I originally sent this to the packaging list, but there was no response there so I'm posting to devel now. I've also opened a review request for the non-controversial packaging of the "msed" utilities. Would anyone care to do a review swap? Review Request: msed - Tools to manage the activation and use of self encrypting drives https://bugzilla.redhat.com/show_bug.cgi?id=1245640 Thanks. Date: Tue, 21 Jul 2015 18:48:27 -0400 From: Chuck Anderson <cra@xxxxxxx> To: packaging@xxxxxxxxxxxxxxxxxxxxxxx Subject: [Fedora-packaging] building an embedded Linux distro into a RPM package Precedence: list Reply-To: Discussion of RPM packaging standards and practices for Fedora <packaging@xxxxxxxxxxxxxxxxxxxxxxx> I would like to submit a new package that provides a Pre-Boot Authorization (PBA) image. The PBA is a "bootloader" of sorts that prompts the user for the passphrase to unlock a Self-Encrypting Drive (SED) using the TCG OPAL command set, and then either chainloads to the real OS or reboots to allow the BIOS to boot the real OS. The image gets installed to the OPAL SED as a sort of "shadow MBR/shadow disk image" using a special command "msed" (Manage Self-Encrypting Drive) that I also plan to submit a package for. In my case, I've developed a tiny embedded Linux-based PBA image [1] using Buildroot [2] and the MSED software [3]. The final image is a MBR-partitioned disk image with VFAT filesystem containing the specially built Linux kernel (vmlinuz), initramfs (rootfs.gz), and the installed syslinux bootloader. Before you ask, I can't use even a stripped-down Fedora image for this purpose, because it must be TINY and it only exists to run a single command (linuxpba), then reboot. My image is 4MB and could be made even smaller. See the reasoning in [1] for why it must be so small. [1] https://github.com/cranderson/buildroot-linuxpba [2] http://buildroot.uclibc.org/ [3] http://www.r0m30.com/msed Now I know there are several challenges to using the Buildroot approach to building software for Fedora. Buildroot downloads software from the Internet, unpacks, patches, configures, and builds it. The build environment is built first, so gcc, uClibc, busybox, etc. and then the packages you want to include are built in that environment. What is the best approach I should use that is acceptable to Fedora? Would it be acceptable to bundle source packages, Buildroot itself, and my Buildroot configuration into one SRPM so everything is self-contained and can be built without requiring network connectivity? This means I would have to bundle the source code for gcc, the linux kernel, uClibc, busybox, etc. Or is there some way to pull in SRPM packages that already exist in Fedora, and use those as part of my build process so that I don't have to bundle all the source code? Additionally, I could made separate SRPM packages for Buildroot itself, any components needed (uClibc is already in the distro), the Buildroot build scripts for buildroot-linuxpba, and the actual package I need (msed). -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
