Proof of concept of a community driven operating system (or call it firmware or distribution) for the Xtreamer.

Since we heavily base on the offical firmware, or in other words we just slightly modify this, we use their firmware release number in ours, too. The realeases are called xtcos-<Xtreamer Firmware Number>-<Our Patchlevel, encreased by every fw xtcos release>.

Planned release date in the end of february. Release and further devel stopped since we get not the source of the GPL packages included in the actual/latest firmware (there are just some older packages available). 2010-03-02, nixda.

• added sysfsutils
• tested hdd support (todo…)
• kernel without the smart patch
• added Realtek SIGABRT function patch to busybox (unsure if ever needed)

• Right now we are waiting for (source) code from Xtreamer for diethotplug-0.4 and their toolchain.

Released at 2010-02-12, XTcOS-2.2-3 (md5sum 2ce3c2b8dfc9efa3dbe7aecef7d6ea15)

Important note about hardware detection:

In this release we changed the hotplug binary to add our xtcos-hotplug-config feature. During this process we used the wrong hotplug sources and so poorly this hotplug agent misses the detecting of the wifi adapter (and maybe more). But you can easily change this back to the original hotplug from firmware 2.2 since we put the original binary in our firmware, too:

~ # ls -al /sbin/hotplug*
-rwxr-xr-x    1 root     root         57324 Feb 12 13:59 /sbin/hotplug
-rwxr-xr-x    1 root     root         64192 Feb 12 14:27 /sbin/hotplug-fw-2.2

So make a backup of our new one and copy the one from fw-2.2 to /sbin/hotplug:

~ # cp /sbin/hotplug /sbin/hotplug-xtcos-2.2-3
~ # cp /sbin/hotplug-fw-2.2 /sbin/hotplug

We will release a fixed hotplug in the next few days.

See notes from further XTcOS releases, it is an emergency firmware.

• kernel got new modules for the rtl8192u wifi adapter, added CONFIG_SYN_COOKIES=y for the arno firewall
• added sysfsutils just to see some more human readable informations about our plugged in devices
• xtcos-hotplug-conf.sh no working for: arno-firewall, samba, lighttpd, stupid-ftpd and udhcpc
• added basic firewall setup with granted access from local network (see below)

Other features see the notes from further XTcOS releases

By default we activated the arno-firewall. The default config is:

## 2010-01-12 by nixda
#
# This is a simple configuration for arno's iptables firewall, see
# http://rocky.eld.leidenuniv.nl/joomla/index.php?option=com_content&view=article&id=45&Itemid=63
#
# For our simple setup you may not need to change anything if you want to grant access
# to your box from (only) all IPs of the local network. Therefor I have added this
# switch GRANT_LOCAL_NET to arno's firewall script:

GRANT_LOCAL_NET=1

# Sometimes you may want to add furter hosts (not in the range of your subnet)
# to grant full access, too. If so than just add something like this FULL_ACCESS_HOSTS
# rule:
#
# FULL_ACCESS_HOSTS="192.168.100.2"

# You may add change a lot of more rulsets. arno's firewall is _very_ powerfull.
# If you don't know exact how things go on you may not change anything.
# 
EXT_IF="eth0 wlan0"
EXT_IF_DHCP_IP=1
EXT_OPEN_ICMP=1

ENV_FILE="/share/arno-iptables-firewall/environment"
PLUGIN_BIN_PATH="/share/arno-iptables-firewall/plugins"
PLUGIN_CONF_PATH="/usr/local/etc/arno-iptables-firewall/plugins"

You can easily change this configuration be editing the file /usr/local/etc/arno-iptables-firewall/firewall.conf. If you want to use the XTcOS hotplug configuration just put the config on a externat storage device (f.e. usb stick) and plug it to the xtreamer. The config file must not be in any subdirectory and its name must be xtcos-hotplug-arnofirewall.conf.

With this release we add for the first time a simple util to configure some deamons, service via configuration files you put on your usb stick. The idea behind is that you are able to config the firewall even you made a big mistake first and have no more access to the box via network. And since right now we have not keyboad, monitor I thought this way to configure may not be a failure.

Right now these services can be configured: The arno's firewall, Samba, lighhtpd, stupid-ftpd and udhcpc. The configfiles for these services must be named as following:

xtcos-hotplug-arnofirewall.conf
xtcos-hotplug-samba.conf
xtcos-hotplug-lighttpd.conf
xtcos-hotplug-stupid-ftpd.conf
xtcos-hotplug-udhcpc.script.conf

You need to put these files on the first storage device (so called sda1)!

By default xtcos-hotplug-conf.sh makes a backup and a diff of your old config including a timestamp (xtcos-hotplug-<service id>-<timestamp>.conf.bak and xtcos-hotplug-<service id>-<timestamp>.conf.diff). A short report will be found in file xtcos-hotplug-conf-report-<timestamp>.txt. Your new config will be renamed to …-<timestamp>.done.

Just two notes: Be aware to not put CR+LF for newlines in. Just use LF like used in the unix world! To affect the changes for udhcpc you may reboot.

• We know that our sata smart patch (thanks to vpeter) does not work well with this new kernel. Upcomming release well fix that.
• Poorly we have not that much hardware to do some more tests. If you want to donate… let me know. ;)
• Shame on me, I missed to add our systool bins! I am sorry… if you are interested you can download them here (just switch into root and unpack there).

Released at 2010-02-10, xtcos-install-2.2-2.img.bz2 (md5sum 6411357dc38557706354afacad70bc4d)

See notes from XTcOS-2.2.b5-0, it is an emergency firmware.

• busybox-1.16 with a lot more implemented features like tar with gzip, md5sum…
• added tools like strace, file and unrar
• like the first release we added a lot of kernel modules (and kernel config see /proc/config.gz
• prepared for pivotroot
• crond added (running per default)
• increased root partition size, reduced partition for /usr/local/etc

Other features see the notes for XTcOS-2.2.b5-0.

• Wifi is broken! Will be fixed soon (expected at 2010-02-13)
• The hotplug util from Xtreamer is not flexible enough. So we can't hook in with our new config util xtcos-hotplug-conf.sh right now.
• Xtreamer changed their kernel or kernel config but we don't know what they did. So unsure if our miss anything (one note: the kernel modules for the wifi adapter changed a lot).

In general this release offers further kernel modules, a new busybox-1.16 and some more utils, binaries. The step after this release will contain some very smart install and configure options… stay tuned!

This version was only for some internal tests.

WARNING

Xtreamer comes with a opened firmware so everybody in your network can take control of your xtreamer within seconds. Our distribution is not secure, but we fixed some big holes and put utils in your hand to go on.

Right now this release has a default password for the root access for ssh (which is running!). The password is xtcos.

DO NOT PLUG YOUR DEVICE IN FOREIGEN NETWORKS

Further xtcos versions - if there will be one - will come with a iptables config to only allow access from local network(s).

Download xtcos-install-2.2b5-0.img (md5sum 96880550fdb513f74014d4d50db25a78), unzip (bunzip2) the file, rename it to install.img and follow the instructions from Xtreamer for an emergency flash (shutdown Xtreamer, unplug power for about 10 seconds, plug in power, press the following key one behind the other (on the RC): Home, 3, Power.

Until now we did not brick any of our Xtreamers. But all risk is on your side!

We used an inoffical beta version 2.2.b5 for this test. As soon as Xtreamer will releae an new firmware we think of patching that too and releasing a new XTcOS.

• Kernel changed, mainly with added iptables functionality and SMART patch
• Added openssh
• closed the open access to samba shares

• lsof not working with a „/sbin/lsof: /sbin/lsof: 1: Syntax error: Bad function name“

The diff of the smb.conf:

@ -1,3 +1,4 @@
 [global]
-security=share
+smb passwd file=/usr/local/daemon/samba/lib/smbpasswd
+security=user
 include=/usr/local/etc/workgroup
@@ -9,4 +10,4 @@
 use sendfile=yes
-guest account=root
-#encrypt passwords=yes
+guest account=nobody
+encrypt passwords=yes
 passdb backend=smbpasswd
@@ -26,3 +27,4 @@
 path=/tmp/usbmounts/
-guest ok=yes
+username=root
+browsable=yes
 writable=yes 

So the first time you should add a useraccount (f.e. root, whatever) to the smb passwd file with

/usr/local/daemon/samba/sbin/smbpasswd -a root

Only root get a shell and user sync has /bin/sync, the others /bin/false. All accounts but root are locked. It seems Xtreamer does not use/need them… we will see. In the Xtreamer there is not something like a usermanagement because everything runs as root. You and we can change this but it takes some time. So if you like to contribute…

We added a lot more modules to play and test. vpeter contributet a patch to get smart values from the sata interface. The kernel should be ready to boot a rootfs from a internal hdd but I just have not one to test. To see how the kernel is configured have a look at /proc/config.gz (added feature, too). Who likes the .config file?

The modules we put in all alle gzipped to save space on flash. So for this we needed to replace the module-utils from Xtreamer with our own (Xtreamer used some of busybox).

OpenSSH is installed and running by default. Be aware: Root logins are permitted!!!

The kernel is ready for and we added a lot of netfiltermodules. To play around we added the arno-iptables-firewall environment, too. We just not finished in customizing this. Maybe we change this util with another, unsure right now.

in /sbin:

• depmod
• modprobe
• insmod
• iptables (some binaries, symlinks)
• lsof
• modinfo
• rmmod
• sshd
• sysctl
• zntpdate

in /bin;

• lsmod
• scp
• sftp
• ssh
• ssh-agent
• ssh-keygen
• ssh-keyscan

I would say that in my opinion it is not a realy good idea that the Xtreamer uses the binary DvdPlayer for a lot of things to initialize and configure. So there is no chance, no way to put something into the xtreamer that looks anything like a real management of services or runlevels like we know it from well designed LSB conform distributions.

So for a first step we take /etc/udhcpc.script as a starting point to sync the time or start sshd for example. I don't like that, too.

We start zntpdate from the /etc/udhcpc.script. Just have a look there to make sure it uses the right time/timezone…

• add strace added with xtcos-2.2-2
• add smart firewall setup (I suggest more like a personal firewall would be nice) added in xtcos-2.2-2 (xtcos-hotplug-conf.sh) but hotplug hook missing
• add gunzip/bunzip2 (a must!) added with xtcos-2.2-2
• add rar/unrar (a must!) unrar added with xtcos-2.2-2, rar maybe will not get into xtcos
• add better tar with gzip/bzip compression added with xtcos-2.2-2
• new/better hotplug with ability to add pre- and postexec script for usb plugged devices a very basic hat is in since xtcos-2.2-3. But that is not so nice…
• stability/performance of the wlan interface
• use of innittab and runlevels (init from busybox is ready for)
• add a nice, small example config for the arno-firewall added with xtcos-2.2-3
• add lsof (no prebuild ipkg package unless it only uses our libs!)
• test pivotroot with internal hdd and or on other usb mass storage device

A mounted cifs share (as saved shortcut) looks like this (if you wanna put this directly into /etc/fstab):

//192.168.0.1/C /tmp/netb/mnt/My_Shortcuts/GIANT6:itsme/C cifs rw,nodiratime,unc=\\192.168.0.1\C,username=itsme,domain=Workgroup,rsize=64512,wsize=57344 0 0

Here we have our bootloader, the linux kernel and the images for audio and video in there. The hex offset for them are:

• linux at 0x1040000
• audio at 0x1520000
• video at 0x16e0000

On another firmware from another Xtreamer I see this offsets:

• linux at 0x1040000
• audio at 0x1440000
• video at 0x1600000

This machine was running the original kernel which is smaller than the one from xtcos. Between audio and video we have still 0x1c0000.

You see we only modified some few parts (f.e. where we have the source code) and there is not that much space left on flash to put other big projects in it. Our intension is more in add a harddisk and put the rootfs there. This wouldn't be that hard but sadly for that everybody needs a serial cable and must modify the bootloader config. Another idea would be to patch linux so this will boot from hdd or use the pivotroot environment. It is up on you to decide how it will go on… Contributions are welcome!