building an embedded Linux distro into a RPM package

Kevin Fenzi kevin at scrye.com
Fri Jul 24 18:54:23 UTC 2015


On Thu, 23 Jul 2015 10:19:26 -0400
Chuck Anderson <cra at WPI.EDU> wrote:

...snip...

> I would like to submit a new package that provides a Pre-Boot
> Authorization (PBA) image.  The PBA is a "bootloader" of sorts that
> prompts the user for the passphrase to unlock a Self-Encrypting Drive
> (SED) using the TCG OPAL command set, and then either chainloads to
> the real OS or reboots to allow the BIOS to boot the real OS.  The
> image gets installed to the OPAL SED as a sort of "shadow MBR/shadow
> disk image" using a special command "msed" (Manage Self-Encrypting
> Drive) that I also plan to submit a package for.

So, the idea would be someone would 'dnf install' this package, run
msed and then reboot to have it take effect?

> In my case, I've developed a tiny embedded Linux-based PBA image [1]
> using Buildroot [2] and the MSED software [3].  The final image is a
> MBR-partitioned disk image with VFAT filesystem containing the
> specially built Linux kernel (vmlinuz), initramfs (rootfs.gz), and the
> installed syslinux bootloader.
> 
> Before you ask, I can't use even a stripped-down Fedora image for this
> purpose, because it must be TINY and it only exists to run a single
> command (linuxpba), then reboot.  My image is 4MB and could be made
> even smaller.  See the reasoning in [1] for why it must be so small.
> 
> [1] https://github.com/cranderson/buildroot-linuxpba
> [2] http://buildroot.uclibc.org/
> [3] http://www.r0m30.com/msed
> 
> Now I know there are several challenges to using the Buildroot
> approach to building software for Fedora.  Buildroot downloads
> software from the Internet, unpacks, patches, configures, and builds
> it.  The build environment is built first, so gcc, uClibc, busybox,
> etc. and then the packages you want to include are built in that
> environment.
> 
> What is the best approach I should use that is acceptable to Fedora?

I'm not sure. :) 

> Would it be acceptable to bundle source packages, Buildroot itself,
> and my Buildroot configuration into one SRPM so everything is
> self-contained and can be built without requiring network
> connectivity?  This means I would have to bundle the source code for
> gcc, the linux kernel, uClibc, busybox, etc.
> 
> Or is there some way to pull in SRPM packages that already exist in
> Fedora, and use those as part of my build process so that I don't have
> to bundle all the source code?  Additionally, I could made separate
> SRPM packages for Buildroot itself, any components needed (uClibc is
> already in the distro), the Buildroot build scripts for
> buildroot-linuxpba, and the actual package I need (msed).

This sounds to me like something thats better suited to be composed and
shipped as some kind of image instead of being a package. 

I can see the appeal of a package however since it's so small. 

The build system will not let you download stuff from the net.
If we did builds would not be reproducable. 

You cannot use the existing gcc/busybox/etc to build the image?

Alternately, how intensive is this image build? Perhaps you could
package the tools (as you are) and the end user can create their own
image?

kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150724/c75d8931/attachment.sig>


More information about the devel mailing list