Contents
Why?
LibreELEC is perfect linux distro for running Kodi almost everywhere.
LibreELEC has a powerful add-on system and it also has docker container support so technically you could run everything you need inside docker container.
But sometimes it is not enough. All (or almost all) Linux distros have their own package manager with set of well known packages (prebuilt binaries or scripts to build from source code).
Well, LibreELEC has its own build system and you could use it to add support for other packages but in that case you will have to rebuild almost whole LibreELEC.
Building customized version of LibreELEC could be overkill if you just need to install something like Midnight Commander or cron, right?
Here is one possible solution – use entware: https://github.com/Entware/Entware
entware is an tiny and minimalistic user-space prefix (/opt) environment designed for embedded systems with tiny package manager.
There are other optware-like alternatives, but I found that entware is supported better than others.
Alternatives:
- optware / optware-ng: http://www.nslu2-linux.org/wiki/pmwiki.php?pagename=Optware/HomePage/
- entware-ng: no more an option, merged with entware
- entware-ng-3.x: no more an option, merged with entware
Fix LibreELEC image
To be able to easy work with entware we will need folder in root /opt. LibreELEC uses read only root filesystem so we will have to fix system image.
My LibreELEC is installed on SD card and I also have OS X on my laptop.
Prerequisites:
- OS X (but it could be Linux too but instruction how to install squashfs is different)
- Homebrew package manager installed: https://brew.sh
- In terminal:
brew install squashfs
Actions:
- Disconnect SD card
- Connect SD card to OS X
- Connected volume should have label “LIBREELEC”
- Open terminal
cd /Volumes/LIBREELEC
mkdir -p new/opt
mksquashfs new SYSTEM -all-root
rm -rf new
- Thats it, now SYSTEM image should have /opt directory and you could connect SD card back to your media player
- You will need to do this step each time you will update LibreELEC system image.
Connect to LibreELEC over SSH
Enable SSH access in LibreELEC configuration or during setup. Remember hostname, by default, it is LibreELEC.
Run from terminal: ssh root@LibreELEC.local (or CustomHostname.local)
Install entware
Root filesystem is still unreadable, but /storage has read-write access, so we could install entware into, for example, /storage/opt and bind /opt to /storage/opt (thats why we created /opt in the root).
You could find correct install script url here: https://github.com/Entware/Entware/wiki/Alternative-install-vs-standard. In my case I will use AARCH64 standard install script (for ODROID-C2).
Install opkg:
mkdir -p /storage/opt
mount -o bind /storage/opt /opt
wget -O - http://bin.entware.net/aarch64-k3.10/installer/generic.sh | sh
export PATH=$PATH:/opt/bin:/opt/sbin
opkg update
# expr is used in opkg init scripts and is not available in busybox provided by LibreELEC
opkg install coreutils-expr
Make /opt bind persistent:
Run: nano -w /storage/.config/system.d/opt.mount
Please note, filename opt.mount make sense here (systemd rule): /{name} -> {name}.mount.
[Unit]
DefaultDependencies=no
Conflicts=umount.target
Before=local-fs.target umount.target
[Mount]
What=/storage/opt
Where=/opt
Type=none
Options=bind
[Install]
WantedBy=local-fs.target
Enable mount point to be activated on reboot:
systemctl enable opt.mount
Fix profile to have entware available in SSH session by default and enable unicode:
Run: nano /storage/.profile
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export PATH=$PATH:/opt/bin:/opt/sbin
Now you could reboot LibreELEC and test if changes are persistent. After reboot you should be able to:
- connect to LibreELEC over SSH
- see that
/optis mounted.ls /optshould show files (test for /opt bind) opkg listshould show list of available packages (test for PATH in profile)
Enable SSH with certificate
Run on local machine:
nano ~/.ssh/config
Paste configuration to use alternative username when you are connecting to LibreELEC (we assume default hostname here):
Host libreelec.local
User root
Run on local machine:
cat ~/.ssh/*.pub
Login to libreelec thru ssh:
ssh root@libreelec.local
Copy the open key you would like to use.
nano -w ~/.ssh/authorized_keys
Paste the open key.
Save.
Exit SSH session and try to login again:
ssh libreelec.local
This time it should not ask for password.
Usage
Now you could install packages available in entware with opkg package manager.
opkg listwill show list of available packages.opkg list | grep packagewill help you to find needed package.opkg install packagewill install package- some packages are designed to be daemonized, for example cron.
- init scripts are located here: /opt/etc/init.d
- you could start service with /opt/etc/init.d/SXX{name} start
- you could stop service with /opt/etc/init.d/SXX{name} stop
- services should be also wrapped into systemd config files to persist their state on reboot
opkg uninstall packagewill uninstall package
Examples
midnight commander (application)
Install mc: opkg install mc
Thats it ๐
cron (service)
Install cron: opkg install cron
Wrap service into systemd config: nano -w /storage/.config/system.d/cron.service
[Unit]
Requires=network-online.service
[Service]
Type=oneshot
ExecStart=/opt/etc/init.d/S10cron start
ExecStop=/opt/etc/init.d/S10cron stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Auto start service on reboot: systemctl enable cron.service
Start service now: systemctl start cron.service
This is a perfect example how easy could be to install binary package with entware.
dnsmasq (service)
Below is example how to setup dnsmasq with ads blacklist.
Download ads domains blacklist in hosts file format:
cd /opt/etc && wget https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
Install dnsmasq: opkg install dnsmasq-full
Run: nano -w /opt/etc/dnsmasq.conf
server=8.8.8.8
server=8.8.4.4
addn-hosts=/opt/etc/hosts
Wrap service into systemd config: nano -w /storage/.config/system.d/dnsmasq.service
[Unit]
Requires=network-online.service
[Service]
Type=oneshot
ExecStart=/opt/etc/init.d/S56dnsmasq start
ExecStop=/opt/etc/init.d/S56dnsmasq stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Auto start service on reboot: systemctl enable dnsmasq.service
Start service now: systemctl start dnsmasq.service
Now you could set for any device at home main DNS server address to LibreELEC ip address and all (almost) ads will be removed.
Another perfect example how easy is entware.
vsftpd (service)
By default, LibreELEC has no ftp support but ftp could be useful for some iOS/Android apps with bad samba support, VLC, for example.
Here we could setup guest read-only ftp with a few commands:
Install vsftpd: opkg install vsftpd-ext
Run: nano -w /opt/etc/vsftpd/vsftpd.conf
# defaults - everything else could be disabled
anonymous_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
listen=YES
# overrides
anonymous_enable=YES
local_enable=NO
anon_root=/media
no_anon_password=YES
hide_ids=YES
pasv_min_port=40000
pasv_max_port=50000
ftp_username=nobody
This config will make vsftpd share all mounted devices.
Wrap service into systemd config: nano -w /storage/.config/system.d/vsftpd.service
[Unit]
Requires=network-online.service
After=network-online.service
[Service]
Type=oneshot
ExecStart=/opt/etc/init.d/S49vsftpd start
ExecStop=/opt/etc/init.d/S49vsftpd stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Auto start service on reboot: systemctl enable vsftpd.service
Start service now: systemctl start vsftpd.service
Thank you for this guide. I followed it on my mac so everything should work. I would like to install shairport-sync on Rasplex which is based on LibreELEC.
I get stuck at the line opkg update. I get: Illegal instruction (core dumped)
I’ve tried this on a fresh LibreELEC install as well to see if that makes any difference but I get the same error.
Could you please help to find a solution?
Thank you.
Illegal instruction means that you are trying to use binaries from another architecture. What hardware do you have? You need to pick right architecture during opkg bootstrap.
Thank you for your reply. Yes, I’ve tried to install on the wrong architecture, I’m using a Pi zero W, which is armv6.
I could make it work on a RPi 3, however, I’m still struggling to make shairport-sync work and also I couldn’t make the mount of /opt persistent.
I guess I forgot to mention:
I recommend to use Entware-3x for modern devices – https://github.com/Entware-for-kernel-3x
It is Entware-ng fork with kernel calls based on 3x kernels. It has more packages and more recent package versions because of it.
Thank you for the guide, worked flawlessly!
Entware-ng-3x works great also in LibreELEC running on my Rock64.
Do you know if it’s possible to patch it to not expect /opt ? Would save a lot of steps when updating LibreELEC.
Thanks.
Technically, you could also use overlay-fs: https://wiki.archlinux.org/index.php/Overlay_filesystem
But I found it is easier to plug sd card into macbook and inject /opt into image with:
The vsftpd instructions say we need to run nano -w /opt/etc/dnsmasq.conf
You probably mean nano -w /opt/etc/vsftpd.conf?
But I forgot, thanks a lot for the instructions they helped a lot!
Thanks, fixed.
Also it would be a good idea to say in your article somewhere that scp is a good alternative to vsftpd if you want to avoid unsecure ftp on libreelec.
I figured this out after trying to set vsftpd up for TLS and seeing all that was required…
I’m not a sysadmin! ๐
For home network unsecured ftp is totally fine, especially for anonymous read only shares. FTP is widely available in ios/android apps and is supported much better than upnp, samba or even ssh.
Dear Artem, thanks so much for your guide here, it’s helped me tremendously to get my Slice with upgrade to Raspberry Pi Compute Module 3 running as a way more sophisticated box!
I’d like to propose two small corrections to the ‘Install entware’ section:
Please update the URL for the install script to ‘http://bin.entware.net/armv7sf-k3.2/installer/generic.sh’, so that it becomes
wget -O - http://bin.entware.net/armv7sf-k3.2/installer/generic.sh | sh.I recommend to change the exported PATH to
export PATH=/opt/bin:/opt/sbin:$PATH, because more often than not, the point of installing an entware package is to override the executable in /usr/bin/ that came with busybox with a (better) alternative.So far it seems like I’ve got the perfect setup with this, so I’m very happy – thanks again!
Artem,
Great work and excellent explanations- most tech folks can’t communicate !
You might be interested in knowing that LibreElec fork CoreElec.org (for better generic S905 box support) has implemented Entware for v8.95.*
So now CoreElec has an edge ๐ Maybe they read this blog !
Do you agree that Entware-3x is a better choice with more packages than Entware? Will the configuration instructions be the same ?
Is there a way to install packages that are not on the Entware repo list (e.g., nodogsplash captive portal)?
How about xorg to enable GUI on LibreElec/CoreElec, e.g., for LuCI for network packages configuration?
I believe the problem here is LE/CE read-only OS nature as opposed to OSMC?
Read your DNS block via dnsmasq method with great interest. Steven Black list is the right choice.
What if I want to expand on it by wanting my S905 box (accessing internet via RJ95 Ethernet port, eth0) and connecting in turn to a few home PCs/smartphone via WiFi AP tether selection (in CoreElec/LE Kodi menu) ?
This way all the traffic from the S905 box (127.0.0.1?) and from those home devices at wlan0 should be resolved by the same server DNS (8.8.8.8 in your case above.)
So what are additional code lines if I also want these home devices to get their private IPs from the dnsmasq DHCP and NAT running on the S905 box so proper address translation is done for all devices connecting to the eth0 port (via wlan0), going out to the ISP proxy/ firewall?
Assume that the ISP/local router is assigning a dynamic IP (public or private) to the S905 box, and you have to assign (private) IPs to those home devices connecting to the S905 box’s WiFi AP. You have no control over ISP assignment !
Thus the S905 box running CoreElec/LibreElec with Entware itself acts as an independent subnet.
I am assuming that in dnsmasq.conf specifying listen-address =127.0.01 for the S905 box itself and interface= wlan0 for connecting home devices ought to work instead of specifying an IP address for the S905 to local router?
This way the S905 box itself acts as NAT/DHCP router for home devices via WiFi and DNS forwarder for itself ( an arrangement different from, say , Pi-hole on RPi connecting to local router.)
Anything to add to /etc/hosts e.g., 127.0.01 localhost ? I am looking here for dnsmasq simple configuration:
https://wiki.debian.org/HowTo/dnsmasq
Thanks in advance.
Thanks.
Nice. Good to know.
All entware-based forks got finally merged back into one repo as far as I know. This is also mentioned in the beginning of article.
It should be technically possible but I never tried to do that.
Readonly nature is needed to have an easier way to reset the state from kodi, update whole system and also maintain binary immutability that helps against viruses (hard to persist in root filesystem).
You could modify LibreELEC read only image but you will also need to build it from the scratch.
Unfortunately, I donโt have answers on all your questions. Never tried. DHCP should be easy configurable but you will also need to setup wifi AP, routing, NAT and it is a topic for new large article “Build wifi router on s905 from the scratch”.
It is definitely possible what you are asking on top of LibreELEC but kernel recompilation, image modification will most likely be needed. You could checkout LibreELEC repo and build your own image with applications you need and default configuration you need. Entware helps to save time and install all extra programs to /opt but it could work not for all applications and definitely wonโt work if you will need to tune kernel options.
Keep in mind, modern routers have multiple multi-band antennas and will always work faster than s905 box with any usb wifi adapter.
It is better to delegate wifi network to dedicated device. You could still set DNS server explicitly to your LibreELEC box on dedicated router to have seamless connection.
Artem,
Thanks for your detailed replies- it’s all about making progress.
Can you elaborate a bit about your B vs C responses re: pros/cons of buildroot for LibreElec/CoreElec?
Unfortunately Debian based Dockers defeat the very purpose of container flexibility and speed over VMs. There are not many Docker bases with the minimal 5MB Alpine base for ARM, better than the 130 MB Debian base bloat.
Re: building S905 combo media player + local router, I don’t believe any kernel mod etc is required.
As you know LibreElec/CoreElec have the WiFi tether AP feature built in via the extra settings inside Kodi.
Dnsmasq-full pack ( DHCP+ DNS) is available under Entware ( by default on CoreElec.) NAT and iptables are part of the kernel 3.14.29 on both LE/CE.
SSH is also available. Network Tools add-on has autossh as well. Thus reverse SSH scripting will also work as public server authorization/authentication in addition.
So we here have a generic Linux Debian system requiring just scripts for the task…
What I am talking about is a small subnet with 3-4 devices that have S905 box as a “router” via it’s WiFi AP (of course with this option you can’t use the S905 as a WiFi station receiving from another WiFi AP.)
Simple 2.4 GHz should do inside a house- we are not talking enterprise solutions !
So what else do you think is needed? I am not a software guy, so unluckily can’t make more progress. But I can deal with basic Linux OS/SSH stuff.
I would recommend to use LibreELEC as basis because it has support for your board pc and because you will be able to tune anything on system level if needed. You could probably also look on OpenWRT scripts. You will most likely need to learn shell scripting.
Another option is to take any distro you like and build kernel using config from LibreELEC distribution using cross toolchain. I know arch, debian, gentoo should be friendly for aarch64.
Thanks a lot, Artem!
I followed your guidelines for RPi 4 successfully. The only difference was to use ARMv7 version of entware:
wget -O – http://bin.entware.net/aarch64-k3.10/installer/generic.sh | shwget -O – http://bin.entware.net/armv7sf-k3.2/installer/generic.sh | sh
Great article!
My system image already had an /opt folder. I don’t know if anything relies on what’s in there. So instead of mounting an empty folder over it, here are the commands I ran to do it the overlayfs way.
(Also these can be done directly from ssh without needing connect the sd card to the computer and image won’t need to be fixed after every update)
mkdir -p /storage/.entware/originalroot /storage/.entware/newoptfiles /storage/.entware/workmount -t squashfs -o loop /flash/SYSTEM /storage/.entware/originalrootmount -t overlay overlay -o lowerdir=/storage/.entware/originalroot/opt,upperdir=/storage/.entware/newoptfiles,workdir=/storage/.entware/work /optvi /storage/.config/system.d/$(systemd-escape -p --suffix=mount /storage/.entware/originalroot)[Unit]DefaultDependencies=no
Conflicts=umount.target
Before=local-fs.target umount.target
[Mount]
What=/flash/SYSTEM
Where=/storage/.entware/originalroot
Type=squashfs
Options=loop
[Install]
WantedBy=local-fs.target
vi /storage/.config/system.d/opt.mount[Unit]DefaultDependencies=no
After=systemd-tmpfiles-setup.service
RequiresMountsFor=/storage/.entware/originalroot
[Mount]
What=overlay
Where=/opt
Type=overlay
Options=lowerdir=/storage/.entware/originalroot/opt,upperdir=/storage/.entware/newoptfiles,workdir=/storage/.entware/work
[Install]
WantedBy=kodi.target
systemctl enable opt.mount