Raising the TARGET system¶
Initialize the TARGET system¶
Configure the phyglos-core bundle¶
The phyglos-core bundle needs to be configured at the HOST system before initializing the TARGET system. This is because, after the initialization process, the configuration files of the bundle are copied into the TARGET filesystem but no editor will be yet available, when entering the BUILDER for the first time, to edit them .
Note
Since versions v2.x a tiny vi editor is now available in the BUILDER
system to allow editing so the configuration file can indeed be modified once
inside the BUILDER.
As the root user, edit the phyglos-core configuration file and set the appropiate values for the HOST system and TARGET system.
# bandit phyglos-core edit
The configuration file has several sections to properly configure the new phySystem being raised, like the hostname, IP address, locale, etc.
See the phyglos-core documentation for more details.
Initialize the BUILDER/TARGET systems¶
Once the phyglos-core bundle is configured, initialize the TARGET system:
# bandit --system target init
After the initialization, a copy of the BANDIT wil be available in the BUILDER/TARGET system. This copy is the one which will be used in the following procedures when working inside the BUILDER system or the TARGET system.
Test the BUILDER system¶
Just in order to test the new, temporary system, enter the BUILDER system as shown below. Do not try to enter the TARGET system yet, which is still to be properly raised.
Enter the BUILDER system¶
To test the initialization, enter into the BUILDER system:
# bandit -s builder enter
Note
In previous versions v1.x this step was done with a bespoke command
bandit-builder-enter, which is no longer used.
You are into the BUILDER system, a chroot jail environment, ready to raise the new TARGET system. Notice the change in the system prompt to indicate in which system you are:
[BUILDER]:/#
List the root directory to view the new, basic filesystem just created, or list the /opt directory where the BANDIT has been migrated and the actual BUILDER filesystem is installed.
[BUILDER]:/# ls -al /
[BUILDER]:/# ls -al /opt
total 16
drwxr-xr-x 4 root root 4096 Feb 12 05:06 .
drwxr-xr-x 22 root root 4096 Feb 12 05:07 ..
drwxr-xr-x 6 root root 4096 Feb 12 05:06 bandit-latest
drwxr-xr-x 12 root root 4096 Feb 12 04:37 phyglos-builder
The BANDIT has been copied into the BUILDER system filesystem and is ready to raise new functionality for the TARGET system.
Exit the BUILDER system¶
Log out from the BUILDER system to return to the HOST system:
[BUILDER]:/# logout
You are now back to the HOST system and the prompt has returned to its initial state.
Raise the phyglos-core bundle¶
The phyglos-core bundle is the first bundle in the TARGET system. It can be installed by entering into the previously created BUILDER system. This way the phyglos-core bundle is built using a new toolchain at the BUILDER system which is independent from the toolchain of the HOST system.
Enter the BUILDER system¶
Enter into the BUILDER system:
# bandit -s builder enter
Warning
Be sure to work inside the BUILDER system or you can break the HOST system and make it unusable. Notice the change in the console prompt to indicate at which system you are working.
Raise the phyglos-core bundle¶
Configure the bundle¶
The phyglos-core configuration file was already customized when initializing the TARGET system because no editor is available yet in the BUILDER system. The needed sources or binaries were also download in previous steps. There is no need for further preparation.
Note
In versions v2.x a tiny vi editor is available to allow editing from
inside the BUILDER system,
Building from sources¶
Raise the bundle from sources:
[BUILDER]# bandit phyglos-core raise
This process can take between 30 and 90 minutes or even more depending on your hardware.
Installing from builds¶
Instead of raising from sources, if available, the bundle can be installed from build packs:
[BUILDER]# bandit phyglos-core install
This process only takes a couple minutes if the build packs are in the cache.
Log out¶
Log out from the BUILDER system¶
[BUILDER]# logout
An error can be received when loging out:
umount: /mnt/phyglos-target/dev: target is busy
(In some cases useful info about processes that
use the device is found by lsof(8) or fuser(1).)
This is due to the package haveged just installed inside the BUILDER sytem. It can be ignored.
Test the new TARGET system¶
Now the TARGET system should be ready to be used by entering from the HOST system.
Enter the new TARGET phySystem¶
To test the new phySystem, enter from the HOST:
# bandit -s target enter
When entering the TARGET system the new phySystem runs inside a chroot jail at the HOST system. Besides the fact that the new system is not able to boot and shares the HOST system kernel and processes, the programs inside the new system can be used almost independently from the HOST.
Verify that the root filesystem is now the TARGET filesystem as expected:
[TARGET]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
/dev/sda 8:0 0 20G 0 disk
|-/dev/sda1 8:1 0 16G 0 part
`-/dev/sda2 8:2 0 2G 0 part [SWAP]
/dev/sdc 8:32 0 160G 0 disk
|-/dev/sdc1 8:33 0 60G 0 part /
`-/dev/sdc2 8:34 0 4G 0 part [SWAP]
/dev/sdd 8:48 0 160G 0 disk
/dev/sr0 11:0 1 1024M 0 rom
In this example, the filesystem initialized in /dev/sdc1 acts as the root
system, when entering into the TARGET system.
Raise the phyglos-security bundle¶
The phyglos-security bundle provides a first layer of security at the new phySystem before any connection to the Internet is made even from inside the chroot jail TARGET system.
Warning
You are about to create a new user and lock the root user’s account in the TARGET system. Ensure that the following commands marked with the [TARGET] prompt are effectively run from within the TARGET system.
Enter into the TARGET system, if not already inside:
# bandit -s target enter
Raise the bundle¶
Configure the bundle¶
Edit the phyglos-security configuration file and set proper values.
[TARGET]# bandit phyglos-security edit
A random password will be assigned to the phy user unless modified. When preferred, set a password for the phy user by assigning a value to the variable PHY_PHYUSER_PSW, or wait to change the password just after the bundle is raised.
Also, notice that the root user in the TARGET system will be given a random password and then locked.
See the phyglos-security documentation for more details.
Raising from sources¶
Raise from sources¶
Raise the bundle from sources:
[TARGET]# bandit phyglos-security raise
This process can take between 10 and 20 minutes or even more depending on your hardware. It also connects to the Internet in order to test the connections and download some files.
Installing from builds¶
Instead of raising from sources, if available, the bundle can be installed from build packs:
[TARGET]# bandit phyglos-security install
This process only takes a few couple minutes and connects to the Internet to test the connections and download some files.
Set up the new phySystem¶
Set the phy user’s password¶
Change the temporary password for the phy user, if needed.
[TARGET]# passwd phy
Set the root user’s password¶
The root user is locked down and the phy user has been given enough
privileges to perform any task using sudo. However, if you want to unlock
the root user, if needed, just give it a new password:
[TARGET]# passwd root
Note
If a random password was generated for the phy user, don’t forget to set a new password for this user or set a password for the root user. Otherwise, once the system boots on its own it will be impossible to log in.
Raise the phyglos-deck bundle¶
The phyglos-deck bundle adds more functionality to the new phySystem. Now, after the phyglos-security bundle has been raised, the folowing build or install commands from the BANDIT are able to fetch or download the necessary sources or builds from the Internet.
Warning
You are about to create a new user and lock the root user’s account in the TARGET system. Ensure that the following commands marked with the [TARGET] prompt are effectively run from within the TARGET system.
Enter into the TARGET system, if not already inside:
# bandit -s target enter
Download the bundle sources or builds¶
In order to check whether all the tarballs will be available before issuing the build or install commands for the phyglos-deck bundle, a fetch command can be run to enforce the corresponging downloads.
Fetch the sources of the phyglos-deck bundle:
[TARGET]# bandit phyglos-deck fetch --sources
or fetch the build packs to install the prebuilt binaries:
[TARGET]# bandit phyglos-deck fetch --builds
Tip
If you do not fetch this bundle now, the following commands will do it automatically. However, if some upstream package is unavailable the whole process for this bundle may fail. Fetching now all the bundle items before raising the bundle allows to deal with upstream issues without modifying the TARGET system.
Install¶
Configure the bundle¶
Edit the phyglos-deck configuration file and set proper values.
[TARGET]# bandit phyglos-deck edit
See the phyglos-deck documentation for more details.
Raising from sources¶
Raise the phyglos-deck bundle:
[TARGET]# bandit phyglos-deck raise
This process can take between 30 and 90 minutes or even more depending on your hardware.
Installing from builds¶
Instead of raising from sources, if available, the bundle can be installed from build packs:
[TARGET]# bandit phyglos-deck install
This process only takes a couple minutes if the build packs are in the cache.