In the article Raspberry Pi + CentOS = Wi-Fi Hotspot (or a raspberry router in a red hat) I talked about how to turn a raspberry into a wireless access point using the CentOS operating system. Having collected my home router from such a drawing, I satisfied my creative ego and received a charge of calm for a critical element of my cozy infrastructure. However, the feeling of incomplete decision and internal perfectionism did not give rest: "an imperfect result of work has no right to exist." The thought that “that ideal can and must be achieved” did not leave me for a minute.And then one day at one of the thematic forums I came across a discussion of the bit depth of existing operating systems for “Malinka” (aarch64 vs armhfp): which 64-bit operating systems can basically fit in and make money on Raspberry version 3 ++?My favorite CentOS for ARM architecture from "Userland" was in no hurry to switch to the latest version kernel and turn into 64-bit. And the EPEL repository, connected God knows where without a digital signature, was a nightmare in my troubled dream ...Speaking as an adherent of RPM-based distributions, I was surprised to find that Fedora turned out to be absolutely forgotten in discussions of the OS for “raspberry” ! And this despite the fact that its releasefrom the 28th version officially supports the Raspberry Pi 3B + in 64-bit version!In this article, I will talk about how to install Fedora (aarch64) on the Raspberry Pi 3 Model B + in an extra minimal version . I will dwell briefly on the features of raising a Wi-Fi access point identified as a result of the trial operation of my previous configuration on CentOS 7 .0. What is needed
All the same as listed in the previous article:- Raspberry Pi 3 Model B +;
- microSD> = 4GB (later you can "transfer" the system to a 2GB drive);
- Linux workstation with microSD card reader;
- Wired network connection of “raspberry” and the workstation with Linux (in this case, no additional monitor and keyboard are required for configuration), Internet access from both devices;
- Advanced skill in Linux (to know and not be afraid: parted , dd and mkfs ).
Like an iterative LFS- assembly of your own Linux, the Fedora distribution image will be used, and then a minimal system will be created on its basis (without "compilation from source").1. Installing the original distribution
The coordinates of the raw image of the system on the Web:https: //.../fedora-secondary/releases/.../Spins/aarch64/images/Fedora-Minimal-...xzAfter it is written to the microSD and before use it is necessary :- Extend the “root” of the file system (3rd section, ext4)
parted /dev/mmcblk0 resizepart 3 100%
e2fsck -f /dev/mmcblk0p3; resize2fs /dev/mmcblk0p3; e2fsck -f /dev/mmcblk0p3
for i in 1 2 3; do mkdir -p /mnt/$i; mount /dev/mmcblk0p$i /mnt/$i; done
- Disable SELinux
echo 'SELINUX=disabled' > /mnt/3/etc/selinux/config
- Delete the initial setup wizard:
find /mnt/3/etc/systemd/ -iname initial-setup.service -delete
- Allow ssh access:
mkdir -p /mnt/3/root/.ssh
cp -fv ~/.ssh/id_rsa.pub /mnt/3/root/.ssh/authorized_keys
sed -i 's/#PermitRootLogin.*/PermitRootLogin yes/g' /mnt/3/etc/ssh/sshd_config
Now you can download the "raspberry" from microSD and connect to it via the network.A cold start takes about a minute and a half. TTX system after boot:rpm -qa | wc -l
444
2. Minimal system assembly
Unfortunately, the “minimal distribution” from the developers is far from the most modest in resource consumption. The image of the system can be made even smaller.To do this, on the "raspberry" you need to run the script:#!/bin/bash
. /etc/os-release
P=$(mktemp --directory $(pwd)/$ID-$VERSION_ID.XXX)
dnf --installroot=$P --releasever=$VERSION_ID --setopt=install_weak_deps=false \
--assumeyes install \
bcm283x-firmware \
dnf \
grub2-efi-aa64 \
kernel \
openssh-server \
shim-aa64
for f in /boot/efi/EFI/fedora/grub.cfg \
/boot/efi/EFI/fedora/grubenv \
/boot/efi/rpi3-u-boot.bin \
/etc/default/grub \
/etc/fstab
do
cp -fv $f $P$f
done
rm -fv $P/dev/*
rm -rfv $P/var/cache/dnf
echo "--------------------------------------------------------------------------------"
du -hs $P
After working out the script, a subdirectory ( $ P ) will be created in the current directory with the contents of the root of the new minimal OS edition. You can turn off the “raspberry” and return the microSD to the Linux workstation.3. Installing a minimum system
Installation is reduced to copying the files of the minimum “image” of the OS (obtained in the previous step) to a specially prepared microSD in the appropriate directories.A 2GB card and two sections on it are enough:- / boot / efi - EFI + FAT32, boot, 100MB;
- / (root) - EXT4, all remaining space.
After preparing the microSD and copying files to it, you need:- repair boot OS;
- turn on the network;
- configure access via ssh.
Repairing a download consists in replacing the UUID of the sections in the files:microSD:/boot/efi/EFI/fedora/grub.cfg
microSD:/boot/efi/EFI/fedora/grubenv
and saved_entry = parameter in the last fileIn the file:microSD:/etc/fstab
you can find old values, and current (current) ones in the output of the command:blkid | grep mmcblk | sort
After replacing, you should also adjust the contents of fstab to microSD so that the mount points correspond to the new partition UUIDs.The first time you turn on the “raspberry”, network performance can be achieved with a small “crutch” - create a link (schematically):ln -s /usr/lib/systemd/system/systemd-networkd.service \
microSD:/etc/systemd/system/multi-user.target.wants
and file:mkdir -p microSD:/etc/systemd/network
cat > microSD:/etc/systemd/network/dhcp.network << EOF
[Match]
Name=*
[Network]
DHCP=ipv4
EOF
After a successful boot, tidy up the launch of systemd-networkd :systemctl disable systemd-networkd
systemctl enable systemd-networkd
Superuser access via ssh is configured similarly to item 1.Having done everything neatly and without errors, you can rearrange the microSD in the "raspberry" and start working with 64-bit OS in an extra minimal performance.4. Ready system
The "image" of the finished system, created according to the above instructions, can be downloaded from the link:Fedora-Tiny-31-5.5.7-200.aarch64This will be an archive containing two files: an installation script and TGZ with OS files. The archive must be unpacked on a Linux workstation, insert a microSD (2GB card is enough) and run the script with the parameter - the name of the device:./install /dev/mmcblk0
Be careful!
Without any warnings, the device will be formatted and an operating system is installed on it.
After an error-free working out of the script, the card can be rearranged into the “raspberry” and used: to catch by dhcp, password is “1”.The system is cleared of all sorts of IDs and keys, which is why each new installation is unique.I repeat again, the system is minimal ! Therefore, do not be alarmed: DNF is available, for its functionality you will have to “compose” the correct /etc/resolv.conf .A cold start of a raspberry takes about 40 seconds. TTX system after boot:rpm -qa | wc -l
191
5. Wi-Fi
I will dwell a little on the features of the implementation of Wi-Fi access points. For specifics, you can refer to my previous article .EPEL is no longer needed - all packages are contained in official repositories.Probably, it would be worth abandoning dnsmasq , since Fedora, unlike CentOS, has a fairly recent systemd-networkd, in which there are normal built-in DHCP / DNS servers. But the fact that in RHEL8 developers refused to support the network stack with anything other than NM does not inspire confidence in the bright future of the project (villains). In short, I have not tried it.Further, the current drivers of the built-in Wi-Fi adapter can not be "stolen" from the Raspbian distribution, but downloaded directly from github .This is what Broadcom firmware files look like on my “raspberry” (schematically):ls /usr/lib/firmware/brcm | grep 43455
[612775] brcmfmac43455-sdio.bin
[14828] brcmfmac43455-sdio.clm_blob
[symlink] brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt -> brcmfmac43455-sdio.txt
[2099] brcmfmac43455-sdio.txt
Without them, 5GHz / AC will not work.About the number and names of interfaces. Now I strongly recommend that everyone without special need not resort to the “services” of software switches ( bridge ), which add a significant load to the network stack and inhibit routing. If several wireless adapters are not planned, then only physical interfaces should be used. I have two Wi-Fi, so I only combine them into a software bridge (although you can do without it by taking a different look at the hostapd setting).And I like to rename interfaces.To do this, create a symbolic link in Fedora:/etc/systemd/network/99-default.link -> /dev/null
and then it will be possible to give meaningful names without tinkering with udev , but only by means of systemd-networkd.Here, for example, are called network adapters in my router:1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
2: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
3: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
4: int: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master lan state UP group default qlen 1000
5: ext: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master lan state UP group default qlen 1000
- int - built-in, ext - external (USB) Wi-Fi adapters assembled in the "bridge" lan ;
- wan - Ethernet adapter into which the Internet is connected.
Have you noticed? fq_codel is really a good thing. Together with the fresh Linux kernel, they work wonders in the wireless range: the fierce “torrent-quality” will not lead to a sudden degradation of speed among neighbors. Even working "over the air" home IP-TV with a loaded channel does not "break up" and does not "stutter" from the word at all!The hostapd daemon service file has undergone minor changes .It now looks like this (using the built-in adapter as an example):[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=network.target
BindsTo=sys-subsystem-net-devices-int.device
[Service]
Type=forking
PIDFile=/run/hostapd-int.pid
ExecStart=/usr/sbin/hostapd /path/to/hostapd-int.conf -P /run/hostapd-int.pid -B
[Install]
RequiredBy=sys-subsystem-net-devices-int.device
And the “magic” hostapd-int.conf for working in 5GHz / AC:ssid=rpi
wpa_passphrase=FedoRullezZ
channel=36
vht_oper_centr_freq_seg0_idx=42
country_code=US
interface=int
bridge=lan
driver=nl80211
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
macaddr_acl=0
hw_mode=a
wmm_enabled=1
ieee80211n=1
require_ht=1
ht_capab=[HT40+][SHORT-GI-40][SHORT-GI-20]
ieee80211ac=1
ieee80211d=0
ieee80211h=0
vht_oper_chwidth=1
require_vht=1
vht_capab=[SHORT-GI-80]
A bit of “photoshop” made from my “Ericsson A1018s”:(Internet connection - 100Mbps) And in conclusion, a small FAQ.6. FAQ
6.1 Why make a Wi-Fi router on a Raspberry?
One could answer simply, saying "it is interesting to try and all that."But in fact, it seems to me, the topic is quite serious. In the era of the "bloody" Internet, buying a router in a store and being held hostage by its manufacturer is a very dull prospect. Many people already understand that it is impossible to sit with a CVE or wired backdoor.Of course, you can migrate to WRT firmware from enthusiasts. There is probably more trust in them, but if you do not want to depend on them, then only your own product. Ideally, a full-fledged computer for the possibility of implementing everything in the world on it. In terms of routing, of course.Therefore, the choice of “raspberries” is a purely economic move: a real computer and at the same time - inexpensive. Although, it is also possible - with its “dual” inside.6.2 But Raspberry is a “sub-router”: slow and with one Ethernet port!
As a home Wi-Fi router, “Malinka” suits me more than. About speed "through the air" I have already said above. And just one Ethernet, well, in a similar product from Apple in approximately the same way!But seriously, of course I would like more. And despite the fact that in my household all devices are connected wirelessly, sometimes a copper connection is still required. For such cases, I have a “mobile hub” in store:6.3 If this is a router, then nothing is said about the “tuning” of TCP / IP, because it is important!
In addition to setting up the network stack (tcp_fastopen, YeAH, etc.), this and the previous article did not disclose other nuances, in particular, the process of preparing microSD for optimal use (although the installer tries to format the memory card in a tricky way). The process of improvement is endless, you just need to stop in time.6.4 Why Fedora?
Because I like! Fedora - "mainstream" - a system of geeks, for which, in fact, this article is intended. At the time of writing, perhaps the only OS that for Raspberry in 64-bit version is officially supported by a significant staff of developers (from which I can’t wait for the 5.6 kernel ).6.5 Does Bluetooth work? How is the video / sound / GPIO?
I do not know. The article is about the minimal installation of the system and its subsequent use as a Wi-Fi router.6.6 Why do all CentOS / Fedora / RedHat articles start with disabling SELinux?
Because the system is minimal, it does not even have a firewall and utilities for setting it up. Who needs it - they can install everything else that is needed.6.7. The system cannot be used, the password cannot be changed - no passwd. No ping, nothing!
There is a DNF . Or this installation option is not for you - use the distribution kit from the developers.6.8 Where is the SWAP? I can’t live without him!
Truth? Oh well:fallocate -l 1G /swap
chmod -v 0600 /swap
mkswap -f /swap
swapon -v /swap
grep "/swap" /etc/fstab || echo "/swap swap swap defaults 0 0" >> /etc/fstab
6.9 I would like to download a ready-made image with a configured Wi-Fi access point!
To prepare the installer "for all" will require a certain amount of time and effort. If (suddenly!) It really seems interesting and necessary to someone - write, we’ll come up with something.
On it - I will finish.I wish everyone safe surfing and maximum control over the infrastructure!