You'd need a bug that specifically writes user-controlled data onto the stack in order to overwrite the return address for the function you're in and gain execution. Once you've pinpointed exactly where your data is getting written to, you'll know how to generally format your ROP. Knowing how much space to have between the beginning of whatever data you're dealing with and the start of your ROP can be a pain.
Before finding gadgets, you'll need to know the functions you're dealing with for your exploit. gspwn for basic code execution will work with GSP funcs, for example. You need functions to pop the registers needed for your goals (search for pop {whatever you need} and use that address) and occasionally memory load/store funcs (find regs being loaded from/stored to immediately before the return). When jumping to a full-blown function, make sure you're jumping after the function prologue, or you'll ruin the stack. Also keep an eye on thumb vs arm addresses. For stuff ending in bx lr instead of pop {pc}, you'll need to find a gadget/set of gadgets for setting lr first.
From there, ROP is pretty much just "writing the stack." You're doing some kinda-weird asm, basically.