[Fedora-packaging] building an embedded Linux distro into a RPM package

Chuck Anderson cra at WPI.EDU
Tue Jul 21 22:48:27 UTC 2015

I would like to submit a new package that provides a Pre-Boot
Authorization (PBA) image.  The PBA is a "bootloader" of sorts that
prompts the user for the passphrase to unlock a Self-Encrypting Drive
(SED) using the TCG OPAL command set, and then either chainloads to
the real OS or reboots to allow the BIOS to boot the real OS.  The
image gets installed to the OPAL SED as a sort of "shadow MBR/shadow
disk image" using a special command "msed" (Manage Self-Encrypting
Drive) that I also plan to submit a package for.

In my case, I've developed a tiny embedded Linux-based PBA image [1]
using Buildroot [2] and the MSED software [3].  The final image is a
MBR-partitioned disk image with VFAT filesystem containing the
specially built Linux kernel (vmlinuz), initramfs (rootfs.gz), and the
installed syslinux bootloader.

Before you ask, I can't use even a stripped-down Fedora image for this
purpose, because it must be TINY and it only exists to run a single
command (linuxpba), then reboot.  My image is 4MB and could be made
even smaller.  See the reasoning in [1] for why it must be so small.

[1] https://github.com/cranderson/buildroot-linuxpba
[2] http://buildroot.uclibc.org/
[3] http://www.r0m30.com/msed

Now I know there are several challenges to using the Buildroot
approach to building software for Fedora.  Buildroot downloads
software from the Internet, unpacks, patches, configures, and builds
it.  The build environment is built first, so gcc, uClibc, busybox,
etc. and then the packages you want to include are built in that

What is the best approach I should use that is acceptable to Fedora?

Would it be acceptable to bundle source packages, Buildroot itself,
and my Buildroot configuration into one SRPM so everything is
self-contained and can be built without requiring network
connectivity?  This means I would have to bundle the source code for
gcc, the linux kernel, uClibc, busybox, etc.

Or is there some way to pull in SRPM packages that already exist in
Fedora, and use those as part of my build process so that I don't have
to bundle all the source code?  Additionally, I could made separate
SRPM packages for Buildroot itself, any components needed (uClibc is
already in the distro), the Buildroot build scripts for
buildroot-linuxpba, and the actual package I need (msed).

More information about the packaging mailing list