Re: [Server-devel] Need help: mounting usb devices on headless machines
On Mon, Aug 11, 2008 at 12:49:06PM +1200, Martin Langhoff wrote: Well, it *seems* that I cannot get a bell to sound on any of the systems I can get my hands on today. [...] Systems that route the PC speaker into the mixer will also need alsamixer settings changed accordingly. -- James Cameronmailto:[EMAIL PROTECTED] http://quozl.netrek.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Motivation behind recent selections of tickets marked blocks?:8.2.0?
I've noticed you tagging lots of tickets over the last few days for consideration as 8.2.0 blockers. Some of your selections make good sense to me, like the GPL tickets (#4265), but others make less sense to me, like the debuginfo packages issue (#4264), the TurtleArt naming issue (#5941), the boot-lock/pretty-boot coupling issue (#7896), and the grab-bag of quality issues (#7413). Could you say a few words about the vision underlying your choices so that I can compare it to my own understanding of what the 8.2.0 release needs to accomplish? Four categories, really: * Longstanding major issues, like GPL compliance (#4265), failing to listen for arp or multicast packets while suspended (#4616), Python programs polling all the time (#4677). These often have unusual follow-on effects, like flakey collaboration, ohm's inability to tell an idle machine from one that's doing work, or legal or reputational liability. Often, significant work has been done since the last release, but not quite enough to close the ticket. The last nits in these never seem to get closed out except toward the end of a release cycle. [The Python one, when run to ground, ended up still needing more work than can be done for 8.2.0.] * Trivial fixes that will be visible in the field. The sort of thing that somebody adept at patching packages in your release system can knock off five or six of in a day. Like the debuginfo packages (#4264), or TurteArt (#5941), or the addition of ten lines of copyright notice that would let Record go into the Sugar packages in Ubuntu (#6891), or a visible GPL notice in the Sugar About box (#6929). It took me an extra two hours to debug the Python polling thing because it took that long to find debug symbols. How many people who find a bug in 8.2.0 in the field will run out of time and give up, rather than run it to ground, if that small issue remains unaddressed? How many kids won't know they are free to, and encouraged to, modify Sugar? * Major opportunities with minor coding impact. If the user can merely tell the machine to turn off Mesh, a small Ohm change can save huge amounts of power (autosuspended laptop goes from 1.9W to about 1.0W, and a closed-lid laptop goes from 1.1W to 0.25W, letting it survive for days instead of 8 hours) - #7879. Most of our deployments don't use mesh, but it burns most of a watt for every laptop uselessly. Usually there's some odd bottleneck that prevented anyone from noticing the opportunity; in this case, Eben's off-the-cuff UI choice that eliminated the Turn Off action on the Mesh icon - http://dev.laptop.org/ticket/6995#comment:19 * Collector tickets that have been targeted for 8.2.0 for months, but which might not have been looked at recently. E.g. high quality release #7413. Every developer was encouraged in email to devel to mark tickets as potential (?) blockers. I didn't expect that the ones I marked would all become blockers; I just expected someone responsible for release quality would look at them and make their own decision. The boot-lock/pretty-boot issue is not marked for blocking 8.2.0 -- it's marked as a question of whether it should block 8.3.0. (Oops, maybe you're calling the next release 9.1.0 -- I'm unclear on the release naming/scheduling.) P.S. - Thanks very much for all the time you've spent combing Trac for tickets that matter to you... You're welcome. Lots of stuff falls through the cracks, by necessity. So it's useful for me to go back through and try to get closure on things that I've already put significant time into diagnosing or fixing. John ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Please help test our new 8.2.0 weekly beta, joyride-2263!
Another thought how difficult would it be to post a summary of the differences between the weekly builds ? ... so it's quick to see what has changed or not between them. (i.e. similar to the 'new joyride released announcements) -iXo p.s. Or shall I just create a TRAC entry on this idea? :) On Thu, Aug 7, 2008 at 14:59, NoiseEHC [EMAIL PROTECTED] wrote: Probably it would help if the linked pages would contain a link to the specified build's directory at http://xs-dev.laptop.org/~cscott/xo-1/streams/joyride/build2263/devel_jffs2/http://xs-dev.laptop.org/%7Ecscott/xo-1/streams/joyride/build2263/devel_jffs2/ Just my 0.02$ Michael Stone wrote: We are thrilled to announce a new test build, joyride-2230, valid until Wednesday, August 13. Please help test it according to the detailed instructions at http://wiki.laptop.org/go/Friends_in_testing while we still have time to fix issues you might find! Our specific interest this week continues to be activity compatibility: Does your favorite activity still run on joyride-2263? Currently known issues are recorded at: http://wiki.laptop.org/go/Test_Group_Release_Notes#Build_Joyride_2263 New issues should be filed in our bug-tracking system (dev.laptop.org) according to http://wiki.laptop.org/go/Submitting_bugs or by notifying us by other means. Thanks! Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Datastore profiling
On Sat, 2008-08-09 at 15:30 +0200, riccardo wrote: Hi, Testcase: Fill the datastore with `many small' objects. Build: 2266 ... + Sysprof statistics: http://dev.laptop.org/~rlucchese/datastore_fill/small_files__b2000.sysprof I can't see anything relevant for libxapian and it's bindings (xapian dbg packages were installed) Quite a bit of time goes to librsvg functions rendering svg icons to GtkPixbufs. Attaching strace to the journal activity and grepping open on its output gives: ... open(/usr/share/icons/sugar/scalable/mimetypes/text-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/image-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/audio-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/video-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/text-uri-list.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/text-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/image-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/audio-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 open(/usr/share/icons/sugar/scalable/mimetypes/video-x-generic.svg, O_RDONLY|O_LARGEFILE) = 11 ... Does this come from sugar.mime or any sugar component ? If yes, would it be possible to share one icon-cache between all sugar modules ? I repeated the test to get cProfile statistics for the journal activity: http://dev.laptop.org/~rlucchese/datastore_fill/cProfile_journal_while_filling_ds 98.4% of the total time goes to __data_store_created_cb. Perhaps this function could only set a flag and delay data retrieval (from the DS) to the next time the journal's window is shown? Riccardo ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [sugar] new 8.2.0 beta joyride - upgrading via control panel ?
Not surprisingly, my experience on different machines with different versions of joyride and different collections of activities installed is that it is very inconsistent. Sometimes it just works, but often times, it gets hung on one or two activities, e.g., for a while, it would get stuck on Browse-94 under every configuration I tried, but then one day, it just worked. The usual behavior seems to be that it will succeed to upgrade most of the activities and report failures on a handful, offering to try again (although it is not clear that that is what is happening). I've be unable to determine any pattern. But only once or twice have I seen it fail in the way you describe. There are several related open tickets: 7882, 7886, 7865, 7845, 7842, 7837, etc. -walter 2008/8/10 Ixo X oxI [EMAIL PROTECTED]: I've tried to use several joyrides and the control panel / upgrade option... it just sits at 9% and does nothing. On 2269 I even left it over night to see if it needed more than 10 hrs.. still nothing. (I have no XS server, is one required?) I've never seen it work at all.. ;-/ Is there an estimate on the length of time for the upgrade process.. clean system with no activities? with G1G1 activity pack? with just 5 activites? How long should I wait to get past the first '9%' and downloading? How much does it need to download first ? -iXo p.s. Shall I file a TRAC ticket with the list of Activities I have ? On Sun, Aug 10, 2008 at 14:28, Martin Langhoff [EMAIL PROTECTED] wrote: On Mon, Aug 11, 2008 at 8:37 AM, Kevin Cole [EMAIL PROTECTED] wrote: want to update them. I tell it to install/upgrade them all. It says Downloading but the progress bar never progresses, and it appears to be doing a whole lot of nothing. FWIW, it worked for me. One of the activity downloads (TamTam Edit?) takes *ages* to complete, with little feedback, so I did think it was jammed. Eventually it completed. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Sound on the OLPC
Hi, I am trying to port an application from a normal Fedora system to work on the XO. The application uses OSS API's which read and write to /dev/dsp to acheive sound functionality. While porting I found out that the XO does not have a /dev/dsp but has a single /dev/snd file for sound device. I tried creating a sym link to /dev/dsp from /dev/snd which didnt work. Can anybody help me out and suggest how else can I get the sound to work on the XO. Thanks Shivaprasad ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Motivation behind recent selections of tickets marked blocks?:8.2.0?
Hi John, Thanks a lot for looking at and updating all those items! On this: The boot-lock/pretty-boot issue is not marked for blocking 8.2.0 -- it's marked as a question of whether it should block 8.3.0. (Oops, maybe you're calling the next release 9.1.0 -- I'm unclear on the release naming/scheduling.) The next major feature release after 8.2.0 is called 9.1.0. FYI An overview of release names, status and schedules is at: http://wiki.laptop.org/go/Releases Thanks, Greg S ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: How to set up your XO to swap to an SD card
Hi John, Thanks for the info. Are there noticeable performance gains/losses when using an external SD swap partition? Won't adding a line to /etc/fstab make the swap partition be used on startup automatically? Cheers, Andrés On Sun, Aug 10, 2008 at 4:21 AM, John Gilmore [EMAIL PROTECTED] wrote: Have you tried with a swap partition? Swap is robust now on a SD card, immune to suspend/resume and power cycle. External swap area sounds cool. How does one set it up? I'll give it a whirl. Use a recent joyride. Get a throwaway 1GB SD card. Available for $3-$20 depending where you go. I say throwaway because swapping to it will tend to burn it up faster than its usual lifetime for photos and such. You will still be able to use half a gig on the card for file storage; the other half will be for swap space. Plug it into the SD card slot on the XO. You'll have to keep it plugged in the whole time while you're swapping to it; you can't remove it the way you remove a USB stick or a non-swap SD card. If/when it starts to fail after a few years, you can copy any still-interesting user files off it, throw it away, and put in a new $1 1GB SD card (or something larger). Go to a terminal (either the activity, or Ctrl-Alt-F1). Become root. Type mount, make sure the SD card is mounted at /dev/mmcblk0p1, in a vfat filesystem. Go into the Journal, find the SD card hiding behind the Frame at the bottom, hover over it, pick Unmount. Go back to the terminal. Type mount, make sure /dev/mmcblk0p1 is not mounted any more. Type yum install parted since the partition editor is not in the distro any more. Run /sbin/parted /dev/mmcblk0. Type print to see the current configuration. On mine it looked like this: Number Start EndSizeType File system Flags 1 127kB 1018MB 1018MB primary fat16 Type resize 1 0 512 to shrink this filesystem down to 512MB. If it asks you whether to use FAT32, just say no. Then type mkpartfs primary linux-swap 512 1018. That'll make a second partition for swapping to, and format it as a Linux swap partition. Type print and it should look roughly like this: Number Start End Size Type File system Flags 1 32.3kB 512MB 512MB primary fat16 2 512MB 1018MB 506MB primary linux-swap Type quit. Now you're back to the shell. Type /sbin/swapon /dev/mmcblk0p2. You're done. The Hal daemon is smart enough to mount filesystems when it sees an SD card appear, but it's not smart enough to start using freshly available swap space. For the moment, you'll have to do /sbin/swapon /dev/mmcblk0p2 each time after you reboot the XO. Similarly, it won't do the /sbin/swapoff if you want to eject it. I'm sure somebody will eventually come up with a Hal script or something to automate that part. You can see how much swap space you have / are using by running top in a terminal window; it's about the fourth line down. John ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Sound on the OLPC
hello shivaprasad: I am trying to port an application from a normal Fedora system to work on the XO. The application uses OSS API's which read and write to /dev/dsp to acheive sound functionality. While porting I found out that the XO does not have a /dev/dsp but has a single /dev/snd file for sound device. I tried creating a sym link to /dev/dsp from /dev/snd which didnt work. Can anybody help me out and suggest how else can I get the sound to work on the XO. you may need to modprobe snd-pcm-oss in order to install the OSS module, but i've never tried an OSS audio app on the XO, so i can't guarantee success after that. sound on the XO uses the alsa audio system by default -- googling for OSS on alsa will probably get you some information that may be relevant. paul Thanks Shivaprasad =- paul fox, [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Sound on the OLPC
Thanks for the information. I did a modprobe snd-pcm-oss and everything started working perfectly well. Thank you very much. Thanks Shivaprasad On Mon, Aug 11, 2008 at 6:52 PM, [EMAIL PROTECTED] wrote: hello shivaprasad: I am trying to port an application from a normal Fedora system to work on the XO. The application uses OSS API's which read and write to /dev/dsp to acheive sound functionality. While porting I found out that the XO does not have a /dev/dsp but has a single /dev/snd file for sound device. I tried creating a sym link to /dev/dsp from /dev/snd which didnt work. Can anybody help me out and suggest how else can I get the sound to work on the XO. you may need to modprobe snd-pcm-oss in order to install the OSS module, but i've never tried an OSS audio app on the XO, so i can't guarantee success after that. sound on the XO uses the alsa audio system by default -- googling for OSS on alsa will probably get you some information that may be relevant. paul Thanks Shivaprasad =- paul fox, [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Sound on the OLPC
shivaprasad wrote: Thanks for the information. I did a modprobe snd-pcm-oss and everything started working perfectly well. Thank you very much. that's good news. i'm now curious as to why the module didn't get loaded automatically, but that's a different topic. paul Thanks Shivaprasad On Mon, Aug 11, 2008 at 6:52 PM, [EMAIL PROTECTED] wrote: hello shivaprasad: I am trying to port an application from a normal Fedora system to work on the XO. The application uses OSS API's which read and write to /dev/dsp to acheive sound functionality. While porting I found out that the XO does not have a /dev/dsp but has a single /dev/snd file for sound device. I tried creating a sym link to /dev/dsp from /dev/snd which didnt work. Can anybody help me out and suggest how else can I get the sound to work on the XO. you may need to modprobe snd-pcm-oss in order to install the OSS module, but i've never tried an OSS audio app on the XO, so i can't guarantee success after that. sound on the XO uses the alsa audio system by default -- googling for OSS on alsa will probably get you some information that may be relevant. paul Thanks Shivaprasad =- paul fox, [EMAIL PROTECTED] =- paul fox, [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [sugar] new 8.2.0 beta joyride - upgrading via control panel ?
Please send me sugar logs for any activity update control panel failures, along with details on what activity it was attempting to download at the time. Please be sure you are using joyride-2266 or later, and that you have suspend turned off. On Mon, Aug 11, 2008 at 6:59 AM, Walter Bender [EMAIL PROTECTED] wrote: then one day, it just worked. The usual behavior seems to be that it will succeed to upgrade most of the activities and report failures on a handful, offering to try again (although it is not clear that that I am not terribly interested in bug reports on this particular behavior: this is caused by activity authors giving inconsistent information on the Activities wiki page and/or their update url. Please file those bugs against the individual activities; I don't particularly want to hear about them. We've been installing semantic mediawiki on wiki.laptop.org and intend to use it in a refresh of the activities templates, which should greatly reduce the version skew problem. --scott -- ( http://cscott.net/ ) ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: A simple signed bundle/directory trust scheme for the XS
Martin, Thanks for your note. Unfortunately, it left me with more questions than with answers. Some questions include: * What use cases are you trying to support? * What threats obstruct supporting those use cases? * What trust structure are you trying to create and how does it mitigate the threats while permitting the use cases? * What algorithms are you going to use and why? * What security properties are you trying to check? (Perhaps you've already answered some of these basic questions elsewhere and you simply left out the citation?) Two other comments: If you want to go the route of 'signed content lives in directories', then please examine the programs in olpc-contents http://wiki.laptop.org/go/Olpc-contents and let us know in what way they can be improved before writing your own. If you're more interested 'signed content lives in archives', then JAR-signing might be for you! Regards, Michael P.S. - In the future, please consider CC'ing the security@ list when you write security-related mail. Interesting people live there. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: builds for releases
On Mon, Aug 11, 2008 at 08:28:40AM -0400, Mikus Grinbergs wrote: The next major feature release after 8.2.0 is called 9.1.0. FYI An overview of release names, status and schedules is at: http://wiki.laptop.org/go/Releases That webpage says what the releases are - I wish it said more about why they are. The 'Primary Objective' for each release says where it fits - I wish it clarified why the previous release did not suit. I'll see what I can do. My principal problem with that webpage is that it does not explain off-release builds. There was 751, which looked like a candidate attempt - but has not been followed up. We'll pick it up again sometime soon -- as soon as we're ready for it, really. And now there is 711 -- why might anyone try 711 instead of 8.1.2 (named 709 by that webpage)? 8.1.2 has not been finalized because we concluded that it was a good idea to try to include the #6532 work-around. I built 710 and 711 toward this goal, discovered a problem with the kernel RPM I was given, and built 711 with a better RPM. See http://wiki.laptop.org/go/OLPC_SW-ECO_6 http://wiki.laptop.org/go/OLPC_SW-ECO_6_Checklist for more details. Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: XO keeps staring at its own belly button
Paul writes if you disable that client, is the system UI response normal? Here are some observations from looking at 'top': When the 100%-CPU-using client was NOT running, I did not observe 'top' showing anything unusual. I did notice 'olpc-update-query' running (presumably from 'cron') -- I actually have no need for that task to be running on my system (I handle updates manually). When the 100%-CPU-using client WAS running, periodically 'top' showed 'X' using up to 80% of the CPU during one 'top' reporting interval. The large value on the 'X' line was accompanied by a large value in the '%sy' field in the 'top' header lines. Sometimes 'ksoftirqd' showed up as taking a little bit of CPU. [Note that the 100%-CPU-using client writes to the console (from which it was started) maybe twice a day -- in other words, its use of 'X' is insignificant.] Since I was only looking (at the periodic 'top' output), I do not know how the system UI response behaved. But I suspect that the 'X' unusually busy usage episodes affected the system UI response. mikus ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: inhibiting suspend via dbus
Deepak Saxena wrote: On Aug 09 2008, at 19:35, Mikus Grinbergs was caught saying: One possibility -- OFW already tests for is the XO plugged in?. Maybe Ohm can test for that, and decide that suspend is not needed when the battery is fully charged, and is not being drained. I don't think this would work for us as in some locations electrical power is expensive and we want to conserve as much power as possible. This was indeed the way ohm used to work but I argued against it because plugged up to external power in no way indicates you have a constant electrical source. Many cases that will be sharing a connection to a solar panel or from a battery bank and you need to be save as much as possible all the time. -- Richard Smith [EMAIL PROTECTED] One Laptop Per Child ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [sugar] Please help test our new 8.2.0 weekly beta, joyride-2263!
Martin Langhoff wrote: On Mon, Aug 11, 2008 at 8:37 AM, Kevin Cole [EMAIL PROTECTED] wrote: want to update them. I tell it to install/upgrade them all. It says Downloading but the progress bar never progresses, and it appears to be doing a whole lot of nothing. FWIW, it worked for me. One of the activity downloads (TamTam Edit?) takes *ages* to complete, with little feedback, so I did think it was jammed. Eventually it completed. cheers, m I had no trouble updating the activities *except* that it would keep looping back to Scratch telling me that I have version 2 and it needs to update to 5. After proceeding to update, it would continue to loop. Reboots don't fix it. I'm on 2263. Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor of Information Systems San Francisco State University San Francisco CA 94132 USA http://verma.sfsu.edu/ http://opensource.sfsu.edu/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: inhibiting suspend via dbus
smith wrote: Deepak Saxena wrote: On Aug 09 2008, at 19:35, Mikus Grinbergs was caught saying: One possibility -- OFW already tests for is the XO plugged in?. Maybe Ohm can test for that, and decide that suspend is not needed when the battery is fully charged, and is not being drained. I don't think this would work for us as in some locations electrical power is expensive and we want to conserve as much power as possible. This was indeed the way ohm used to work but I argued against it because plugged up to external power in no way indicates you have a constant electrical source. Many cases that will be sharing a connection to a solar panel or from a battery bank and you need to be save as much as possible all the time. this could still be selectable. while it's necessary to provide for those scenarios, i suspect that most laptops will have reliable external power. i'd think a don't suspend when plugged in checkbox would be useful for most owners. (it could default to off.) also, mikus' suggestion re: watching the rate of discharge is interesting. i wonder if that might be a useful input to the OHM policy engine? (e.g. decrease timeouts when the rate of discharge is high) just an ill-formed thought. paul =- paul fox, [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: First impressions of joyride-2280
On Aug 11 2008, at 11:09, Ton van Overbeek was caught saying: - TamTam sound seems to work OK for me. No hic-ups or noise. Odd given that we have yet to commit the changes for #7603. - After suspending with the power button however (screen goes off) and resuming with the power button, eth0 is down and does not come up automatically. Manually bringing it up with ifconfig and assigning it the same ip4 address as before allows to continue the external ssh session. Reproduced this here. I was able to just do an ifconfig up eth0 after resume and NM reinstantiated the connection to my AP and my TCP sessions stayed up but this obviously wrong behaviour. ~Deepak -- Deepak Saxena - Kernel Developer - [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: First impressions of joyride-2280
Hi, - After suspending with the power button however (screen goes off) and resuming with the power button, eth0 is down and does not come up automatically. Manually bringing it up with ifconfig and assigning it the same ip4 address as before allows to continue the external ssh session. Reproduced this here. I was able to just do an ifconfig up eth0 after resume and NM reinstantiated the connection to my AP and my TCP sessions stayed up but this obviously wrong behaviour. I think I'm going to back out the change that tells NM to sleep and wake during sleep mode. NM should be doing all the same things it does to find a connection at startup, but it's clearly not working. Maybe we'll be able to re-enable this after we move to NM 0.7. This means that the XO won't look for a new connection when coming out of sleep, and will re-use whatever you were connected to before. - Chris. -- Chris Ball [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Mic insertion detection
Arjun, I don't know how to access it from a script, but on production units the AC'97 codec does sense whether anything is plugged into either the microphone or headphone jacks. The microphone jack is wired to JS0, accessible through the Jack Sense register in the AC'97 spec. (The headphone is JS1). Cheers, wad On Aug 9, 2008, at 3:49 PM, Arjun Sarwal wrote: How can I detect through a script that a jack/connector is inserted in the Mic-In jack ? Considering that the mic-in socket(female) is such that insertion of an external connector(male) inside it only _physically_ disconnects the internal mic, is it all possible to do a thing as I've asked above ? many thanks, Arjun -- Arjun Sarwal http://dev.laptop.org/~arjs http://youtube.com/watch?v=SwcSEcfR464 ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
New faster build 2284
http://xs-dev.laptop.org/~cscott/olpc/streams/faster/build2284 Changes in build 2284 from build: 2281 Size delta: 0.00M -PolicyKit-olpc 1.1-1.fc9 +PolicyKit-olpc 1.2-1.fc9 -dbus-python 0.82.4-2.fc9 +dbus-python 0.83.0-2.fc9 -libvolume_id 124-1.fc9.2 +libvolume_id 124-2.fc9 -udev 124-1.fc9.2 +udev 124-2.fc9 --- Changes for PolicyKit-olpc 1.2-1.fc9 from 1.1-1.fc9 --- + Initial release --- Changes for dbus-python 0.83.0-2.fc9 from 0.82.4-2.fc9 --- + Update to 0.83.0. + fix license tag --- Changes for udev 124-2.fc9 from 124-1.fc9.2 --- + added patch for cdrom tray close bug (rhbz#453095) + fixed udevadm syntax in start_udev (credits B.J.W. Polman) -- This mail was automatically generated See http://dev.laptop.org/~rwh/announcer/faster-pkgs.html for aggregate logs See http://dev.laptop.org/~rwh/announcer/joyride_vs_update1.html for a comparison ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: First impressions of joyride-2280
On Mon, Aug 11, 2008 at 02:15:28PM -0400, Chris Ball wrote: Hi, - After suspending with the power button however (screen goes off) and resuming with the power button, eth0 is down and does not come up automatically. Manually bringing it up with ifconfig and assigning it the same ip4 address as before allows to continue the external ssh session. Reproduced this here. I was able to just do an ifconfig up eth0 after resume and NM reinstantiated the connection to my AP and my TCP sessions stayed up but this obviously wrong behaviour. I think I'm going to back out the change that tells NM to sleep and wake during sleep mode. NM should be doing all the same things it does to find a connection at startup, but it's clearly not working. Maybe we'll be able to re-enable this after we move to NM 0.7. Just in case, this might just be http://dev.laptop.org/ticket/7740 - NM doesn't always notice changes because haldaemon doesn't always notice changes. I've been quite happy with how NM does its wake-up logic after coming out of XO sleep, despite [1]. I'm using joyride-2271, so if it's clearly not working, perhaps it's a recent regression? I can help joyride-bisect or something. I'd hate to have the baby thrown out with the bathwather, if indeed you do prefer NM to re-do its wake-up logic in this post-sleep case. This means that the XO won't look for a new connection when coming out of sleep, and will re-use whatever you were connected to before. Is there a way to force NM to re-scan (do it's wake behavior) in the GUI? If not, and if NM won't notice you've lost the AP and re-wake, your change will be useful when you just close/open and don't move around but annoying when moving locations. - Chris. Martin 1. http://lists.laptop.org/pipermail/devel/2008-August/017686.html pgpEBMH2qa8iI.pgp Description: PGP signature ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
New joyride build 2285
http://xs-dev.laptop.org/~cscott/olpc/streams/joyride/build2285 Changes in build 2285 from build: 2281 Size delta: 0.00M -PolicyKit-olpc 1.1-1.fc9 +PolicyKit-olpc 1.2-1.fc9 -olpcsound 5.08.92-3.olpc3 +olpcsound 5.08.92-7.olpc3 -dbus-python 0.82.4-2.fc9 +dbus-python 0.83.0-2.fc9 -libvolume_id 124-1.fc9.2 +libvolume_id 124-2.fc9 -udev 124-1.fc9.2 +udev 124-2.fc9 --- Changes for PolicyKit-olpc 1.2-1.fc9 from 1.1-1.fc9 --- + Initial release --- Changes for dbus-python 0.83.0-2.fc9 from 0.82.4-2.fc9 --- + Update to 0.83.0. + fix license tag --- Changes for udev 124-2.fc9 from 124-1.fc9.2 --- + added patch for cdrom tray close bug (rhbz#453095) + fixed udevadm syntax in start_udev (credits B.J.W. Polman) -- This mail was automatically generated See http://dev.laptop.org/~rwh/announcer/joyride-pkgs.html for aggregate logs See http://dev.laptop.org/~rwh/announcer/joyride_vs_update1.html for a comparison ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Activity updater - work with XS?
Hi Scott, Now that we have olpc-update able to use a local XS, I'm wondering whether we can get activities on the local server too. The old activity-update doesn't exist any more (at least at git://dev.laptop.org/users/cscott/activity-update ), so my guess is that the code has been absorved into sugar-update-control. A few easy questions - How does it read the master list of available activities? - Does it use the URL in the activity metadata as per http://wiki.laptop.org/go/XO_updater#Application_updater I am wondering whether we can make it attempt to retrieve things from 'http://schoolserver/bla' (or even rsync://schoolserver/activities) before it hits external urls. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
olpc-update and split-horizon dns
Hi Scott, If the lease server proper is not in use (for XOs with very long leases), olpc-update will never use the local school server. Talking to Wad earlier today, he mentioned that at one stage using a split horizon DNS that masks updates.laptop.org was part of the plan. It's trivial for me to do - will it break any assumptions? (And the curious question: will olpc-update read updates blindly from anyone calling itself updates.laptop.org? I'm assuming it checks sigs on contents beforehand anyway.) cheers, martin -- [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
New joyride build 2286
http://xs-dev.laptop.org/~cscott/olpc/streams/joyride/build2286 Changes in build 2286 from build: 2285 Size delta: 0.00M -olpcsound 5.08.92-7.olpc3 +olpcsound 5.08.92-8.olpc3 -- This mail was automatically generated See http://dev.laptop.org/~rwh/announcer/joyride-pkgs.html for aggregate logs See http://dev.laptop.org/~rwh/announcer/joyride_vs_update1.html for a comparison ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: New wireless/mesh icon info testers needed (#2866, #6995)
Tried your test for 2866. Works as advertised for me (joyride-2280). Could not test the mesh, since I have only one XO. At startup, when showing the frame, you see first the attempt to connect to the mesh, then it is replaced by the AP icon and information. I like the signal strength indication and the IP address. The 'disconnect' option is gone from the frame. I suppose you have to do this in the neighbourhood view (have not read Eben's design proposal). Ton van Overbeek ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
XS inconvenientes
Hola a todos los de las listas. He venido trabajando en la configuración del servidor y hasta le momento no ha sido exitosa. Estoy guiándome por las indicaciones del Wiki en : http://wiki.laptop.org/go/XS_Configuration_Management y estoy utilizando la versión 163. La instalación (ok) El cambio de dominio (ok) Enable ejabberd (ok) Create an account (ok) Pero no he podido ver desde las XO o desde otro pc, el administrador web. cuando realizo *ejabberdctl status* o cualquier comando con *ejabberdctl * me arroja el siguiente mensaje:*RCP failed on the node [EMAIL PROTECTED]: nodedown. *He revisado en el archivo ejabberd.cfg y al parecer está correcto. solicito su ayuda con este incoveniente. Ojalá me puedan ayudar. Muchas gracias y Muchos saludos. * * -- Henry Vélez Molina Administrador de red OLPC Fundación Marina Orth Tel: (57)(4) 3412359 Móvil: 3127690169 ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: XS inconvenientes
2008/8/12 Henry Vélez [EMAIL PROTECTED]: Estoy guiándome por las indicaciones del Wiki en : http://wiki.laptop.org/go/XS_Configuration_Management y estoy utilizando la versión 163. Necesitamos mas datos :-) Que comandos - exactamente - le estas dando al XS? Pero no he podido ver desde las XO o desde otro pc Que has probado? Como te has conectado? abrazos, martin -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: A simple signed bundle/directory trust scheme for the XS
On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone [EMAIL PROTECTED] wrote: If you want to go the route of 'signed content lives in directories', then please examine the programs in olpc-contents http://wiki.laptop.org/go/Olpc-contents and let us know in what way they can be improved before writing your own. olpc-contents is fairly close to what I am doing. I am thinking about a few things I want moderately technical people to be able to build and check these bundles (usb based or otherwise) on any modern OS: * What I want from olpc-contents is mostly what sha1sum does, and sha1sum is very portable and widespread - even some GUIs are available. * olpc-contents not being self-contained and not being pure Python hampers things further. IOWs, I cannot say just download this portable python script. Of what olpc-contents adds, I only care about the check for extraneous files. Other bits -- file owners and permissions -- I don't need, and in fact get in the way. I would need a version of olpc-contents that does not include (and later, does not care for) file ownership or mode data. So it's close enough, but it gets in the way in a big time. Just picture the instructions: - Only Windows users: install sha1sum from here - link to exe (sha1sum is in stock OSX and Linuxen) - create an empty dir and put what you want inside - check no stray files are there - run 'sha1sum * manifest.md5' - Windows users, here's an alternative GUI if you want... to - Debian/Fedora users - here's a nice rpm deb - Everyone else: install this python script with its related libraries and bits in C... various pages of explanations based on http://docs.python.org/ext/win-cookbook.html - I quote: To build extensions using these instructions, you need to have a copy of the Python sources of the same version as your installed Python. You will need Microsoft Visual C++ ``Developer Studio''... - create empty dir... Must say - I've read the source and it's a good tool. However my thinking right now is that it doesn't add enough for my use case, and it gets in the way big-time. Just to make it usable for the use cases I have will take several times more work to make it usable than to write the little script I'm thinking of. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
[Server-devel] [PATCH] xs-refresh-xobuilds: If contents if missing, rm the build
We are not 100% atomic when we install a new build. If the contents file is missing, something is amiss. rm-fr and start again... --- xs-refresh-xobuilds.py |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/xs-refresh-xobuilds.py b/xs-refresh-xobuilds.py index c99dc15..5d2b802 100755 --- a/xs-refresh-xobuilds.py +++ b/xs-refresh-xobuilds.py @@ -83,7 +83,9 @@ def main(): for buildname in buildsbyname.keys(): bpath = os.path.join(BUILDSDIR,buildname) ppath = os.path.join(PACKEDDIR,buildsbyname[buildname]) -if options.force or not os.path.exists(bpath): +if (options.force +or not os.path.exists(bpath) +or not os.path.exists(os.path.join(bpath,'contents'))): installcmd = [ 'sudo', '-u', 'xs-rsync', os.path.join(os.path.dirname(sys.argv[0]), 'xs-publish-xobuild.py') ] if options.force: -- 1.5.5.1 ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] [PATCH] Add support for usbmount triggers in xs-rsync
This is the first user of usbmount, so several things to note... - The usbmount scripts don't get a tty, which means that we need sudo to allow nontty usage (changed in xs-config for root) - We check manifest.md5 with a custom utility called xs-check-signature, initially a wrapper around md5sum that ensures that all files in the directory are in the manifest. This script is not included here. - We use /usr/bin/logger (to syslog) for output and logging, we log to the 'user' facility. Moodle will later have a 'tail -f /var/log/user.log'. - Stock syslog.conf in fedora drop the user messages, so xs-config has been updated to log to user.log - It is important to show progress towards completion so each msg has an indication of how far along we are. - We'll need to localise these. Tricky - --- Makefile|2 + usbmount-50-xs-rsync-installcontent | 62 +++ xs-rsync.spec.in|2 + 3 files changed, 66 insertions(+), 0 deletions(-) create mode 100755 usbmount-50-xs-rsync-installcontent diff --git a/Makefile b/Makefile index 729b0b4..f78173f 100644 --- a/Makefile +++ b/Makefile @@ -82,6 +82,8 @@ install: install -D -m 644 xinetd-xs-rsyncd.conf $(DESTDIR)/etc/xinetd.d/xs-rsyncd install -D -m 644 crond-xs-rsync.conf $(DESTDIR)/etc/cron.d/xs-rsync + install -D -m 755 usbmount-50-xs-rsync-installcontent $(DESTDIR)/etc/usbmount/mount.d/50-xs-rsync-installcontent + # root owned install -D -d $(DESTDIR)/library/xs-rsync install -D -d $(DESTDIR)/library/xs-rsync/xobuilds-packed diff --git a/usbmount-50-xs-rsync-installcontent b/usbmount-50-xs-rsync-installcontent new file mode 100755 index 000..9bfeed4 --- /dev/null +++ b/usbmount-50-xs-rsync-installcontent @@ -0,0 +1,62 @@ +#!/bin/bash -x +# Part of the xs-sync package +# Author: Martin Langhoff [EMAIL PROTECTED] +# Copyright: One Laptop per Child + +set -e + +VERBOSE=no + +# Log a string via the syslog facility. +log() +{ +if test $1 != debug || expr $VERBOSE : [yY] /dev/null; then + logger -p user.$1 -t xs-rsync[$$] -- $2 +fi +} +STEPS=5 + +if [ -e $UM_MOUNTPOINT/xs-xobuilds -a \ + -e $UM_MOUNTPOINT/xs-xobuilds/manifest.md5 ];then +log notice 'Found xobuilds to install!'; +log notice [1/$STEPS] Checking signature]; + +xs-check-signature $UM_MOUNTPOINT/xs-xobuilds/manifest.md5 + +log notice [2/$STEPS] Checking checksum on external disk; +pushd $UM_MOUNTPOINT/xs-xobuilds +md5sum -c manifest.md5 +popd + +## Do we have enough space? +# note: we could use awk {'print $4'} instead of the +# perl regex, but it breaks with long /dev nodes +# such as those from LVMs -which wrap. The regex captures the +# number just left of the number with the percentage sign. +NEED=`du -s -B1M $UM_MOUNTPOINT/xs-xobuilds | awk {'print $1'}` +HAVE=`df -B1M /library/xs-rsync | tail -n1 | \ + perl -pe 'm/(\d+)\s+\d+\%/; $_=$1;'` +if [ $NEED -gt $HAVE ];then + log err 'Not enough free space in /library for this xo image - cancelling'; + exit 1; +fi + +### Copy it first - as the media is bound to be slow +# - make this atomic by cp'ing to a tmpdir, and mv'ing into place +# to be fail-safe +# - remove - manifest.md5 +# - TODO? we could avoid cp'ing files we already have using +# rsync --copy-dest instead of cp +# +log notice [3/$STEPS] Copying xo-builds to xobuilds-packed; +TMPDEST=`mktemp -d -p /library/xs-rsync/tmp` +cp $UM_MOUNTPOINT/xs-xobuilds/* $TMPDEST +rm $TMPDEST/manifest.md5 +mv $TMPDEST/* /library/xs-rsync/xobuilds-packed/ + +log notice [4/$STEPS] Refreshing XO builds available; +(/usr/bin/xs-refresh-xobuilds.py 21 ) | logger -p user.debug -t xs-rsync[$$] +log notice [5/$STEPS] Finished - XOs can now update.; + + +fi # end if we have xs-xobuilds/manifest.md5 \ No newline at end of file diff --git a/xs-rsync.spec.in b/xs-rsync.spec.in index 0fc0c46..3b0f103 100644 --- a/xs-rsync.spec.in +++ b/xs-rsync.spec.in @@ -20,6 +20,7 @@ Requires: fakeroot Requires: fakechroot Requires: bash Requires: vixie-cron +Requires: usbmount %description XS rsync provides support for publishing resources on the XS via rsync. @@ -79,6 +80,7 @@ make install DESTDIR=$RPM_BUILD_ROOT %config(noreplace) %{_sysconfdir}/xs-rsyncd.conf.in %config(noreplace) %{_sysconfdir}/xinetd.d/xs-rsyncd %config(noreplace) %{_sysconfdir}/cron.d/xs-rsync +%config(noreplace) %{_sysconfdir}/usbmount/mount.d/50-xs-rsync-installcontent %dir /library/xs-rsync/xobuilds-packed %attr(755, xs-rsync, xs-rsync) %dir /library/xs-rsync/pub %attr(755, xs-rsync, xs-rsync) %dir /library/xs-rsync/pub/builds -- 1.5.5.1 ___ Server-devel mailing list Server-devel@lists.laptop.org
Re: [Server-devel] Need help: mounting usb devices on headless machines
On Mon, Aug 11, 2008 at 12:49:06PM +1200, Martin Langhoff wrote: Well, it *seems* that I cannot get a bell to sound on any of the systems I can get my hands on today. [...] Systems that route the PC speaker into the mixer will also need alsamixer settings changed accordingly. -- James Cameronmailto:[EMAIL PROTECTED] http://quozl.netrek.org/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Warning: breakage updating xs-config
A few weeks ago Bryan and David reported breakage with xs-config, and over the last week over various tests we've had xs-config updates making a mess of already-configured XS setups. I haven't had a chance to look at it but yes, it is a high priority bug, and I'll be working on it asap. Earlier updates to xs-config had been mainly tested in new installs or unconfigured XS setups. I also probably blamed something else for the breakage when I saw it. Now it's pretty clear and unambiguous *why* things are broken. I wish I had spotted this earlier - / m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Warning: breakage updating xs-config
Martin Langhoff wrote: A few weeks ago Bryan and David reported breakage with xs-config, and over the last week over various tests we've had xs-config updates making a mess of already-configured XS setups. I haven't had a chance to look at it but yes, it is a high priority bug, and I'll be working on it asap. Sorry, coming up to speed, Ticket number? Got some info on the method used, and what failed? Earlier updates to xs-config had been mainly tested in new installs or unconfigured XS setups. I also probably blamed something else for the breakage when I saw it. Now it's pretty clear and unambiguous *why* things are broken. I wish I had spotted this earlier - / Based on my F9 testing, while you have xs-config open, can you remove syslogd from the requires? Syslogd will still be installed based on the comp.xml file anyway. Without removing this requires from xs-config, updating past F7 becomes impossible as syslogd was later renamed/replaced. The same goes for newt-perl in xs-pkgs. The package radvd also gave me problems, although I don't recall why. I ended up re-rolling xs-config and xs-pkgs to exclude these above packages. F9 now installs the xs-config package, with one problem, the symlinks in /etc/rc.d/rc1.d/ 23456... don't get created, looks like those need to be copied over also with F9. Some other links were installed as file.olpcnew. also. I'll put together a list later if you want it. Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS
Martin, Thanks for your note. Unfortunately, it left me with more questions than with answers. Some questions include: * What use cases are you trying to support? * What threats obstruct supporting those use cases? * What trust structure are you trying to create and how does it mitigate the threats while permitting the use cases? * What algorithms are you going to use and why? * What security properties are you trying to check? (Perhaps you've already answered some of these basic questions elsewhere and you simply left out the citation?) Two other comments: If you want to go the route of 'signed content lives in directories', then please examine the programs in olpc-contents http://wiki.laptop.org/go/Olpc-contents and let us know in what way they can be improved before writing your own. If you're more interested 'signed content lives in archives', then JAR-signing might be for you! Regards, Michael P.S. - In the future, please consider CC'ing the security@ list when you write security-related mail. Interesting people live there. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] EduBlog: Looking for comments/bugs
Hi! I've got good and bad news. I tried BrowseNew, and it works fine for pictures uploading! As you can see, I could upload pictures from an XO for the edublog. Question: Isn't it possible to resize the picture? I also tried pasting pictures from the clipboard and from Write (Ctrl-C Ctrl-V) but it didn't work. Finally, I tried to upload a picture to make a new post from Blogger, but it just doesn't work :-( It seems popups are not working properly in this browser, so I can get to the picture upload page, select the image to upload, upload it, but I can never close the file uploading window! You can see the screenshot of the Uploading window in http://uruguay-xo-test.blogspot.com/2008/07/no-button.html... From this page, you can't go back to the post editing page :( I wonder if this version of the browser won't introduce new troubles... Saludos, Pablo Flores On Wed, Jul 23, 2008 at 11:15 AM, Greg Smith [EMAIL PROTECTED]wrote: Hi All, We are so close!! Awesome team! Now lets bring it home... We have a new version of browse. It only works on build 656 so do not install it on other images. Get it from: http://olpc.betarun.com/BrowseNew-1.xo Just point your XO browser at that and it will install. Can someone test the workflow of: 1 - create text and image in write 2 - open new browse 3 - go to EduBlog (you can use http://olpc.betarun.com/dev/ui/student_sp.php if the new URL/login is not clear) 4 - pick what you created from the journal/file picker and upload it to the blog. I'd like to hear that working on build 656 before I ask the alpha test teachers to try it. Please also give the new browser and the whole XO a sniff test to see if there are any regressions due to this new browse. Tarun, These instructions are good: http://wiki.laptop.org/go/EduBlog_Instructions but I need to the URLs and logins (leave the password out). The shorter the URL the better so maybe we will need a home page but leave that for later. Add the links to the doc and I think we are ready for alpha test. If its not too hard, I think the new write with name changed and in .xo format may be useful. If you can make and post that too, I think we may need it. FYI I pasted the Moodle instructions and URLs below. E-mail me for a password if you want to try this out. Thanks, Greg S Hi, I just did a test, and it looks like everything is working decently. I'd be happy to hear anyone's comments on the UI and if there are any major bugs that need to be fixed before the beta test. Please don't send these links out to too many people, they are to the unstable version. When everything is working, it will be transferred to the stable area linked to from the main site. (Also why I did not send this out to any public list). For testing, I've only made three accounts: tarun (Admin), student, teacher. All three have the root password as the password. The pages that comprise EduBlog (only one blog set up right now) are: Local Blog (Need Student Login): http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/view.php?id=3 New Post (Need Student Login): http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2 New Blog (Need Teacher Login): http://edublog.venango.org/test/EduBlog/moodle/course/modedit.php?add=oublogtype=course=2section=0return=0 Manage Remote Blogs (Need Teacher Login): http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/manageremoteblogs.php Anyone using build 656 will need to install a patched version of Browse to get the image upload to work. I had planned on attaching these, but my mail client is not cooperating with me at the moment. I will send them out later. You will need to remove the old versions first. Image upload also still needs to be made IE compatible. Other features all work in IE. It should take you to a login screen and after logging in, you should see the appropriate page. There are a few critical bugs I've already found, so please don't report these: 1) Required message shows up on tinyMCE with content and has to be submitted twice. 2) Clicking manage remote blogs when creating a blog results in loss of data entered. 3) Preview does not work on XO. The IFrame ends up being blank. 4) Kids cannot post directly, teachers have to do publishing (more of an added feature than a bug) We also need to resolve how to do auth. Two ideas come to mind: Name Only (No PW), Rename Password to Birthday or something the kids will be familiar with (a tiny bit more secure). In both cases, I'm trying to figure out how to make the info stored in a cookie so they will have to login infrequently. Support for uploading from Write will be challenging. The version of libabiword in 656 does not properly support any popular format that I am aware of despite what abiword says (tried rtf and odt and xhtml) (xhtml does not do images, odt and rtf just don't work). This means I need to figure out how to
Re: [Server-devel] Static Ip settings
The comment about Debian version reminds me to ask about man and info pages. Is there a set of man pages that matches the packages for various XO installations? Since XO disk space is small I expect an online or school server cache On Sat, Jul 26, 2008 at 5:08 PM, James Cameron [EMAIL PROTECTED] wrote: On Sun, Jul 27, 2008 at 09:40:04AM +1100, David Leeming wrote: Thanks James, I think this was a case of a typo and fixation with the error staring me in the face!! Sometimes one should look for the obvious!!! ;-) I used the Debian version of ipcalc in my reply. Should you need it, another variant of ipcalc is on the XO, as part of the initscripts package, but it has different syntax ... $ ipcalc --netmask 202.0.158.96/29 NETMASK=255.255.255.248 -- James Cameronmailto:[EMAIL PROTECTED] http://quozl.netrek.org/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- T o m M i t c h e l l mitch-at-niftyegg-dot-com ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] EduBlog: Looking for comments/bugs
With the moodle interface I just couldn't upload a picture from the XO... Saludos, Pablo Flores On Wed, Jul 23, 2008 at 2:38 PM, Tarun Pondicherry [EMAIL PROTECTED] wrote: Hi Pablo, I tried BrowseNew, and it works fine for pictures uploading! As you can see, I could upload pictures from an XO for the edublog. Question: Isn't it possible to resize the picture? I think the problem I found is different than what you are reporting. Can you see if the issue also arises for you from the Moodle post blog page? http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2 Clicking on the image should give you resize handles and let you resize it. Thanks, Tarun ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Testing EduBlog
I've just done a test sequence on EduBlog and have a lot of comments and questions, so let's start step by step... *Creating a new blog * - The login page isn't in spanish - I'm not sure how to manage users with EduBlog I think we should start a wiki page to start documenting (and discussing it). Volunteers? :-) - In the Adding a new OU blog form, I can't access the Manage Remote Blogs button, it takes me to a page that says Sorry, but you do not currently have permissions to do that ([[oublog:manageremoteblogs]]) More information about this errorhttp://docs.moodle.org/en/error/moodle/nopermissions. * - It would be better if some options could be hidden, like Common module settings. *New blog post* - From the moodle interface, I couldn't upload any picture. I could use the other interface ( http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2), but with this one I cannot select the blog to post to. * - I tried to upload a Write document, but I couldn't from any of the interfaces (am I doing right? I tried to upload the file as an image). I marked with * the points I find more important. I also would like to summarize some points of how the daily work would be. Let's see... - First of all, the teacher will have to get a user and password for the system. - The teacher creates a new blog using the interface http://edublog.venango.org/test/EduBlog/moodle/course/modedit.php?add=oublogtype=course=2section=0return=0 - All of her children have to get a user and password. - Then, the teacher can propose some work to be done, for which children will have to make their posts to the blog. To do so, children will have to access to the blog page (the moodle one), and click on New blog post. - As children submit their posts, the teacher will be able to see them in the blog page. Children will only see their own posts and the ones already approved by the teacher. Question: How can a child know if his post was approved? - The approved posts will go public, depending on the configuration: If there is a remote blog configured (blogspot for instance), they will appear there. If it's local only, it will be seen by others, depending on the visibility configuration of the blog. All agree with this? Saludos, Pablo Flores ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Testing EduBlog
Saludos, Pablo Flores On Wed, Jul 30, 2008 at 5:34 AM, Tarun Pondicherry [EMAIL PROTECTED] wrote: Hi, *Creating a new blog * * The login page isn't in spanish The UI can be switched to Spanish easily, this will be done in the next update after we get abiword working. Great! * I'm not sure how to manage users with EduBlog I think we should start a wiki page to start documenting (and discussing it). Volunteers? :-) I'm not sure the best way either. There are many many options. I thought the easiest is to just do a bulk upload of all the students. We can also allow students to register themselves or an admin to enter all of them. Comments on which would be best would be really helpful. Students also should only have to login once. Yes, maybe the best way is making a registration form. Once the child is registered, it shouldn't be asked the user/password everytime, it should stay registered in the laptop. One important feature would be letting children use different registration systems, like OpenId... Having many user/password is very confusing for children and even more for teachers! * In the Adding a new OU blog form, I can't access the Manage Remote Blogs button, it takes me to a page that says Sorry, but you do not currently have permissions to do that ([[oublog:manageremoteblogs]]) More information about this error http://docs.moodle.org/en/error/moodle/nopermissions. * I will look into this, but you need teacher not student login. If you are logged in as student, you would have to logout. It doesn't work logged in as teacher. Do teacher's and students share the same machine? Let's assume that teacher do their managing tasks (creating blogs, etc.) from their own laptops. * It would be better if some options could be hidden, like Common module settings. This will be done in the next update. There is button to show all the advanced options at the bottom if needed. Ok. *New blog post* * From the moodle interface, I couldn't upload any picture. I could use the other interface ( http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2 ), but with this one I cannot select the blog to post to. * For this demo, there was only one blog. The jump to link at the top right was to be used to select other blogs. Perhaps it should be repositioned? Mmmh... students should select the blog in which they'll be working before starting to write the post... otherwise could lead to a lot of confussion in the class... * I tried to upload a Write document, but I couldn't from any of the interfaces (am I doing right? I tried to upload the file as an image). Not implemented yet, hopefully this will work after we get abiword on the server. Ok. I also would like to summarize some points of how the daily work would be. Let's see... * First of all, the teacher will have to get a user and password for the system. * The teacher creates a new blog using the interface http://edublog.venango.org/test/EduBlog/moodle/course/modedit.php?add=oublogtype=course=2section=0return=0 http://edublog.venango.org/test/EduBlog/moodle/course/modedit.php?add=oublogtype=course=2section=0return=0 * All of her children have to get a user and password. Yes, and it will be saved on the XO so only needs to be entered one time. Ok! * Then, the teacher can propose some work to be done, for which children will have to make their posts to the blog. To do so, children will have to access to the blog page (the moodle one), and click on New blog post. * As children submit their posts, the teacher will be able to see them in the blog page. Children will only see their own posts and the ones already approved by the teacher. Question: How can a child know if his post was approved? Hm, I did not think of this. We could automatically post a comment locally. What would you suggest? I'm not sure how teachers and students communicate on the XO. We discussed this issue time ago with some friends of a graphics design company that was studying how children interfaces should be. The conclusion we arrived to is that the best would be to remark the state of the post graphically on the blog. For instance, keeping in gray the posts that are still not approved. I don't know if it can be implemented easily. Teachers could also use the comments form to give feedback, although the most common way would be the straight talk in the class... * The approved posts will go public, depending on the configuration: If there is a remote blog configured (blogspot for instance), they will appear there. If it's local only, it will be seen by others, depending on the visibility configuration of the blog. All agree with this? That looks to be all in accordance with what we are
[Server-devel] Ayuda
Hola Martin como va todo. Como ya te comentó Edgar aun no hemos configurado el servidor. Voy a hacer las preguntas pertinentes en la lista server-devel, tal como nos recomendaste. Si necesitás más información me avisas para mandartela. Muchas gracias por la ayuda. -- Trabajo duro y eficaz en memoria de Tim Russert Luís Fernando Sánchez Hurtado Director Ejecutivo Fundación Marina Orth Tels (4) 3412359 / 3117691792 www.fundacionmarinaorth.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] ds-backup - help with a trial happening right now
Hi all, I am in the middle of a largish trial, 500 children, and wanted to get the backup going. Michael Stone was great to help me understand where ds-backup is up to and I'm keen to install, test and contribute to the ds-backup project however I'm rolling out 703 imaged laptops as we need them to the stable for this deploymeent and apparently the software doesn't work on 703. Can anyone help me out with this? The trial is the first 100% saturation in the world, and as I am leaving in 2 days I was hoping to have it fairly done by the time I leave, hwoever I can always return if necessary or work with the local people to make updates. I'm on the IRC #olpc and #sugar channels on freenode as email here is really hard/slow. Many thanks! Pia Waugh ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] [Olpc-france] Fuloong2F (lemo te.com) : group buy/achat groupé
Hello Sami, Le Thursday 31 July 2008 13:14:55 [EMAIL PROTECTED], vous avez écrit : Hi, xe at OLPC France are planning to test the installation of a XS server on various compact and low power architectures. Out next try will be the Fuloong 2F model of lemote.com. The specifications are detailled above. One unit costs USD 230. I am planning to sell 1 or 2 units 1 pcs : USD 318, 230(computer)+88(shipping cost by DHL) 2 PCs : USD 568, 460(computers)+108(shipping cost by DHL) If someone (ideally in France) is interested by a group buy/achat groupé, in order to reduce the shipping cost, please let me know. Add one for me :p Thanks Best regards, Samy MIPS based machine. Item PartDetail 1 CPU Loongson 2F CPU 800M~900M 2 System Memory DDR2 512MB 3 Hard Disc 2.5'' 80GB 4 GraphicsXGI V2 5 Networking Ethernet 10/100 6 I/O ports USB 2.0 x 4 Line-in x 1 Microphone in x 1 Ethernet RJ-45 x 1 VGA out x 1 Infrared interface x 1 DVI x 1 S-Video x 1 7 LED Power Indicator Hard disc Indicator 8 Button Power Button Reset Button 9 Power Consumtionless than 11W (average) 10Mainboard Dimension 18cmx14cmx3cm 11Size190mm×145mm×37mm 12 ___ Olpc-france mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/olpc-france -- Best regards, Florian Fainelli Email : [EMAIL PROTECTED] http://openwrt.org --- signature.asc Description: This is a digitally signed message part. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] EduBlog: possible issues with WriteNew
Hi Tarun, Not sure I fully understand that but it doesn't seem like a critical issue to me. The workflow I think we should support if we can is: - Open write - Add text and images - Exit write (Keep first or just exit) - Open Browse - Click insert image link in EduBlog - Pick Write document off the Journal and insert it in to Blog post Is that right. Sounds like you are saying that the work flow of Open Write document from journal will not get you to EduBlog. If that is the only problem, I wouldn't worry about it too much. Thanks, Greg S Tarun Pondicherry wrote: Hi Greg, I've noticed a few issues we could have with the new image supporting Write. Since the XO defaults to open up Journal files of that format in the original Write, kids who use Journal to open up files could get confused when they are working. I think resolving this means changes to the mime handlers for files, which would need root access to alter. I'm wondering if this is a major issue, or if we can avoid worrying about it for the time being. Thanks, Tarun ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Testing EduBlog
Hi Tarun! I agree with Greg you've done an excellent work! We will always have new requirements, which mean new schedules, but it doesn't mean you didn't meet yours. Thank you! Best regards, Pablo Flores On Fri, Aug 1, 2008 at 9:08 AM, Greg Smith [EMAIL PROTECTED] wrote: Hi Tarun, Thanks. I think Pablo is the primary driver of requirements and priorities now. As long as he appreciates that we only have one more week of coding time, we should try to do whatever he needs to get us to Beta and real blog posts from real schools. You have done a super job! Way above and beyond the call of duty and beyond all expectations. The Abiword conversion thing is really tough but its a huge win if it allows uploading images from Write to EduBlog. We changed the requirements. So you didn't miss the deadline, we missed the requirements. Feel free to use that one in the future if you have another paid programming job :-) Have a good trip back and thanks a lot for your hard work. Greg S Tarun Pondicherry wrote: Hi Greg, FYI presentation will be in 1CC at 12:30 - 1:30 US ET Friday so please don't mess with the server for that hour. We won't touch the server until after the demo is all done. Especially since this abiword stuff affects the whole server and is therefore potentially dangerous. Send over any presentation or demo stuff you have done already (we will use it eventually) but top priority is doing what Pablo needs to start the beta. If all goes perfectly well, we should be ready by Wednesday, Friday if there are minor glitches. Sorry for missing the August 1st target, I did not foresee this Write issue in 656. Marcel made good progress in getting abiword installed and there are now a few dependencies to resolve. I am mostly trying to perfect the UI with Pablo's suggestions and we can test both areas of work after abiword is installed. I like your idea of using the mockup/backup for the demo. I just tested the version at: http://edublog.venango.org/test/EduBlog/mockup/ui/student_sp.php and it is working. In the event something goes wrong with that, the older version at: http://olpc.betarun.com/dev/ui/student_sp.php is also still up. == Also, I'm flying back Friday night and will be offline until Monday. == Thanks, Tarun ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] DNS Connectivity Issues
Today just after noon (edt) our Qwest internet connection (not the one the EDU server is on) went down. I was in the middle of upgrading the DNS servers so it frustrated that task enormously. Qwest seemed to have the service more or less restored by 4:30 PM or so. At that time I noticed an email from ATT saying that they had monitored outages on our ATT circuit (the one the EDU server is on). Apparently this was of an intermittent nature. Apparently Verizon had a fiber cut somewhere The result is that DNS was probably down for 5+ hours and the connection otherwise intermittent. There may still be DNS issues but I am too tired to dig too deeply until tomorrow. 65.118.27.2 was probably configured as a secondary dns in /etc/resolv.conf on edublog. It might be better to change that to 208.67.222.222 (opendns.org) as 65.118.27.2 is no long active. Glen _ Total Blog Directory http://www.totalblogdirectory.com ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Understanding the network scripts on F7-based XS
Martin Langhoff wrote: Our current network migration scripts are reportedly build on interfaces that are F7 specific. To reimplement them on F9, we need to understand what they do. Jerry is knowledgeable in F9's networking and has offered help with the port. The first step is to understand what the current scripts do - separated from the how. So I will try to outline the design and behaviour of the current scripts. The first point of entry is reading the whole Networking section in this page. All of it :-) http://wiki.laptop.org/go/XS_Configuration_Management#Networking Nice overview. It introduces - network_config - principal_config - auxiliary_config These scripts deal with - Configuring network interfaces - 1 NIC scenarios have eth0 as WAN / 2 NIC scenarios add eth1 as LAN - Can set preferential MAC address prefix for some interfaces. This can be used by the NOC team to get the right NIC setup as eth0. - Sets up the pair of ethX/mshY interfaces that are attached to every Active Antenna. - Sets up all the bridges between the interfaces considered LAN - Picking non-conflicting IP addresses for auxiliary servers. - Sets the router address for auxiliary servers - Very rough service chkconfig configuration for the auxiliary vs primary servers - Rough firewall config for primary/auxiliary servers That I can help with that also, I'm very (too?) familiar with shorewall, http://www.shorewall.net The top of each script - after the GPL - has an extensive comment explaining what it does. And after that, you can scroll down to the 'main' block -- I find both very readable. The scripts are here if you don't have a checkout http://dev.laptop.org/git?p=projects/xs-config;a=tree;f=fsroot.olpc.img/etc/sysconfig/olpc-scripts;h=dada76a2869dc95c5f538adfa45a2e538dc1d998;hb=HEAD Yea, was reading on the weekend. The 3 scripts make sense to me - - I would attack it with a get-to-work-stable-on-f9 focus, roughly: - Can we make the networking configuration work in a stable manner on F9? Might just work, as is, with what you have now, just not with Network-Manager at the moment. Do we need to hook into the events infrastructure so when an ethernet cable gets plugged into an if we do the right thing? Could we make it so that we autodetect and configure an AA on usb connection? That would be a Dbus/Network-Manager thing, your talking usb event driven responses here, right? - Can we allow additional MAC prefix preferences to be read from an optional config file so that a NOC team can override things easily? How many different MAC prefixes are there? Shoot can't find my web-link to a site that had a db of them all. - Can we consolidate the code / remove duplication? (trivial ;-) ) Could move all the functions into a single file to be sourced. - Can we remove the service mgmt from it? :-) Sorry, can't find part that at the moment, which file? Jerry, does that help? It is meant as a complement while reading the src... BTW, I am tracking this on https://dev.laptop.org/ticket/7672 Much clear thanks, reading src without context leaves you wondering... Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Need help: mounting usb devices on headless machines
Martin Langhoff wrote: On Thu, Aug 7, 2008 at 9:19 PM, Martin Langhoff [EMAIL PROTECTED] wrote: FWIW, I've imported the history into git, made some minor changes and it installs and works on F7. git git://dev.laptop.org/users/martin/usbmount.git gitweb http://dev.laptop.org/git?p=users/martin/usbmount.git;a=summary Right, Makefile and spec file in the repo linked above, initial SRPM right here. http://fedora.laptop.org/xs/testing/olpc/7/source/SRPMS/usbmount-0.15.4.olpc-1.xs7.src.rpm It's a trivial rpm, review patches welcome Are you going to submit it for review in Fedora? Rahul ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] VoIP
Martin Langhoff wrote: On Mon, Aug 11, 2008 at 4:35 AM, Tim Moody [EMAIL PROTECTED] wrote: What are the bandwidth requirements for these various voip strategies, sip, iax2? Not sure (google away!) - but the latency requirements very tight for many (most?) of our deployments. cheers, m Hi, Bandwidth requirements will depend on the underlying codec used to compress the audio. If you look at http://www.voip-info.org/wiki/index.php?page=Asterisk+bandwidth+iax2 you'll see approx. bandwidth numbers + overhead for different codecs. Speex info is at http://www.voip-info.org/wiki/view/Speex SIP simply establishes the connection and then hands it over to RTP (basically, SIP is establishing RTP ports on both sides). The significant difference between IAX and SIP is that IAX will use the same port for establishing the connection *and* for carrying the signal across (UDP 4569), which makes it easier to use across NATed networks. I've used IAX over three NATs (just for fun) and it still works:-) SIP over NAT is troublesome, the problem being that SIP establishes the RTP port of the *private* IP (behind the NAT fw), which isn't routable from the public side...it will work, but requires port forwarding or tunneling. See http://freshmeat.net/articles/view/2079/ for more details. So, we will need to pick a transport mechanism (SIP, IAX2, etc) and a codec that is good enough for low bandwidth requirements. Then there is the issue of jitter (jitter...sounds...like...this) which is now handled satisfactorily in Asterisk for IAX-based systems. Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor of Information Systems San Francisco State University San Francisco CA 94132 USA http://verma.sfsu.edu/ http://opensource.sfsu.edu/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] unregister from schoolserver
On Sun, Aug 10, 2008 at 23:55, Martin Langhoff [EMAIL PROTECTED] wrote: On Sun, Aug 10, 2008 at 8:15 PM, Simon Schampijer [EMAIL PROTECTED] wrote: I was wondering what should/must happen on the server side when an xo wants to unregister. Is there already a command for that? http://dev.laptop.org/ticket/7765 None on the server side, and I don't know if there should be one - there is no useful use case for it. It's OK for the XO to 'forget' its registration and not tell the server so as to be free to register to another server. Use cases are for testing and for change of school. The XS will probably learn (later) to forget accounts that it has not seen in a very long time. There is an ejabberdctl delete-older-users command mentioned on http://wiki.laptop.org/go/Ejabberd_Configuration#Tips to remove users who haven't logged in for some time period. Presence Service automatically reregisters on the jabber server if it gets an authentication error, so we don't track whether you are registed on the server or not, any more - it just does the right thing. Regards Morgan ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] installing a school server
Subject: Re: [Server-devel] installing a school server To: Joshua N Pritikin [EMAIL PROTECTED] Just to get something working, I installed Ubuntu with Squid/Dansguardian. I have about 200Gb of hard drive and 2G RAM. Can I get an ext2 image of the school server and load it on a logical partition? I prefer to store anything important on LVM+RAID1. Does the school server understand this disk format? Yes, but you will need to tweak the kickstart file on the image (no do your own partitioning option yet, sorry). By default, the XS install CD will wipe the disk and setup an LVM (w/o RAID). Joshua, I have documented some of the challenges with LVM+RAID1 here: http://wiki.laptop.org/go/User:Az990tony/edublog-beta-sw You can do RAID1 on a single drive, but it doesn't provide any added protection. To customize the XS ISO so that it allows your own partitioning, the process is here: http://wiki.laptop.org/go/User:Az990tony/squashfs-surgery Tony Pearson (az990tony)___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS
On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone [EMAIL PROTECTED] wrote: * What use cases are you trying to support? Insert a usb stick with content that is OK'd by the regional NOC (network operations centre) for execution/installation on the XS. * What threats obstruct supporting those use cases? Content could be modified on the way to insert evil sharks with frikking lasers into the XS. * What trust structure are you trying to create and how does it mitigate the threats while permitting the use cases? As I've written, we trust keys put in place at install time. Install time is privileged, root user is privileged. * What algorithms are you going to use and why? Whatever GPG uses for signatures, SHA1 for file integrity because I'd be an idiot to try and be smarter than crypto researchers. * What security properties are you trying to check? Signed by the NOC, not changed. (Perhaps you've already answered some of these basic questions elsewhere and you simply left out the citation?) I could cite ISBN: 978-0-7645-1679-5 :-) I'll look at JAR signing and olpc-contents. Thanks for the pointers... cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] [PATCH] Restrict XO users using rssh
As per ticket #7606, until now XO users have had full shell access over ssh. This (with related commits in ds-backup and xs-config), confines them to rsync over ssh only. The update_users.py script fixes existing users, while create_user will now set the shell of new users. The users' group is also set to xousers, which will allow further restrictions in due course. diff --git a/Makefile b/Makefile index c87dd6f..59b425d 100644 --- a/Makefile +++ b/Makefile @@ -20,16 +20,17 @@ CREATE_REGISTRATION = create_registration LIST_REGISTRATION = list_registration IDMGR_INIT = idmgr IDMGR_CONFIG = idmgr.conf +UPDATE_USERS = update_users.py # This is a directory (w. subdirectories) SERVER = idmgr/ # All scripts SRC_FILES = $(CONF_SRC)/$(CREATE_USER) $(CONF_SRC)/$(CREATE_REGISTRATION) \ $(CONF_SRC)/$(LIST_REGISTRATION) $(CONF_SRC)/$(IDMGR_INIT) \ - $(CONF_SRC)/$(IDMGR_CONFIG) + $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS) FILES = $(BIN_DST)/$(CREATE_USER) $(BIN_DST)/$(CREATE_REGISTRATION) \ $(BIN_DST)/$(LIST_REGISTRATION) $(INIT_DST)/$(IDMGR_INIT) \ - $(CONFIG_DST)/$(IDMGR_CONFIG) + $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS) # install rules $(DESTDIR): @@ -47,6 +48,9 @@ $(CONFIG_DST): $(DESTDIR) $(BIN_DST)/$(CREATE_USER): $(CONF_SRC)/$(CREATE_USER) $(BIN_DST) cp $(CONF_SRC)/$(CREATE_USER) $(BIN_DST) +$(BIN_DST)/$(UPDATE_USERS): $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST) + cp $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST) + $(BIN_DST)/$(CREATE_REGISTRATION): $(CONF_SRC)/$(CREATE_REGISTRATION) $(BIN_DST) cp $(CONF_SRC)/$(CREATE_REGISTRATION) $(BIN_DST) diff --git a/conf.schoolserver/create_user b/conf.schoolserver/create_user index 55e5cfe..40f63e3 100755 --- a/conf.schoolserver/create_user +++ b/conf.schoolserver/create_user @@ -38,11 +38,17 @@ read uuid read pubkey homedir=/library/users/$username +XO_USERS_GROUP=xousers + +#make sure the xousers group exists +getent group $XO_USERS_GROUP /dev/null 21 || groupadd $XO_USERS_GROUP if getent passwd $username /dev/null 21; then true # User exists -else -/usr/sbin/adduser -c $full_name -d $homedir $username || die Unable to create user +else +/usr/sbin/useradd -c $full_name -d $homedir \ +-G $XO_USERS_GROUP -s /usr/bin/rssh $username \ +|| die Unable to create user echo $uuid | passwd --stdin $username || die Unable to set password fi diff --git a/conf.schoolserver/update_users.py b/conf.schoolserver/update_users.py new file mode 100755 index 000..3684f08 --- /dev/null +++ b/conf.schoolserver/update_users.py @@ -0,0 +1,62 @@ +#!/usr/bin/python +# +# update_users.py +# +# In the past, when an XO user registered, they were given their own +# group and no more. Now we want them to all be in the same group +# because it makes the management of restricted ssh access (and +# possibly other things) easier. + +#The group we are using is xousers, and we're finding the XO users +# by the location of their home directories. + + +import os +import sys +import pwd, grp +import subprocess + +XO_USER_HOME = '/library/users' +XO_USER_GROUP = 'xousers' +RSSH_PATH = '/usr/bin/rssh' + +# first, make sure the group is there +# much like `getent group xousers || groupadd xousers` +try: +group = grp.getgrnam(XO_USER_GROUP) +except KeyError, e: +print sys.stderr, e +result = subprocess.call(['groupadd', XO_USER_GROUP]) +if result: +raise RuntimeError(couldn't add %s group % XO_USER_GROUP) + +# just make sure the rssh executable is there +if not os.access(RSSH_PATH, os.F_OK | os.R_OK | os.X_OK): +raise RuntimeError(%s seems to be missing or otherwise inaccessable % RSSH_PATH) + + +# now find each user who has a /library/users/* home directory and try +# to change their group. +# Execution will stop when one fails BUT any users who's groups have +# been changed will not be changed back. + +users = [ x for x in pwd.getpwall() + if os.path.dirname(x.pw_dir) == XO_USER_HOME ] + +for user in users: +#if for some reason the user's name isn't already a group (e.g., +#they were created with `usermod -g some-other-group`. +try: +group = grp.getgrnam(user.pw_name) +except KeyError, e: +print sys.stderr, e +result = subprocess.call(['groupadd', user.pw_name]) +if result: +raise RuntimeError(couldn't add %s group % XO_USER_GROUP) + +result = subprocess.call(['usermod', '-g', user.pw_name, '-G', XO_USER_GROUP, + '-s', RSSH_PATH, user.pw_name]) +if result: +raise RuntimeError(couldn't change group for user %s (out of %s) + % (user.pw_name, users)) + diff --git a/idmgr.spec b/idmgr.spec index 5616a7f..bc00da0 100644 --- a/idmgr.spec +++ b/idmgr.spec @@ -35,6 +35,8 @@ fi if [ ! -d /library/users/ ] ; then mkdir -p /library/users
[Server-devel] [PATCH] No passwords for XO users, and packaging improvements
XO users were being given their UUIDs as passwords, which was unnecessary. In case the user storage system changes again in the future, the post installation scripts reference /home/idmgr/storage_format_version to decide what to do. diff --git a/Makefile b/Makefile index 59b425d..fad74be 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ # This Makefile installs the OLPC ID Management Service NAME = idmgr -VERSION = 0.1.1 -RELEASE = 2 +VERSION = 0.1.2 +RELEASE = 3 ARCH = noarch # install root @@ -20,17 +20,17 @@ CREATE_REGISTRATION = create_registration LIST_REGISTRATION = list_registration IDMGR_INIT = idmgr IDMGR_CONFIG = idmgr.conf -UPDATE_USERS = update_users.py +UPDATE_USERS_01 = update_users_0_to_1.py # This is a directory (w. subdirectories) SERVER = idmgr/ # All scripts SRC_FILES = $(CONF_SRC)/$(CREATE_USER) $(CONF_SRC)/$(CREATE_REGISTRATION) \ $(CONF_SRC)/$(LIST_REGISTRATION) $(CONF_SRC)/$(IDMGR_INIT) \ - $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS) + $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS_01) FILES = $(BIN_DST)/$(CREATE_USER) $(BIN_DST)/$(CREATE_REGISTRATION) \ $(BIN_DST)/$(LIST_REGISTRATION) $(INIT_DST)/$(IDMGR_INIT) \ - $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS) + $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS_01) # install rules $(DESTDIR): @@ -48,8 +48,8 @@ $(CONFIG_DST): $(DESTDIR) $(BIN_DST)/$(CREATE_USER): $(CONF_SRC)/$(CREATE_USER) $(BIN_DST) cp $(CONF_SRC)/$(CREATE_USER) $(BIN_DST) -$(BIN_DST)/$(UPDATE_USERS): $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST) - cp $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST) +$(BIN_DST)/$(UPDATE_USERS_01): $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST) + cp $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST) $(BIN_DST)/$(CREATE_REGISTRATION): $(CONF_SRC)/$(CREATE_REGISTRATION) $(BIN_DST) cp $(CONF_SRC)/$(CREATE_REGISTRATION) $(BIN_DST) @@ -69,7 +69,7 @@ $(CONFIG_DST)/$(IDMGR_CONFIG): $(CONF_SRC)/$(IDMGR_CONFIG) $(CONFIG_DST) install: $(FILES) $(BIN_DST)/$(SERVER) # rpm target directory -RPMDIR = /usr/src/redhat +RPMDIR = $(PWD)/rpm NV = $(NAME)-$(VERSION) @@ -82,7 +82,7 @@ SOURCES: Makefile $(SRC_FILES) rm -rf $(NV) rpm: SOURCES - rpmbuild -ba --target $(ARCH) $(NAME).spec + rpmbuild -v --define _topdir $(RPMDIR) -ba --target $(ARCH) $(NAME).spec rm -f $(NV)-*.$(ARCH).rpm cp -p $(RPMDIR)/RPMS/$(ARCH)/$(NV)-$(RELEASE).$(ARCH).rpm . diff --git a/conf.schoolserver/create_user b/conf.schoolserver/create_user index 40f63e3..90d9315 100755 --- a/conf.schoolserver/create_user +++ b/conf.schoolserver/create_user @@ -44,12 +44,12 @@ XO_USERS_GROUP=xousers getent group $XO_USERS_GROUP /dev/null 21 || groupadd $XO_USERS_GROUP if getent passwd $username /dev/null 21; then -true # User exists +# $fullname may have changed. +/usr/sbin/usermod -c $full_name $username || die unable to change full name else /usr/sbin/useradd -c $full_name -d $homedir \ -G $XO_USERS_GROUP -s /usr/bin/rssh $username \ || die Unable to create user -echo $uuid | passwd --stdin $username || die Unable to set password fi userhome=`getent passwd $username | awk -F: '{print $6}'` diff --git a/conf.schoolserver/update_users.py b/conf.schoolserver/update_users.py deleted file mode 100755 index 3684f08..000 --- a/conf.schoolserver/update_users.py +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/python -# -# update_users.py -# -# In the past, when an XO user registered, they were given their own -# group and no more. Now we want them to all be in the same group -# because it makes the management of restricted ssh access (and -# possibly other things) easier. - -#The group we are using is xousers, and we're finding the XO users -# by the location of their home directories. - - -import os -import sys -import pwd, grp -import subprocess - -XO_USER_HOME = '/library/users' -XO_USER_GROUP = 'xousers' -RSSH_PATH = '/usr/bin/rssh' - -# first, make sure the group is there -# much like `getent group xousers || groupadd xousers` -try: -group = grp.getgrnam(XO_USER_GROUP) -except KeyError, e: -print sys.stderr, e -result = subprocess.call(['groupadd', XO_USER_GROUP]) -if result: -raise RuntimeError(couldn't add %s group % XO_USER_GROUP) - -# just make sure the rssh executable is there -if not os.access(RSSH_PATH, os.F_OK | os.R_OK | os.X_OK): -raise RuntimeError(%s seems to be missing or otherwise inaccessable % RSSH_PATH) - - -# now find each user who has a /library/users/* home directory and try -# to change their group. -# Execution will stop when one fails BUT any users who's groups have -# been changed will not be changed back. - -users = [ x for x in pwd.getpwall() - if os.path.dirname(x.pw_dir) == XO_USER_HOME ] - -for user in users: -#if for some reason the user's name isn't already a group (e.g., -#they
[Server-devel] [PATCH]More accurate idmgr shutdown status (#7653) and condrestart option.
The status returned by /etc/init.d/idmgr stop is less often the inverse of its actual success. /etc/init.d/idmgr start will not start if the daemon is already running. /etc/init.d/idmgr condrestart works. diff --git a/conf.schoolserver/idmgr b/conf.schoolserver/idmgr index d7a6d9f..23f1c7f 100755 --- a/conf.schoolserver/idmgr +++ b/conf.schoolserver/idmgr @@ -33,11 +33,12 @@ prog=idmgr SERVER=/home/idmgr/idmgr/server.py RETVAL=0 + start() { # Start daemons. echo -n Starting $prog: export PYTHONPATH=/home/idmgr/:/home/idmgr/idmgr/simplejson-1.7.1-py2.5.egg - daemon $SERVER $OPTS +daemon --pidfile=${PID_FILE} $SERVER $OPTS RETVAL=$? return $RETVAL } @@ -45,8 +46,10 @@ start() { stop() { # Stop daemons. echo -n Shutting down $prog: - kill `cat $PID_FILE` + killproc -p ${PID_FILE} -d 10 $prog RETVAL=$? + echo + [ $RETVAL = 0 ] rm -f ${PID_FILE} return $RETVAL } @@ -63,12 +66,19 @@ case $1 in start RETVAL=$? ;; + condrestart) + if [ -f $PID_FILE ] ; then + stop + start + RETVAL=$? + fi + ;; status) status idmgr $PID_FILE RETVAL=0 ;; *) - echo $Usage: $0 {start|stop|restart|status} + echo $Usage: $0 {start|stop|restart|condrestart|status} exit 1 esac ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] [PATCH] Utility function for the batch removal of XO users
This removes the named XO users from both the SQL and system databases. To remove all users, use something like /home/idmgr/remove_user `sqlite3 /home/idmgr/identity.db \ select serial from laptops` diff --git a/Makefile b/Makefile index fad74be..1065310 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ NAME = idmgr VERSION = 0.1.2 -RELEASE = 3 +RELEASE = 5 ARCH = noarch # install root @@ -16,6 +16,7 @@ CONF_SRC = conf.schoolserver # Scripts CREATE_USER = create_user +REMOVE_USER = remove_user CREATE_REGISTRATION = create_registration LIST_REGISTRATION = list_registration IDMGR_INIT = idmgr @@ -27,10 +28,12 @@ SERVER = idmgr/ # All scripts SRC_FILES = $(CONF_SRC)/$(CREATE_USER) $(CONF_SRC)/$(CREATE_REGISTRATION) \ $(CONF_SRC)/$(LIST_REGISTRATION) $(CONF_SRC)/$(IDMGR_INIT) \ - $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS_01) + $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS_01) \ + $(CONF_SRC)/$(REMOVE_USER) FILES = $(BIN_DST)/$(CREATE_USER) $(BIN_DST)/$(CREATE_REGISTRATION) \ $(BIN_DST)/$(LIST_REGISTRATION) $(INIT_DST)/$(IDMGR_INIT) \ - $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS_01) + $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS_01) \ + $(BIN_DST)/$(REMOVE_USER) # install rules $(DESTDIR): @@ -48,6 +51,9 @@ $(CONFIG_DST): $(DESTDIR) $(BIN_DST)/$(CREATE_USER): $(CONF_SRC)/$(CREATE_USER) $(BIN_DST) cp $(CONF_SRC)/$(CREATE_USER) $(BIN_DST) +$(BIN_DST)/$(REMOVE_USER): $(CONF_SRC)/$(REMOVE_USER) $(BIN_DST) + cp $(CONF_SRC)/$(REMOVE_USER) $(BIN_DST) + $(BIN_DST)/$(UPDATE_USERS_01): $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST) cp $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST) diff --git a/conf.schoolserver/remove_user b/conf.schoolserver/remove_user new file mode 100755 index 000..47926ae --- /dev/null +++ b/conf.schoolserver/remove_user @@ -0,0 +1,7 @@ +#!/bin/sh + +for serial; do +echo $serial | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' || exit 1 +sqlite3 /home/idmgr/identity.db DELETE FROM laptops WHERE serial = '$serial' || exit 1 +userdel $serial +done \ No newline at end of file diff --git a/idmgr.spec b/idmgr.spec index b405560..dd6f1f0 100644 --- a/idmgr.spec +++ b/idmgr.spec @@ -4,7 +4,7 @@ Summary: XS Registration Manager Name: idmgr Version: 0.1.2 -Release: 3 +Release: 5 License: GPL Group: Base System/System Tools URL: http://dev.laptop.org/git.do?p=projects/idmgr;a=summary @@ -79,6 +79,7 @@ rm -rf $RPM_BUILD_ROOT /etc/idmgr.conf /home/idmgr/create_registration /home/idmgr/create_user +/home/idmgr/remove_user /home/idmgr/update_users_0_to_1.py /home/idmgr/update_users_0_to_1.pyo /home/idmgr/update_users_0_to_1.pyc ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] [PATCH] More checking and logging of registration information.
The create_user script tries to give useful information to syslogd, and ensures that the username it is given is a valid XO serial. It also checks the ssh public key, but is not terribly strict. If a system user is created but some later process fails, create_user tries to remove the user. server.py also takes better notice the values it receives, and will fail if the username or public key contain multiple lines. The way errors are handled has also been changed, to reduce dupication. If the server.py script is called without a pidfile argument, it runs in the foreground and prints messages on stderr. Previously it would have crashed. diff --git a/conf.schoolserver/create_user b/conf.schoolserver/create_user index 90d9315..4a6f90f 100755 --- a/conf.schoolserver/create_user +++ b/conf.schoolserver/create_user @@ -21,22 +21,33 @@ # This script creates a user account for the registration server # # echo entering as `whoami` /tmp/create_user.log +LOG_LEVEL=user.warning +LOG_TAG=olpc_idmgr if [ `whoami` != root ]; then -# echo execing as root /tmp/create_user.log -exec sudo -S $0 /tmp/create_user.log 21 +exec sudo -S $0 fi +log() { +echo $1 | logger -t $LOG_TAG -s -p $LOG_LEVEL +} + die() { -echo $1 12 +log $1 exit 1 } read username read full_name -read uuid +read uuid #unused! read pubkey +# check for sane values +export LC_ALL=C +echo $username | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' /dev/null || die bad username +echo $pubkey | grep -s -E '^[A-Za-z0-9+/=]+$' /dev/null || die bad public key + + homedir=/library/users/$username XO_USERS_GROUP=xousers @@ -46,16 +57,34 @@ getent group $XO_USERS_GROUP /dev/null 21 || groupadd $XO_USERS_GROUP if getent passwd $username /dev/null 21; then # $fullname may have changed. /usr/sbin/usermod -c $full_name $username || die unable to change full name -else +NEW_USER=0 +else /usr/sbin/useradd -c $full_name -d $homedir \ -G $XO_USERS_GROUP -s /usr/bin/rssh $username \ || die Unable to create user +NEW_USER=1 fi +#from here, if a new user was created, a failure will leave the user +#there but unconfigured. So rather than simply dying, we try to clean +#up first. + +clean_up_and_die(){ +log $1 +if [ $NEW_USER == 1 ]; then +log deleting half-created user +/usr/sbin/userdel $username || log ... failed! +fi +exit 1 +} + + userhome=`getent passwd $username | awk -F: '{print $6}'` -cd $userhome +cd $userhome || clean_up_and_die Couldn't cd into user's home directory + +mkdir -p --mode=700 .ssh || clean_up_and_die Unable to mkdir .ssh +echo ssh-dss $pubkey .ssh/authorized_keys || clean_up_and_die Unable to set up authorized_keys +chmod 600 .ssh/authorized_keys || clean_up_and_die Unable to chmod authorized_keys +chown -R $username .ssh || clean_up_and_die Unable to chown .ssh -mkdir -p --mode=700 .ssh || die Unable to mkdir .ssh -echo ssh-dss $pubkey .ssh/authorized_keys || die Unable to set up authorized_keys -chmod 600 .ssh/authorized_keys || die Unable to chmod authorized_keys -chown -R $username .ssh || die Unable to chown .ssh +#clean_up_and_die goodbye \ No newline at end of file diff --git a/idmgr/server.py b/idmgr/server.py index 06b9bcb..9a4c164 100755 --- a/idmgr/server.py +++ b/idmgr/server.py @@ -42,11 +42,16 @@ IDMGR_CONFIG_FILE = '/etc/idmgr.conf' # Default maximum for the number of available file descriptors. MAXFD = 1024 +# Port on which to listen + +PORT = 8080 + # The specs are a little unclear on the encoding of UUIDs, so be # flexible in what we accept uuidre = re.compile(r'[a-fA-F0-9-]{32,40}') serialre = re.compile(r'^[A-Z]{3}[A-F0-9]{8}$') +base64re = re.compile(r'^[A-Fa-z0-9+/=]+$') # The standard I/O file descriptors are redirected to /dev/null by default. if (hasattr(os, devnull)): @@ -69,12 +74,12 @@ def createDaemon( pidfilename ): # unless we stop executing due to failure. # import signal # Set handlers for asynchronous events. # signal.signal(signal.SIGHUP, signal.SIG_IGN) - + try: pid = os.fork()# Fork a second child. except OSError, e: raise Exception, %s [%d] % (e.strerror, e.errno) - + if (pid == 0): # The second child. # Since the current working directory may be a mounted filesystem, # we avoid the issue of not being able to unmount the filesystem at @@ -87,10 +92,10 @@ def createDaemon( pidfilename ): try: pidfile = open( pidfilename, w ); pidfile.write( str( pid ) ); -pidfile.write( \n ); +pidfile.write( \n ); pidfile.close(); except OSError, e: -syslog.openlog( 'olpc_idmgr', 0, syslog.LOG_DAEMON ) +syslog.openlog( 'olpc_idmgr', 0,
Re: [Server-devel] Warning: breakage updating xs-config
On Tue, Aug 12, 2008 at 1:49 AM, Jerry Vonau [EMAIL PROTECTED] wrote: Martin Langhoff wrote: A few weeks ago Bryan and David reported breakage with xs-config, and over the last week over various tests we've had xs-config updates making a mess of already-configured XS setups. I haven't had a chance to look at it but yes, it is a high priority bug, and I'll be working on it asap. Sorry, coming up to speed, Ticket number? Got some info on the method used, and what failed? #7708 - If you just install an XS, do the basic config (domain_config, etc) and then install a new xs-config, the install mechanism makes a mess. One tell-tale sign is that the files edited by domain_config are overwritten. Diagnosing more later... Based on my F9 testing, while you have xs-config open, can you remove syslogd from the requires? Syslogd will still be installed based on the comp.xml file anyway. Without removing this requires from xs-config, updating past F7 becomes impossible as syslogd was later renamed/replaced. What is the new name? The depends is there because we do override /etc/syslogd.conf The same goes for newt-perl in xs-pkgs. The package radvd also gave me problems, although I don't recall why. I'll look into removing those. I ended up re-rolling xs-config and xs-pkgs to exclude these above packages. F9 now installs the xs-config package, with one problem, the symlinks in /etc/rc.d/rc1.d/ 23456... don't get created, looks like those need to be copied over also with F9. Ok. Some other links were installed as file.olpcnew. also. I'll put together a list later if you want it. Interesting. Short term plan is to fix it promptly. Long term plan -- discussed with Wad this morn -- is to break xs-config into various parts: - For daemons that accept a parameter pointing to the config file (named for example) we should disable the daemon permanently via chkconfig and install an alternative init script (named-olpc) which points to a different config file (/etc/named-olpc.conf). - For files where we want to search/replace values (as we do with domain_config_ we should ship a template file (/etc/named-olpc.conf.in) with placeholders (@@BASEDOMAIN@@). So domain_config gets simplified a lot and becomes more reliable too. - We prefer conf.d arrangements where possible - and in those cases, avoid the symlink mess. - For actually hardcoded-name files we need to override (ie: /etc/rssh.conf) we can use a version-control scheme (git based probably). - And dismantle the symlink mess we have... cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS
On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone [EMAIL PROTECTED] wrote: If you're more interested 'signed content lives in archives', then JAR-signing might be for you! JARs look good but there don't seem to be decent cli tools to deal with them (can fastjar sign and check sigs in packages?) and big Java deps for the core XS are not in my plans. cheers. m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] EduBlog: Status
Hi team, Good news! Marcel was able to install abiword 2.6.3 from the Fedora 9 repository and all the features of EduBlog are decently working. I've recreated the demo student and teacher accounts and linked it to uruguay-xo-test. I'll update the wiki with the exact links needed to go through the use cases tomorrow and also try to work out a few rendering bugs with the css differences between abiword, tinymce, moodle and blogger. Many thanks to Tony and Glen in getting the server back online and to Marcel for getting abiword conversion working! Thanks, Tarun ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] XS inconvenientes
2008/8/12 Henry Vélez [EMAIL PROTECTED]: Estoy guiándome por las indicaciones del Wiki en : http://wiki.laptop.org/go/XS_Configuration_Management y estoy utilizando la versión 163. Necesitamos mas datos :-) Que comandos - exactamente - le estas dando al XS? Pero no he podido ver desde las XO o desde otro pc Que has probado? Como te has conectado? abrazos, martin -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS
On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone [EMAIL PROTECTED] wrote: If you want to go the route of 'signed content lives in directories', then please examine the programs in olpc-contents http://wiki.laptop.org/go/Olpc-contents and let us know in what way they can be improved before writing your own. olpc-contents is fairly close to what I am doing. I am thinking about a few things I want moderately technical people to be able to build and check these bundles (usb based or otherwise) on any modern OS: * What I want from olpc-contents is mostly what sha1sum does, and sha1sum is very portable and widespread - even some GUIs are available. * olpc-contents not being self-contained and not being pure Python hampers things further. IOWs, I cannot say just download this portable python script. Of what olpc-contents adds, I only care about the check for extraneous files. Other bits -- file owners and permissions -- I don't need, and in fact get in the way. I would need a version of olpc-contents that does not include (and later, does not care for) file ownership or mode data. So it's close enough, but it gets in the way in a big time. Just picture the instructions: - Only Windows users: install sha1sum from here - link to exe (sha1sum is in stock OSX and Linuxen) - create an empty dir and put what you want inside - check no stray files are there - run 'sha1sum * manifest.md5' - Windows users, here's an alternative GUI if you want... to - Debian/Fedora users - here's a nice rpm deb - Everyone else: install this python script with its related libraries and bits in C... various pages of explanations based on http://docs.python.org/ext/win-cookbook.html - I quote: To build extensions using these instructions, you need to have a copy of the Python sources of the same version as your installed Python. You will need Microsoft Visual C++ ``Developer Studio''... - create empty dir... Must say - I've read the source and it's a good tool. However my thinking right now is that it doesn't add enough for my use case, and it gets in the way big-time. Just to make it usable for the use cases I have will take several times more work to make it usable than to write the little script I'm thinking of. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel