building an embedded Linux distro into a RPM package

Thu Jul 23 14:19:26 UTC 2015

I originally sent this to the packaging list, but there was no
response there so I'm posting to devel now.

I've also opened a review request for the non-controversial packaging
of the "msed" utilities.  Would anyone care to do a review swap?

Review Request: msed - Tools to manage the activation and use of self encrypting drives

https://bugzilla.redhat.com/show_bug.cgi?id=1245640

Thanks.

Date: Tue, 21 Jul 2015 18:48:27 -0400
From: Chuck Anderson <cra at WPI.EDU>
To: packaging at lists.fedoraproject.org
Subject: [Fedora-packaging] building an embedded Linux distro into a RPM package
Precedence: list
Reply-To: Discussion of RPM packaging standards and practices for Fedora <packaging at lists.fedoraproject.org>

I would like to submit a new package that provides a Pre-Boot
Authorization (PBA) image.  The PBA is a "bootloader" of sorts that
prompts the user for the passphrase to unlock a Self-Encrypting Drive
(SED) using the TCG OPAL command set, and then either chainloads to
the real OS or reboots to allow the BIOS to boot the real OS.  The
image gets installed to the OPAL SED as a sort of "shadow MBR/shadow
disk image" using a special command "msed" (Manage Self-Encrypting
Drive) that I also plan to submit a package for.

In my case, I've developed a tiny embedded Linux-based PBA image [1]
using Buildroot [2] and the MSED software [3].  The final image is a
MBR-partitioned disk image with VFAT filesystem containing the
specially built Linux kernel (vmlinuz), initramfs (rootfs.gz), and the
installed syslinux bootloader.

Before you ask, I can't use even a stripped-down Fedora image for this
purpose, because it must be TINY and it only exists to run a single
command (linuxpba), then reboot.  My image is 4MB and could be made
even smaller.  See the reasoning in [1] for why it must be so small.

[1] https://github.com/cranderson/buildroot-linuxpba
[2] http://buildroot.uclibc.org/
[3] http://www.r0m30.com/msed

Now I know there are several challenges to using the Buildroot
approach to building software for Fedora.  Buildroot downloads
software from the Internet, unpacks, patches, configures, and builds
it.  The build environment is built first, so gcc, uClibc, busybox,
etc. and then the packages you want to include are built in that
environment.

What is the best approach I should use that is acceptable to Fedora?

Would it be acceptable to bundle source packages, Buildroot itself,
and my Buildroot configuration into one SRPM so everything is
self-contained and can be built without requiring network
connectivity?  This means I would have to bundle the source code for
gcc, the linux kernel, uClibc, busybox, etc.

Or is there some way to pull in SRPM packages that already exist in
Fedora, and use those as part of my build process so that I don't have
to bundle all the source code?  Additionally, I could made separate
SRPM packages for Buildroot itself, any components needed (uClibc is
already in the distro), the Buildroot build scripts for
buildroot-linuxpba, and the actual package I need (msed).