On Wed, 23 Aug 2006 05:57:24 -0700, jrshedden wrote:

> Hi All,
>
> I'm new to embedded Linux, and wish to put an openVPN server in flash
> memory. The goal is to achieve an absolute minimum application
> footprint on the file system.
>
> In the Windows world that I'm familiar with I could use a 'dependency
> walker' to see what libraries the application needed, or use
> Sysinternals 'filemon' program to see what files the program accessed.

Both can be done in linux using lsof - Both the libs used by the process
and its open files can be shown at runtime. The number of dependencies
for a vpn server is likely to be small.

>
> I would appreciate any tips or techniques on how to best accomplish
> this in a Linux environment (Kernel is 2.6, probably close to a Fedora
> type distribution).

Start by setting the vpn up on a full system - once your happy start
again with a bare minimum and add back in only the needed components.
Plenty of firewall/vpn images exist already, sure you not re-inventing
what you could just download ?

Jon

Hi Jon,

Thanks for taking time to reply. I will investigate the utility that
you mentioned.

> Plenty of firewall/vpn images exist already, sure you not re-inventing
> what you could just download ?

I sure could be working harder than smarter!

I have found great repositories of RPM's, but I'm not quite sure what
you mean by an image and how to search for it. I'm installing RPM's on
a Mac iBook (power pc based) running Fedora core 4 and moving files
onto the NFS mount for the power pc based single board computer. It is
running, but I'm sure I have bloat. I'm also sure that an experienced
person may approach things more efficiently.

I appreciate any insight.

Best Regards,
Jim Shedden

On Wed, 23 Aug 2006 07:50:34 -0700, jrshedden wrote:

> Hi Jon,
>
> Thanks for taking time to reply. I will investigate the utility that
> you mentioned.
>
>> Plenty of firewall/vpn images exist already, sure you not re-inventing
>> what you could just download ?
>
> I sure could be working harder than smarter!
>
> I have found great repositories of RPM's, but I'm not quite sure what
> you mean by an image and how to search for it. I'm installing RPM's on
> a Mac iBook (power pc based) running Fedora core 4 and moving files
> onto the NFS mount for the power pc based single board computer. It is
> running, but I'm sure I have bloat. I'm also sure that an experienced
> person may approach things more efficiently.

Nahh, sounds like a good way to me. Its a nice idea to start with just
kernel+bash and work out, but its by far the slowest way to build
something as you tend to be missing tools needed for NFS, ssh,
compiler,editor etc - adding them in one layer at a time sucks ! Its just
as valid to start with an installed O/S and then remove unused bits, just
not as 'pure'.

With rpm you can rpm -q to get a list of packages then rpm -e them working
out the correct order of removal to leave just a minimum working system,
be careful to backup what you have first - i've had this process end badly
! . If it fits the media just stick with it unless its a product for
production.

Image refers to a filesystem in its raw form, so an ISO file is just one
type of image, but any filesystem can be imaged. High level O/S tend to be
installed, but most embedded products are just produced from an image
(pattern) via some kind of hardware to write the media. Thats network
install, or copy onto a card from a PC, maybe even writing a flash chip
with a programmer ... That way you can bang out as many of your product as
you need without worrying about installing each one.

A raw image would be to 'dd' the card to a file, often a bad idea in
reality. Card or CD images exist for intel PCs and arm based routers/vpns,
but I suspect PPC images are rarer.

Jon

jrshedden wrote:

> I have found great repositories of RPM's, but I'm not quite sure what
> you mean by an image and how to search for it. I'm installing RPM's on
> a Mac iBook (power pc based) running Fedora core 4 and moving files
> onto the NFS mount for the power pc based single board computer. It is
> running, but I'm sure I have bloat. I'm also sure that an experienced
> person may approach things more efficiently.
>
> I appreciate any insight.

Well, the easy/hard way is to build a crosstool chain (even if you're on
the same architecture), and copy only a minimum set of libs - glibc,
ld.so, so on. Then build the kernel and busybox, install busybox to the
target, and presto! Minimal functioning system.

Now add your one app - openVPN - build it using the toolchain, and
install to the target.

Done.