Newbie Question about creating a own .bin file from own installation of OpenWrt

MooMan · August 30, 2018, 8:40pm

Hello everybody, I m seeking a solution, best with a good guide, how I can make a .bin file for flashing from a own installation (took me many hours, till I had it the way I wanted it) with all my setup and apps to a .bin Flashfile , so, when in trouble, I could via Flash Firmware , flash backmy own previously created installation, and save so a lot of time... would be glad, for any recommendation by you OpenWRt Pros, how I could make a backup.bin from my installation, for flashing it back in case of trouble, but saving the time, of setting up all over and over again.....

Thank you for reading..maybe somebody has a good guide or hints...if that is possible or not...and how to do it... Thank you! Im having a Linksys WRT 32X...very happy with it since OpenWRT is on it <3 Im using latest OpenWRT 18.06.1 ..

jeff · August 30, 2018, 11:54pm

For a number of reasons, you're a lot better off with checking that sysupgrade backs up all your changed files (for most users and packages, it does by default) and creating a backup and periodically downloading it to a "safe" place. Also keep a list of the packages that you have installed. That way you can flash a newer image (or the older one), reinstall the packages (opkg will take a list), and restore your backup.

Yes, there are ways to capture the entire /overlay system in a tar file or the like, but it will only work with the "exact same" underlying ROM if you've installed any kernel modules. I'm a backup fanatic, and I wouldn't do this myself.

I manage config a little differently than many. I have a router that has enough storage to run git and keep my config checked into git (allowing quick roll-back or config-set changes) as well as pushing it to a "safe" place for restoring.

rsync and scp are other options to consider.

MooMan · August 31, 2018, 12:11am

Hi jeff, Thanks for reply, so the best way to go is flash new via sysupgrade.bin and then recover/install all ipk packages I had installed and then play back the previously done backup via RESTORE Backup in Luci....Thank you! A lot of hassle O:) ...LOL...but OK for me, I asked, cause wanted to make a "master .bin" that contains all I have, including the whole setup, without needing to make all manually... Thanks again, jeff =D

JW0914 · August 31, 2018, 1:42am

What you're looking for is to create your own build environment to compile OpenWrt.

Within the root of the the build directory you'll create a folder named "files" and you'll replicate the hierarchy of / in OpenWrt
- For example, you'd place your config files from /etc/config in <buildroot>/files/etc/config

I created a script for Ubuntu a while back that automates the build root creation, however, you're still going to want to read Build System - Usage, as well as my ReadMe

MooMan · August 31, 2018, 2:00am

Thank you JW0914, I ll dig in it and will have a good read before doing anything ... Thank you for the hint and Links =D Thanks for sharing Info & knowledge

JW0914 · August 31, 2018, 12:15pm

I realized my explanation of the <build root>/files/ directory could be taken a few ways, so I wanted to clarify it

You'll only place custom files for the OpenWrt file system within <build root>/files/.

For example, here's the contents of my files directory:

[jw@uvm] ~ $ ls -lR compile/openwrt/18/files/

files/:
total 20
drwxr-xr-x 9 jw jw 4096 Aug 25 12:02 etc/
drwxr-xr-x 6 jw jw 4096 Aug 25 11:31 mnt/
drwxr-xr-x 4 jw jw 4096 Aug 25 12:03 root/
drwxr-xr-x 3 jw jw 4096 Jan 13  2018 usr/
drwxr-xr-x 3 jw jw 4096 Jan  8  2018 www/

files/etc:
total 204
-rw-r--r-- 1 jw jw    803 Aug 25 11:21 banner.failsafe
-rw-r--r-- 1 jw jw    583 Aug 25 11:21 banner.security
-rw-r--r-- 1 jw jw   3046 Aug 21 15:35 collectd.bak.conf
-rw-r--r-- 1 jw jw   3046 Aug 21 15:35 collectd.conf
drwxr-xr-x 4 jw jw   4096 Aug 25 12:03 config/
drwxr-xr-x 2 jw jw   4096 Aug 21 15:15 crontabs/
-rw-r--r-- 1 jw jw    515 Aug 21 07:06 device_info
-rw-r--r-- 1 jw jw   4736 Aug 21 15:36 firewall.user
-rw-r--r-- 1 jw jw    186 Aug 21 07:06 group
-rw-r--r-- 1 jw jw    525 Aug 21 15:36 inputrc
drwxr-xr-x 3 jw jw   4096 Aug 21 07:06 mc/
-rw-r--r-- 1 jw jw 103552 Aug 21 15:15 moduli
-rw-r--r-- 1 jw jw   3692 Aug 21 15:36 nanorc
drwxr-xr-x 3 jw jw   4096 Aug 21 07:06 openvpn/
-rw-r--r-- 1 jw jw    385 Aug 21 07:06 passwd
-rw-r--r-- 1 jw jw   3167 Aug 21 15:15 profile
-rw-r--r-- 1 jw jw    320 Aug 21 15:36 rc.local
drwxr-xr-x 2 jw jw   4096 Aug 25 12:02 samba/
-rw-r--r-- 1 jw jw    154 Aug 21 07:06 shadow
-rw-r--r-- 1 jw jw    277 Aug 21 15:37 smartd.conf
drwxr-xr-x 3 jw jw   4096 Aug 25 12:02 ssh/
drwxr-xr-x 6 jw jw   4096 Aug 25 12:02 ssl/
-rw-r--r-- 1 jw jw    688 Aug 21 15:37 sysupgrade.conf
-rw-r--r-- 1 jw jw   6841 Aug 21 15:40 vimrc

files/etc/config:
total 128
-rw-r--r-- 1 jw jw  3468 Aug 21 15:15 adblock
-rw-r--r-- 1 jw jw  1177 Aug 21 15:16 aria2
-rw-r--r-- 1 jw jw   497 Aug 21 07:06 cshark
-rw-r--r-- 1 jw jw  1284 Aug 21 07:06 ddns
-rw-r--r-- 1 jw jw  9882 Aug 21 07:06 dhcp
-rw-r--r-- 1 jw jw   722 Aug 25 11:48 etherwake
-rw-r--r-- 1 jw jw 10222 Aug 21 07:06 firewall
-rw-r--r-- 1 jw jw   944 Aug 21 07:06 fstab
-rw-r--r-- 1 jw jw   382 Aug 21 15:15 hd-idle
-rw-r--r-- 1 jw jw  1503 Aug 21 15:19 luci
-rw-r--r-- 1 jw jw  6577 Aug 21 07:06 luci_statistics
-rw-r--r-- 1 jw jw  6038 Aug 21 07:06 network
-rw-r--r-- 1 jw jw  3909 Aug 21 07:06 openvpn
-rw-r--r-- 1 jw jw   370 Aug 21 15:21 p910nd
-rw-r--r-- 1 jw jw  3280 Aug 21 07:06 qos
-rw-r--r-- 1 jw jw   823 Aug 21 07:06 samba
-rw-r--r-- 1 jw jw   942 Aug 25 11:48 sqm
-rw-r--r-- 1 jw jw  2741 Aug 21 07:06 system
-rw-r--r-- 1 jw jw  1805 Aug 21 07:06 uhttpd
-rw-r--r-- 1 jw jw  1020 Aug 21 07:06 wifi_schedule
-rw-r--r-- 1 jw jw  7373 Aug 21 07:06 wireless

files/etc/crontabs:
total 4
-rw-r--r-- 1 jw jw 477 Aug 25 11:18 root

files/etc/mc:
total 12
-rw-r--r-- 1 jw jw 6886 Aug 21 07:06 ini
drwxr-xr-x 2 jw jw 4096 Aug 21 07:06 skins/

files/etc/mc/skins:
total 4
-rw-r--r-- 1 jw jw 2930 Aug 21 07:06 modern.ini

files/etc/openvpn:
total 4
drwxr-xr-x 3 jw jw 4096 Aug 21 07:06 clients/

files/etc/openvpn/clients:
total 4
drwxr-xr-x 2 jw jw 4096 Aug 21 07:06 private/

files/etc/openvpn/clients/private:
total 12
-rw-r--r-- 1 jw jw 63 Aug 21 07:06 ipp.txt
-rw-r--r-- 1 jw jw 40 Aug 21 07:06 JW0914 (AW)
-rw-r--r-- 1 jw jw 40 Aug 21 07:06 JW0914 (NX)

files/etc/samba:
total 36
-rw-r--r-- 1 jw jw 24576 Aug 21 07:06 secrets.tdb
-rw-r--r-- 1 jw jw  1643 Aug 21 15:15 smb.conf.template
-rw-r--r-- 1 jw jw   106 Aug 21 07:06 smbpasswd

files/etc/ssh:
total 12
drwxr-xr-x 3 jw jw 4096 Jan  8  2018 ids/
-rw-r--r-- 1 jw jw 2222 Aug 21 15:29 ssh_config
-rw-r--r-- 1 jw jw 3202 Aug 21 07:06 sshd_config

files/etc/ssh/ids:
total 4
drwxr-xr-x 2 jw jw 4096 Jan  8  2018 host/

files/etc/ssh/ids/host:
total 0

files/etc/ssl:
total 28
drwxr-xr-x 2 jw jw 4096 Aug 25 12:02 ca/
drwxr-xr-x 2 jw jw 4096 Aug 21 07:06 certs/
-rw-r--r-- 1 jw jw 9290 Aug 21 07:06 openssl.cnf
drwxr-xr-x 2 jw jw 4096 Aug 21 07:06 openvpn/
drwxr-xr-x 2 jw jw 4096 Aug 21 07:06 private/

files/etc/ssl/ca:
total 12
-rw-r--r-- 1 jw jw 2260 Aug 21 15:15 Sophos_UTM_CA.crt.pem
-rw-r--r-- 1 jw jw 4504 Aug 21 07:06 WRT1900ACS_ICA-Chain.crt.pem

files/etc/ssl/certs:
total 8
-rw-r--r-- 1 jw jw 1956 Aug 21 07:06 wrt1900acs-uhttpd.crt
-rw-r--r-- 1 jw jw 1992 Aug 21 07:06 wrt1900acs-vpn_server.crt

files/etc/ssl/openvpn:
total 24
-rw-r--r-- 1 jw jw  424 Aug 21 07:06 dh2048.pem
-rw-r--r-- 1 jw jw  595 Aug 21 07:06 dh3072.pem
-rw-r--r-- 1 jw jw  769 Aug 21 07:06 dh4096.pem
-rw-r--r-- 1 jw jw  636 Aug 21 07:06 tls-auth.key
-rw-r--r-- 1 jw jw 6365 Aug 21 07:06 wrt1900acs-vpn_server.p12

files/etc/ssl/private:
total 8
-rw-r--r-- 1 jw jw 1704 Aug 21 07:06 wrt1900acs-uhttpd.key
-rw-r--r-- 1 jw jw 1704 Aug 21 07:06 wrt1900acs-vpn_server.key.pem

files/mnt:
total 16
drwxr-xr-x 2 jw jw 4096 Jan  8  2018 sda1/
drwxrwxr-x 2 jw jw 4096 Sep 19  2016 sda2/
drwxr-xr-x 2 jw jw 4096 Jan  8  2018 sda3/
drwxrwxr-x 2 jw jw 4096 Mar 23  2017 sda4/

files/mnt/sda1:
total 0

files/mnt/sda2:
total 0

files/mnt/sda3:
total 0

files/mnt/sda4:
total 0

files/root:
total 20
drwxr-xr-x 5 jw jw 4096 Aug 25 12:03 backups/
-rwxr-xr-x 1 jw jw 8229 Aug 21 07:06 first-run.sh
drwxr-xr-x 2 jw jw 4096 Aug 25 12:03 .ssh/

files/root/backups:
total 12
drwxr-xr-x 9 jw jw 4096 Aug 25 12:03 etc/
drwxr-xr-x 6 jw jw 4096 Aug 25 11:31 mnt/
drwxr-xr-x 3 jw jw 4096 Aug 21 07:06 root/

files/root/.ssh:
total 12
-rw-r--r-- 1 jw jw 2088 Aug 21 07:06 authorized_keys
-rw-r--r-- 1 jw jw 6369 Aug 21 07:06 config

files/usr:
total 4
drwxr-xr-x 2 jw jw 4096 Aug 21 15:15 nano/

files/usr/nano:
total 372
-rw-r--r-- 1 jw jw 6325 Aug 21 15:15 apacheconf.nanorc
-rw-r--r-- 1 jw jw 3673 Aug 21 15:15 arduino.nanorc
-rw-r--r-- 1 jw jw  984 Aug 21 15:15 asciidoc.nanorc
-rw-r--r-- 1 jw jw  783 Aug 21 15:15 asm.nanorc
-rw-r--r-- 1 jw jw 1212 Aug 21 15:15 awk.nanorc
-rw-r--r-- 1 jw jw  861 Aug 21 15:15 clojure.nanorc
-rw-r--r-- 1 jw jw  990 Aug 21 15:15 cmake.nanorc
-rw-r--r-- 1 jw jw 1930 Aug 21 15:15 c.nanorc
-rw-r--r-- 1 jw jw  723 Aug 21 15:15 coffeescript.nanorc
-rw-r--r-- 1 jw jw  421 Aug 21 15:15 colortest.nanorc
-rw-r--r-- 1 jw jw 1821 Aug 21 15:15 conf.nanorc
-rw-r--r-- 1 jw jw 6330 Aug 21 15:15 conky.nanorc
-rw-r--r-- 1 jw jw 1437 Aug 21 15:15 csharp.nanorc
-rw-r--r-- 1 jw jw  384 Aug 21 15:15 css.nanorc
-rw-r--r-- 1 jw jw 1056 Aug 21 15:15 cython.nanorc
-rw-r--r-- 1 jw jw  847 Aug 21 15:15 dockerfile.nanorc
-rw-r--r-- 1 jw jw  729 Aug 21 15:15 dot.nanorc
-rw-r--r-- 1 jw jw   93 Aug 21 15:15 email.nanorc
-rw-r--r-- 1 jw jw 1408 Aug 21 15:15 erb.nanorc
-rw-r--r-- 1 jw jw  917 Aug 21 15:15 fish.nanorc
-rw-r--r-- 1 jw jw 2431 Aug 21 15:15 fortran.nanorc
-rw-r--r-- 1 jw jw 1475 Aug 21 15:15 genie.nanorc
-rw-r--r-- 1 jw jw 2574 Aug 21 15:15 gentoo.nanorc
-rw-r--r-- 1 jw jw 2238 Aug 21 15:15 gitcommit.nanorc
-rw-r--r-- 1 jw jw 2238 Aug 21 15:15 git.nanorc
-rw-r--r-- 1 jw jw  882 Aug 21 15:15 glsl.nanorc
-rw-r--r-- 1 jw jw 1032 Aug 21 15:15 go.nanorc
-rw-r--r-- 1 jw jw  723 Aug 21 15:15 groff.nanorc
-rw-r--r-- 1 jw jw  642 Aug 21 15:15 haml.nanorc
-rw-r--r-- 1 jw jw 1138 Aug 21 15:15 haskell.nanorc
-rw-r--r-- 1 jw jw  425 Aug 21 15:15 html.nanorc
-rw-r--r-- 1 jw jw  697 Aug 21 15:15 i3.nanorc
-rw-r--r-- 1 jw jw  686 Aug 21 15:15 ical.nanorc
-rw-r--r-- 1 jw jw  407 Aug 21 15:15 ini.nanorc
-rw-r--r-- 1 jw jw  285 Aug 21 15:15 inputrc.nanorc
-rw-r--r-- 1 jw jw 1544 Aug 21 15:15 install.sh
-rw-r--r-- 1 jw jw  715 Aug 21 15:15 java.nanorc
-rw-r--r-- 1 jw jw 1105 Aug 21 15:15 javascript.nanorc
-rw-r--r-- 1 jw jw 1503 Aug 21 15:15 js.nanorc
-rw-r--r-- 1 jw jw  402 Aug 21 15:15 json.nanorc
-rw-r--r-- 1 jw jw  318 Aug 21 15:15 keymap.nanorc
-rw-r--r-- 1 jw jw  607 Aug 21 15:15 kickstart.nanorc
-rw-r--r-- 1 jw jw  432 Aug 21 15:15 ledger.nanorc
-rw-r--r-- 1 jw jw  727 Aug 21 15:15 license
-rw-r--r-- 1 jw jw  383 Aug 21 15:15 lisp.nanorc
-rw-r--r-- 1 jw jw 3024 Aug 21 15:15 lua.nanorc
-rw-r--r-- 1 jw jw 1039 Aug 21 15:15 makefile.nanorc
-rw-r--r-- 1 jw jw  264 Aug 21 15:15 man.nanorc
-rw-r--r-- 1 jw jw 1060 Aug 21 15:15 markdown.nanorc
-rw-r--r-- 1 jw jw  389 Aug 21 15:15 mpdconf.nanorc
-rw-r--r-- 1 jw jw   95 Aug 21 15:15 mutt.nanorc
-rw-r--r-- 1 jw jw 2489 Aug 21 15:15 nanorc
-rw-r--r-- 1 jw jw 1065 Aug 21 15:15 nanorc.nanorc
-rw-r--r-- 1 jw jw 4846 Aug 21 15:15 nginx.nanorc
-rw-r--r-- 1 jw jw  815 Aug 21 15:15 ocaml.nanorc
-rw-r--r-- 1 jw jw  242 Aug 21 15:15 patch.nanorc
-rw-r--r-- 1 jw jw  395 Aug 21 15:15 peg.nanorc
-rw-r--r-- 1 jw jw 1698 Aug 21 15:15 perl6.nanorc
-rw-r--r-- 1 jw jw 1503 Aug 21 15:15 perl.nanorc
-rw-r--r-- 1 jw jw 1431 Aug 21 15:15 php.nanorc
-rw-r--r-- 1 jw jw 1534 Aug 21 15:15 pkgbuild.nanorc
-rw-r--r-- 1 jw jw  245 Aug 21 15:15 pkg-config.nanorc
-rw-r--r-- 1 jw jw  221 Aug 21 15:15 po.nanorc
-rw-r--r-- 1 jw jw  682 Aug 21 15:15 pov.nanorc
-rw-r--r-- 1 jw jw 2741 Aug 21 15:15 privoxy.nanorc
-rw-r--r-- 1 jw jw 1972 Aug 21 15:15 puppet.nanorc
-rw-r--r-- 1 jw jw 3479 Aug 21 15:15 python.nanorc
-rw-r--r-- 1 jw jw 2369 Aug 21 15:15 Readme.rst
-rw-r--r-- 1 jw jw  470 Aug 21 15:15 reST.nanorc
-rw-r--r-- 1 jw jw 1626 Aug 21 15:15 rpmspec.nanorc
-rw-r--r-- 1 jw jw 1585 Aug 21 15:15 ruby.nanorc
-rw-r--r-- 1 jw jw 1112 Aug 21 15:15 rust.nanorc
-rw-r--r-- 1 jw jw  670 Aug 21 15:15 scala.nanorc
-rw-r--r-- 1 jw jw  240 Aug 21 15:15 sed.nanorc
-rw-r--r-- 1 jw jw  831 Aug 21 15:15 sh.nanorc
-rw-r--r-- 1 jw jw  619 Aug 21 15:15 sls.nanorc
-rw-r--r-- 1 jw jw 1908 Aug 21 15:15 sql.nanorc
-rw-r--r-- 1 jw jw 1973 Aug 21 15:15 swift.nanorc
-rw-r--r-- 1 jw jw 5103 Aug 21 15:15 systemd.nanorc
-rw-r--r-- 1 jw jw 2277 Aug 21 15:15 tcl.nanorc
-rw-r--r-- 1 jw jw  302 Aug 21 15:15 tex.nanorc
-rw-r--r-- 1 jw jw  789 Aug 21 15:15 vala.nanorc
-rw-r--r-- 1 jw jw  393 Aug 21 15:15 vi.nanorc
-rw-r--r-- 1 jw jw  330 Aug 21 15:15 xml.nanorc
-rw-r--r-- 1 jw jw  297 Aug 21 15:15 xresources.nanorc
-rw-r--r-- 1 jw jw  542 Aug 21 15:15 yaml.nanorc
-rw-r--r-- 1 jw jw  276 Aug 21 15:15 yum.nanorc
-rw-r--r-- 1 jw jw 2008 Aug 21 15:15 zsh.nanorc
-rw-r--r-- 1 jw jw 2008 Aug 21 15:15 zshrc.nanorc

files/www:
total 4
drwxr-xr-x 4 jw jw 4096 Jan  8  2018 luci-static/

files/www/luci-static:
total 4
drwxr-xr-x 5 jw jw 4096 Aug 21 15:15 material/

files/www/luci-static/material:
total 4 
drwxr-xr-x 2 jw jw 4096 Aug 21 15:15 css/

files/www/luci-static/material/css:
total 64
-rw-r--r-- 1 jw jw 29475 Aug 21 15:15 style.css
-rw-r--r-- 1 jw jw 29444 Aug 21 15:15 style.css.original

I also have customizations that must be performed on a live system, so I have a first-run.sh script that runs at first boot and emails me the output to ensure everything was configured correctly:

#!/bin/sh

   ##::[[---  OpenWrt First Run Script ---]]::##

#===================================================
        ##----- Correct Permissions -----##
#===================================================

    # Parameters #
#---------------------------------------------------

  # Email:
    email1="<email>@gmail.com"
    email2="<email>@gmail.com"

		subject="First Run Status for ACS.WRT"
      opt1="-v -f WRT1900ACS@ACS.WRT -au<email>@gmail.com -apassword -H"
      opt2="openssl s_client -quiet -tls1_2 -starttls smtp -connect smtp.gmail.com:587"

  # Services:
    INT="/etc/init.d"
      shd="$INT/sshd"


  # SSH & SSL:
    SSH="/etc/ssh"
      IDS="/etc/ssh/ids"
        HST="$IDS/host"

    SSL="/etc/ssl"
    SSHT="/tmp/ssh"


  # Log:
    logfile="/tmp/ssh/first_run_log.tmp"

    dt=$(date +%Y.%m.%d_%H:%M:%S)
      dtT=$(date +%H:%M:%S)
      dtY=$(date +%Y.%m.%d)

    LOG="/mnt/sda1/first-run_${dt}.log"


#===================================================

    # Prerequisites #
#---------------------------------------------------

# Create /tmp/ssh
  mkdir -p $SSHT && touch ${logfile}


    # Email Options #
#---------------------------------------------------

# Header:
(
  echo "To: ${email1}"
  echo "Subject: ${subject}"
  echo "Content-Type: text/html"
  echo "MIME-Version: 1.0"
  printf "\r\n"
) > ${logfile}


# Body:
(
	echo "<pre style=\"font-size:12px\">"
	printf "\r"
) >> ${logfile}


# Heading:
(
  printf "    ##[[-----> First Run Status for LEDE.WRT  <-----]]##\n"
  printf "\r\n\n\n"

  printf "Date: $dtY\n\n"
  printf "Time: $dtT\n"

	printf "\r\n\n\n"
) >> ${logfile}


#===================================================

    # Default rc.local #
#---------------------------------------------------
(
  printf "  # Prevent Script from Running Again #\n"
  printf %b "------------------------------------------------------------\n"


  printf "\n  Defaulting /etc/rc.local...\n"
    echo '#

   ##::[[---  OpenWrt RC Local Script  ---]]::##

#---------------------------------------------------
             ##--- Shell Script ---##
#---------------------------------------------------


# Exit:
  exit 0' > /etc/rc.local && echo "" >> /etc/rc.local
    printf "    DONE. \n"

) >> ${logfile} 2>&1

(
      # Backup #
  #---------------------------------------------------
    printf "\n\n  # Fixing Backup Permissions #\n"
    printf %b "------------------------------------------------------------\n"

  # Read Access #
    printf "\n  Ensuring /root/backups is Read Only...\n"
      chmod -R 400 /root/backups 2>&1
      printf "    DONE. \n"


      # SSL Certs #
  #---------------------------------------------------
    printf "\n\n  # Fixing SSL Permissions #\n"
    printf %b "------------------------------------------------------------\n"

  # Read access #
    printf "\n  Assiging Certs Read Access...\n"
      chmod 644 $SSL/ca/* 2>&1
      chmod 644 $SSL/certs/wrt*.crt 2>&1
      printf "    DONE.\n"

  # Root only access #
    printf "\n  Removing Read Access from Cert Keys...\n"
      chmod 600 $SSL/openvpn/* 2>&1
      chmod 600 $SSL/private/* 2>&1
      printf "    DONE.\n"


      # Nano #
  #---------------------------------------------------
    printf "\n\n  # Nano #\n"
    printf %b "------------------------------------------------------------\n"

  # NanoRC

    # Link System Wide NanoRC to users
      printf "\n  Linking System NanoRC to ~/.nanorc...\n"
        ln -s /etc/nanorc /root/.nanorc 2>&1
        printf "    DONE.\n"


      # OpenSSH #
  #---------------------------------------------------
    printf "\n\n  # OpenSSH #\n"
    printf %b "------------------------------------------------------------\n"

  # Keys #

    # Remove Default Keys #
      printf "\n  Removing OpenSSH Default Keys...\n"
        rm $SSH/ssh_host* 2>&1
        printf "    DONE.\n"

    # Generate 256 ssh_host_ecdsa_key #
      printf %b "===========================================================\n"
      printf %b "------------------------------------------------------------\n"

      printf "\n\n  # Generating ECDSA Host Key #\n"
      printf %b "----------------------------------------\n\n"
        ssh-keygen -b 256 -t ecdsa -E sha256 -C "WRT1900ACS OpenSSH Server ECDSA" -f $HST/ssh_host_ecdsa_key 2>&1
        printf "  DONE.\n\n"

    # Generate 1024 ED25519 #
      printf %b "===========================================================\n\n"

      printf "\n\n  # Generating ED25519 Host Key #\n"
      printf %b "----------------------------------------\n\n"
        ssh-keygen -t ed25519 -E sha256 -C "WRT1900ACS OpenSSH Server ED25519" -f $HST/ssh_host_ed25519_key 2>&1
        printf "  DONE.\n\n"

    # Generate 2048 RSA #
      printf %b "===========================================================\n\n"

      printf "\n\n  # Generating RSA Host Key #\n"
      printf %b "----------------------------------------\n\n"
        ssh-keygen -b 2048 -t rsa -E sha256 -C "WRT1900ACS OpenSSH Server RSA" -f $HST/ssh_host_rsa_key 2>&1
        printf "  DONE.\n\n"

      printf %b "------------------------------------------------------------\n"
      printf %b "===========================================================\n"

    # Move Public Keys
      printf "\n\n  Moving Host Public Keys...\n"
        mv $HST/*.pub $SSH 2>&1
        printf "    DONE.\n"

    # Permissions #
      printf "\n  Correcting Host Key Permissions...\n"
        chmod 755 $IDS 2>&1
        chmod 600 $HST/*_key 2>&1
        printf "    DONE.\n"

    # Link Moduli
      printf "\n  Linking Moduli to /etc/ssh/moduli...\n"
        ln -s /etc/moduli /etc/ssh/moduli 2>&1
        printf "    DONE.\n"


  # .ssh #

    # root:
      printf "\n  Correcting root Key Permissions...\n"
        chmod 700 /root 2>&1
        chmod 700 /root/.ssh 2>&1
        chmod 600 /root/.ssh/authorized_keys 2>&1
        printf "    DONE.\n"


  # Restart OpenSSH #
    printf "\n  Restarting OpenSSH...\n"
      $shd enable  2>&1
      $shd restart 2>&1
      printf "    DONE.\n"


      # Vim #
  #---------------------------------------------------
    printf "\n\n  # Vim #\n"
    printf %b "------------------------------------------------------------\n"

  # VimRC

    # Link System Wide VimRC to users
      printf "\n  # Linking System VimRC to ~/.vimrc #\n"
        ln -s /etc/vimrc /root/.vimrc 2>&1
        printf "    DONE.\n"


      # Exit script #
  #---------------------------------------------------
    printf "\n\n  # Script Finished #\n"
    printf %b "------------------------------------------------------------\n"
		  printf "\n  . . . FINISHED: Exiting @ $dtT on $dtY . . .\n"

) >> ${logfile} 2>1

echo "</pre>" >> ${logfile}


    # Email Report #
#--------------------------------------

if [ -z "${email1}" ]; then

  # Error:
    echo "No email address specified, information available in ${logfile}" | tee -a ${logfile}
      cat ${logfile} > $LOG-$dt

else

  # Success:
    sendmail ${opt1} "${opt2}" $email1 < ${logfile}
      cat ${logfile} > $LOG-$dt
      cp $LOG-$dt /root
      rm -rf $SSHT
fi


    # Exit script #
#---------------------------------------------------
exit 2>&1

Note: sendmail is not configured in busybox by default, so if you do want email capabilities, you must customize the busybox package in menuconfig, selecting sendmail under
Base System -> BusyBox -> Customize BusyBox Options -> Mail Utilities -> sendmail,
also setting:
Default charset to UTF-8

sammo · August 31, 2018, 1:13pm

For most of my TP link devices.

cat /dev/mtd5 >/tmp/backup.bin
Download that file to your computer.

That's it. You got the full backup of the firmware (root+rootfs_data).
To restore? Transfer it to /tmp in router.
sysupgrade -v -n backup.bin
(the -n is to not preserve the current config in the router, as you will overwrite it)

https://forum.archive.openwrt.org/viewtopic.php?id=42945

MooMan · August 31, 2018, 2:49pm

Very cool sammo, Thank you very much for explanation! Will check out all over the weekend =D Have a good time! Cooool!

JW0914 · August 31, 2018, 3:34pm

mtd partitions are device specific and this will definitely not work on a WRT32X, or any of the WRT AC Series routers.

No specific mtd partition on the WRT AC Series houses custom configs... See Flash Layout

sammo · August 31, 2018, 3:42pm

then perhaps backup /overlay as suggested by hnyman in post 10 on the above link

jeff · August 31, 2018, 5:25pm

Yes, "tar-ing up" /overlay is something that I do when I'm about to try something very risky, such as a major-version upgrade.

cd /overlay
tar cvf /tmp/some-file-name.tar .
scp /tmp/some-file-name.tar me@some.other.host:/path/to/a/safe/place/

for example.

I typically won't extract that directly to the device, but rather expand it on a Mac or Linux machine, and pick and choose specific files to upload and restore to my OpenWrt instance.