Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On 12 March 2013 01:26, Daniel Drake d...@laptop.org wrote: On Sun, Mar 10, 2013 at 12:58 PM, Richard A. Smith rich...@laptop.org wrote: Perhaps I don't understand but I don't see how OOB can work for a setup like Adam is describing in Haiti where they have laptops in the mix that are secure. Unless they first un-secure every laptop a custom OS build wth OOB would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. This is not a new situation for us, and the approach we have taken in the past is to help such deployments un-secure all of their laptops, or provide a keyjector to insert custom keys, upon their request. I find it worrisome that such a useful tool (customisation stick) is no longer being maintained. We've been able to achieve some very useful things with it for our schools, expanding its capability to perform tasks like bulk installing software and activities, and quickly deploying settings across many XOs. This is not an either/or question. Creating a custom build per classroom is not practical, and installing such a build is destructive. We see the customisation stick as an extremely useful complement to OOB, not a replacement. If there's no interest at OLPCA to maintain it, what we to continue it? Sridhar Dhanapalan Engineering Manager One Laptop per Child Australia ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
Wad said: Please don't redistribute secure laptops --- OLPC's policy since early 2009 has been to deprecate the security system. The exceptions have been deployments large enough to have dedicated support staff capable of handling their own keys. Richard said: That policy is fine but perhaps needs to be more visible to the people going into areas where secure laptops were distributed ... Can an upcoming signed software release automatically disable the anti-owner security system on old lockdown laptops? Any new, signed Forth release could look for the original OLPC signing keys and disable security on laptops that depend on those, avoiding changing any laptop that has custom signing keys. Including this code in each new, OLPC-signed release, would tend to eliminate the problem. John ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On 3/12/2013 3:44 AM, Sridhar Dhanapalan wrote: On 12 March 2013 01:26, Daniel Drake d...@laptop.org mailto:d...@laptop.org wrote: On Sun, Mar 10, 2013 at 12:58 PM, Richard A. Smith rich...@laptop.org mailto:rich...@laptop.org wrote: Perhaps I don't understand but I don't see how OOB can work for a setup like Adam is describing in Haiti where they have laptops in the mix that are secure. Unless they first un-secure every laptop a custom OS build wth OOB would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. This is not a new situation for us, and the approach we have taken in the past is to help such deployments un-secure all of their laptops, or provide a keyjector to insert custom keys, upon their request. I find it worrisome that such a useful tool (customisation stick) is no longer being maintained. We've been able to achieve some very useful things with it for our schools, expanding its capability to perform tasks like bulk installing software and activities, and quickly deploying settings across many XOs. This is not an either/or question. Creating a custom build per classroom is not practical, and installing such a build is destructive. We see the customisation stick as an extremely useful complement to OOB, not a replacement. If there's no interest at OLPCA to maintain it, what we to continue it? Great tough question! For now the small deployments I'm working with in Haiti here are taking a step back to Release 11.3.1, to protect themselves on a number of fronts. We're hopeful (as is Gonzalo) that Releases 12.x, 13.x, Dextrose-or-similar will be as fast reliable as 11.3.1 in future..and run WikipediaFR perhaps most important ;) -- Help kids everywhere map their world, at http://olpcMAP.net ! ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On 3/11/2013 10:08 PM, John Watlington wrote: Please don't redistribute secure laptops --- OLPC's policy since early 2009 has been to deprecate the security system. The exceptions have been deployments large enough to have dedicated support staff capable of handling their own keys. I wish :) We have no choice but to continue to distribute secure laptops in Haiti as these are Give1Get1 redonations that are already (largely) moved from the USA to Haiti where the developer key process is unrealistic+overwhelming to largely offline deployments. The only realistic solution (for Haiti here) is USB stick reflashing for evolving/expanding small deployments every few years (or months when we're truly lucky! With Customization Stick or similar offline one-offs. -- Help kids everywhere map their world, at http://olpcMAP.net ! ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On Tue, Mar 12, 2013 at 09:36:36AM -0800, John Gilmore wrote: Can an upcoming signed software release automatically disable the anti-owner security system on old lockdown laptops? Any new, signed Forth release could look for the original OLPC signing keys and disable security on laptops that depend on those, avoiding changing any laptop that has custom signing keys. Including this code in each new, OLPC-signed release, would tend to eliminate the problem. Technically possible, but politically difficult, as OLPC would be obliged to seek approval from every deployment that doesn't use custom signing keys, since the update would break their security model. -- James Cameron http://quozl.linux.org.au/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On Mar 12, 2013, at 3:54 PM, Holt wrote: On 3/11/2013 10:08 PM, John Watlington wrote: Please don't redistribute secure laptops --- OLPC's policy since early 2009 has been to deprecate the security system. The exceptions have been deployments large enough to have dedicated support staff capable of handling their own keys. I wish :) We have no choice but to continue to distribute secure laptops in Haiti as these are Give1Get1 redonations that are already (largely) moved from the USA to Haiti where the developer key process is unrealistic+overwhelming to largely offline deployments. No more unrealistic than upgrading them. All it takes is running a collector USB key over the laptops, mailing or emailing the small text file generated to the US, and receiving a small text file back. wad The only realistic solution (for Haiti here) is USB stick reflashing for evolving/expanding small deployments every few years (or months when we're truly lucky! With Customization Stick or similar offline one-offs. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
At least use the collection stick on this trip, even if you don't get the unlock stick done this trip because of lack of network connectivity or time. The collection stick also saves you the bother of figuring out whether a laptop is locked. It does nothing on unlocked laptops unless the 'x' game pad key is used to force it. And at the end of the trip you'll have a list of serial numbers, which is a bonus. If you say we already have that list, well, you could give it to Richard to get an unlock stick prepared already. ;-) On Tue, Mar 12, 2013 at 11:16:22PM -0400, Holt wrote: On 3/12/2013 10:21 PM, John Watlington wrote: On Mar 12, 2013, at 3:54 PM, Holt wrote: On 3/11/2013 10:08 PM, John Watlington wrote: Please don't redistribute secure laptops --- OLPC's policy since early 2009 has been to deprecate the security system. The exceptions have been deployments large enough to have dedicated support staff capable of handling their own keys. I wish :) We have no choice but to continue to distribute secure laptops in Haiti as these are Give1Get1 redonations that are already (largely) moved from the USA to Haiti where the developer key process is unrealistic+overwhelming to largely offline deployments. No more unrealistic than upgrading them. All it takes is running a collector USB key over the laptops, mailing or emailing the small text file generated to the US, and receiving a small text file back. Hmm, we'll consider it but honestly when we head to rural Haiti deployment(s) without reliable mail services for some one-time orphanage deployment/update visits starting this wkd, the above might not work. I supposed we could consider dev keys by text/SMS in theory? Realistically I say far better to invite you down to carry them in by motorcycle--Haiti's a shockingly beautiful, eternally misunderstood and increasingly stable place--while Spirit's flights from the US remain not so much more than last year's $59. Early photos here: http://flickr.com/tiAyiti -- Help kids everywhere map their world, at http://olpcMAP.net ! ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel -- James Cameron http://quozl.linux.org.au/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On Sun, Mar 10, 2013 at 12:58 PM, Richard A. Smith rich...@laptop.org wrote: Perhaps I don't understand but I don't see how OOB can work for a setup like Adam is describing in Haiti where they have laptops in the mix that are secure. Unless they first un-secure every laptop a custom OS build wth OOB would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. This is not a new situation for us, and the approach we have taken in the past is to help such deployments un-secure all of their laptops, or provide a keyjector to insert custom keys, upon their request. Daniel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On 03/11/2013 10:26 AM, Daniel Drake wrote: would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. This is not a new situation for us, and the approach we have taken in the past is to help such deployments un-secure all of their laptops, or provide a keyjector to insert custom keys, upon their request. Nod. Kejector for small deployments is new to me. I thought keyjector was only for special cases. I don't think most of the folks on say the support-gang list have any idea that keyjector is an option for them. -- Richard A. Smith rich...@laptop.org One Laptop per Child ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On Mar 11, 2013, at 1:54 PM, Richard A. Smith wrote: On 03/11/2013 10:26 AM, Daniel Drake wrote: would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. This is not a new situation for us, and the approach we have taken in the past is to help such deployments un-secure all of their laptops, or provide a keyjector to insert custom keys, upon their request. Nod. Kejector for small deployments is new to me. I thought keyjector was only for special cases. I don't think most of the folks on say the support-gang list have any idea that keyjector is an option for them. I don't think it is an option. A keyjector should not be made publicly available. Please don't redistribute secure laptops --- OLPC's policy since early 2009 has been to deprecate the security system. The exceptions have been deployments large enough to have dedicated support staff capable of handling their own keys. wad ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On 03/11/2013 10:08 PM, John Watlington wrote: Nod. Kejector for small deployments is new to me. I thought keyjector was only for special cases. I don't think most of the folks on say the support-gang list have any idea that keyjector is an option for them. I don't think it is an option. A keyjector should not be made publicly available. That is more along the line of what I thought was status quo. Please don't redistribute secure laptops --- OLPC's policy since early 2009 has been to deprecate the security system. The exceptions have been deployments large enough to have dedicated support staff capable of handling their own keys. That policy is fine but perhaps needs to be more visible to the people going into areas where secure laptops were distributed and we should try to be helpful to those people when they request developer keys. The point of my comments was clarification that olpc-os-builder is not an end all solution to the lack of the customization key not working anymore and should not be offered up as such. Doing customization by a bash script after boot is a fine solution and now people can invest time in polishing that script. -- Richard A. Smith rich...@laptop.org One Laptop per Child ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On Mar 11, 2013, at 10:44 PM, Richard A. Smith wrote: On 03/11/2013 10:08 PM, John Watlington wrote: Please don't redistribute secure laptops --- OLPC's policy since early 2009 has been to deprecate the security system. The exceptions have been deployments large enough to have dedicated support staff capable of handling their own keys. That policy is fine but perhaps needs to be more visible to the people going into areas where secure laptops were distributed and we should try to be helpful to those people when they request developer keys. If someone isn't being helpful about providing developer keys, let me know. wad ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On 03/11/2013 10:48 PM, John Watlington wrote: That policy is fine but perhaps needs to be more visible to the people going into areas where secure laptops were distributed and we should try to be helpful to those people when they request developer keys. If someone isn't being helpful about providing developer keys, let me know. No specific instances that I know of but for some of these people its a daunting task especially if they have limited Internet. Just a friendly reminder that some of these people may need a bit of hand holding. I know because I've helped several of them in the past and sometimes it can be a bit frustrating. :) -- Richard A. Smith rich...@laptop.org One Laptop per Child ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On 03/09/2013 01:35 PM, Kevin Gordon wrote: I seem to remember from the devel list that martin and Daniel said there are no plans to re-enable it. The future is OOB. Chopping the list down to just devel@ for my comments. Perhaps I don't understand but I don't see how OOB can work for a setup like Adam is describing in Haiti where they have laptops in the mix that are secure. Unless they first un-secure every laptop a custom OS build wth OOB would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. -- Richard A. Smith rich...@laptop.org One Laptop per Child ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On Sun, 2013-03-10 at 14:58 -0400, Richard A. Smith wrote: On 03/09/2013 01:35 PM, Kevin Gordon wrote: I seem to remember from the devel list that martin and Daniel said there are no plans to re-enable it. The future is OOB. Chopping the list down to just devel@ for my comments. Perhaps I don't understand but I don't see how OOB can work for a setup like Adam is describing in Haiti where they have laptops in the mix that are secure. Unless they first un-secure every laptop a custom OS build wth OOB would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. +1 Jerry ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
On Sun, Mar 10, 2013 at 02:58:02PM -0400, Richard A. Smith wrote: On 03/09/2013 01:35 PM, Kevin Gordon wrote: I seem to remember from the devel list that martin and Daniel said there are no plans to re-enable it. The future is OOB. Chopping the list down to just devel@ for my comments. Perhaps I don't understand but I don't see how OOB can work for a setup like Adam is describing in Haiti where they have laptops in the mix that are secure. Unless they first un-secure every laptop a custom OS build wth OOB would have to be signed by OLPC or Reuben would have to give them a Haiti key thats installed via keyjector. Agreed. Wish I'd know there were secured laptops involved before I suggested olpc-os-builder. I now take that back, and instead point out that in the absence of a working customisation stick, the next best thing is a working collection stick for un-securing. At least the collection stick doesn't rely on any operating system support. -- James Cameron http://quozl.linux.org.au/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
Thanks Kevin, I think choice 2 is the best given the current situation. I've never done an OOB build, I don't have any secured XO-1.0 laptops to verify the signing process. There's an extreme urgency to meet a Wednesday deadline, and I've got some other priorities to deal with before leaving, and cannot spend 100% of my time learning what I need to know. I think choice 1 would be a better choice, if I had more time and confidence with regard to OOB and signing images. George On Sat, Mar 9, 2013 at 12:25 PM, Kevin Gordon kgordon...@gmail.com wrote: Adam: Assuming secured laptops: Choice 1, make the build on a stick using OOB with signatures. Choice 2, a two step reflash process: use a regular build stick for the desired OS for the reflash. After the OS is flashed, remove the stick then reboot. Now, reinsert the stick which *already* would have to have a little script that you have written yourself, (which you then you run from terminal). The script could manually anarchive the contents of the bundle directory and place them in the right folders, and set the permissions. I'm sure George or Jerry can whip up a script that meets your specific need pretty quickly. Be careful your bundles contain the right version of the sugar activities for the version of the OS, there are issues using old .xo with F17+, and only install the supplemental ones, not ones already installed via the initial default re-flash. If unsecure you don't need signatures for Choice 1, and the build process is a little cleaner. Cheers KG On Sat, Mar 9, 2013 at 12:05 PM, Holt h...@laptop.org wrote: As we're leaving to a 250 XO-1 deployment in Haiti within days, George Hunt I were fine-tuning Nick Doiron's Haiti customization stick of 19 Sugar Activities ( http://sugarlabs.org/~holt/haiti-shalom-activities-2011-2012/ ) only to discover http://wiki.laptop.org/go/Customization_stick no longer works on Release 13.1.0 and 12.1.0. Attached Screenshot JPG shows Customization Stick failing on 13.1.0, also transcribed here: Traceback (most recent call last): File /init, line 32, in do_in_child try: work() File /init, line 53, in unpack_bundles lout(['/bin/mkdir', '-p', v]) File /process.py, line 118, in lout raise CalledProcessError(ret, cmd) CalledProcessError: Command '['/bin/mkdir', '-p', '/sysroot/home/olpc/.bootanim']' returned non-zero exit status 1 Bundle installation complete; powering off in five seconds. Release 12.1.0 shows the same error, *falsely announcing Bundle installation complete.* Is this resolvable? We'd rather not, but we'll revert to Release 11.3.1 if nec, the last OS where http://wiki.laptop.org/go/Customization_stickworks. Screenshot of success (on Release 11.3.1) attached to illustrate normal working behavior. (Showing a new activity installing every second or few as desired, scrolling one per line, right before powering off...) All tips appreciated, cheers thanks! -- Help kids everywhere map their world, at http://olpcMAP.net ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ support-gang mailing list support-g...@lists.laptop.org http://lists.laptop.org/listinfo/support-gang ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
These Haiti's laptops are a mix of secured and unsecured XO-1s. They are Give1Get1 redonations, mostly running Release 10.1.3 untouched, we'll be upgrading on the ground in Haiti within days. We'd love if the longstanding http://wiki.laptop.org/go/Customization_stick could be fixed on 13.1.0 (worked like a charm less than a year ago) but yep that may not be possible this week. Thanks Kevin Tony for interim solutions- On 3/9/2013 1:07 PM, George Hunt wrote: Thanks Kevin, I think choice 2 is the best given the current situation. I've never done an OOB build, I don't have any secured XO-1.0 laptops to verify the signing process. There's an extreme urgency to meet a Wednesday deadline, and I've got some other priorities to deal with before leaving, and cannot spend 100% of my time learning what I need to know. I think choice 1 would be a better choice, if I had more time and confidence with regard to OOB and signing images. George On Sat, Mar 9, 2013 at 12:25 PM, Kevin Gordon kgordon...@gmail.com mailto:kgordon...@gmail.com wrote: Adam: Assuming secured laptops: Choice 1, make the build on a stick using OOB with signatures. Choice 2, a two step reflash process: use a regular build stick for the desired OS for the reflash. After the OS is flashed, remove the stick then reboot. Now, reinsert the stick which *already* would have to have a little script that you have written yourself, (which you then you run from terminal). The script could manually anarchive the contents of the bundle directory and place them in the right folders, and set the permissions. I'm sure George or Jerry can whip up a script that meets your specific need pretty quickly. Be careful your bundles contain the right version of the sugar activities for the version of the OS, there are issues using old .xo with F17+, and only install the supplemental ones, not ones already installed via the initial default re-flash. If unsecure you don't need signatures for Choice 1, and the build process is a little cleaner. Cheers KG On Sat, Mar 9, 2013 at 12:05 PM, Holt h...@laptop.org mailto:h...@laptop.org wrote: As we're leaving to a 250 XO-1 deployment in Haiti within days, George Hunt I were fine-tuning Nick Doiron's Haiti customization stick of 19 Sugar Activities ( http://sugarlabs.org/~holt/haiti-shalom-activities-2011-2012/ http://sugarlabs.org/%7Eholt/haiti-shalom-activities-2011-2012/ ) only to discover http://wiki.laptop.org/go/Customization_stick no longer works on Release 13.1.0 and 12.1.0. Attached Screenshot JPG shows Customization Stick failing on 13.1.0, also transcribed here: Traceback (most recent call last): File /init, line 32, in do_in_child try: work() File /init, line 53, in unpack_bundles lout(['/bin/mkdir', '-p', v]) File /process.py, line 118, in lout raise CalledProcessError(ret, cmd) CalledProcessError: Command '['/bin/mkdir', '-p', '/sysroot/home/olpc/.bootanim']' returned non-zero exit status 1 Bundle installation complete; powering off in five seconds. Release 12.1.0 shows the same error, /falsely announcing Bundle installation complete./ Is this resolvable? We'd rather not, but we'll revert to Release 11.3.1 if nec, the last OS where http://wiki.laptop.org/go/Customization_stick works. Screenshot of success (on Release 11.3.1) attached to illustrate normal working behavior. (Showing a new activity installing every second or few as desired, scrolling one per line, right before powering off...) All tips appreciated, cheers thanks! -- Help kids everywhere map their world, athttp://olpcMAP.net ___ Devel mailing list Devel@lists.laptop.org mailto:Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ support-gang mailing list support-g...@lists.laptop.org mailto:support-g...@lists.laptop.org http://lists.laptop.org/listinfo/support-gang -- Help kids everywhere map their world, at http://olpcMAP.net ! ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1
Adam: I seem to remember from the devel list that martin and Daniel said there are no plans to re-enable it. The future is OOB. KG Sent from my BB via Gmail 416-562-3623 -Original Message- From: Holt h...@laptop.org Sender: devel-boun...@lists.laptop.org Date: Sat, 09 Mar 2013 13:17:53 To: Community Support Volunteers -- who help respond to \help AT laptop.org\support-g...@lists.laptop.org; IAEPi...@lists.sugarlabs.org; Devel's in the Detailsdevel@lists.laptop.org Cc: Michael Stonemichael.r.st...@gmail.com Subject: Re: [support-gang] Customization Sticks fails on 13.1.0 12.1.0 for XO-1 ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel