date:20080811

We are not 100% atomic when we install a new build. If the
contents file is missing, something is amiss. rm-fr and start
again...
---
 xs-refresh-xobuilds.py |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/xs-refresh-xobuilds.py b/xs-refresh-xobuilds.py
index c99dc15..5d2b802 100755
--- a/xs-refresh-xobuilds.py
+++ b/xs-refresh-xobuilds.py
@@ -83,7 +83,9 @@ def main():
 for buildname in buildsbyname.keys():
 bpath = os.path.join(BUILDSDIR,buildname)
 ppath = os.path.join(PACKEDDIR,buildsbyname[buildname])
-if options.force or not os.path.exists(bpath):
+if (options.force
+or not os.path.exists(bpath)
+or not os.path.exists(os.path.join(bpath,'contents'))):
 installcmd = [ 'sudo', '-u', 'xs-rsync',
os.path.join(os.path.dirname(sys.argv[0]), 
'xs-publish-xobuild.py') ]
 if options.force:
-- 
1.5.5.1

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] [PATCH] Add support for usbmount triggers in xs-rsync

This is the first user of usbmount, so several things
to note...

 - The usbmount scripts don't get a tty, which means
   that we need sudo to allow nontty usage (changed
   in xs-config for root)

 - We check manifest.md5 with a custom utility called
   xs-check-signature, initially a wrapper around md5sum
   that ensures that all files in the directory are in
   the manifest. This script is not included here.

 - We use /usr/bin/logger (to syslog) for output and
   logging, we log to the 'user' facility. Moodle will
   later have a 'tail -f /var/log/user.log'.

 - Stock syslog.conf in fedora drop the user messages,
   so xs-config has been updated to log to user.log

 - It is important to show progress towards completion
   so each msg has an indication of how far along we are.

 - We'll need to localise these. Tricky -
---
 Makefile|2 +
 usbmount-50-xs-rsync-installcontent |   62 +++
 xs-rsync.spec.in|2 +
 3 files changed, 66 insertions(+), 0 deletions(-)
 create mode 100755 usbmount-50-xs-rsync-installcontent

diff --git a/Makefile b/Makefile
index 729b0b4..f78173f 100644
--- a/Makefile
+++ b/Makefile
@@ -82,6 +82,8 @@ install:
install -D -m 644 xinetd-xs-rsyncd.conf 
$(DESTDIR)/etc/xinetd.d/xs-rsyncd
install -D -m 644 crond-xs-rsync.conf   $(DESTDIR)/etc/cron.d/xs-rsync
 
+   install -D -m 755 usbmount-50-xs-rsync-installcontent 
$(DESTDIR)/etc/usbmount/mount.d/50-xs-rsync-installcontent
+
# root owned
install -D -d $(DESTDIR)/library/xs-rsync
install -D -d $(DESTDIR)/library/xs-rsync/xobuilds-packed
diff --git a/usbmount-50-xs-rsync-installcontent 
b/usbmount-50-xs-rsync-installcontent
new file mode 100755
index 000..9bfeed4
--- /dev/null
+++ b/usbmount-50-xs-rsync-installcontent
@@ -0,0 +1,62 @@
+#!/bin/bash -x
+# Part of the xs-sync package
+# Author: Martin Langhoff [EMAIL PROTECTED]
+# Copyright: One Laptop per Child
+
+set -e
+
+VERBOSE=no
+
+# Log a string via the syslog facility.
+log()
+{
+if test $1 != debug || expr $VERBOSE : [yY]  /dev/null; then
+   logger -p user.$1 -t xs-rsync[$$] -- $2
+fi
+}
+STEPS=5
+
+if [ -e $UM_MOUNTPOINT/xs-xobuilds -a \
+ -e $UM_MOUNTPOINT/xs-xobuilds/manifest.md5 ];then
+log notice 'Found xobuilds to install!';
+log notice [1/$STEPS] Checking signature];
+
+xs-check-signature $UM_MOUNTPOINT/xs-xobuilds/manifest.md5
+
+log notice [2/$STEPS] Checking checksum on external disk;
+pushd $UM_MOUNTPOINT/xs-xobuilds
+md5sum -c manifest.md5
+popd
+
+## Do we have enough space?
+# note: we could use awk {'print $4'} instead of the
+# perl regex, but it breaks with long /dev nodes
+# such as those from LVMs -which wrap. The regex captures the
+# number just left of the number with the percentage sign.
+NEED=`du -s -B1M $UM_MOUNTPOINT/xs-xobuilds | awk {'print $1'}`
+HAVE=`df -B1M /library/xs-rsync | tail -n1 | \
+ perl -pe 'm/(\d+)\s+\d+\%/; $_=$1;'`
+if [ $NEED -gt $HAVE ];then
+   log err 'Not enough free space in /library for this xo image - 
cancelling';
+   exit 1;
+fi
+
+### Copy it first - as the media is bound to be slow
+# - make this atomic by cp'ing to a tmpdir, and mv'ing into place
+#   to be fail-safe
+# - remove - manifest.md5
+# - TODO? we could avoid cp'ing files we already have using
+#   rsync --copy-dest instead of cp
+#
+log notice [3/$STEPS] Copying xo-builds to xobuilds-packed;
+TMPDEST=`mktemp -d -p /library/xs-rsync/tmp`
+cp $UM_MOUNTPOINT/xs-xobuilds/* $TMPDEST
+rm $TMPDEST/manifest.md5
+mv $TMPDEST/* /library/xs-rsync/xobuilds-packed/
+
+log notice [4/$STEPS] Refreshing XO builds available;
+(/usr/bin/xs-refresh-xobuilds.py 21 ) | logger -p user.debug -t 
xs-rsync[$$]
+log notice [5/$STEPS] Finished - XOs can now update.;
+
+
+fi # end if we have xs-xobuilds/manifest.md5
\ No newline at end of file
diff --git a/xs-rsync.spec.in b/xs-rsync.spec.in
index 0fc0c46..3b0f103 100644
--- a/xs-rsync.spec.in
+++ b/xs-rsync.spec.in
@@ -20,6 +20,7 @@ Requires:   fakeroot
 Requires:   fakechroot
 Requires:   bash
 Requires:   vixie-cron
+Requires:   usbmount
 
 %description
 XS rsync provides support for publishing resources on the XS via rsync.
@@ -79,6 +80,7 @@ make install DESTDIR=$RPM_BUILD_ROOT
 %config(noreplace) %{_sysconfdir}/xs-rsyncd.conf.in
 %config(noreplace) %{_sysconfdir}/xinetd.d/xs-rsyncd
 %config(noreplace) %{_sysconfdir}/cron.d/xs-rsync
+%config(noreplace) %{_sysconfdir}/usbmount/mount.d/50-xs-rsync-installcontent
 %dir  /library/xs-rsync/xobuilds-packed
 %attr(755, xs-rsync, xs-rsync) %dir /library/xs-rsync/pub
 %attr(755, xs-rsync, xs-rsync) %dir /library/xs-rsync/pub/builds
-- 
1.5.5.1

___
Server-devel mailing list
Server-devel@lists.laptop.org

Re: [Server-devel] Need help: mounting usb devices on headless machines

2008-08-11 Thread James Cameron

On Mon, Aug 11, 2008 at 12:49:06PM +1200, Martin Langhoff wrote:
 Well, it *seems* that I cannot get a bell to sound on any of the
 systems I can get my hands on today. [...]

Systems that route the PC speaker into the mixer will also need
alsamixer settings changed accordingly.

-- 
James Cameronmailto:[EMAIL PROTECTED] http://quozl.netrek.org/
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] Warning: breakage updating xs-config

A few weeks ago Bryan and David reported breakage with xs-config, and
over the last week over various tests we've had xs-config updates
making a mess of already-configured XS setups. I haven't had a chance
to look at it but yes, it is a high priority bug, and I'll be working
on it asap.

Earlier updates to xs-config had been mainly tested in new installs or
unconfigured XS setups. I also probably blamed something else for the
breakage when I saw it. Now it's pretty clear and unambiguous *why*
things are broken.

I wish I had spotted this earlier - /


m
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] Warning: breakage updating xs-config

2008-08-11 Thread Jerry Vonau

Martin Langhoff wrote:
 A few weeks ago Bryan and David reported breakage with xs-config, and
 over the last week over various tests we've had xs-config updates
 making a mess of already-configured XS setups. I haven't had a chance
 to look at it but yes, it is a high priority bug, and I'll be working
 on it asap.
 
Sorry, coming up to speed, Ticket number? Got some info on the method 
used, and what failed?

 Earlier updates to xs-config had been mainly tested in new installs or
 unconfigured XS setups. I also probably blamed something else for the
 breakage when I saw it. Now it's pretty clear and unambiguous *why*
 things are broken.
 
 I wish I had spotted this earlier - /

Based on my F9 testing, while you have xs-config open, can you remove 
syslogd from the requires? Syslogd will still be installed based on the 
comp.xml file anyway. Without removing this requires from xs-config, 
updating past F7 becomes impossible as syslogd was later 
renamed/replaced. The same goes for newt-perl in xs-pkgs. The package 
radvd also gave me problems, although I don't recall why. I ended up 
re-rolling xs-config and xs-pkgs to exclude these above packages. F9 now 
installs the xs-config package, with one problem, the symlinks in 
/etc/rc.d/rc1.d/ 23456... don't get created, looks like those need to be 
copied over also with F9. Some other links were installed as 
file.olpcnew. also. I'll put together a list later if you want it.

Jerry


___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-11 Thread Michael Stone

Martin,

Thanks for your note. Unfortunately, it left me with more questions than
with answers. Some questions include:

  * What use cases are you trying to support?
  
  * What threats obstruct supporting those use cases?
  
  * What trust structure are you trying to create and how does it
mitigate the threats while permitting the use cases?
  
  * What algorithms are you going to use and why? 
  
  * What security properties are you trying to check?

(Perhaps you've already answered some of these basic questions elsewhere
and you simply left out the citation?)

Two other comments:

If you want to go the route of 'signed content lives in directories',
then please examine the programs in olpc-contents
   
   http://wiki.laptop.org/go/Olpc-contents

and let us know in what way they can be improved before writing your
own.

If you're more interested 'signed content lives in archives', then
JAR-signing might be for you!

Regards,

Michael

P.S. - In the future, please consider CC'ing the security@ list when you
write security-related mail. Interesting people live there.
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] EduBlog: Looking for comments/bugs

Hi! I've got good and bad news.

I tried BrowseNew, and it works fine for pictures uploading! As you can see,
I could upload pictures from an XO for the edublog. Question: Isn't it
possible to resize the picture?

I also tried pasting pictures from the clipboard and from Write (Ctrl-C
Ctrl-V) but it didn't work.

Finally, I tried to upload a picture to make a new post from Blogger, but it
just doesn't work :-( It seems popups are not working properly in this
browser, so I can get to the picture upload page, select the image to
upload, upload it, but I can never close the file uploading window! You can
see the screenshot of the Uploading window in
http://uruguay-xo-test.blogspot.com/2008/07/no-button.html... From this
page, you can't go back to the post editing page :( I wonder if this version
of the browser won't introduce new troubles...

Saludos,
Pablo Flores

On Wed, Jul 23, 2008 at 11:15 AM, Greg Smith [EMAIL PROTECTED]wrote:

Hi All,

We are so close!! Awesome team! Now lets bring it home...

We have a new version of browse. It only works on build 656 so do not
install it on other images.

Get it from: http://olpc.betarun.com/BrowseNew-1.xo

Just point your XO browser at that and it will install.

Can someone test the workflow of:
1 - create text and image in write
2 - open new browse
3 - go to EduBlog (you can use
http://olpc.betarun.com/dev/ui/student_sp.php if the new URL/login is
not clear)
4 - pick what you created from the journal/file picker and upload it to
the blog.

I'd like to hear that working on build 656 before I ask the alpha test
teachers to try it. Please also give the new browser and the whole XO a
sniff test to see if there are any regressions due to this new browse.

Tarun,

These instructions are good:
http://wiki.laptop.org/go/EduBlog_Instructions

but I need to the URLs and logins (leave the password out). The shorter
the URL the better so maybe we will need a home page but leave that
for later. Add the links to the doc and I think we are ready for alpha
test.

If its not too hard, I think the new write with name changed and in .xo
format may be useful. If you can make and post that too, I think we may need
it.

FYI I pasted the Moodle instructions and URLs below.

E-mail me for a password if you want to try this out.

Thanks,

Greg S

Hi,

I just did a test, and it looks like everything is working decently. I'd be
happy to hear anyone's comments on the UI and if there are any major bugs
that need to be fixed before the beta test. Please don't send these links
out to too many people, they are to the unstable version. When everything
is working, it will be transferred to the stable area linked to from the
main site. (Also why I did not send this out to any public list).

For testing, I've only made three accounts: tarun (Admin), student,
teacher. All three have the root password as the password. The pages that
comprise EduBlog (only one blog set up right now) are:

Local Blog (Need Student Login):
http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/view.php?id=3
New Post (Need Student Login):

http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2
New Blog (Need Teacher Login):

http://edublog.venango.org/test/EduBlog/moodle/course/modedit.php?add=oublogtype=course=2section=0return=0
Manage Remote Blogs (Need Teacher Login):

http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/manageremoteblogs.php

Anyone using build 656 will need to install a patched version of Browse to
get the image upload to work. I had planned on attaching these, but my mail
client is not cooperating with me at the moment. I will send them out
later. You will need to remove the old versions first. Image upload also
still needs to be made IE compatible. Other features all work in IE.

It should take you to a login screen and after logging in, you should see
the appropriate page.

There are a few critical bugs I've already found, so please don't report
these:
1) Required message shows up on tinyMCE with content and has to be
submitted twice.
2) Clicking manage remote blogs when creating a blog results in loss of
data entered.
3) Preview does not work on XO. The IFrame ends up being blank.
4) Kids cannot post directly, teachers have to do publishing (more of an
added feature than a bug)

We also need to resolve how to do auth. Two ideas come to mind: Name Only
(No PW), Rename Password to Birthday or something the kids will be familiar
with (a tiny bit more secure). In both cases, I'm trying to figure out how
to make the info stored in a cookie so they will have to login infrequently.

Support for uploading from Write will be challenging. The version of
libabiword in 656 does not properly support any popular format that I am
aware of despite what abiword says (tried rtf and odt and xhtml) (xhtml does
not do images, odt and rtf just don't work). This means I need to figure
out how to

Re: [Server-devel] Static Ip settings

2008-08-11 Thread Tom Mitchell

The comment about Debian version  reminds me to ask about man and info pages.
Is there a set of man pages that matches the packages for various XO
installations?   Since XO disk space is small I expect an online or
school server
cache

On Sat, Jul 26, 2008 at 5:08 PM, James Cameron [EMAIL PROTECTED] wrote:
 On Sun, Jul 27, 2008 at 09:40:04AM +1100, David Leeming wrote:
 Thanks James, I think this was a case of a typo and fixation with the
 error staring me in the face!! Sometimes one should look for the
 obvious!!!

 ;-)

 I used the Debian version of ipcalc in my reply.  Should you need it,
 another variant of ipcalc is on the XO, as part of the initscripts
 package, but it has different syntax ...

 $ ipcalc --netmask 202.0.158.96/29
 NETMASK=255.255.255.248

 --
 James Cameronmailto:[EMAIL PROTECTED] http://quozl.netrek.org/
 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel




-- 
 T o m M i t c h e l l
 mitch-at-niftyegg-dot-com
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] EduBlog: Looking for comments/bugs

With the moodle interface I just couldn't upload a picture from the XO...

Saludos,
Pablo Flores


On Wed, Jul 23, 2008 at 2:38 PM, Tarun Pondicherry 
[EMAIL PROTECTED] wrote:

 Hi Pablo,

 I tried BrowseNew, and it works fine for pictures uploading! As you can
 see, I could upload pictures from an XO for the edublog. Question: Isn't it
 possible to resize the picture?

 I think the problem I found is different than what you are reporting.  Can
 you see if the issue also arises for you from the Moodle post blog page?

 http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2

 Clicking on the image should give you resize handles and let you resize it.

 Thanks,
 Tarun


___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] Testing EduBlog

I've just done a test sequence on EduBlog and have a lot of comments and
questions, so let's start step by step...

*Creating a new blog
*

- The login page isn't in spanish
- I'm not sure how to manage users with EduBlog I think we should
start a wiki page to start documenting (and discussing it). Volunteers? :-)
- In the Adding a new OU blog form, I can't access the Manage Remote
Blogs button, it takes me to a page that says Sorry, but you do not
currently have permissions to do that ([[oublog:manageremoteblogs]]) More
information about this
errorhttp://docs.moodle.org/en/error/moodle/nopermissions.
*
- It would be better if some options could be hidden, like Common module
settings.

*New blog post*

- From the moodle interface, I couldn't upload any picture. I could use
the other interface (

http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2),
but with this one I cannot select the blog to post to. *
- I tried to upload a Write document, but I couldn't from any of the
interfaces (am I doing right? I tried to upload the file as an image).

I marked with * the points I find more important.

I also would like to summarize some points of how the daily work would be.
Let's see...

- First of all, the teacher will have to get a user and password for the
system.
- The teacher creates a new blog using the interface

http://edublog.venango.org/test/EduBlog/moodle/course/modedit.php?add=oublogtype=course=2section=0return=0
- All of her children have to get a user and password.
- Then, the teacher can propose some work to be done, for which children
will have to make their posts to the blog. To do so, children will have to
access to the blog page (the moodle one), and click on New blog post.
- As children submit their posts, the teacher will be able to see them in
the blog page. Children will only see their own posts and the ones already
approved by the teacher. Question: How can a child know if his post was
approved?
- The approved posts will go public, depending on the configuration: If
there is a remote blog configured (blogspot for instance), they will appear
there. If it's local only, it will be seen by others, depending on the
visibility configuration of the blog.

All agree with this?

Saludos,
Pablo Flores
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] Testing EduBlog

Saludos,
Pablo Flores

On Wed, Jul 30, 2008 at 5:34 AM, Tarun Pondicherry
[EMAIL PROTECTED] wrote:

Hi,

*Creating a new blog
*

* The login page isn't in spanish

The UI can be switched to Spanish easily, this will be done in the next
update after we get abiword working.

Great!

* I'm not sure how to manage users with EduBlog I think we
should start a wiki page to start documenting (and discussing
it). Volunteers? :-)

I'm not sure the best way either. There are many many options. I
thought the easiest is to just do a bulk upload of all the students. We can
also allow students to register themselves or an admin to enter all of them.
Comments on which would be best would be really helpful. Students also
should only have to login once.

Yes, maybe the best way is making a registration form. Once the child is
registered, it shouldn't be asked the user/password everytime, it should
stay registered in the laptop.
One important feature would be letting children use different registration
systems, like OpenId... Having many user/password is very confusing for
children and even more for teachers!

* In the Adding a new OU blog form, I can't access the Manage
Remote Blogs button, it takes me to a page that says Sorry,
but you do not currently have permissions to do that
([[oublog:manageremoteblogs]]) More information about this error
http://docs.moodle.org/en/error/moodle/nopermissions. *

I will look into this, but you need teacher not student login. If you
are logged in as student, you would have to logout.

It doesn't work logged in as teacher.

Do teacher's and students share the same machine?

Let's assume that teacher do their managing tasks (creating blogs, etc.)
from their own laptops.

* It would be better if some options could be hidden, like Common
module settings.

This will be done in the next update. There is button to show all the
advanced options at the bottom if needed.

Ok.

*New blog post*

* From the moodle interface, I couldn't upload any picture. I
could use the other interface
(
http://edublog.venango.org/test/EduBlog/moodle/mod/oublog/editpost.php?blog=2
),
but with this one I cannot select the blog to post to. *

For this demo, there was only one blog. The jump to link at the top
right was to be used to select other blogs. Perhaps it should be
repositioned?

Mmmh... students should select the blog in which they'll be working before
starting to write the post... otherwise could lead to a lot of confussion in
the class...

* I tried to upload a Write document, but I couldn't from any of
the interfaces (am I doing right? I tried to upload the file as
an image).

Not implemented yet, hopefully this will work after we get abiword on the
server.

Ok.

I also would like to summarize some points of how the daily work would be.
Let's see...

* First of all, the teacher will have to get a user and password
for the system.
* The teacher creates a new blog using the interface

http://edublog.venango.org/test/EduBlog/moodle/course/modedit.php?add=oublogtype=course=2section=0return=0

* All of her children have to get a user and password.

Yes, and it will be saved on the XO so only needs to be entered one time.

Ok!

* Then, the teacher can propose some work to be done, for which
children will have to make their posts to the blog. To do so,
children will have to access to the blog page (the moodle one),
and click on New blog post.
* As children submit their posts, the teacher will be able to see
them in the blog page. Children will only see their own posts
and the ones already approved by the teacher. Question: How can
a child know if his post was approved?

Hm, I did not think of this. We could automatically post a comment
locally. What would you suggest? I'm not sure how teachers and students
communicate on the XO.

We discussed this issue time ago with some friends of a graphics design
company that was studying how children interfaces should be. The conclusion
we arrived to is that the best would be to remark the state of the post
graphically on the blog. For instance, keeping in gray the posts that are
still not approved. I don't know if it can be implemented easily.
Teachers could also use the comments form to give feedback, although the
most common way would be the straight talk in the class...

* The approved posts will go public, depending on the
configuration: If there is a remote blog configured (blogspot
for instance), they will appear there. If it's local only, it
will be seen by others, depending on the visibility
configuration of the blog.

All agree with this?

That looks to be all in accordance with what we are

[Server-devel] Ayuda

2008-08-11 Thread Luis Fernando Sanchez Hurtado

Hola Martin como va todo.

Como ya te comentó Edgar aun no hemos configurado el servidor.

Voy a hacer las preguntas pertinentes en la lista server-devel, tal como nos
recomendaste.
Si necesitás más información me avisas para mandartela.

Muchas gracias por la ayuda.


-- 
Trabajo duro y eficaz en memoria de Tim Russert

Luís Fernando Sánchez Hurtado
Director Ejecutivo
Fundación Marina Orth
Tels (4) 3412359 / 3117691792
www.fundacionmarinaorth.org
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] ds-backup - help with a trial happening right now

2008-08-11 Thread greebo

Hi all,

I am in the middle of a largish trial, 500 children, and wanted to get the
backup going. Michael Stone was great to help me understand where ds-backup
is up to and I'm keen to install, test and contribute to the ds-backup
project however I'm rolling out 703 imaged laptops as we need them to the
stable for this deploymeent and apparently the software doesn't work on
703.

Can anyone help me out with this?

The trial is the first 100% saturation in the world, and as I am leaving in
2 days I was hoping to have it fairly done by the time I leave, hwoever I
can always return if necessary or work with the local people to make
updates.

I'm on the IRC #olpc and #sugar channels on freenode as email here is
really hard/slow.

Many thanks!
Pia Waugh

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] [Olpc-france] Fuloong2F (lemo te.com) : group buy/achat groupé

2008-08-11 Thread Florian Fainelli

Hello Sami,

Le Thursday 31 July 2008 13:14:55 [EMAIL PROTECTED], vous avez écrit :
 Hi,

 xe at OLPC France are planning to test the installation of a XS server on
 various compact and low power architectures. Out next try will be the
 Fuloong 2F model of lemote.com.

 The specifications are detailled above.

 One unit costs USD 230. I am planning to sell 1 or 2 units
 1 pcs : USD 318, 230(computer)+88(shipping cost by DHL)
 2 PCs : USD 568, 460(computers)+108(shipping cost by DHL)

 If someone (ideally in France) is interested by a group buy/achat groupé,
 in order to reduce the shipping cost, please let me know.

Add one for me :p Thanks


 Best regards,

 Samy


 MIPS based machine.

 Item  PartDetail
 1 CPU Loongson 2F CPU 800M~900M
 2 System Memory   DDR2 512MB
 3 Hard Disc   2.5'' 80GB
 4 GraphicsXGI V2
 5 Networking  Ethernet 10/100
 6 I/O ports   USB 2.0 x 4
   Line-in x 1
   Microphone in x 1
   Ethernet RJ-45 x 1
   VGA out x 1
   Infrared interface x 1
   DVI x 1
   S-Video x 1
 7 LED Power Indicator
   Hard disc Indicator
 8 Button  Power Button
   Reset Button
 9 Power Consumtionless than 11W (average)
 10Mainboard Dimension 18cmx14cmx3cm
 11Size190mm×145mm×37mm
 12


 ___
 Olpc-france mailing list
 [EMAIL PROTECTED]
 http://lists.laptop.org/listinfo/olpc-france



-- 
Best regards, Florian Fainelli
Email : [EMAIL PROTECTED]
http://openwrt.org
---


signature.asc
Description: This is a digitally signed message part.
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] EduBlog: possible issues with WriteNew

2008-08-11 Thread Greg Smith

Hi Tarun,

Not sure I fully understand that but it doesn't seem like a critical 
issue to me.

The workflow I think we should support if we can is:
- Open write
- Add text and images
- Exit write (Keep first or just exit)
- Open Browse
- Click insert image link in EduBlog
- Pick Write document off the Journal and insert it in to Blog post

Is that right. Sounds like you are saying that the work flow of Open 
Write document from journal will not get you to EduBlog. If that is the 
only problem, I wouldn't worry about it too much.

Thanks,

Greg S

Tarun Pondicherry wrote:
 Hi Greg,
 
 I've noticed a few issues we could have with the new image supporting 
 Write.  Since the XO defaults to open up Journal files of that format in 
 the original Write, kids who use Journal to open up files could get 
 confused when they are working.  I think resolving this means changes to 
 the mime handlers for files, which would need root access to alter.  I'm 
 wondering if this is a major issue, or if we can avoid worrying about it 
 for the time being.
 
 Thanks,
 Tarun
 
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] Testing EduBlog

Hi Tarun!
I agree with Greg you've done an excellent work! We will always have new
requirements, which mean new schedules, but it doesn't mean you didn't meet
yours. Thank you!

Best regards,
Pablo Flores


On Fri, Aug 1, 2008 at 9:08 AM, Greg Smith [EMAIL PROTECTED] wrote:

 Hi Tarun,

 Thanks.

 I think Pablo is the primary driver of requirements and priorities now. As
 long as he appreciates that we only have one more week of coding time, we
 should try to do whatever he needs to get us to Beta and real blog posts
 from real schools.

 You have done a super job! Way above and beyond the call of duty and beyond
 all expectations. The Abiword conversion thing is really tough but its a
 huge win if it allows uploading images from Write to EduBlog.

 We changed the requirements. So you didn't miss the deadline, we missed the
 requirements. Feel free to use that one in the future if you have another
 paid programming job :-)

 Have a good trip back and thanks a lot for your hard work.

 Greg S

 Tarun Pondicherry wrote:

 Hi Greg,

 FYI presentation will be in 1CC at 12:30 - 1:30 US ET Friday so please
 don't mess with the server for that hour.

 We won't touch the server until after the demo is all done.  Especially
 since this abiword stuff affects the whole server and is therefore
 potentially dangerous.

 Send over any presentation or demo stuff you have done already (we will
 use it eventually) but top priority is doing what Pablo needs to start the
 beta.

 If all goes perfectly well, we should be ready by Wednesday, Friday if
 there are minor glitches.  Sorry for missing the August 1st target, I did
 not foresee this Write issue in 656.  Marcel made good progress in getting
 abiword installed and there are now a few dependencies to resolve.  I am
 mostly trying to perfect the UI with Pablo's suggestions and we can test
 both areas of work after abiword is installed.

 I like your idea of using the mockup/backup for the demo.  I just tested
 the version at:
 http://edublog.venango.org/test/EduBlog/mockup/ui/student_sp.php
 and it is working.  In the event something goes wrong with that, the older
 version at:
 http://olpc.betarun.com/dev/ui/student_sp.php
 is also still up.

 ==

 Also, I'm flying back Friday night and will be offline until Monday.

 ==

 Thanks,
 Tarun


___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] DNS Connectivity Issues

2008-08-11 Thread Glen Roberts


Today just after noon (edt) our Qwest internet connection (not the one the EDU 
server is on) went down. I was in the middle of upgrading the DNS servers so it 
frustrated that task enormously.

Qwest seemed to have the service more or less restored by 4:30 PM or so. At 
that time I noticed an email from ATT saying that they had monitored outages 
on our ATT circuit (the one the EDU server is on). Apparently this was of an 
intermittent nature.

Apparently Verizon had a fiber cut somewhere

The result is that DNS was probably down for 5+ hours and the connection 
otherwise intermittent. There may still be DNS issues but I am too tired to dig 
too deeply until tomorrow. 65.118.27.2 was probably configured as a secondary 
dns in /etc/resolv.conf on edublog. It might be better to change that to 
208.67.222.222 (opendns.org) as 65.118.27.2 is no long active.

Glen




_
Total Blog Directory
http://www.totalblogdirectory.com
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] Understanding the network scripts on F7-based XS

2008-08-11 Thread Jerry Vonau

Martin Langhoff wrote:
Our current network migration scripts are reportedly build on
interfaces that are F7 specific. To reimplement them on F9, we need to
understand what they do.

Jerry is knowledgeable in F9's networking and has offered help with
the port. The first step is to understand what the current scripts do
- separated from the how. So I will try to outline the design and
behaviour of the current scripts.

The first point of entry is reading the whole Networking section in
this page. All of it :-)
http://wiki.laptop.org/go/XS_Configuration_Management#Networking

Nice overview.

It introduces

- network_config
- principal_config
- auxiliary_config

These scripts deal with

- Configuring network interfaces
- 1 NIC scenarios have eth0 as WAN / 2 NIC scenarios add eth1 as LAN
- Can set preferential MAC address prefix for some interfaces. This
can be used by the NOC team to get the right NIC setup as eth0.
- Sets up the pair of ethX/mshY interfaces that are attached to
every Active Antenna.
- Sets up all the bridges between the interfaces considered LAN
- Picking non-conflicting IP addresses for auxiliary servers.
- Sets the router address for auxiliary servers
- Very rough service chkconfig configuration for the auxiliary vs
primary servers
- Rough firewall config for primary/auxiliary servers

That I can help with that also, I'm very (too?) familiar with shorewall,
http://www.shorewall.net

The top of each script - after the GPL - has an extensive comment
explaining what it does. And after that, you can scroll down to the
'main' block -- I find both very readable. The scripts are here if you
don't have a checkout
http://dev.laptop.org/git?p=projects/xs-config;a=tree;f=fsroot.olpc.img/etc/sysconfig/olpc-scripts;h=dada76a2869dc95c5f538adfa45a2e538dc1d998;hb=HEAD

Yea, was reading on the weekend.

The 3 scripts make sense to me - - I would attack it with a
get-to-work-stable-on-f9 focus, roughly:

- Can we make the networking configuration work in a stable manner on
F9?
Might just work, as is, with what you have now, just not with
Network-Manager at the moment.

Do we need to hook into the events infrastructure so when an
ethernet cable gets plugged into an if we do the right thing? Could we
make it so that we autodetect and configure an AA on usb connection?

That would be a Dbus/Network-Manager thing, your talking usb event
driven responses here, right?

- Can we allow additional MAC prefix preferences to be read from an
optional config file so that a NOC team can override things easily?

How many different MAC prefixes are there? Shoot can't find my web-link
to a site that had a db of them all.

- Can we consolidate the code / remove duplication? (trivial ;-) )

Could move all the functions into a single file to be sourced.

- Can we remove the service mgmt from it? :-)

Sorry, can't find part that at the moment, which file?

Jerry, does that help? It is meant as a complement while reading the
src... BTW, I am tracking this on https://dev.laptop.org/ticket/7672

Much clear thanks, reading src without context leaves you wondering...

Jerry

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] Need help: mounting usb devices on headless machines

2008-08-11 Thread Rahul Sundaram

Martin Langhoff wrote:
 On Thu, Aug 7, 2008 at 9:19 PM, Martin Langhoff
 [EMAIL PROTECTED] wrote:
   
 FWIW, I've imported the history into git, made some minor changes and
 it installs and works on F7.

 git
  git://dev.laptop.org/users/martin/usbmount.git

 gitweb
  http://dev.laptop.org/git?p=users/martin/usbmount.git;a=summary
 

 Right, Makefile and spec file in the repo linked above, initial SRPM right 
 here.
 http://fedora.laptop.org/xs/testing/olpc/7/source/SRPMS/usbmount-0.15.4.olpc-1.xs7.src.rpm

 It's a trivial rpm, review  patches welcome
Are you going to submit it for review in Fedora?

Rahul

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] VoIP

2008-08-11 Thread Sameer Verma

Martin Langhoff wrote:
 On Mon, Aug 11, 2008 at 4:35 AM, Tim Moody [EMAIL PROTECTED] wrote:
   
 What are the bandwidth requirements for these various voip strategies, sip,
 iax2?
 

 Not sure (google away!) - but the latency requirements very tight for
 many (most?) of our deployments.

 cheers,



 m
   

Hi,

Bandwidth requirements will depend on the underlying codec used to 
compress the audio. If you look at 
http://www.voip-info.org/wiki/index.php?page=Asterisk+bandwidth+iax2 
you'll see approx. bandwidth numbers + overhead for different codecs. 
Speex info is at http://www.voip-info.org/wiki/view/Speex

SIP simply establishes the connection and then hands it over to RTP 
(basically, SIP is establishing RTP ports on both sides). The 
significant difference between IAX and SIP is that IAX will use the same 
port for establishing the connection *and* for carrying the signal 
across (UDP 4569), which makes it easier to use across NATed networks. 
I've used IAX over three NATs (just for fun) and it still works:-)

SIP over NAT is troublesome, the problem being that SIP establishes the 
RTP port of the *private* IP (behind the NAT fw), which isn't routable 
from the public side...it will work, but requires port forwarding or 
tunneling. See http://freshmeat.net/articles/view/2079/ for more details.

So, we will need to pick a transport mechanism (SIP, IAX2, etc) and a 
codec that is good enough for low bandwidth requirements. Then there is 
the issue of jitter (jitter...sounds...like...this) which is now handled 
satisfactorily in Asterisk for IAX-based systems.

Sameer

-- 
Dr. Sameer Verma, Ph.D.
Associate Professor of Information Systems
San Francisco State University
San Francisco CA 94132 USA
http://verma.sfsu.edu/
http://opensource.sfsu.edu/

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] unregister from schoolserver

2008-08-11 Thread Morgan Collett

On Sun, Aug 10, 2008 at 23:55, Martin Langhoff
[EMAIL PROTECTED] wrote:
 On Sun, Aug 10, 2008 at 8:15 PM, Simon Schampijer [EMAIL PROTECTED] wrote:
 I was wondering what should/must happen on the server side when an xo
 wants to unregister. Is there already a command for that?

 http://dev.laptop.org/ticket/7765

 None on the server side, and I don't know if there should be one -
 there is no useful use case for it. It's OK for the XO to 'forget' its
 registration and not tell the server so as to be free to register to
 another server. Use cases are for testing and for change of school.

 The XS will probably learn (later) to forget accounts that it has not
 seen in a very long time.

There is an ejabberdctl delete-older-users command mentioned on
http://wiki.laptop.org/go/Ejabberd_Configuration#Tips to remove users
who haven't logged in for some time period.

Presence Service automatically reregisters on the jabber server if it
gets an authentication error, so we don't track whether you are
registed on the server or not, any more - it just does the right
thing.

Regards
Morgan
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] installing a school server

2008-08-11 Thread Tony Pearson

Subject: Re: [Server-devel] installing a school server
To: Joshua N Pritikin [EMAIL PROTECTED]

 Just to get something working, I installed Ubuntu with
 Squid/Dansguardian. I have about 200Gb of hard drive and 2G RAM. Can I
 get an ext2 image of the school server and load it on a logical
 partition? I prefer to store anything important on LVM+RAID1. Does the
 school server understand this disk format?

Yes, but you will need to tweak the kickstart file on the image (no
do your own partitioning option yet, sorry). By default, the XS
install CD will wipe the disk and setup an LVM (w/o RAID).

Joshua,
I have documented some of the challenges with LVM+RAID1 here:
http://wiki.laptop.org/go/User:Az990tony/edublog-beta-sw

You can do RAID1 on a single drive, but it doesn't provide any added 
protection.

To customize the XS ISO so that it allows your own partitioning, the 
process is here:
http://wiki.laptop.org/go/User:Az990tony/squashfs-surgery

Tony Pearson
(az990tony)___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone [EMAIL PROTECTED] wrote:
  * What use cases are you trying to support?

Insert a usb stick with content that is OK'd by the regional NOC
(network operations centre) for execution/installation on the XS.

   * What threats obstruct supporting those use cases?

Content could be modified on the way to insert evil sharks with
frikking lasers into the XS.

   * What trust structure are you trying to create and how does it
   mitigate the threats while permitting the use cases?

As I've written, we trust keys put in place at install time. Install
time is privileged, root user is privileged.

   * What algorithms are you going to use and why?

Whatever GPG uses for signatures, SHA1 for file integrity because I'd
be an idiot to try and be smarter than crypto researchers.

  * What security
 properties are you trying to check?

Signed by the NOC, not changed.

 (Perhaps you've already answered some of these basic questions elsewhere
 and you simply left out the citation?)

I could cite ISBN: 978-0-7645-1679-5 :-)

I'll look at JAR signing and olpc-contents. Thanks for the pointers...

cheers,



m
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] [PATCH] Restrict XO users using rssh


As per ticket #7606, until now XO users have had full shell access
over ssh.  This (with related commits in ds-backup and xs-config),
confines them to rsync over ssh only.

The update_users.py script fixes existing users, while create_user
will now set the shell of new users.

The users' group is also set to xousers, which will allow further
restrictions in due course.

diff --git a/Makefile b/Makefile
index c87dd6f..59b425d 100644
--- a/Makefile
+++ b/Makefile
@@ -20,16 +20,17 @@ CREATE_REGISTRATION = create_registration
 LIST_REGISTRATION = list_registration
 IDMGR_INIT = idmgr
 IDMGR_CONFIG = idmgr.conf
+UPDATE_USERS = update_users.py
 # This is a directory (w. subdirectories)
 SERVER = idmgr/
 
 #  All scripts
 SRC_FILES = $(CONF_SRC)/$(CREATE_USER) $(CONF_SRC)/$(CREATE_REGISTRATION) \
$(CONF_SRC)/$(LIST_REGISTRATION) $(CONF_SRC)/$(IDMGR_INIT) \
-   $(CONF_SRC)/$(IDMGR_CONFIG)
+   $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS)
 FILES = $(BIN_DST)/$(CREATE_USER) $(BIN_DST)/$(CREATE_REGISTRATION) \
$(BIN_DST)/$(LIST_REGISTRATION) $(INIT_DST)/$(IDMGR_INIT) \
-   $(CONFIG_DST)/$(IDMGR_CONFIG)
+   $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS)
 
 # install rules
 $(DESTDIR):
@@ -47,6 +48,9 @@ $(CONFIG_DST): $(DESTDIR)
 $(BIN_DST)/$(CREATE_USER): $(CONF_SRC)/$(CREATE_USER) $(BIN_DST)
cp $(CONF_SRC)/$(CREATE_USER) $(BIN_DST)
 
+$(BIN_DST)/$(UPDATE_USERS): $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST)
+   cp $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST)
+
 $(BIN_DST)/$(CREATE_REGISTRATION): $(CONF_SRC)/$(CREATE_REGISTRATION) 
$(BIN_DST)
cp $(CONF_SRC)/$(CREATE_REGISTRATION) $(BIN_DST)
 
diff --git a/conf.schoolserver/create_user b/conf.schoolserver/create_user
index 55e5cfe..40f63e3 100755
--- a/conf.schoolserver/create_user
+++ b/conf.schoolserver/create_user
@@ -38,11 +38,17 @@ read uuid
 read pubkey
 
 homedir=/library/users/$username
+XO_USERS_GROUP=xousers
+
+#make sure the xousers group exists
+getent group $XO_USERS_GROUP  /dev/null 21 || groupadd $XO_USERS_GROUP
 
 if getent passwd $username  /dev/null 21; then
 true   # User exists
-else
-/usr/sbin/adduser -c $full_name -d $homedir $username || die Unable to
create user
+else 
+/usr/sbin/useradd -c $full_name -d $homedir  \
+-G $XO_USERS_GROUP -s /usr/bin/rssh $username \
+|| die Unable to create user
 echo $uuid | passwd --stdin $username || die Unable to set password
 fi
 
diff --git a/conf.schoolserver/update_users.py 
b/conf.schoolserver/update_users.py
new file mode 100755
index 000..3684f08
--- /dev/null
+++ b/conf.schoolserver/update_users.py
@@ -0,0 +1,62 @@
+#!/usr/bin/python
+#
+# update_users.py
+#
+# In the past, when an XO user registered, they were given their own
+# group and no more.  Now we want them to all be in the same group
+# because it makes the management of restricted ssh access (and
+# possibly other things) easier.  
+
+#The group we are using is xousers, and we're finding the XO users
+# by the location of their home directories.
+
+
+import os
+import sys
+import pwd, grp
+import subprocess
+
+XO_USER_HOME = '/library/users'
+XO_USER_GROUP = 'xousers'
+RSSH_PATH = '/usr/bin/rssh'
+
+# first, make sure the group is there
+# much like `getent group xousers || groupadd xousers`
+try:
+group = grp.getgrnam(XO_USER_GROUP)
+except KeyError, e:
+print  sys.stderr, e
+result = subprocess.call(['groupadd', XO_USER_GROUP])
+if result:
+raise RuntimeError(couldn't add %s group % XO_USER_GROUP)
+
+# just make sure the rssh executable is there
+if not os.access(RSSH_PATH, os.F_OK | os.R_OK | os.X_OK):
+raise RuntimeError(%s seems to be missing or otherwise inaccessable %
RSSH_PATH)
+
+
+# now find each user who has a /library/users/* home directory and try
+# to change their group.
+# Execution will stop when one fails BUT any users who's groups have
+# been changed will not be changed back.
+
+users = [ x for x in pwd.getpwall() 
+  if os.path.dirname(x.pw_dir) == XO_USER_HOME ]
+
+for user in users:
+#if for some reason the user's name isn't already a group (e.g.,
+#they were created with `usermod -g some-other-group`.
+try:
+group = grp.getgrnam(user.pw_name)
+except KeyError, e:
+print  sys.stderr, e
+result = subprocess.call(['groupadd', user.pw_name])
+if result:
+raise RuntimeError(couldn't add %s group % XO_USER_GROUP)
+
+result = subprocess.call(['usermod', '-g', user.pw_name, '-G', 
XO_USER_GROUP,
+  '-s', RSSH_PATH, user.pw_name])
+if result:
+raise RuntimeError(couldn't change group for user %s (out of %s) 
+   % (user.pw_name, users))
+
diff --git a/idmgr.spec b/idmgr.spec
index 5616a7f..bc00da0 100644
--- a/idmgr.spec
+++ b/idmgr.spec
@@ -35,6 +35,8 @@ fi
 if [ ! -d /library/users/ ] ; then
mkdir -p /library/users

[Server-devel] [PATCH] No passwords for XO users, and packaging improvements


XO users were being given their UUIDs as passwords, which was
unnecessary.

In case the user storage system changes again in the future, the post
installation scripts reference /home/idmgr/storage_format_version to
decide what to do.

diff --git a/Makefile b/Makefile
index 59b425d..fad74be 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,8 @@
 # This Makefile installs the OLPC ID Management Service
 
 NAME = idmgr
-VERSION = 0.1.1
-RELEASE = 2
+VERSION = 0.1.2
+RELEASE = 3
 ARCH = noarch
 
 # install root
@@ -20,17 +20,17 @@ CREATE_REGISTRATION = create_registration
 LIST_REGISTRATION = list_registration
 IDMGR_INIT = idmgr
 IDMGR_CONFIG = idmgr.conf
-UPDATE_USERS = update_users.py
+UPDATE_USERS_01 = update_users_0_to_1.py
 # This is a directory (w. subdirectories)
 SERVER = idmgr/
 
 #  All scripts
 SRC_FILES = $(CONF_SRC)/$(CREATE_USER) $(CONF_SRC)/$(CREATE_REGISTRATION) \
$(CONF_SRC)/$(LIST_REGISTRATION) $(CONF_SRC)/$(IDMGR_INIT) \
-   $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS)
+   $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS_01)
 FILES = $(BIN_DST)/$(CREATE_USER) $(BIN_DST)/$(CREATE_REGISTRATION) \
$(BIN_DST)/$(LIST_REGISTRATION) $(INIT_DST)/$(IDMGR_INIT) \
-   $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS)
+   $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS_01)
 
 # install rules
 $(DESTDIR):
@@ -48,8 +48,8 @@ $(CONFIG_DST): $(DESTDIR)
 $(BIN_DST)/$(CREATE_USER): $(CONF_SRC)/$(CREATE_USER) $(BIN_DST)
cp $(CONF_SRC)/$(CREATE_USER) $(BIN_DST)
 
-$(BIN_DST)/$(UPDATE_USERS): $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST)
-   cp $(CONF_SRC)/$(UPDATE_USERS) $(BIN_DST)
+$(BIN_DST)/$(UPDATE_USERS_01): $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST)
+   cp $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST)
 
 $(BIN_DST)/$(CREATE_REGISTRATION): $(CONF_SRC)/$(CREATE_REGISTRATION) 
$(BIN_DST)
cp $(CONF_SRC)/$(CREATE_REGISTRATION) $(BIN_DST)
@@ -69,7 +69,7 @@ $(CONFIG_DST)/$(IDMGR_CONFIG): $(CONF_SRC)/$(IDMGR_CONFIG)
$(CONFIG_DST)
 install: $(FILES) $(BIN_DST)/$(SERVER)
 
 # rpm target directory
-RPMDIR = /usr/src/redhat
+RPMDIR = $(PWD)/rpm
 
 NV = $(NAME)-$(VERSION)
 
@@ -82,7 +82,7 @@ SOURCES: Makefile $(SRC_FILES)
rm -rf $(NV)
 
 rpm: SOURCES
-   rpmbuild -ba --target $(ARCH) $(NAME).spec
+   rpmbuild -v --define _topdir $(RPMDIR) -ba --target $(ARCH) 
$(NAME).spec
rm -f $(NV)-*.$(ARCH).rpm
cp -p $(RPMDIR)/RPMS/$(ARCH)/$(NV)-$(RELEASE).$(ARCH).rpm .
 
diff --git a/conf.schoolserver/create_user b/conf.schoolserver/create_user
index 40f63e3..90d9315 100755
--- a/conf.schoolserver/create_user
+++ b/conf.schoolserver/create_user
@@ -44,12 +44,12 @@ XO_USERS_GROUP=xousers
 getent group $XO_USERS_GROUP  /dev/null 21 || groupadd $XO_USERS_GROUP
 
 if getent passwd $username  /dev/null 21; then
-true   # User exists
+# $fullname may have changed.
+/usr/sbin/usermod -c $full_name $username || die unable to change full
name
 else 
 /usr/sbin/useradd -c $full_name -d $homedir  \
 -G $XO_USERS_GROUP -s /usr/bin/rssh $username \
 || die Unable to create user
-echo $uuid | passwd --stdin $username || die Unable to set password
 fi
 
 userhome=`getent passwd $username | awk -F: '{print $6}'`
diff --git a/conf.schoolserver/update_users.py 
b/conf.schoolserver/update_users.py
deleted file mode 100755
index 3684f08..000
--- a/conf.schoolserver/update_users.py
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/python
-#
-# update_users.py
-#
-# In the past, when an XO user registered, they were given their own
-# group and no more.  Now we want them to all be in the same group
-# because it makes the management of restricted ssh access (and
-# possibly other things) easier.  
-
-#The group we are using is xousers, and we're finding the XO users
-# by the location of their home directories.
-
-
-import os
-import sys
-import pwd, grp
-import subprocess
-
-XO_USER_HOME = '/library/users'
-XO_USER_GROUP = 'xousers'
-RSSH_PATH = '/usr/bin/rssh'
-
-# first, make sure the group is there
-# much like `getent group xousers || groupadd xousers`
-try:
-group = grp.getgrnam(XO_USER_GROUP)
-except KeyError, e:
-print  sys.stderr, e
-result = subprocess.call(['groupadd', XO_USER_GROUP])
-if result:
-raise RuntimeError(couldn't add %s group % XO_USER_GROUP)
-
-# just make sure the rssh executable is there
-if not os.access(RSSH_PATH, os.F_OK | os.R_OK | os.X_OK):
-raise RuntimeError(%s seems to be missing or otherwise inaccessable %
RSSH_PATH)
-
-
-# now find each user who has a /library/users/* home directory and try
-# to change their group.
-# Execution will stop when one fails BUT any users who's groups have
-# been changed will not be changed back.
-
-users = [ x for x in pwd.getpwall() 
-  if os.path.dirname(x.pw_dir) == XO_USER_HOME ]
-
-for user in users:
-#if for some reason the user's name isn't already a group (e.g.,
-#they

[Server-devel] [PATCH]More accurate idmgr shutdown status (#7653) and condrestart option.



The status returned by /etc/init.d/idmgr stop is less often the inverse
of its actual success.

/etc/init.d/idmgr start will not start if the daemon is already running.

/etc/init.d/idmgr condrestart works.

diff --git a/conf.schoolserver/idmgr b/conf.schoolserver/idmgr
index d7a6d9f..23f1c7f 100755
--- a/conf.schoolserver/idmgr
+++ b/conf.schoolserver/idmgr
@@ -33,11 +33,12 @@ prog=idmgr
 SERVER=/home/idmgr/idmgr/server.py
 RETVAL=0
 
+
 start() {
# Start daemons.
echo -n Starting $prog: 
export 
PYTHONPATH=/home/idmgr/:/home/idmgr/idmgr/simplejson-1.7.1-py2.5.egg
-   daemon $SERVER $OPTS
+daemon --pidfile=${PID_FILE} $SERVER $OPTS
RETVAL=$?
return $RETVAL
 }
@@ -45,8 +46,10 @@ start() {
 stop() {
# Stop daemons.
echo -n Shutting down $prog: 
-   kill `cat $PID_FILE`
+   killproc -p ${PID_FILE} -d 10 $prog
RETVAL=$?
+   echo
+   [ $RETVAL = 0 ]  rm -f ${PID_FILE}
return $RETVAL
 }
 
@@ -63,12 +66,19 @@ case $1 in
start
RETVAL=$?
;;
+  condrestart)
+   if [ -f $PID_FILE ] ; then
+   stop
+   start
+   RETVAL=$?
+   fi
+   ;;
   status)
 status idmgr $PID_FILE
RETVAL=0
;;
   *)
-   echo $Usage: $0 {start|stop|restart|status}
+   echo $Usage: $0 {start|stop|restart|condrestart|status}
exit 1
 esac
 

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] [PATCH] Utility function for the batch removal of XO users


This removes the named XO users from both the SQL and system databases.

To remove all users, use something like

 /home/idmgr/remove_user `sqlite3 /home/idmgr/identity.db \
select serial from laptops`

diff --git a/Makefile b/Makefile
index fad74be..1065310 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@
 
 NAME = idmgr
 VERSION = 0.1.2
-RELEASE = 3
+RELEASE = 5
 ARCH = noarch
 
 # install root
@@ -16,6 +16,7 @@ CONF_SRC = conf.schoolserver
 
 #  Scripts
 CREATE_USER = create_user
+REMOVE_USER = remove_user
 CREATE_REGISTRATION = create_registration
 LIST_REGISTRATION = list_registration
 IDMGR_INIT = idmgr
@@ -27,10 +28,12 @@ SERVER = idmgr/
 #  All scripts
 SRC_FILES = $(CONF_SRC)/$(CREATE_USER) $(CONF_SRC)/$(CREATE_REGISTRATION) \
$(CONF_SRC)/$(LIST_REGISTRATION) $(CONF_SRC)/$(IDMGR_INIT) \
-   $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS_01)
+   $(CONF_SRC)/$(IDMGR_CONFIG) $(CONF_SRC)/$(UPDATE_USERS_01) \
+   $(CONF_SRC)/$(REMOVE_USER)
 FILES = $(BIN_DST)/$(CREATE_USER) $(BIN_DST)/$(CREATE_REGISTRATION) \
$(BIN_DST)/$(LIST_REGISTRATION) $(INIT_DST)/$(IDMGR_INIT) \
-   $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS_01)
+   $(CONFIG_DST)/$(IDMGR_CONFIG) $(BIN_DST)/$(UPDATE_USERS_01) \
+   $(BIN_DST)/$(REMOVE_USER)
 
 # install rules
 $(DESTDIR):
@@ -48,6 +51,9 @@ $(CONFIG_DST): $(DESTDIR)
 $(BIN_DST)/$(CREATE_USER): $(CONF_SRC)/$(CREATE_USER) $(BIN_DST)
cp $(CONF_SRC)/$(CREATE_USER) $(BIN_DST)
 
+$(BIN_DST)/$(REMOVE_USER): $(CONF_SRC)/$(REMOVE_USER) $(BIN_DST)
+   cp $(CONF_SRC)/$(REMOVE_USER) $(BIN_DST)
+
 $(BIN_DST)/$(UPDATE_USERS_01): $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST)
cp $(CONF_SRC)/$(UPDATE_USERS_01) $(BIN_DST)
 
diff --git a/conf.schoolserver/remove_user b/conf.schoolserver/remove_user
new file mode 100755
index 000..47926ae
--- /dev/null
+++ b/conf.schoolserver/remove_user
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+for serial; do
+echo $serial | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' || exit 1
+sqlite3 /home/idmgr/identity.db DELETE FROM laptops WHERE serial =
'$serial' || exit 1
+userdel $serial
+done
\ No newline at end of file
diff --git a/idmgr.spec b/idmgr.spec
index b405560..dd6f1f0 100644
--- a/idmgr.spec
+++ b/idmgr.spec
@@ -4,7 +4,7 @@
 Summary: XS Registration Manager
 Name: idmgr
 Version: 0.1.2
-Release: 3
+Release: 5
 License: GPL
 Group: Base System/System Tools
 URL: http://dev.laptop.org/git.do?p=projects/idmgr;a=summary
@@ -79,6 +79,7 @@ rm -rf $RPM_BUILD_ROOT
 /etc/idmgr.conf
 /home/idmgr/create_registration
 /home/idmgr/create_user
+/home/idmgr/remove_user
 /home/idmgr/update_users_0_to_1.py
 /home/idmgr/update_users_0_to_1.pyo
 /home/idmgr/update_users_0_to_1.pyc

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] [PATCH] More checking and logging of registration information.


The create_user script tries to give useful information to syslogd, and
ensures that the username it is given is a valid XO serial.  It also checks
the ssh public key, but is not terribly strict.  If a system user is created
but some later process fails, create_user tries to remove the user.

server.py also takes better notice the values it receives, and will fail if
the username or public key contain multiple lines. The way errors are
handled has also been changed, to reduce dupication.

If the server.py script is called without a pidfile argument, it runs in the
foreground and prints messages on stderr. Previously it would have crashed.

diff --git a/conf.schoolserver/create_user b/conf.schoolserver/create_user
index 90d9315..4a6f90f 100755
--- a/conf.schoolserver/create_user
+++ b/conf.schoolserver/create_user
@@ -21,22 +21,33 @@
 # This script creates a user account for the registration server
 #
 # echo entering as `whoami`  /tmp/create_user.log
+LOG_LEVEL=user.warning
+LOG_TAG=olpc_idmgr
 
 if [ `whoami` != root ]; then
-# echo execing as root  /tmp/create_user.log
-exec sudo -S $0  /tmp/create_user.log 21
+exec sudo -S $0
 fi
 
+log() {
+echo $1 | logger -t $LOG_TAG -s -p $LOG_LEVEL
+}
+
 die() {
-echo $1 12
+log $1
 exit 1
 }
 
 read username
 read full_name
-read uuid
+read uuid   #unused!
 read pubkey
 
+# check for sane values
+export LC_ALL=C
+echo $username | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$'  /dev/null || die bad
username
+echo $pubkey | grep -s -E '^[A-Za-z0-9+/=]+$'  /dev/null || die bad public
key
+
+
 homedir=/library/users/$username
 XO_USERS_GROUP=xousers
 
@@ -46,16 +57,34 @@ getent group $XO_USERS_GROUP  /dev/null 21 || groupadd
$XO_USERS_GROUP
 if getent passwd $username  /dev/null 21; then
 # $fullname may have changed.
 /usr/sbin/usermod -c $full_name $username || die unable to change full
name
-else 
+NEW_USER=0
+else
 /usr/sbin/useradd -c $full_name -d $homedir  \
 -G $XO_USERS_GROUP -s /usr/bin/rssh $username \
 || die Unable to create user
+NEW_USER=1
 fi
 
+#from here, if a new user was created, a failure will leave the user
+#there but unconfigured. So rather than simply dying, we try to clean
+#up first.
+
+clean_up_and_die(){
+log $1
+if [ $NEW_USER == 1 ]; then
+log deleting half-created user
+/usr/sbin/userdel $username || log ... failed!
+fi
+exit 1
+}
+
+
 userhome=`getent passwd $username | awk -F: '{print $6}'`
-cd $userhome
+cd $userhome || clean_up_and_die Couldn't cd into user's home directory
+
+mkdir -p --mode=700 .ssh || clean_up_and_die Unable to mkdir .ssh
+echo ssh-dss $pubkey  .ssh/authorized_keys || clean_up_and_die Unable to
set up authorized_keys
+chmod 600 .ssh/authorized_keys  || clean_up_and_die Unable to chmod
authorized_keys
+chown -R $username .ssh || clean_up_and_die Unable to chown .ssh
 
-mkdir -p --mode=700 .ssh || die Unable to mkdir .ssh
-echo ssh-dss $pubkey  .ssh/authorized_keys || die Unable to set up
authorized_keys
-chmod 600 .ssh/authorized_keys  || die Unable to chmod authorized_keys
-chown -R $username .ssh || die Unable to chown .ssh
+#clean_up_and_die goodbye
\ No newline at end of file
diff --git a/idmgr/server.py b/idmgr/server.py
index 06b9bcb..9a4c164 100755
--- a/idmgr/server.py
+++ b/idmgr/server.py
@@ -42,11 +42,16 @@ IDMGR_CONFIG_FILE = '/etc/idmgr.conf'
 # Default maximum for the number of available file descriptors.
 MAXFD = 1024
 
+# Port on which to listen
+
+PORT = 8080
+
 # The specs are a little unclear on the encoding of UUIDs, so be
 # flexible in what we accept
 
 uuidre = re.compile(r'[a-fA-F0-9-]{32,40}')
 serialre   = re.compile(r'^[A-Z]{3}[A-F0-9]{8}$')
+base64re   = re.compile(r'^[A-Fa-z0-9+/=]+$')
 
 # The standard I/O file descriptors are redirected to /dev/null by default.
 if (hasattr(os, devnull)):
@@ -69,12 +74,12 @@ def createDaemon( pidfilename ):
 # unless we stop executing due to failure.
 # import signal   # Set handlers for asynchronous events.
 # signal.signal(signal.SIGHUP, signal.SIG_IGN)
-
+
 try:
 pid = os.fork()# Fork a second child.
 except OSError, e:
 raise Exception, %s [%d] % (e.strerror, e.errno)
-
+
 if (pid == 0):   # The second child.
 # Since the current working directory may be a mounted filesystem,
 # we avoid the issue of not being able to unmount the filesystem at
@@ -87,10 +92,10 @@ def createDaemon( pidfilename ):
 try:
 pidfile = open( pidfilename, w );
 pidfile.write( str( pid ) );
-pidfile.write( \n );
+pidfile.write( \n );
 pidfile.close();
 except OSError, e:
-syslog.openlog( 'olpc_idmgr', 0, syslog.LOG_DAEMON )
+syslog.openlog( 'olpc_idmgr', 0,

Re: [Server-devel] Warning: breakage updating xs-config

On Tue, Aug 12, 2008 at 1:49 AM, Jerry Vonau [EMAIL PROTECTED] wrote:
 Martin Langhoff wrote:

 A few weeks ago Bryan and David reported breakage with xs-config, and
 over the last week over various tests we've had xs-config updates
 making a mess of already-configured XS setups. I haven't had a chance
 to look at it but yes, it is a high priority bug, and I'll be working
 on it asap.

 Sorry, coming up to speed, Ticket number? Got some info on the method used,
 and what failed?

#7708 - If you just install an XS, do the basic config (domain_config,
etc) and then install a new xs-config, the install mechanism makes a
mess. One tell-tale sign is that the files edited by domain_config are
overwritten. Diagnosing more later...

 Based on my F9 testing, while you have xs-config open, can you remove
 syslogd from the requires? Syslogd will still be installed based on the
 comp.xml file anyway. Without removing this requires from xs-config,
 updating past F7 becomes impossible as syslogd was later renamed/replaced.

What is the new name? The depends is there because we do override
/etc/syslogd.conf

 The same goes for newt-perl in xs-pkgs. The package radvd also gave me
 problems, although I don't recall why.

I'll look into removing those.

 I ended up re-rolling xs-config and
 xs-pkgs to exclude these above packages. F9 now installs the xs-config
 package, with one problem, the symlinks in /etc/rc.d/rc1.d/ 23456... don't
 get created, looks like those need to be copied over also with F9.

Ok.

 Some
 other links were installed as file.olpcnew. also. I'll put together a list
 later if you want it.

Interesting. Short term plan is to fix it promptly. Long term plan --
discussed with Wad this morn -- is to break xs-config into various
parts:

 - For daemons that accept a parameter pointing to the config file
(named for example) we should disable the daemon permanently via
chkconfig and install an alternative init script (named-olpc) which
points to a different config file (/etc/named-olpc.conf).

 - For files where we want to search/replace values (as we do with
domain_config_ we should ship a template file
(/etc/named-olpc.conf.in) with placeholders (@@BASEDOMAIN@@). So
domain_config gets simplified a lot and becomes more reliable too.

 - We prefer conf.d arrangements where possible - and in those cases,
avoid the symlink mess.

 - For actually hardcoded-name files we need to override (ie:
/etc/rssh.conf) we can use a version-control scheme (git based
probably).

 - And dismantle the symlink mess we have...

cheers,


m
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone [EMAIL PROTECTED] wrote:
 If you're more interested 'signed content lives in archives', then
 JAR-signing might be for you!

JARs look good but there don't seem to be decent cli tools to deal
with them (can fastjar sign and check sigs in packages?) and big Java
deps for the core XS are not in my plans.

cheers.



m
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

[Server-devel] EduBlog: Status

2008-08-11 Thread Tarun Pondicherry

Hi team,

Good news!

Marcel was able to install abiword 2.6.3 from the Fedora 9 repository 
and all the features of EduBlog are decently working.  I've recreated 
the demo student and teacher accounts and linked it to uruguay-xo-test.  
I'll update the wiki with the exact links needed to go through the use 
cases tomorrow and also try to work out a few rendering bugs with the 
css differences between abiword, tinymce, moodle and blogger. 

Many thanks to Tony and Glen in getting the server back online and to 
Marcel for getting abiword conversion working!

Thanks,
Tarun
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] XS inconvenientes

2008/8/12 Henry Vélez [EMAIL PROTECTED]:
 Estoy guiándome por las indicaciones del Wiki en :
 http://wiki.laptop.org/go/XS_Configuration_Management y estoy utilizando la
 versión 163.

Necesitamos mas datos :-) Que comandos - exactamente - le estas dando al XS?

 Pero no he podido ver desde las XO o desde otro pc

Que has probado? Como te has conectado?

abrazos,


martin
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS