Fedora Nano

Introduction

Fedora Nano is a project with three goals:

1. Develop and document a technique for installing the smallest possible Fedora installation onto a CompactFlash or other solid-state disk.
2. Provide a centralized location for package enhancement requests geared towards small, embedded systems. Most often, packages will be broken up into core and optional components, reducing core package dependencies.
3. Document redundancy within Fedora. Redundancy can be an indication of a healthy software environment as competing projects may promote innovation. However, redundancy also increases memory and disk usage and makes code auditing more difficult.

I am using the following components:

• VIA EPIA ME6000 Fanless Mini-ITX Motherboard
• PC2100/DDR266 256MB Memory
• Morex 2699 Mini-ITX Case
• Round IDE cables
• CFDISK.2G CompactFlash to IDE adapter
• Notebook 2.5" to 2.3" HD IDE adapter (soldered into molex connector)

Installation of Fedora 9 on a CompactFlash disk

These instructions assume your build host is of the same architecture as your target.

1. Create a filesystem on the CompactFlash disk and mount it at /mnt. Mount any other filesystems required on top of /mnt.

2. Use the command yumdownloader –installroot=/mnt –resolve –destdir=packages package to download the following packages and their dependencies (see also Use yum to install to a temporary, yumless filesystem, yum bug #1):

   • filesystem
   • busybox

3. Use the command rpm --root /mnt -Uvh packages/*.rpm to install the packages downloaded using the previous step.

4. At a minimum, create the following busybox links:

   • ln -s /sbin/busybox /mnt/sbin/init
   • ln -s /sbin/busybox /mnt/bin/sh
   • ln -s /sbin/busybox /mnt/bin/hostname
   • ln -s /sbin/busybox /mnt/bin/mv
   • ln -s /sbin/busybox /mnt/bin/touch

5. Edit /mnt/etc/init.d/rcS to execute startup services.

6. Build and install a custom kernel (my configuration is available here):

   • Copy your kernel config to .config and run make oldconfig or run make menuconfig to configure the kernel.
   • make clean
   • make clean binrpm-pkg
   • rpm --root /mnt -Uvh /usr/src/redhat/RPMS/i386/*kernel*.rpm

7. Add an entry to /etc/grub.conf for the new root disk.

8. Execute grub-install primary-disk-devnode.

9. Use pwconv to create /etc/shadow.

In order to make the root filesystem readonly, perform the following steps:

1. /var, /home and /tmp should be mounted from a readwrite partition. I have these directories on one partition and mount them by adding /shared/var /var none bind 0 0 to /etc/fstab.
2. Set READONLY=yes in /etc/sysconfig/readonly-root.

Note: The febootstrap project looks like an interesting project to create a small Fedora installation.

Fine-grained Package Requests

Pull out perl dependency

Perl is a good language, but may be too large a requirement for some small systems.

• Stunnel: Pull /usr/sbin/stunnel3 into seperate package?, ✓Red Hat Bugzilla #442842
• Bogofilter: Pull /usr/bin/bogoupgrade into seperate package?, ✓Red Hat Bugzilla #442843

cups

/usr/lib/cups/backend/dnssd is written in perl. This is a CUPS backend that discovers printers using avahi. See the ✓CUPS Software Programmers Manual. move cups perl backends into sub package, ✓Red Hat Bugzilla #465157.

fedora-ds-base

Several FDS scripts are written in perl.

foomatic

Much of foomatic is written in perl. RFE: Migrate to C foomatic once feasible, Red Hat Bugzilla #466068

ghostscript

The X11 code in ghostscript could be placed in a separate package.

texlive-utils

The X11 code in texlive-utils (/usr/bin/mf) could be placed in a separate package.

avahi-tools

The X11 code in avahi-tools (/usr/bin/avahi-discover) could be placed in a separate package. avahi-discover requires GTK, should move to avahi-ui-tools, ✓Red Hat Bugzilla #513768.

postfix

/usr/sbin/qshape is written in perl. Pull components dependent on perl out of main postfix package?, ✓Red Hat Bugzilla #467529.

ntp

/usr/sbin/ntp-wait and /usr/sbin/ntptrace are written in perl.

net-snmp

Some components are written in perl.

Pull out MySQL dependency

• Postfix: Provide both mysql and postgresql support using loadable maps patch, ✓Red Hat Bugzilla #455206

Break up ImageMagick

ImageMagick provides a valuable library for image processing. However, Fedora presently packages ImageMagick in such a way that several X11 libraries are always required. I proposed that ImageMagick be broken up into -libs and -utilities packages. See Make ImageMagick package more fine-grained, ✓Red Hat Bugzilla #478789.

Break up GStreamer

Fine-grained packaging of GStreamer would allow users to choose which modules they want to install. See ✓gstreamer-plugins should be split up, Red Hat Bugzilla #108463.

Separate documentation packages

Package documentation, installed in /usr/share/doc, can occupy a lot of storage space. It would be beneficial to separate documentation into a -doc sub-package.

Separate locale packages

The /usr/lib/locale and /usr/share/locale directories quickly grow as more internationalized packages are added to a system. It would be beneficial to control which locales are installed. Perhaps a specialized package installation system like the one that has been developed for media codecs could be applied to this problem.

Redundancy Tracker

Tracking redundancy throughout all of Fedora is beyond the scope of this project. Instead, we focus on redundencies brought in by the following packages:

• Fedora Directory Server
• Kerberos
• FreeIPA
• Apache
• mod_nss
• OpenSSH
• Postfix
• Dovecot
• Samba
• Avahi
• Jabberd
• Bogofilter
• mt-daapd
• inadyn

FreeIPA requires OpenLDAP, FDS requires mozldap

It now seems that the 389 Directory Server may build against OpenLDAP in the future. See ✓Use OpenLDAP Clients in 389. It would follow that FreeIPA could do the same.

Previously, I tried to remove the OpenLDAP requirement from FreeIPA. I submitted a ✓patch so that FreeIPA may be built against mozldap. This package was integrated into FreeIPA. However, it was later reported that my patch broke ipa-kpasswd. As a result, I submitted a ✓second patch that fixed a preexisting misuse of the OpenLDAP API. Ipa-server ends up requiring both openldap-clients and mozldap-tools, ✓Red Hat Bugzilla #434153.

The following packages require OpenLDAP:

• quota
• openldap-clients
• postfix
• openldap
• httpd
• cyrus-sasl
• libcurl
• libuser
• nfs-utils-lib
• krb5-server-ldap
• curl
• nss_ldap
• GConf2
• gnupg
• samba-winbind
• samba-common
• samba
• libsmbclient
• sudo
• autofs
• apr-util-ldap
• cups
• dirmngr
• gnupg2
• dhcp

The following packages require mozldap:

• ipa-client
• slapi-nis
• mozldap-tools
• perl-Mozilla-LDAP
• ipa-server
• 389-ds-base

NSS vs. OpenSSL vs. the world

The ✓Crypto Consolidation Bug is an ambitious project to make NSS the standard cryptological library for Fedora.