Re: building an embedded Linux distro into a RPM package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adding Harald to thread.

Seems to be nominally related boot path with deo and dm-crypt.

Adding to Dracut might be preferable to creating a separate PBA

Subhendu 

On Jul 23, 2015 10:20 AM, "Chuck Anderson" <cra@xxxxxxx> wrote:
>
> I originally sent this to the packaging list, but there was no
> response there so I'm posting to devel now.
>
> I've also opened a review request for the non-controversial packaging
> of the "msed" utilities.  Would anyone care to do a review swap?
>
> Review Request: msed - Tools to manage the activation and use of self encrypting drives
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1245640
>
> Thanks.
>
> Date: Tue, 21 Jul 2015 18:48:27 -0400
> From: Chuck Anderson <cra@xxxxxxx>
> To: packaging@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: [Fedora-packaging] building an embedded Linux distro into a RPM package
> Precedence: list
> Reply-To: Discussion of RPM packaging standards and practices for Fedora <packaging@xxxxxxxxxxxxxxxxxxxxxxx>
>
> I would like to submit a new package that provides a Pre-Boot
> Authorization (PBA) image.  The PBA is a "bootloader" of sorts that
> prompts the user for the passphrase to unlock a Self-Encrypting Drive
> (SED) using the TCG OPAL command set, and then either chainloads to
> the real OS or reboots to allow the BIOS to boot the real OS.  The
> image gets installed to the OPAL SED as a sort of "shadow MBR/shadow
> disk image" using a special command "msed" (Manage Self-Encrypting
> Drive) that I also plan to submit a package for.
>
> In my case, I've developed a tiny embedded Linux-based PBA image [1]
> using Buildroot [2] and the MSED software [3].  The final image is a
> MBR-partitioned disk image with VFAT filesystem containing the
> specially built Linux kernel (vmlinuz), initramfs (rootfs.gz), and the
> installed syslinux bootloader.
>
> Before you ask, I can't use even a stripped-down Fedora image for this
> purpose, because it must be TINY and it only exists to run a single
> command (linuxpba), then reboot.  My image is 4MB and could be made
> even smaller.  See the reasoning in [1] for why it must be so small.
>
> [1] https://github.com/cranderson/buildroot-linuxpba
> [2] http://buildroot.uclibc.org/
> [3] http://www.r0m30.com/msed
>
> Now I know there are several challenges to using the Buildroot
> approach to building software for Fedora.  Buildroot downloads
> software from the Internet, unpacks, patches, configures, and builds
> it.  The build environment is built first, so gcc, uClibc, busybox,
> etc. and then the packages you want to include are built in that
> environment.
>
> What is the best approach I should use that is acceptable to Fedora?
>
> Would it be acceptable to bundle source packages, Buildroot itself,
> and my Buildroot configuration into one SRPM so everything is
> self-contained and can be built without requiring network
> connectivity?  This means I would have to bundle the source code for
> gcc, the linux kernel, uClibc, busybox, etc.
>
> Or is there some way to pull in SRPM packages that already exist in
> Fedora, and use those as part of my build process so that I don't have
> to bundle all the source code?  Additionally, I could made separate
> SRPM packages for Buildroot itself, any components needed (uClibc is
> already in the distro), the Buildroot build scripts for
> buildroot-linuxpba, and the actual package I need (msed).
> --
> devel mailing list
> devel@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux