250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN
         250-ENHANCEDSTATUSCODES
         250 CHUNKING
  SMTP>> AUTH PLAIN ****************************************
  SMTP<< 235 2.7.0 Accepted
  SMTP>> MAIL FROM: SIZE=1434 AUTH=a7user@obsa7.local
  SMTP<< 250 2.1.0 OK ae5sm111949890pac.18 - gsmtp
  SMTP>> RCPT TO:
  SMTP<< 250 2.1.5 OK ae5sm111949890pac.18 - gsmtp
  SMTP>> DATA
  SMTP<< 354  Go ahead ae5sm111949890pac.18 - gsmtp
  SMTP>> writing message and terminating "."
  SMTP<< 250 2.0.0 OK 1388466065 ae5sm111949890pac.18 - gsmtp
  SMTP>> QUIT
LOG: MAIN
  => au_user@ezweb.ne.jp R=smarthost T=remote_smtp_smarthost H=gmail-smtp-msa.l.google.com [74.125.129.108] X=TLS1.2:RSA_ARCFOUR_SHA1:128 DN="C=US,ST=California,L=Mountain View,O=Google Inc,CN=smtp.gmail.com"
LOG: MAIN
  Completed

a7user@obsa7:~%

3.第三者中継テスト

25番ポート開けておくと、結構Relay要求があるようだ。現行のOBS600のログ。
To: UUUUU@HHHHH.mydns.jp
Subject: Logwatch for obs (Linux)
Date: Mon, 16 Dec 2013 06:26:54 +0900

################### Logwatch 7.4.0 (05/02/12) ####################
        Processing Initiated: Mon Dec 16 06:26:37 2013
        Date Range Processed: yesterday
                              ( 2013-Dec-15 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: obs
##################################################################

--------------------- EXIM Begin ------------------------

--- Refused Relays 64 times

--- Bad Hosts ---

--- Failed Reverse Lookups
--- 18  Time(s)
念のため、このサイトhttp://www.rbl.jp/svcheck.phpを利用させていただいて確認した。
第三者中継テスト
第三者中継テストのためobsa7_sample.mydns.jpに接続しています...

((((( 途中省略 ))))))

>>> RSET
relay NOT accepted!!
中継テスト その19

>>> RSET
relay NOT accepted!!
接続を閉じています...

>>> QUIT
第三者中継テストの結果

全てのテストが行われました, no relays accepted.
最後の行が"no relays accepted"だと合格のようだ。

obsA7-006 exim4とmydns.jp

Mail Transfer Agentはexim4を、おうちメールサーバアドレスとしては無料のダイナミックDNS(Dynamic DNS、DDNS)MyDNS.JPを使って構成する。 スマートホストの中継先は、smtp.mail.yahoo.co.jpを使っているが、たぶんsmtp.gmail.comでも同様に動作するだろう。

MyDNS.JP取得については省略する。以下のように名前解決していることが前提。
# host obsa7_sample.mydns.jp
obsa7_sample.mydns.jp has address 106.XXX.YYY.ZZZ
obsa7_sample.mydns.jp mail is handled by 10 obsa7_sample.mydns.jp.

1.exim4の設定

前準備
# パッケージexim4をインストール
# aptitude install exim4
# dpkg -l | grep exim4
ii  exim4              4.80-7 all   metapackage to ease Exim MTA (v4) installation
ii  exim4-base         4.80-7 armel support files for all Exim MTA (v4) packages
ii  exim4-config       4.80-7 all   configuration for the Exim MTA (v4)
ii  exim4-daemon-light 4.80-7 armel lightweight Exim MTA (v4) daemon

# もしpaniclogがあれば空にしておく。
# ls -l /var/log/exim4/paniclog
# cp /dev/null /var/log/exim4/paniclog

# ls -l /etc/exim4/update-exim4.conf.conf
-rw-r--r-- 1 root root 1027 Dec 24 21:18 /etc/exim4/update-exim4.conf.conf

# このupdate-exim4.conf.confは中間設定ワークであるが、
# /var/lib/exim4/config.autogenerated が設定・変更される

# update-exim4.conf.confを直接変更したときは、
# /usr/sbin/update-exim4.conf
# /etc/init.d/exim4 restart
# として、/var/lib/exim4/config.autogeneratedを更新・反映させる。
ではexim4-config を行う。以下はテキストベースの設定画面を説明用に部分抽出したもの。
# dpkg-reconfigure exim4-config 

Package configuration                                                           
┤ Mail Server configuration 


General type of mail configuration:  メール設定の一般的なタイプ
   │     internet site; mail is sent and received directly using SMTP
   │   X mail sent by smarthost; received via SMTP or fetchmail      
   │     mail sent by smarthost; no local mail                       
   │     local delivery only; not on a network                       
   │     no configuration at this time                               


System mail name: システムメール名  /etc/mailname
 │ obsa7.local_sample.or.jp


IP-addresses to listen on for incoming SMTP connections:  入力側SMTP接続をリスンするIPアドレス
 │ 空


Other destinations for which mail is accepted: このSMTPサーバーで扱うドメインを指定します。
 │ obsa7_sample.mydns.jp


Domains to relay mail for: 外部リレーは認証済みのアカウント以外はできないので空でもよい。
 │ smtp.mail.yahoo.co.jp


Machines to relay mail for: メールをリレーするマシン
 │ local_sample.or.jp:*.local_sample.or.jp:*.mail.yahoo.co.jp


IP address or host name of the outgoing smarthost: このホストから送出されたメールを操作するマシン (スマートホスト)
 │ smtp.mail.yahoo.co.jp::587


│ Hide local mail name in outgoing mail?  送出するメールでローカルメール名を隠しますか?


Keep number of DNS-queries minimal (Dial-on-Demand)?  DNS クエリの数を最小限に留めますか (ダイヤルオンデマンド)? 


Delivery method for local mail: 
 │ X mbox format in /var/mail/         
 │   Maildir format in home directory  


Split configuration into small files?      設定を小さなファイルに分割しますか?


Root and postmaster mail recipient:
 │ root


[ ok ] Stopping MTA for restart: exim4_listener.
[ ok ] Restarting MTA: exim4.

# egrep -v '^#' update-exim4.conf.conf

dc_eximconfig_configtype='smarthost'
dc_other_hostnames='obsa7_sample.mydns.jp'
dc_local_interfaces=''
dc_readhost='obs.local_sample.or.jp'
dc_relay_domains='smtp.mail.yahoo.co.jp'
dc_minimaldns='false'
dc_relay_nets='local_sample.or.jp:*.local_sample.or.jp:*.mail.yahoo.co.jp'
dc_smarthost='smtp.mail.yahoo.co.jp::587'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='false'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
SMTP-AUTH認証用 passwd.client を設定
# egrep -v '^#' /etc/exim4/passwd.client
smtp.mail.yahoo.co.jp:Yahoo_JAPAN_MAIL@yahoo.co.jp:"Yahoo! JAPAN パスワード"

# chgrp Debian-exim passwd.client
# ls -l /etc/exim4/passwd.client
-rw-r----- 1 root Debian-exim 330 Dec 31 09:42 /etc/exim4/passwd.client
passwd.clientへのIDパスワードは、
http://info.mail.yahoo.co.jp/options/imapprofile/
Yahoo!JAPANにログイン後このページを見て
smtp.mail.yahoo.co.jp:メールアドレス:パスワード の行を設定する。
Yahoo_JAPAN_MAIL@yahoo.co.jp部分は@yahoo.co.jpを省略しても通ったようだ。
                    サーバー設定                    
 受信メール(IMAP)サーバー  imap.mail.yahoo.co.jp  
 受信メール(IMAP)通信方法  SSL                    
受信メール(IMAP)ポート番号 993                    
 送信メール(SMTP)サーバー  smtp.mail.yahoo.co.jp  
 送信メール(SMTP)認証方式  SMTP_AUTH              
 送信メール(SMTP)通信方法  SSL                    
送信メール(SMTP)ポート番号 465                    
  アカウント名/ログイン名    Yahoo_JAPAN_ID ... "Yahoo! JAPAN ID"     
       メールアドレス        Yahoo_JAPAN_MAIL@yahoo.co.jp
         パスワード          Yahoo! JAPAN パスワード
証明書の作成
# /usr/share/doc/exim4-base/examples/exim-gencert
Country Code (2 letters) [US]:JP
State or Province Name (full name) []:MY_FULL_NAME
Locality Name (eg, city) []:
Organization Name (eg, company; recommended) []:
Organizational Unit Name (eg, section) []:
Server name (eg. ssl.domain.tld; required!!!) []:
Email Address []:
[*] Done generating self signed certificates for exim!
    Refer to the documentation and example configuration files
    over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS
    support in your mail transfer agent.
root@obsa7:exim4# ls -l exim.crt exim.key
-rw-r----- 1 root Debian-exim 652 Dec 30 23:22 exim.crt
-rw-r----- 1 root Debian-exim 916 Dec 30 23:22 exim.key
SMTP認証の設定
ユーザ認証方式は、「AUTH PLAIN」「AUTH LOGIN」を有効化する。
# diff /etc/exim4/exim4.conf.template.org /etc/exim4/exim4.conf.template
316c316
<
---
> MAIN_TLS_ENABLE = USE
1818,1826c1818,1826
< # plain_server:
< #   driver = plaintext
< #   public_name = PLAIN
< #   server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
< #   server_set_id = $auth2
< #   server_prompts = :
< #   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
< #   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
< #   .endif
---
> plain_server:
>   driver = plaintext
>   public_name = PLAIN
>   server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
>   server_set_id = $auth2
>   server_prompts = :
>   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>   .endif
1833,1841c1833,1841
< # login_server:
< #   driver = plaintext
< #   public_name = LOGIN
< #   server_prompts = "Username:: : Password::"
< #   server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
< #   server_set_id = $auth1
< #   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
< #   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
< #   .endif
---
> login_server:
>   driver = plaintext
>   public_name = LOGIN
>   server_prompts = "Username:: : Password::"
>   server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
>   server_set_id = $auth1
>   .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>   server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>   .endif

2.メール送信テスト

<toYahoo.sh>
#! /bin/sh
set -x
export DT="TEST_test `date`"
(echo "Subject: $DT"; echo "To: au_user@ezweb.ne.jp";\
 echo "From: Yahoo_JAPAN_MAIL@yahoo.co.jp"; echo ""; echo "$DT" ;\
 echo "from `hostname`") | \
/usr/sbin/exim4 -v -f Yahoo_JAPAN_MAIL@yahoo.co.jp au_user@ezweb.ne.jp

# このスクリプトを実行
obsa7user@obsa7:~% ./toYahoo.sh
+ date
+ export DT=TEST_test Tue Dec 31 00:37:01 JST 2013
+ /usr/sbin/exim4+  -v -f obsa7_sample_user@yahoo.co.jp au_user@ezweb.ne.jp
echo Subject: TEST_test Tue Dec 31 00:37:01 JST 2013
+ echo To: au_user@ezweb.ne.jp
+ echo From: obsa7_sample_user@yahoo.co.jp
+ echo
+ echo TEST_test Tue Dec 31 00:37:01 JST 2013
+ hostname
+ echo from obsa7
LOG: MAIN
  <= obsa7_sample_user@yahoo.co.jp U=obsa7user P=local S=408
obsa7user@obsa7:~% delivering 1Vxetp-0001hN-6O
R: smarthost for au_user@ezweb.ne.jp
T: remote_smtp_smarthost for au_user@ezweb.ne.jp
Transport port=25 replaced by host-specific port=587
Connecting to smtp.mail.yahoo.co.jp [114.111.99.228]:587 ... connected
  SMTP<< 220 smtp506.mail.kks.yahoo.co.jp ESMTP
  SMTP>> EHLO obsa7
  SMTP<< 250-smtp506.mail.kks.yahoo.co.jp
         250-AUTH LOGIN PLAIN XYMCOOKIE
         250-PIPELINING
         250 8BITMIME
  SMTP>> AUTH PLAIN ****************************
  SMTP<< 235 ok, go ahead (#2.0.0)
  SMTP>> MAIL FROM: AUTH=obsa7user@obsa7.local_sample.or.jp
  SMTP>> RCPT TO:
  SMTP>> DATA
  SMTP<< 250 ok
  SMTP<< 250 ok
  SMTP<< 354 go ahead
  SMTP>> writing message and terminating "."
  SMTP<< 250 ok 1388417821 qp 62878
  SMTP>> QUIT
LOG: MAIN
  => au_user@ezweb.ne.jp R=smarthost T=remote_smtp_smarthost H=smtp.mail.yahoo.co.jp [114.111.99.228]
LOG: MAIN
  Completed
% 

</var/log/exim4/mainlog>
2013-12-31 00:37:01 1Vxetp-0001hN-6O <= Yahoo_JAPAN_MAIL@yahoo.co.jp U=a7user P=local S=408
2013-12-31 00:37:02 1Vxetp-0001hN-6O => au_user@ezweb.ne.jp R=smarthost T=remote_smtp_smarthost H=smtp.mail.yahoo.co.jp [114.111.99.228]
もし送信に失敗していたなら、メールがFrozenになるので、
→ 1Vxdpt-0000tm-7W Frozen (delivery error message)
# pushd /var/spool/exim4/input/; rm -i 1* とかして、失敗メールは削除する。

2013年12月28日土曜日

obsA7-005 ログインシェルとssh

1./root/.bashrc プロンプト表示を好みに変更

root@obsa7:~# cd /root
root@obsa7:~# diff .bashrc.org .bashrc
5c5
< # PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
---
> PS1='${debian_chroot:+($debian_chroot)}\u@\h:\W\$ '
root@obsa7:~#

# 変更前のPS1 のパス表示プロンプト
obsa7:~# cd /var/log/samba
obsa7:/var/log/samba#
# 変更後のPS1 のパス表示プロンプト
root@obsa7:~# cd /var/log/samba
root@obsa7:samba#
# ホスト名表示し、パス名はカレントディレクトリだけの表示が好み

2.ログインシェルの変更

$ grep -n a7user /etc/passwd
21:a7user:x:1000:1000::/home/a7user:/bin/sh
$ grep zsh /etc/shells
/bin/zsh
/usr/bin/zsh
$ chsh -s /bin/zsh
Password: (a7userのパスワード)
$ grep -n a7user /etc/passwd
21:a7user:x:1000:1000::/home/a7user:/bin/zsh
$

zsh用 .profile

a7user@obsa7:~% cat .zprofile                  [17] (13-12-28 Sat 07:26:57 AM)
#
# $Id: .zprofile,v 1.1 2013-12-28 07:24:20+09 a7user $
#
echo 'Setting .zprofile '
set -o allexport
umask 002
PATH=.:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/uty
HOSTNAME=`hostname`
ENV=$HOME/.zshrc
HISTSIZE=64
HISTFILE=/tmp/.sh_${LOGNAME}.$$
LD_LIBRARY_PATH=/usr/local/lib
JAVA_HOME='/usr/lib/jre'
MYOSREV=`/bin/uname -a | cut -c-3`
XMODIFIERS="@im=kinput2"
PAGER=jless
CURTTY=`/usr/bin/tty`
if [[ "$CURTTY" = "/dev/tty1" || "$CURTTY" = "/dev/tty2" || \
      "$CURTTY" = "/dev/tty3" || "$CURTTY" = "/dev/vc/1" || \
      "$CURTTY" = "/dev/vc/2" || "$CURTTY" = "/dev/vc/3" ]]; then
  LANG=C
else
    LANG=ja_JP.UTF-8
    LC_ALL=C
    LANGUAGE=C
fi
TZ=JST-9
RSYNC_RSH=ssh
set +o allexport
unset ignoreeof
# end of .zprofile
a7user@obsa7:~%                                [18] (13-12-28 Sat 07:27:03 AM)

zsh用 .zshrc

a7user@obsa7:~% cat .zshrc                     [18] (13-12-28 Sat 07:30:11 AM)
#
# $Id: .zshrc,v 1.1 2013-12-28 07:24:20+09 a7user $
#
#echo 'Setting .zshrc'
alias a=alias
alias h=history
alias cls='ls --color'
alias PRO='. ~a7user/.zprofile'
alias cdd='cd `/bin/pwd`'
alias root="ZDOTDIR=$HOME su root -s /bin/zsh"
alias m3='mount /dev/sda3 /dsk/sda3'
alias sss='tail -f /var/log/syslog'
alias t='set -x;tail -30 /var/log/apache2/access.log|cut -c-72;set +x'
alias tt='set -x;tail -6 /var/log/apache2/access.log;set +x'
alias m='set -x;tail -30 /var/log/exim4/mainlog;set +x'
alias r='set -x;tail -30 /var/log/exim4/rejectlog;set +x'
#

# Set up the prompt

PROMPT='%U%(#.%Broot%b.%n)@%m%u:%.%# '
RPROMPT='%B[%(?.%!.ERROR:%?)] (%U%D%u %D{%a %H:%M:%S %p})%b'

# Use emacs keybindings even if our EDITOR is set to vi
bindkey -v

# Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
HISTSIZE=1000
SAVEHIST=1000
HISTFILE=~/.zsh_history

# Use modern completion system
autoload -Uz compinit
compinit

zstyle ':completion:*' auto-description 'specify: %d'
zstyle ':completion:*' completer _expand _complete _correct _approximate
zstyle ':completion:*' format 'Completing %d'
zstyle ':completion:*' group-name ''
zstyle ':completion:*' menu select=2
eval "$(dircolors -b)"
zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
zstyle ':completion:*' list-colors ''
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
zstyle ':completion:*' menu select=long
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
zstyle ':completion:*' use-compctl false
zstyle ':completion:*' verbose true

zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'

# end of .zshrc
a7user@obsa7:~%                                [19] (13-12-28 Sat 07:30:18 AM)

3.Open SSH

SSH プロトコル2 DSA鍵のpassphraseは無しで生成した。
# 本当は横着せずpassphraseはセットしたほうが無難。
a7user@obsa7:~% ssh-keygen -t dsa              [23] (13-12-28 Sat 09:16:56 AM)
Generating public/private dsa key pair.
Enter file in which to save the key (/home/a7user/.ssh/id_dsa):
Created directory '/home/a7user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a7user/.ssh/id_dsa.
Your public key has been saved in /home/a7user/.ssh/id_dsa.pub.
The key fingerprint is: (省略)
このままだと、ssh はパスワード認証でログインできてしまう。 昔22番ポートを外向けに開けておいたとき、パスワード攻撃を受けたことがある。 Logwatchに何度もログインしようとした形跡が残っており、PasswordAuthentication noが無難。
# パスワードでログインする様子
a7user@obs:.ssh% ssh a7user@obsa7               [7] (13-12-28 Sat 09:21:19 AM)
a7user@obsa7's password:
Linux obsa7 3.2.40 #1 Mon Oct 21 14:10:25 JST 2013 armv5tel
そこで/etc/ssh/sshd_configを変更する
a7user@obsa7:~% diff /etc/ssh/sshd_config.org /etc/ssh/sshd_config
51c51
< #PasswordAuthentication yes
---
> PasswordAuthentication no

# 変更を反映する
root@obsa7:~# ps ax|grep /usr/sbin/sshd|grep -v grep
30782 ?        Ss     0:00 /usr/sbin/sshd
root@obsa7:~# kill -1 30782                     [16] (13-12-28 Sat 09:35:06 AM)
root@obsa7:~# tail -3 /var/log/auth.log         [17] (13-12-28 Sat 09:35:14 AM)
Dec 28 09:35:14 obsa7 sshd[30782]: Received SIGHUP; restarting.
Dec 28 09:35:14 obsa7 sshd[30796]: Server listening on 0.0.0.0 port 22.
Dec 28 09:35:14 obsa7 sshd[30796]: Server listening on :: port 22.
root@obsa7:~#                                   [18] (13-12-28 Sat 09:35:32 AM)
# パスワード認証でログインはできない
imacuser@imac2:~% ssh a7user@obsa7                 [4] (13-12-28 土 09:45:44 AM)
Permission denied (publickey).

# PasswordAuthentication変更前にid_dsa.pubを流し込む
user@REMOTE:.ssh% cat id_dsa.pub|ssh a7user@obsa7 "cat >> .ssh/authorized_keys2"

# これでpassphrase入力もしくは無しでログインが可能
myuser@imac2:.ssh% ssh a7user@obsa7             [20] (13-12-28 土 10:21:42 AM)
Linux obsa7 3.2.40 #1 Mon Oct 21 14:10:25 JST 2013 armv5tel

4.タイムゾーンとロケールの設定

root@obsa7:DPKG# dpkg-reconfigure tzdata
Current default time zone: 'Asia/Tokyo'
Local time is now:      Sat Dec 28 10:11:36 JST 2013.
Universal Time is now:  Sat Dec 28 01:11:36 UTC 2013.

root@obsa7:DPKG# aptitude install locales
root@obsa7:DPKG# diff /etc/locale.gen.org /etc/locale.gen
269,270c269,270
< # ja_JP.EUC-JP EUC-JP
< # ja_JP.UTF-8 UTF-8
---
> ja_JP.EUC-JP EUC-JP
> ja_JP.UTF-8 UTF-8
root@obsa7:DPKG# locale-gen
Generating locales (this might take a while)...
  ja_JP.EUC-JP... done
  ja_JP.UTF-8... done
Generation complete.
root@obsa7:DPKG#

2013年12月24日火曜日

obsA7-004 package移行

1.Debian PackageをOBS600と揃える

旧OBS600で使用していたDebian PackageをOBSA7でも使えるように移行する。 まず OBS600側でget-selectionsする。
user@obs:DPKG% dpkg --get-selections > plist_obs600.txt
user@obs:DPKG% wc -l plist_obs600.txt
497 plist_obs600.txt
user@obs:DPKG% 
次に OBSA7側でset-selectionsする。
root@obsa7:DPKG# dpkg -l | wc -l
154
root@obsa7:DPKG# aptitude install dselect
root@obsa7:DPKG# dselect update
root@obsa7:DPKG# dpkg --set-selections < plist_obs600.txt >>>(1)
root@obsa7:DPKG# apt-get dselect-upgrade >>>(2)
root@obsa7:DPKG# dpkg -l | wc -l
458
これらで、多くのパッケージは移行できたが、OBS600のpowerpc依存部分や、バージョンによっては移行できないものもあったようだ。(1)(2)で大量のメッセージが出た。
 >>>(1)
root@obsa7:DPKG# dpkg --set-selections < plist_obs600.txt
dpkg: warning: package not in database at line 2: apache2
dpkg: warning: package not in database at line 2: apache2-mpm-prefork
dpkg: warning: package not in database at line 2: apache2-utils
dpkg: warning: package not in database at line 2: apache2.2-bin
dpkg: warning: package not in database at line 2: apache2.2-common
dpkg: warning: package not in database at line 6: arping
dpkg: warning: package not in database at line 9: bc
dpkg: warning: package not in database at line 9: bind9
dpkg: warning: package not in database at line 9: bind9-host
dpkg: warning: package not in database at line 9: bind9utils
dpkg: warning: package not in database at line 9: binutils
dpkg: warning: package not in database at line 9: bittorrent
dpkg: warning: package not in database at line 9: bridge-utils
dpkg: warning: package not in database at line 9: bsd-mailx
dpkg: warning: package not in database at line 12: ca-certificates
dpkg: warning: package not in database at line 14: cpp
dpkg: warning: package not in database at line 14: cpp-4.4
dpkg: warning: package not in database at line 14: cpp-4.6
dpkg: warning: package not in database at line 15: curl
dpkg: warning: package not in database at line 16: dbus
dpkg: warning: package not in database at line 20: defoma
dpkg: warning: package not in database at line 20: dhcp3-client
dpkg: warning: package not in database at line 20: dhcp3-common
dpkg: warning: package not in database at line 20: dhcp3-server
dpkg: warning: package not in database at line 22: dnsutils
dpkg: warning: package not in database at line 25: e2fslibs:powerpc
dpkg: warning: package not in database at line 26: exim4
dpkg: warning: package not in database at line 26: exim4-base
dpkg: warning: package not in database at line 26: exim4-config
dpkg: warning: package not in database at line 26: exim4-daemon-light
dpkg: warning: package not in database at line 26: exiv2
dpkg: warning: package not in database at line 26: fancontrol
dpkg: warning: package not in database at line 26: file
dpkg: warning: package not in database at line 27: firmware-ralink
dpkg: warning: package not in database at line 27: fontconfig
dpkg: warning: package not in database at line 27: fontconfig-config
dpkg: warning: package not in database at line 27: fonts-droid
dpkg: warning: package not in database at line 27: fonts-liberation
dpkg: warning: package not in database at line 27: ftp
dpkg: warning: package not in database at line 27: ftpd
dpkg: warning: package not in database at line 27: gcc
dpkg: warning: package not in database at line 27: gcc-4.4
dpkg: warning: package not in database at line 27: gcc-4.4-base:powerpc
dpkg: warning: package not in database at line 27: gcc-4.6
dpkg: warning: package not in database at line 27: gcc-4.6-base:powerpc
dpkg: warning: package not in database at line 27: gcc-4.7-base:powerpc
dpkg: warning: package not in database at line 27: geoip-database
dpkg: warning: package not in database at line 27: ghostscript
dpkg: warning: package not in database at line 27: git
dpkg: warning: package not in database at line 27: git-man
dpkg: warning: package not in database at line 29: gnuplot
dpkg: warning: package not in database at line 29: gnuplot-nox
dpkg: warning: package not in database at line 31: groff
dpkg: warning: package not in database at line 32: gsfonts
dpkg: warning: package not in database at line 33: hdparm
dpkg: warning: package not in database at line 33: hicolor-icon-theme
dpkg: warning: package not in database at line 33: hostapd
dpkg: warning: package not in database at line 35: imagemagick
dpkg: warning: package not in database at line 35: imagemagick-common
dpkg: warning: package not in database at line 44: isc-dhcp-server
dpkg: warning: package not in database at line 44: jless
dpkg: warning: package not in database at line 45: krb5-locales
dpkg: warning: package not in database at line 45: less
dpkg: warning: package not in database at line 45: lftp
dpkg: warning: package not in database at line 45: libacl1:powerpc
dpkg: warning: package not in database at line 45: libapache2-mod-php5
dpkg: warning: package not in database at line 45: libapr1
dpkg: warning: package not in database at line 45: libaprutil1
dpkg: warning: package not in database at line 45: libaprutil1-dbd-sqlite3
dpkg: warning: package not in database at line 45: libaprutil1-ldap
dpkg: warning: package not in database at line 45: libapt-inst1.5:powerpc
dpkg: warning: package not in database at line 45: libapt-pkg4.12:powerpc
dpkg: warning: package not in database at line 45: libatk1.0-0:powerpc
dpkg: warning: package not in database at line 45: libatk1.0-data
dpkg: warning: package not in database at line 45: libattr1:powerpc
dpkg: warning: package not in database at line 45: libavahi-client3:powerpc
dpkg: warning: package not in database at line 45: libavahi-common-data:powerpc
dpkg: warning: package not in database at line 45: libavahi-common3:powerpc
dpkg: warning: package not in database at line 45: libbind9-60
dpkg: warning: package not in database at line 45: libbind9-80
dpkg: warning: package not in database at line 45: libblas3
dpkg: warning: package not in database at line 45: libblas3gf
dpkg: warning: package not in database at line 45: libblkid1:powerpc
dpkg: warning: package not in database at line 45: libboost-iostreams1.42.0
dpkg: warning: package not in database at line 46: libbsd0:powerpc
dpkg: warning: package not in database at line 46: libbz2-1.0:powerpc
dpkg: warning: package not in database at line 47: libc-dev-bin
dpkg: warning: package not in database at line 47: libc6:powerpc
dpkg: warning: package not in database at line 47: libc6-dev:powerpc
dpkg: warning: package not in database at line 47: libc6-ppc64
dpkg: warning: package not in database at line 47: libcairo2:powerpc
dpkg: warning: package not in database at line 47: libcap2:powerpc
dpkg: warning: package not in database at line 47: libcdt4
dpkg: warning: package not in database at line 47: libclass-isa-perl
dpkg: warning: package not in database at line 47: libcomerr2:powerpc
dpkg: warning: package not in database at line 47: libcroco3:powerpc
dpkg: warning: package not in database at line 47: libcups2:powerpc
dpkg: warning: package not in database at line 47: libcupsimage2:powerpc
dpkg: warning: package not in database at line 47: libcurl3
dpkg: warning: package not in database at line 47: libcurl3-gnutls:powerpc
dpkg: warning: package not in database at line 48: libdate-manip-perl
dpkg: warning: package not in database at line 48: libdatrie1:powerpc
dpkg: warning: package not in database at line 48: libdb4.7
dpkg: warning: package not in database at line 48: libdb4.8
dpkg: warning: package not in database at line 48: libdb5.1:powerpc
dpkg: warning: package not in database at line 48: libdbi0
dpkg: warning: package not in database at line 48: libdbi1
dpkg: warning: package not in database at line 48: libdbus-1-3:powerpc
dpkg: warning: package not in database at line 48: libdevmapper1.02.1:powerpc
dpkg: warning: package not in database at line 48: libdjvulibre-text
dpkg: warning: package not in database at line 48: libdjvulibre21
dpkg: warning: package not in database at line 48: libdns69
dpkg: warning: package not in database at line 48: libdns88
dpkg: warning: package not in database at line 48: libedit2:powerpc
dpkg: warning: package not in database at line 48: libept1
dpkg: warning: package not in database at line 49: liberror-perl
dpkg: warning: package not in database at line 49: libevent-1.4-2
dpkg: warning: package not in database at line 49: libevent-2.0-5:powerpc
dpkg: warning: package not in database at line 49: libexiv2-12
dpkg: warning: package not in database at line 49: libexiv2-9
dpkg: warning: package not in database at line 49: libexpat1:powerpc
dpkg: warning: package not in database at line 49: libffi5:powerpc
dpkg: warning: package not in database at line 49: libfile-copy-recursive-perl
dpkg: warning: package not in database at line 49: libfont-freetype-perl
dpkg: warning: package not in database at line 49: libfontconfig1:powerpc
dpkg: warning: package not in database at line 49: libfontenc1:powerpc
dpkg: warning: package not in database at line 49: libfreetype6:powerpc
dpkg: warning: package not in database at line 49: libgc1c2
dpkg: warning: package not in database at line 49: libgcc1:powerpc
dpkg: warning: package not in database at line 49: libgcrypt11:powerpc
dpkg: warning: package not in database at line 49: libgd2-noxpm:powerpc
dpkg: warning: package not in database at line 49: libgdbm3:powerpc
dpkg: warning: package not in database at line 49: libgdk-pixbuf2.0-0:powerpc
dpkg: warning: package not in database at line 49: libgdk-pixbuf2.0-common
dpkg: warning: package not in database at line 49: libgeoip1
dpkg: warning: package not in database at line 49: libgfortran3:powerpc
dpkg: warning: package not in database at line 49: libglib2.0-0:powerpc
dpkg: warning: package not in database at line 49: libglib2.0-data
dpkg: warning: package not in database at line 49: libgmp10:powerpc
dpkg: warning: package not in database at line 49: libgmp3c2
dpkg: warning: package not in database at line 49: libgnutls26:powerpc
dpkg: warning: package not in database at line 49: libgomp1:powerpc
dpkg: warning: package not in database at line 49: libgpg-error0:powerpc
dpkg: warning: package not in database at line 49: libgpm2:powerpc
dpkg: warning: package not in database at line 49: libgraph4
dpkg: warning: package not in database at line 49: libgs8
dpkg: warning: package not in database at line 49: libgs9
dpkg: warning: package not in database at line 49: libgs9-common
dpkg: warning: package not in database at line 49: libgsf-1-114
dpkg: warning: package not in database at line 49: libgsf-1-common
dpkg: warning: package not in database at line 49: libgssapi-krb5-2:powerpc
dpkg: warning: package not in database at line 49: libgssglue1:powerpc
dpkg: warning: package not in database at line 49: libgtk2.0-0:powerpc
dpkg: warning: package not in database at line 49: libgtk2.0-bin
dpkg: warning: package not in database at line 49: libgtk2.0-common
dpkg: warning: package not in database at line 49: libgvc5
dpkg: warning: package not in database at line 49: libice6:powerpc
dpkg: warning: package not in database at line 49: libidn11:powerpc
dpkg: warning: package not in database at line 49: libijs-0.35
dpkg: warning: package not in database at line 49: libilmbase6
dpkg: warning: package not in database at line 49: libisc62
dpkg: warning: package not in database at line 49: libisc84
dpkg: warning: package not in database at line 49: libisccc60
dpkg: warning: package not in database at line 49: libisccc80
dpkg: warning: package not in database at line 49: libisccfg62
dpkg: warning: package not in database at line 49: libisccfg82
dpkg: warning: package not in database at line 49: libiw30:powerpc
dpkg: warning: package not in database at line 49: libjasper1:powerpc
dpkg: warning: package not in database at line 49: libjbig0:powerpc
dpkg: warning: package not in database at line 49: libjbig2dec0
dpkg: warning: package not in database at line 49: libjpeg62:powerpc
dpkg: warning: package not in database at line 49: libjpeg8:powerpc
dpkg: warning: package not in database at line 49: libk5crypto3:powerpc
dpkg: warning: package not in database at line 49: libkeyutils1:powerpc
dpkg: warning: package not in database at line 49: libkmod2:powerpc
dpkg: warning: package not in database at line 49: libkrb5-3:powerpc
dpkg: warning: package not in database at line 49: libkrb5support0:powerpc
dpkg: warning: package not in database at line 49: liblcms1:powerpc
dpkg: warning: package not in database at line 49: liblcms2-2:powerpc
dpkg: warning: package not in database at line 49: libldap-2.4-2:powerpc
dpkg: warning: package not in database at line 49: liblensfun-data
dpkg: warning: package not in database at line 49: liblensfun0
dpkg: warning: package not in database at line 49: liblinear-tools
dpkg: warning: package not in database at line 49: liblinear1
dpkg: warning: package not in database at line 50: liblockfile-bin
dpkg: warning: package not in database at line 50: liblockfile1:powerpc
dpkg: warning: package not in database at line 50: liblqr-1-0:powerpc
dpkg: warning: package not in database at line 50: libltdl7:powerpc
dpkg: warning: package not in database at line 50: liblua5.1-0:powerpc
dpkg: warning: package not in database at line 50: liblwres60
dpkg: warning: package not in database at line 50: liblwres80
dpkg: warning: package not in database at line 50: liblzma2
dpkg: warning: package not in database at line 50: liblzma5:powerpc
dpkg: warning: package not in database at line 50: liblzo2-2:powerpc
dpkg: warning: package not in database at line 50: libmagic1:powerpc
dpkg: warning: package not in database at line 50: libmagickcore3
dpkg: warning: package not in database at line 50: libmagickcore3-extra
dpkg: warning: package not in database at line 50: libmagickcore5:powerpc
dpkg: warning: package not in database at line 50: libmagickcore5-extra:powerpc
dpkg: warning: package not in database at line 50: libmagickwand3
dpkg: warning: package not in database at line 50: libmagickwand5:powerpc
dpkg: warning: package not in database at line 51: libmpc2:powerpc
dpkg: warning: package not in database at line 51: libmpfr4:powerpc
dpkg: warning: package not in database at line 51: libncurses5:powerpc
dpkg: warning: package not in database at line 51: libncurses5-dev
dpkg: warning: package not in database at line 51: libncursesw5:powerpc
dpkg: warning: package not in database at line 51: libnet1
dpkg: warning: package not in database at line 51: libnetpbm10
dpkg: warning: package not in database at line 53: libnfsidmap2:powerpc
dpkg: warning: package not in database at line 53: libnl-3-200:powerpc
dpkg: warning: package not in database at line 53: libnl-dev
dpkg: warning: package not in database at line 53: libnl-genl-3-200:powerpc
dpkg: warning: package not in database at line 53: libnl1:powerpc
dpkg: warning: package not in database at line 53: libonig2
dpkg: warning: package not in database at line 53: libopenexr6
dpkg: warning: package not in database at line 53: libopts25
dpkg: warning: package not in database at line 53: libp11-kit0:powerpc
dpkg: warning: package not in database at line 53: libpam-modules:powerpc
dpkg: warning: package not in database at line 55: libpam0g:powerpc
dpkg: warning: package not in database at line 55: libpango1.0-0:powerpc
dpkg: warning: package not in database at line 55: libpango1.0-common
dpkg: warning: package not in database at line 55: libpaper-utils
dpkg: warning: package not in database at line 55: libpaper1:powerpc
dpkg: warning: package not in database at line 55: libparted0debian1:powerpc
dpkg: warning: package not in database at line 55: libpathplan4
dpkg: warning: package not in database at line 55: libpcap0.8:powerpc
dpkg: warning: package not in database at line 55: libpcre3:powerpc
dpkg: warning: package not in database at line 55: libperl5.14
dpkg: warning: package not in database at line 55: libpipeline1:powerpc
dpkg: warning: package not in database at line 55: libpixman-1-0:powerpc
dpkg: warning: package not in database at line 55: libpng12-0:powerpc
dpkg: warning: package not in database at line 55: libpopt0:powerpc
dpkg: warning: package not in database at line 55: libprocps0:powerpc
dpkg: warning: package not in database at line 55: libqdbm14
dpkg: warning: package not in database at line 55: libreadline6:powerpc
dpkg: warning: package not in database at line 55: librpcsecgss3:powerpc
dpkg: warning: package not in database at line 55: librrd4
dpkg: warning: package not in database at line 55: librrds-perl
dpkg: warning: package not in database at line 55: librsvg2-2:powerpc
dpkg: warning: package not in database at line 55: librsvg2-common:powerpc
dpkg: warning: package not in database at line 55: librtas1
dpkg: warning: package not in database at line 55: librtasevent1
dpkg: warning: package not in database at line 55: librtmp0:powerpc
dpkg: warning: package not in database at line 55: libsasl2-2:powerpc
dpkg: warning: package not in database at line 55: libsasl2-modules:powerpc
dpkg: warning: package not in database at line 55: libselinux1:powerpc
dpkg: warning: package not in database at line 56: libsemanage1:powerpc
dpkg: warning: package not in database at line 56: libsensors4:powerpc
dpkg: warning: package not in database at line 56: libsepol1:powerpc
dpkg: warning: package not in database at line 56: libsigc++-2.0-0c2a:powerpc
dpkg: warning: package not in database at line 56: libslang2:powerpc
dpkg: warning: package not in database at line 56: libsm6:powerpc
dpkg: warning: package not in database at line 56: libsnmp-base
dpkg: warning: package not in database at line 56: libsnmp15
dpkg: warning: package not in database at line 56: libsqlite3-0:powerpc
dpkg: warning: package not in database at line 56: libss2:powerpc
dpkg: warning: package not in database at line 56: libssh2-1:powerpc
dpkg: warning: package not in database at line 56: libssl-dev
dpkg: warning: package not in database at line 56: libssl-doc
dpkg: warning: package not in database at line 56: libssl0.9.8
dpkg: warning: package not in database at line 56: libssl1.0.0:powerpc
dpkg: warning: package not in database at line 56: libstdc++6:powerpc
dpkg: warning: package not in database at line 56: libsvm-tools
dpkg: warning: package not in database at line 56: libswitch-perl
dpkg: warning: package not in database at line 56: libsystemd-login0:powerpc
dpkg: warning: package not in database at line 56: libtalloc2:powerpc
dpkg: warning: package not in database at line 56: libtasn1-3:powerpc
dpkg: warning: package not in database at line 56: libtdb1:powerpc
dpkg: warning: package not in database at line 59: libthai-data
dpkg: warning: package not in database at line 59: libthai0:powerpc
dpkg: warning: package not in database at line 59: libtiff4:powerpc
dpkg: warning: package not in database at line 59: libtinfo-dev:powerpc
dpkg: warning: package not in database at line 59: libtinfo5:powerpc
dpkg: warning: package not in database at line 59: libtirpc1:powerpc
dpkg: warning: package not in database at line 60: libusb-0.1-4:powerpc
dpkg: warning: package not in database at line 60: libusb-1.0-0:powerpc
dpkg: warning: package not in database at line 60: libustr-1.0-1:powerpc
dpkg: warning: package not in database at line 60: libuuid1:powerpc
dpkg: warning: package not in database at line 60: libwbclient0:powerpc
dpkg: warning: package not in database at line 60: libwmf0.2-7:powerpc
dpkg: warning: package not in database at line 60: libwrap0:powerpc
dpkg: warning: package not in database at line 60: libx11-6:powerpc
dpkg: warning: package not in database at line 60: libx11-data
dpkg: warning: package not in database at line 61: libxau6:powerpc
dpkg: warning: package not in database at line 61: libxaw7:powerpc
dpkg: warning: package not in database at line 61: libxcb-render-util0:powerpc
dpkg: warning: package not in database at line 61: libxcb-render0:powerpc
dpkg: warning: package not in database at line 61: libxcb-shm0:powerpc
dpkg: warning: package not in database at line 61: libxcb1:powerpc
dpkg: warning: package not in database at line 61: libxcomposite1:powerpc
dpkg: warning: package not in database at line 61: libxcursor1:powerpc
dpkg: warning: package not in database at line 61: libxdamage1:powerpc
dpkg: warning: package not in database at line 61: libxdmcp6:powerpc
dpkg: warning: package not in database at line 61: libxdot4
dpkg: warning: package not in database at line 61: libxext6:powerpc
dpkg: warning: package not in database at line 61: libxfixes3:powerpc
dpkg: warning: package not in database at line 61: libxfont1
dpkg: warning: package not in database at line 187: libxpm4:powerpc
dpkg: warning: package not in database at line 187: libxrandr2:powerpc
dpkg: warning: package not in database at line 187: libxrender1:powerpc
dpkg: warning: package not in database at line 187: libxt6:powerpc
dpkg: warning: package not in database at line 188: linux-libc-dev:powerpc
dpkg: warning: package not in database at line 197: mac-fdisk
dpkg: warning: package not in database at line 238: portmap
dpkg: warning: package not in database at line 238: powerpc-ibm-utils
dpkg: warning: package not in database at line 238: powerpc-utils
dpkg: warning: package not in database at line 249: qpopper
dpkg: warning: package not in database at line 298: x-ttcidfont-conf
dpkg: warning: package not in database at line 304: yaboot
dpkg: warning: package not in database at line 304: zd1211-firmware
dpkg: warning: package not in database at line 305: zlib1g:powerpc
dpkg: warning: package not in database at line 305: zlib1g-dev:powerpc
root@obsa7:DPKG#

 >>>(2)
root@obsa7:DPKG# apt-get dselect-upgrade
Reading package lists... 0%
Reading state information... 98%
Reading state information... Done
The following NEW packages will be installed:
  apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common
  arping bc bind9 bind9-host bind9utils binutils bittorrent bridge-utils
  bsd-mailx ca-certificates cpp cpp-4.4 cpp-4.6 dbus dnsutils exim4 exim4-base
  exim4-config exim4-daemon-light exiv2 fancontrol file fontconfig
  fontconfig-config fonts-droid fonts-liberation ftp ftpd gcc gcc-4.4
  gcc-4.4-base gcc-4.6 gcc-4.6-base geoip-database ghostscript git-man gnuplot
  gnuplot-nox groff gsfonts hdparm hicolor-icon-theme hostapd imagemagick
  imagemagick-common isc-dhcp-server jless krb5-locales less lftp
  libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap libatk1.0-0 libatk1.0-data libavahi-client3
  libavahi-common-data libavahi-common3 libbind9-80 libblas3 libblas3gf
  libc-dev-bin libc6-dev libcairo2 libcap2 libcdt4 libclass-isa-perl libcroco3
  libcups2 libcupsimage2 libdate-manip-perl libdatrie1 libdbi1 libdbus-1-3
  libdjvulibre-text libdjvulibre21 libdns88 liberror-perl libexiv2-12
  libexpat1 libffi5 libfile-copy-recursive-perl libfont-freetype-perl
  libfontconfig1 libfontenc1 libfreetype6 libgc1c2 libgd2-noxpm
  libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgeoip1 libgfortran3
  libglib2.0-0 libglib2.0-data libgmp10 libgomp1 libgpm2 libgraph4 libgs9
  libgs9-common libgsf-1-114 libgsf-1-common libgssglue1 libgtk2.0-0
  libgtk2.0-bin libgtk2.0-common libgvc5 libice6 libijs-0.35 libilmbase6
  libisc84 libisccc80 libisccfg82 libiw30 libjasper1 libjbig0 libjbig2dec0
  libjpeg8 liblcms1 liblcms2-2 libldap-2.4-2 liblensfun-data liblensfun0
  liblinear-tools liblinear1 liblockfile-bin liblockfile1 liblqr-1-0 libltdl7
  liblua5.1-0 liblwres80 liblzo2-2 libmagic1 libmagickcore5
  libmagickcore5-extra libmagickwand5 libmpc2 libmpfr4 libncurses5-dev libnet1
  libnetpbm10 libnl-3-200 libnl-dev libnl-genl-3-200 libnl1 libonig2
  libopenexr6 libopts25 libpango1.0-0 libpaper-utils libpaper1 libpathplan4
  libpcap0.8 libpcre3 libperl5.14 libpixman-1-0 libpng12-0 libqdbm14 librrd4
  librrds-perl librsvg2-2 librsvg2-common librtas1 librtasevent1 libsasl2-2
  libsasl2-modules libsensors4 libsm6 libsnmp-base libsnmp15 libssl-dev
  libssl-doc libsvm-tools libswitch-perl libsystemd-login0 libtalloc2 libtdb1
  libthai-data libthai0 libtiff4 libtinfo-dev libtirpc1 libusb-1.0-0
  libwbclient0 libwmf0.2-7 libx11-6 libx11-data libxau6 libxaw7 libxcb-render0
  libxcb-shm0 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6
  libxdot4 libxext6 libxfixes3 libxfont1 libxft2 libxi6 libxinerama1 libxml2
  libxmu6 libxmuu1 libxpm4 libxrandr2 libxrender1 libxt6 libyaml-syck-perl
  linux-libc-dev lm-sensors lockfile-progs logwatch lsof lynx lynx-cur make
  manpages-dev mime-support mlocate module-init-tools mtd-utils nano ncftp
  ncurses-term netpbm netselect netselect-apt nkf nmap ntp ntpdate
  openbsd-inetd openssh-blacklist openssh-blacklist-extra openssl patch perl
  perl-modules php5-cli php5-common poppler-data powermgmt-base procmail
  psmisc psutils python python-minimal python-support python2.6
  python2.6-minimal python2.7 python2.7-minimal rpcbind rrdtool rsync samba
  samba-common samba-common-bin screen sgml-base shared-mime-info snmpd
  ssl-cert sudo tcpd tdb-tools telnet tftp tftpd ttf-dejavu ttf-dejavu-core
  ttf-dejavu-extra u-boot ucf ucspi-tcp ufraw-batch unzip update-inetd
  usbutils w3m whois wireless-tools x11-common xauth xfonts-encodings
  xfonts-utils xml-core zip zlib1g-dev zsh
0 upgraded, 300 newly installed, 0 to remove and 0 not upgraded.
Need to get 155 MB of archives.
After this operation, 455 MB of additional disk space will be used.
Do you want to continue [Y/n]? 
たぶんPackageインストールもれが多くありそうだが、必要に応じ、不足分は都度aptitude installしていくことにする。

obsA7-003 dumpによるバックアップ

本格的に初期設定する前に一度バックアップを取ることにする。

1.バックアップの前準備

root@obsa7:~# aptitude install dump
root@obsa7:~# aptitude install bzip2

root@obsa7:~# mkdir -p /dsk/sda2
root@obsa7:~# mount /dev/sda2 /dsk/sda2
root@obsa7:~# df -h|grep sda2
/dev/sda2        11G  155M  9.7G   2% /dsk/sda2
oot@obsa7:~# mkdir -p /dsk/sda2/Backup/OBSA7/RootBz

root@obsa7:~# useradd -m a7user
root@obsa7:~# passwd a7user
root@obsa7:~# vigr
root@obsa7:~# grep a7user /etc/group
disk:x:6:a7user
staff:x:50:a7user
a7user:x:1000:
root@obsa7:~# chown -R a7user /dsk/sda2/Backup/

2.バックアップスクリプト

今後もちょくちょくバックアップするのにスクリプトを用意した。
$ cat /usr/local/bin/b_sda1_local.sh
#! /bin/bash
# $Id: b_sda1_local.sh,v 1.1 2013-12-24 14:49:56+09 a7user $
#

HDEV=sda1
if [ `whoami` != "a7user" ]; then
    ERRMSG="User not a7user."
    echo $ERRMSG
    logger $ERRMSG
    exit 1
fi
MYCMD=$0
MYNM=`basename $0`
BODY=${MYNM%.sh}

RDIR=/dsk/sda2/Backup/OBSA7/RootBz
if [ ! -d ${RDIR} ]; then
    ERRMSG="Not Mounted $RDIR."
    echo $ERRMSG
    logger $ERRMSG
    exit 1
fi
cd $RDIR
if [ $? != 0 ]; then
    ERRMSG="CANNOT cd $RDIR."
    echo $ERRMSG
    logger $ERRMSG
    exit 1
fi

YMD=`date "+%Y_%m%d"`
BDIR=${BODY}_${YMD}
if [ ! -d ${BDIR} ]; then
    mkdir -p ${BDIR}
    if [ $? != 0 ]; then
        ERRMSG="Cannot mkdir $BDIR."
 echo $ERRMSG
 logger $ERRMSG
        exit 1
    fi
fi

CLOG="${BDIR}/${HDEV}_${YMD}.log"
echo "START=`date`" | tee $CLOG
echo "----------------------------------------" | tee -a $CLOG
echo "% /sbin/fdisk -l /dev/sda" | tee -a $CLOG
/sbin/fdisk -l /dev/sda | sed -n -e "/^Disk/,//p" | tee -a $CLOG
echo "----------------------------------------" | tee -a $CLOG
echo "% df" | tee -a $CLOG
df | tee -a $CLOG
echo "" | tee -a $CLOG
echo "" | tee -a $CLOG
echo "****************************************" | tee -a $CLOG
date | tee -a $CLOG
pwd | tee -a $CLOG
set -x
(/sbin/dump 0usf 99999 - /dev/${HDEV} | \
  bzip2 -c > ${BDIR}/${HDEV}_${YMD}.dump.bz2 ) 2>&1 | tee -a $CLOG
date | tee -a $CLOG
ls -l ${BDIR} | tee -a $CLOG
md5sum ${BDIR}/${HDEV}_${YMD}.dump.bz2  | tee -a $CLOG
set +x
echo "****************************************" | tee -a $CLOG
echo "END=`date`" | tee -a $CLOG
logger "$MYNM FINISH." "$CLOG"
exit 0

# end of b_sda1_local.sh

3.バックアップスクリプトの実行

$ /usr/local/bin/b_sda1_local.sh
START=Tue Dec 24 14:14:26 JST 2013
----------------------------------------
% /sbin/fdisk -l /dev/sda
Disk /dev/sda: 20 GB, 20012106240 bytes
255 heads, 63 sectors/track, 2433 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1         997     8008371   83  Linux
/dev/sda2             998        2366    10988460   83  Linux
/dev/sda3            2367        2433      530145   82  Linux swap
----------------------------------------
% df
Filesystem     1K-blocks   Used Available Use% Mounted on
rootfs            142799 110248     25179  82% /
/dev/root         142799 110248     25179  82% /
tmpfs             103392    132    103260   1% /run
tmpfs               5120      0      5120   0% /run/lock
tmpfs              10240      0     10240   0% /dev
tmpfs             206780      0    206780   0% /run/shm
/dev/sda1        7882560 420692   7061452   6% /.rw
aufs             7882560 420692   7061452   6% /etc
aufs             7882560 420692   7061452   6% /bin
aufs             7882560 420692   7061452   6% /home
aufs             7882560 420692   7061452   6% /lib
aufs             7882560 420692   7061452   6% /sbin
aufs             7882560 420692   7061452   6% /usr
aufs             7882560 420692   7061452   6% /var
aufs             7882560 420692   7061452   6% /root
aufs             7882560 420692   7061452   6% /opt
aufs             7882560 420692   7061452   6% /srv
aufs             7882560 420692   7061452   6% /media
/dev/sda2       10823708 158088  10115796   2% /dsk/sda2


****************************************
Tue Dec 24 14:14:27 JST 2013
/dsk/sda2/Backup/OBSA7/RootBz
+ tee -a b_sda1_local_2013_1224/sda1_2013_1224.log
+ bzip2 -c
+ /sbin/dump 0usf 99999 - /dev/sda1
  DUMP: Date of this level 0 dump: Tue Dec 24 14:14:27 2013
  DUMP: Dumping /dev/sda1 (/.rw) to standard output
  DUMP: Label: DEBIAN
  DUMP: Writing 10 Kilobyte records
  DUMP: mapping (Pass I) [regular files]
  DUMP: mapping (Pass II) [directories]
  DUMP: estimated 275498 blocks.
  DUMP: Volume 1 started with block 1 at: Tue Dec 24 14:14:28 2013
  DUMP: dumping (Pass III) [directories]
  DUMP: dumping (Pass IV) [regular files]
  DUMP: 38.74% done at 353 kB/s, finished in 0:07
  DUMP: 65.60% done at 299 kB/s, finished in 0:05
  DUMP: 98.06% done at 298 kB/s, finished in 0:00
  DUMP: Volume 1 completed at: Tue Dec 24 14:29:39 2013
  DUMP: Volume 1 275750 blocks (269.29MB)
  DUMP: Volume 1 took 0:15:11
  DUMP: Volume 1 transfer rate: 302 kB/s
  DUMP: 275750 blocks (269.29MB)
  DUMP: finished in 911 seconds, throughput 302 kBytes/sec
  DUMP: Date of this level 0 dump: Tue Dec 24 14:14:27 2013
  DUMP: Date this dump completed:  Tue Dec 24 14:29:39 2013
  DUMP: Average transfer rate: 302 kB/s
  DUMP: DUMP IS DONE
+ tee -a b_sda1_local_2013_1224/sda1_2013_1224.log
+ date
Tue Dec 24 14:29:44 JST 2013
+ tee -a b_sda1_local_2013_1224/sda1_2013_1224.log
+ ls -l b_sda1_local_2013_1224
total 136456
-rw-r--r-- 1 a7user a7user 139580414 Dec 24 14:29 sda1_2013_1224.dump.bz2
-rw-r--r-- 1 a7user a7user      2800 Dec 24 14:29 sda1_2013_1224.log
+ tee -a b_sda1_local_2013_1224/sda1_2013_1224.log
+ md5sum b_sda1_local_2013_1224/sda1_2013_1224.dump.bz2
b35db86c1a8631524be462db1f241262  b_sda1_local_2013_1224/sda1_2013_1224.dump.bz2
+ set +x
****************************************
END=Tue Dec 24 14:29:47 JST 2013

4.バックアップを念のため展開してみる

# PS1="\W# "
# cd /dsk/sda2/Backup/OBSA7/RootBz/b_sda1_local_2013_1224
# mkdir RestoreDir
# cd RestoreDir/
# bzip2 -dc ../sda1_2013_1224.dump.bz2|restore rf -

RestoreDir# pwd
/dsk/sda2/Backup/OBSA7/RootBz/b_sda1_local_2013_1224/RestoreDir
RestoreDir# ls -F
bin/  home/  lost+found/  opt/     root/  srv/ var/
etc/  lib/   media/   restoresymtable  sbin/  usr/
RestoreDir# du -s .
272440 .
RestoreDir# du -s /.rw
271928 /.rw
RestoreDir# du -sh .
267M .
RestoreDir# du -sh /.rw
266M /.rw
RestoreDir#
restoreしてみると、ちゃんとバックアップできてそうだ。

obsA7-002 perl-baseの更新

初回のaptitude safe-upgrade で perl-base が更新できなかったときの回避。この処置が正しいかは怪しい。

1.upgradeでのエラーの症状

root@obsa7:/usr/bin# aptitude update
root@obsa7:/usr/bin# aptitude safe-upgrade
The following packages will be upgraded:
  apt apt-utils dmsetup gnupg gpgv libapt-inst1.5 libapt-pkg4.12
  libdevmapper1.02.1 libgcrypt11 libgssapi-krb5-2 libk5crypto3 libkrb5-3
  libkrb5support0 perl-base sysv-rc sysvinit sysvinit-utils tzdata
The following packages are RECOMMENDED but will NOT be installed:
  gnupg-curl krb5-locales libldap-2.4-2
18 packages upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0 B/8148 kB of archives. After unpacking 224 kB will be freed.
Do you want to continue? [Y/n/?]
Preconfiguring packages ...
(Reading database ... 9396 files and directories currently installed.)
Preparing to replace perl-base 5.14.2-21 (using .../perl-base_5.14.2-21+deb7u1_armel.deb) ...
Unpacking replacement perl-base ...
dpkg: error processing /var/cache/apt/archives/perl-base_5.14.2-21+deb7u1_armel.deb (--unpack):
 unable to make backup link of './usr/bin/perl5.14.2'
  before installing new version: No such file or directory
  >>>(注意1)
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/perl-base_5.14.2-21+deb7u1_armel.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:

root@obsa7:/usr/bin#
(注意1): No such file or directory のエラーが出る。どうも./usr/bin/perl5.14.2が足をひっぱってそうなので、
root@obsa7:/usr/bin# ls -l perl*
-rwxr-xr-x 1 root root 9792 Apr 12  2013 perl
-rwxr-xr-x 1 root root 9792 Apr 12  2013 perl5.14.2
root@obsa7:/usr/bin# mv perl5.14.2 perl5.14.2.bak
mv: cannot move 'perl5.14.2' to 'perl5.14.2.bak': Input/output error
root@obsa7:/usr/bin# cd /.rw/usr/bin

root@obsa7:/.rw/usr/bin# mv perl5.14.2 perl5.14.2_BAK
root@obsa7:/.rw/usr/bin# cd /usr/bin

root@obsa7:/usr/bin# cp perl5.14.2_BAK perl5.14.2
root@obsa7:/usr/bin# ls -l perl*
-rwxr-xr-x 2 root root 9792 Apr 12  2013 perl
-rwxr-xr-x 1 root root 9792 Dec 24 10:10 perl5.14.2
-rwxr-xr-x 1 root root 9792 Apr 12  2013 perl5.14.2_BAK
root@obsa7:/usr/bin#

(後で_BAKを消す)
root@obsa7:/.rw/usr/bin# rm perl5.14.2_BAK
この/usr/bin/perl5.14.2が変更できなくてInput/output errorになっていると思われ、これを回避するために/.rwでリネームして/usr/binでコピーしてみた。そして、再aptitude safe-upgrade するとエラー無く通った。
root@obsa7:/usr/bin# aptitude safe-upgrade
The following packages will be upgraded:
  apt apt-utils dmsetup gnupg gpgv libapt-inst1.5 libapt-pkg4.12
  libdevmapper1.02.1 libgcrypt11 libgssapi-krb5-2 libk5crypto3 libkrb5-3
  libkrb5support0 perl-base sysv-rc sysvinit sysvinit-utils tzdata
The following packages are RECOMMENDED but will NOT be installed:
  gnupg-curl krb5-locales libldap-2.4-2
18 packages upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0 B/8148 kB of archives. After unpacking 224 kB will be freed.
Do you want to continue? [Y/n/?]
Preconfiguring packages ...
(Reading database ... 9396 files and directories currently installed.)
Preparing to replace perl-base 5.14.2-21 (using .../perl-base_5.14.2-21+deb7u1_armel.deb) ...
Unpacking replacement perl-base ...
Processing triggers for man-db ...
Setting up perl-base (5.14.2-21+deb7u1) ...
(Reading database ... 9396 files and directories currently installed.)
Preparing to replace sysvinit 2.88dsf-41 (using .../sysvinit_2.88dsf-41+deb7u1_armel.deb) ...
Unpacking replacement sysvinit ...
Processing triggers for man-db ...
Setting up sysvinit (2.88dsf-41+deb7u1) ...
sysvinit: restarting... done.
INIT: version 2.88 reloading
(省略)

Preparing to replace kernel-image 3.2.40-1 (using .../kernel-image_3.2.40-3_armel.deb) ...
Unpacking replacement kernel-image ...
Setting up kernel-image (3.2.40-3) ...
Load boot image to FlashROM
**************************************************
**************************************************
**************************************************
**************************************************
**************************************************
**************************************************
**************************************************
************
done

Current status: 1 update [-3].
root@obsa7:/usr/bin#
root@obsa7:/usr/bin# ls -l perl*
-rwxr-xr-x 2 root root 9792 Sep 30 17:56 perl
-rwxr-xr-x 2 root root 9792 Sep 30 17:56 perl5.14.2
root@obsa7:/usr/bin#
おお、kernel-imageも自動でアップデート。この時のsource-listは初期の標準のもの。
(前)
root@obsa7:~# uname -a
Linux obsa7 3.2.40 #1 Fri Sep 27 10:30:55 JST 2013 armv5tel GNU/Linux
(後)
root@obsa7:~# uname -a
Linux obsa7 3.2.40 #1 Mon Oct 21 14:10:25 JST 2013 armv5tel GNU/Linux

</etc/apt/sources.list>
deb http://ftp.plathome.co.jp/pub/debian wheezy main
deb-src http://ftp.plathome.co.jp/pub/debian wheezy main

deb http://ftp.plathome.co.jp/pub/debian wheezy-backports main
deb-src http://ftp.plathome.co.jp/pub/debian wheezy-backports main

deb http://ftp.plathome.co.jp/pub/debian-security wheezy/updates main
deb-src http://ftp.plathome.co.jp/pub/debian-security wheezy/updates main

deb http://ftp.plathome.co.jp/pub/OBSA7/debian/wheezy ./

2013年12月16日月曜日

obsA7-001 購入SSD取付け起動

OpenBlocks A7 の設定などをメモっていきます。初回は、購入とSSD取付け起動について。

OpenBlocks A7 Plat’Homeの 製品情報ページです。
http://openblocks.plathome.co.jp/products/obs_a/a7/

1.開梱した内容物

2.天板を取り外した基板の画像

3.SSDの取付け

http://openblocks.plathome.co.jp/products/obs_a/a7/option.html SSDパッケージはPH-20G/SSDSA/A7 (OpenBlocks A7用 SLC SSD 20GB)を選んだ。
2.5インチディスクサイズに付属のスペーサをカマして取り付ける。

4.電源の投入起動

ホーム > 製品情報 > OpenBlocks A Family > A7 > 各種ドキュメント
http://ftp.plathome.co.jp/pub/OBSA7/Documents/OBSA_UsersGuide_1.1.0.pdf を読んで、
コンソール用シリアルケーブルを115200bpsで接続して電源をONにする。
U-Boot 1.1.4 (Sep 19 2013 - 12:04:37)
Plat’Home version: 1.2.6 A7 (Base: Marvell version: 3.5.9)

U-Boot code: 00600000 -> 0067FFF0  BSS: -> 006CF480

Soc: 88F6282 A1CPU running @ 600Mhz L2 running @ 300Mhz
SysClock = 300Mhz , TClock = 200Mhz
(略)
## Booting image at 02000000 ...
   Image Name:   OBSA7 3.2.40-1
   Created:      2013-09-27   1:33:17 UTC
   Image Type:   ARM Linux Multi-File Image (gzip compressed)
   Data Size:    47379757 Bytes = 45.2 MB
(略)
INIT: Entering runlevel: 2
[ ok ] Starting monitoring init button daemon for openblocks: pshd.
[ ok ] Starting enhanced syslogd: rsyslogd.
[ ok ] Starting LED control daemon for openblocks: runled.
[ ok ] Starting periodic command scheduler: cron.
[ ok ] Starting OpenBSD Secure Shell server: sshd.

Debian GNU/Linux 7 obsa7 ttyS0

obsa7 login: root
Password: root

5.SSDの区画を好みのサイズに切る

SWAP領域はいまさら不要と思いつつも作ってしまう。
root@obsa7:~# fdisk -l

Disk /dev/sda: 20 GB, 20012106240 bytes
255 heads, 63 sectors/track, 2433 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1         997     8008371   83  Linux
/dev/sda2             998        2366    10988460   83  Linux
/dev/sda3            2367        2433      530145   82  Linux swap

6.フォーマット

# mke2fs -j -L DEBIAN /dev/sda1
# mke2fs -j -L WORK10G /dev/sda2
# mkswap /dev/sda3
以前は # tune2fs -c 0 -i 0 /dev/sda1 とかしていたが、
# dumpe2fs -h /dev/sda1 で見ると
|Maximum mount count:      -1
|Check interval:           0 ()
-c max-mount-counts と -i interval-between-checks はディフォルトになり不要になったようだ。

7.ストレージ併用モードで起動

http://openblocks.plathome.co.jp/support/cookbook/02.html
/dev/sda1のラベルを「DEBIAN」を指定すると、RAMディスクモードからストレージ併用モードになり、RAMディスクモードで必要な、ユーザーエリアへの保存操作が不要になるようだ。
<RAMディスクモードのマウント状態>
root@obsa7:~# df
Filesystem     1K-blocks   Used Available Use% Mounted on
rootfs            142799 110186     25241  82% /
/dev/root         142799 110186     25241  82% /
tmpfs             103392    128    103264   1% /run
tmpfs               5120      0      5120   0% /run/lock
tmpfs              10240      0     10240   0% /dev
tmpfs             206780      0    206780   0% /run/shm
tmpfs             393216  48744    344472  13% /.rw
aufs              393216  48744    344472  13% /etc
aufs              393216  48744    344472  13% /bin
aufs              393216  48744    344472  13% /home
aufs              393216  48744    344472  13% /lib
aufs              393216  48744    344472  13% /sbin
aufs              393216  48744    344472  13% /usr
aufs              393216  48744    344472  13% /var
aufs              393216  48744    344472  13% /root
aufs              393216  48744    344472  13% /opt
aufs              393216  48744    344472  13% /srv
aufs              393216  48744    344472  13% /media
root@obsa7:~#
<ストレージ併用モードのマウント状態>
root@obsa7:~# df
Filesystem     1K-blocks   Used Available Use% Mounted on
rootfs            142799 110206     25221  82% /
/dev/root         142799 110206     25221  82% /
tmpfs             103392    128    103264   1% /run
tmpfs               5120      0      5120   0% /run/lock
tmpfs              10240      0     10240   0% /dev
tmpfs             206780      0    206780   0% /run/shm
/dev/sda1        7882560 197972   7284172   3% /.rw
aufs             7882560 197972   7284172   3% /etc
aufs             7882560 197972   7284172   3% /bin
aufs             7882560 197972   7284172   3% /home
aufs             7882560 197972   7284172   3% /lib
aufs             7882560 197972   7284172   3% /sbin
aufs             7882560 197972   7284172   3% /usr
aufs             7882560 197972   7284172   3% /var
aufs             7882560 197972   7284172   3% /root
aufs             7882560 197972   7284172   3% /opt
aufs             7882560 197972   7284172   3% /srv
aufs             7882560 197972   7284172   3% /media
root@obsa7:~#

・初回起動のときのコンソールメッセージ

EXT3-fs (sda1): using internal journal
EXT3-fs (sda1): mounted filesystem with ordered data mode
aufs test_add:264:mount[942]: uid/gid/perm /root 0/0/0700, 0/0/0755
Extract optional files from FlashROM(mtd6)... done. ←ココ
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
[ ok ] Cleaning up temporary files... /tmp.
ストレージ併用モードでの初回起動は、FlashROM(mtd6)を読み出すようだ。