Article I talked about how to turn a raspberry into a wireless access point using the CentOS operating system. By assembling my home router according to this drawing, I satisfied my creative ego and received a charge of calmness for a critical element of my cozy infrastructure. However, the feeling of incompleteness of the solution and internal perfectionism did not give rest: "the imperfect result of the work has no right to exist." The thought that "the ideal can and must be achieved" did not leave me for a minute.
And then one day, on one of the thematic forums, I came across a discussion of the bit depth of existing operating systems for "raspberry" (aarch64 vs armhfp): what 64-bit OS can, in principle, fit in and make money on Raspberry version 3++?
My favorite CentOS for ARM architecture from "Userland" was in no hurry to move to the latest kernel and turn into 64-bit. And the EPEL repository, connected from God knows where without a digital signature, was a nightmare in my restless dream ...
Speaking as an adept of RPM-based distributions, I was surprised to find that in discussions of the OS for "raspberry" it turned out to be completely forgotten Fedora! And this despite the fact that her release
In this article, I will show you how to install Fedora (aarch64) on Raspberry Pi 3 Model B + в extra minimum performance. I will briefly dwell on the features of raising a Wi-Fi access point, identified as a result of the trial operation of my previous configuration on .
0. What you need
Everything is the same as listed in the previous article:
- Raspberry Pi 3 Model B+;
- microSD >= 4GB (later you can "transfer" the system to a 2GB drive);
- Workstation with Linux and microSD card reader;
- Wired network connectivity of the "raspberry" and a workstation with Linux (in this case, you will not need an additional monitor and keyboard for configuration), Internet access from both devices;
- Advanced skill in Linux (to know and not be afraid: , и ).
Like an iterative -building your own Linux, the Fedora distribution image will be used, and then a minimal system will be created on its basis (without “compiling from source”).
1. Installing the original distribution
Coordinates of the raw image of the system on the Web:
After writing it to microSD and before using it, you need to:
- Extend the "root" of the file system (3rd partition, ext4)
parted /dev/mmcblk0 resizepart 3 100% e2fsck -f /dev/mmcblk0p3; resize2fs /dev/mmcblk0p3; e2fsck -f /dev/mmcblk0p3 for i in 1 2 3; do mkdir -p /mnt/$i; mount /dev/mmcblk0p$i /mnt/$i; done - Disable SELinux
echo 'SELINUX=disabled' > /mnt/3/etc/selinux/config - Remove First Time Setup Wizard:
find /mnt/3/etc/systemd/ -iname initial-setup.service -delete - Allow ssh access:
mkdir -p /mnt/3/root/.ssh cp -fv ~/.ssh/id_rsa.pub /mnt/3/root/.ssh/authorized_keys sed -i 's/#PermitRootLogin.*/PermitRootLogin yes/g' /mnt/3/etc/ssh/sshd_config
Now you can download the "raspberry" from microSD and connect to it over the network.
A cold start takes about a minute and a half. TTX of the system after loading:
rpm -qa | wc -l
444
2. Building a minimal system
Unfortunately, the "minimal distribution" from the developers is far from being the most modest in terms of resource consumption. The system image can be made even smaller.
To do this, on the "raspberry" you need to execute the script:
#!/bin/bash
. /etc/os-release
P=$(mktemp --directory $(pwd)/$ID-$VERSION_ID.XXX)
dnf --installroot=$P --releasever=$VERSION_ID --setopt=install_weak_deps=false
--assumeyes install
bcm283x-firmware
dnf
grub2-efi-aa64
kernel
openssh-server
shim-aa64
for f in /boot/efi/EFI/fedora/grub.cfg
/boot/efi/EFI/fedora/grubenv
/boot/efi/rpi3-u-boot.bin
/etc/default/grub
/etc/fstab
do
cp -fv $f $P$f
done
rm -fv $P/dev/*
rm -rfv $P/var/cache/dnf
echo "--------------------------------------------------------------------------------"
du -hs $P
After running the script, a subdirectory will be created in the current directory ($P) with the contents of the root of the new minimum OS revision. You can turn off the "raspberry" and return the microSD to the Linux workstation.
3. Installing a minimal system
Installation comes down to copying the files of the minimal "image" of the OS (obtained in the previous step) to a specially prepared microSD to the appropriate directories.
Enough 2GB card and two partitions on it:
- / boot / efi - EFI + FAT32, bootable, 100MB;
- / (root) - EXT4, all remaining space.
After preparing the microSD and copying files to it, you need to:
- fix OS boot;
- turn on the network;
- set up ssh access.
The fix for loading is to replace the UUID of the sections in the files:
microSD:/boot/efi/EFI/fedora/grub.cfg
microSD:/boot/efi/EFI/fedora/grubenv
and parameter saved_entry= in the last file
In file:
microSD:/etc/fstab
you can find the old values, and the current (actual) ones in the output of the command:
blkid | grep mmcblk | sort
After replacement, you should also correct the contents fstab on the microSD so that the mount points match the new UUIDs of the partitions.
Network performance when you first turn on the "raspberry" can be achieved with a small "crutch" - create a link (schematically):
ln -s /usr/lib/systemd/system/systemd-networkd.service
microSD:/etc/systemd/system/multi-user.target.wants
and file:
mkdir -p microSD:/etc/systemd/network
cat > microSD:/etc/systemd/network/dhcp.network << EOF
[Match]
Name=*
[Network]
DHCP=ipv4
EOF
After a successful download - tidy up the launch :
systemctl disable systemd-networkd
systemctl enable systemd-networkd
Access to the superuser via ssh is configured similarly to step 1.
Having done everything neatly and without errors, you can rearrange the microSD to "raspberry" and start working with a 64-bit OS in an extra minimal version.
4. Ready system
The "image" of the finished system, created according to the instructions above, can be downloaded from the link:
This will be an archive containing two files: the installation script and TGZ with OS files. The archive must be unpacked on a Linux workstation, insert a microSD card (2GB cards are enough) and run the script with the device name parameter:
./install /dev/mmcblk0
Be careful!
Without any warning, the device will be formatted and the operating system will be installed on it.
After the script has been processed without errors, the card can be rearranged into "raspberry" and used: catch via dhcp, password - "1".
The system is cleared of any IDs and keys, which is why each new installation is unique.
Again, the system minimal! Therefore, do not be alarmed: DNF is available, for its performance you will have to “compose” the correct .
The cold start of the "raspberry" takes about 40 seconds. TTX of the system after loading:
rpm -qa | wc -l
191
5. Wifi
I will dwell a little on the features of the implementation of a Wi-Fi access point. For specifics, please refer to my previous .
EPEL is no longer needed - all packages are contained in the official repositories.
Probably should have given up , since in Fedora, unlike CentOS, there is a fairly fresh systemd-networkd, in which there are normal built-in DHCP / DNS servers. But the fact that in RHEL8 developers , does not inspire confidence in the bright future of the project (scoundrels). In short, I haven't tried it.
Further, the actual drivers of the built-in Wi-Fi adapter can not be “stealed” from the Raspbian distribution, but downloaded directly from .
This is how the Broadcom firmware files look on my "raspberry" (schematically):
ls /usr/lib/firmware/brcm | grep 43455
[612775] brcmfmac43455-sdio.bin
[14828] brcmfmac43455-sdio.clm_blob
[symlink] brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt -> brcmfmac43455-sdio.txt
[2099] brcmfmac43455-sdio.txt
Without them, 5GHz / AC will not work.
Regarding the number and names of interfaces. Now I strongly recommend everyone not to resort to the “services” of software switches without special need (), which introduce a significant load on the network stack and inhibit routing. Unless you are planning multiple wireless adapters, use only the physical interfaces. I have two Wi-Fis, so I only combine them into a software bridge (although you can do without this by looking at the hostapd setup differently).
And I like to rename interfaces.
To do this, in Fedora, you need to create a symbolic link:
/etc/systemd/network/99-default.link -> /dev/null
and then it will be possible to give meaningful names without poking around in , but only by means of systemd-networkd.
This is how, for example, the network adapters in my router are called:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
3: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
4: int: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master lan state UP group default qlen 1000
5: ext: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master lan state UP group default qlen 1000
- int - built-in ext - external (USB) Wi-Fi adapters assembled into a "bridge" lan;
- wan - Ethernet adapter to which the Internet is connected.
Have you noticed? - a really cool thing. Together with a fresh Linux kernel, they work real miracles in the wireless range: a fierce "torrent download" will not lead to a sudden degradation of the speed of the neighbors. Even a home IP-TV operating “over the air” with a loaded channel does not “fall apart” and does not “stutter” from the word at all!
The daemon service file has undergone minor changes .
Now it looks like this (using the built-in adapter as an example):
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=network.target
BindsTo=sys-subsystem-net-devices-int.device
[Service]
Type=forking
PIDFile=/run/hostapd-int.pid
#ExecStartPre=/usr/sbin/iw dev int set power_save off
ExecStart=/usr/sbin/hostapd /path/to/hostapd-int.conf -P /run/hostapd-int.pid -B
[Install]
RequiredBy=sys-subsystem-net-devices-int.device
And the "magic" hostapd-int.conf to work in 5GHz/AC:
ssid=rpi
wpa_passphrase=FedoRullezZ
# 5180 MHz [36] (20.0 dBm)
# 5200 MHz [40] (20.0 dBm)
# 5220 MHz [44] (20.0 dBm)
# 5240 MHz [48] (20.0 dBm)
# 5745 MHz [149] (20.0 dBm)
# 5765 MHz [153] (20.0 dBm)
# 5785 MHz [157] (20.0 dBm)
# 5805 MHz [161] (20.0 dBm)
# 5825 MHz [165] (20.0 dBm)
channel=36
#channel=149
# channel+6
# http://blog.fraggod.net/2017/04/27/wifi-hostapd-configuration-for-80211ac-networks.html
vht_oper_centr_freq_seg0_idx=42
#vht_oper_centr_freq_seg0_idx=155
country_code=US
interface=int
bridge=lan
driver=nl80211
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
macaddr_acl=0
hw_mode=a
wmm_enabled=1
# N
ieee80211n=1
require_ht=1
ht_capab=[HT40+][SHORT-GI-40][SHORT-GI-20]
# AC
ieee80211ac=1
ieee80211d=0
ieee80211h=0
vht_oper_chwidth=1
require_vht=1
vht_capab=[SHORT-GI-80]
A little "photoshop" made from my "Ericsson A1018s":
(Internet connection - 100Mbps)
And finally, a small FAQ.
6. FAQ
6.1 Why make a Wi-Fi router on Raspberry?
One could answer simply, they say, "it's interesting to try and all that."
But in fact, it seems to me that the topic is quite serious. In the era of the “bloody” Internet, buying a router in a store and remaining hostage to its manufacturer is a very dull prospect. Many people already understand that it is impossible to sit with a CVE or a sewn backdoor.
Of course, you can migrate to WRT-firmware from enthusiasts. There is probably more trust in them, but if you don’t want to depend on them, then only your own product. Ideally, a full-fledged computer for the possibility of implementing everything on it in the world. In terms of routing, of course.
Therefore, the choice of "raspberry" is a purely economic move: a real computer and at the same time - inexpensive. Although, perhaps, too - with their "doubles" inside.
6.2 But Raspberry is an “under-router”: slow and with one Ethernet port!
As a home Wi-Fi router, "raspberry" suits me more than. About the speed "by air" I have already told above. And only one Ethernet, well, in a similar product from Apple, about the same!
But seriously, of course I would like more. And despite the fact that in my household all devices are connected without wires, sometimes a copper connection is still required. For such cases, I have a “mobile hub” in store:
device like this
6.3 If this is a router, then nothing is said about "tuning" TCP / IP, because this is important!
In addition to setting up the network stack (tcp_fastopen, YeAH, etc.), this and the previous article did not cover other nuances, in particular, the process of preparing the microSD for optimal use (although the installer tries to format the memory card in a tricky way). The process of improvement is endless, you just need to stop in time.
6.4 Why Fedora?
Because I like! Fedora - "mainstream" - a system of geeks, for which, in fact, this article is intended. At the time of writing, perhaps, the only OS that for Raspberry in 64-bit version is officially supported by a significant staff of developers (from whom I can’t wait ).
6.5 Does Bluetooth work? How is the video / sound / GPIO?
Don't know. The article is about the minimum installation of the system and its subsequent use as a Wi-Fi router.
6.6 Why do all CentOS/Fedora/RedHat articles start with disabling SELinux?
Because the system is minimal, it does not even have a firewall and utilities for setting it up. Who needs - can install additionally everything that is needed.
6.7 The system cannot be used, the password cannot be changed - no passwd. No ping, no nothing!
There is . Or this installation option is not for you - use the distribution kit from the developers.
6.8 Where is SWAP? I can't live without it!
Is it true? OK then:
fallocate -l 1G /swap
chmod -v 0600 /swap
mkswap -f /swap
swapon -v /swap
grep "/swap" /etc/fstab || echo "/swap swap swap defaults 0 0" >> /etc/fstab
6.9 I would like to download a ready-made image with a configured Wi-Fi access point right away!
Preparing a "for everyone" installer will take some time and effort. If (suddenly!) To someone it really seems interesting and necessary - write, we will think of something.
On this I will finish.
I wish everyone safe surfing and maximum control over the infrastructure!
Source: habr.com