How to set up your XO to swap to an SD card
Have you tried with a swap partition? Swap is robust now on a SD card, immune to suspend/resume and power cycle. External swap area sounds cool. How does one set it up? I'll give it a whirl. Use a recent joyride. Get a throwaway 1GB SD card. Available for $3-$20 depending where you go. I say throwaway because swapping to it will tend to burn it up faster than its usual lifetime for photos and such. You will still be able to use half a gig on the card for file storage; the other half will be for swap space. Plug it into the SD card slot on the XO. You'll have to keep it plugged in the whole time while you're swapping to it; you can't remove it the way you remove a USB stick or a non-swap SD card. If/when it starts to fail after a few years, you can copy any still-interesting user files off it, throw it away, and put in a new $1 1GB SD card (or something larger). Go to a terminal (either the activity, or Ctrl-Alt-F1). Become root. Type mount, make sure the SD card is mounted at /dev/mmcblk0p1, in a vfat filesystem. Go into the Journal, find the SD card hiding behind the Frame at the bottom, hover over it, pick Unmount. Go back to the terminal. Type mount, make sure /dev/mmcblk0p1 is not mounted any more. Type yum install parted since the partition editor is not in the distro any more. Run /sbin/parted /dev/mmcblk0. Type print to see the current configuration. On mine it looked like this: Number Start EndSizeType File system Flags 1 127kB 1018MB 1018MB primary fat16 Type resize 1 0 512 to shrink this filesystem down to 512MB. If it asks you whether to use FAT32, just say no. Then type mkpartfs primary linux-swap 512 1018. That'll make a second partition for swapping to, and format it as a Linux swap partition. Type print and it should look roughly like this: Number Start End Size Type File system Flags 1 32.3kB 512MB 512MB primary fat16 2 512MB 1018MB 506MB primary linux-swap Type quit. Now you're back to the shell. Type /sbin/swapon /dev/mmcblk0p2. You're done. The Hal daemon is smart enough to mount filesystems when it sees an SD card appear, but it's not smart enough to start using freshly available swap space. For the moment, you'll have to do /sbin/swapon /dev/mmcblk0p2 each time after you reboot the XO. Similarly, it won't do the /sbin/swapoff if you want to eject it. I'm sure somebody will eventually come up with a Hal script or something to automate that part. You can see how much swap space you have / are using by running top in a terminal window; it's about the fourth line down. John ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Tinderbox is hanging (?)
Tinderbox is still chewing on joyride-2272 which it started 2 days ago. The last joyride is 2278. Can somebody have a look at Tinderbox? It seems Tinderbox is not allowed to catch up over the weekend ;-) Ton van Overbeek ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Tinderbox is hanging (?)
Hi, Tinderbox is still chewing on joyride-2272 which it started 2 days ago. The last joyride is 2278. Can somebody have a look at Tinderbox? It seems Tinderbox is not allowed to catch up over the weekend ;-) It's down due to network problems at 1cc. Should be back tomorrow. - Chris. -- Chris Ball [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
OLPC goes to sea in a Tall Ship
Hi XO people, Tomorrow Team South Africa - Tall Ships Race 2008 will be leaving for the North. Throughout the adventure they will be (and already have been) blogging and video-blogging on the XO-1. They will uplink this via the ship's satellite link back to base camp in Cape Town where it will be uploaded to the blog. Please see: http://teamsa-tallshipsrace08.blogspot.com/ scroll down to the 3rd August to see the XO in action. All the best Dennis Stevenson President Cape Windjammers Education Trust ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: inhibiting suspend via dbus
On Aug 09 2008, at 19:35, Mikus Grinbergs was caught saying: One possibility -- OFW already tests for is the XO plugged in?. Maybe Ohm can test for that, and decide that suspend is not needed when the battery is fully charged, and is not being drained. I don't think this would work for us as in some locations electrical power is expensive and we want to conserve as much power as possible. It could be made into a user-configurable setting via the control panel for those situations where we do want this behaviour. ~Deepak -- Deepak Saxena - Kernel Developer - [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [sugar] Please help test our new 8.2.0 weekly beta, joyride-2263!
On Mon, Aug 11, 2008 at 8:37 AM, Kevin Cole [EMAIL PROTECTED] wrote: want to update them. I tell it to install/upgrade them all. It says Downloading but the progress bar never progresses, and it appears to be doing a whole lot of nothing. FWIW, it worked for me. One of the activity downloads (TamTam Edit?) takes *ages* to complete, with little feedback, so I did think it was jammed. Eventually it completed. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Project name : Mastermind has been set up
Thu, 29 May 2008 00:48:38 +0200, Mateusz Haligowski [EMAIL PROTECTED] wrote: Project name : Mastermind Done. Your tree is here: git+ssh://[EMAIL PROTECTED]/git/activities/mastermind Please follow instructions here for importing your project: http://wiki.laptop.org/go/Importing_your_project Let us know if you have any problems with your tree. Happy hacking. Cheers, -- Henry Edward Hardy [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Project name : PlayGo has been set up
Sat, 19 Jul 2008 19:30:52 -0300, Andrés Ambrois [EMAIL PROTECTED] wrote: Project name : PlayGo Done. Your tree is here: git+ssh://[EMAIL PROTECTED]/git/activities/playgo Please follow instructions here for importing your project: http://wiki.laptop.org/go/Importing_your_project Let us know if you have any problems with your tree. Happy hacking. Cheers, -- Henry Edward Hardy [EMAIL PROTECTED] ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Need help: mounting usb devices on headless machines
On Thu, Aug 7, 2008 at 6:52 PM, James Cameron [EMAIL PROTECTED] wrote: Don't know about Fedoristas, but on Debian and derivatives this is what I do for a backup disk that is identified by UUID and then backed up to ... all when plugged in ... beep ... wait for rsync ... beep beep ... pull it out. ... echo -en '\007' /dev/tty1 Well, it *seems* that I cannot get a bell to sound on any of the systems I can get my hands on today. 2 XS (F7, based) desktop machines, 3 different laptops (running F9, Hardy), no bell on ambiguous autocompletion, no audible response to echo -en '\007' on any tty. Nothing obvious in termcap/terminfo (I'm not too handy with those but no 'vb' that I can see). Hmmm. pcspkr.ko is loaded in all of them. And the web is full of advise on how to *disable* it, so I guess modern linuxen have disabled it en-masse, using some trick I can't spot right now. The obvious place is termcap/terminfo, but nothing there... Ah, grumble. ideas? m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Anyone seen this error when using sugar-launch?
Thanks Michael ... I'm trying that out. Faisal On Fri, Aug 8, 2008 at 5:41 PM, Michael Stone [EMAIL PROTECTED] wrote: Here's the relevant part: File /usr/share/sugar/services/shell/activityregistryservice.py, line 90, in FindActivity if name.find(key) != -1 or bundle_id.find(key) != -1: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2: ordinal not in range(128) The code in question is not unicode-safe or the locale is not set properly. Check out the use of the string encode() method in other parts of Sugar to properly convert unicode objects to string objects. Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [sugar] new 8.2.0 beta joyride - upgrading via control panel ?
I've tried to use several joyrides and the control panel / upgrade option... it just sits at 9% and does nothing. On 2269 I even left it over night to see if it needed more than 10 hrs.. still nothing. (I have no XS server, is one required?) I've never seen it work at all.. ;-/ Is there an estimate on the length of time for the upgrade process.. clean system with no activities? with G1G1 activity pack? with just 5 activites? How long should I wait to get past the first '9%' and downloading? How much does it need to download first ? -iXo p.s. Shall I file a TRAC ticket with the list of Activities I have ? On Sun, Aug 10, 2008 at 14:28, Martin Langhoff [EMAIL PROTECTED]wrote: On Mon, Aug 11, 2008 at 8:37 AM, Kevin Cole [EMAIL PROTECTED] wrote: want to update them. I tell it to install/upgrade them all. It says Downloading but the progress bar never progresses, and it appears to be doing a whole lot of nothing. FWIW, it worked for me. One of the activity downloads (TamTam Edit?) takes *ages* to complete, with little feedback, so I did think it was jammed. Eventually it completed. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Test Usability Sugar :: Re: [OLPC] Contributes
Hi Friend I'm work in the Test Usability Sugar and OLPC http://wiki.laptop.org/go/Projects/TestUsabilityOLPC I don't have a breakthrough yet, but I am in formulating requirements. For make my activity software has worked with teachers primary school and kinder garden. This help us make a test and make some evaluation with SUGAR into desk computer, classmate and OLPC. Well In this moment... There is currently no classes into the school until to 18 august. In these week, i've closing the test usability and begin to make the tool for automatize the test. I have a presentation into slideshare [spanish]: http://www.slideshare.net/unimauro/exposicin-intercom And A video Youtube with a test SUGAR and OLPC: http://www.youtube.com/watch?v=ddh-JvDVrxs This is my usability laboratory: http://www.youtube.com/watch?v=GP-hesKAalQ 2008/7/28 Samuel Klein [EMAIL PROTECTED] Dear OLPC contributors, All of you should have received hardware (generally XOs or active antennas) through our contributors program this season. We are making an effort to spread word of community projects more widely, and there are frequent requests to know more about projects in progress. Please let us know how your projects are going, and whether you have found new people or new projects to work with, and keep a fresh link to your work from the OLPC wiki. You can link to more information about your projects from this overview page: http://wiki.laptop.org/go/Projects You should also feel free to send any feedback to [EMAIL PROTECTED] . In particular, we would like to hear about experiments you have done, or obstacles you had to overcome (including customs issues when receiving your materials). If you have further projects or requests, you can create new entries in our projects database and update your information at http://projectdb.olpc.at. Regards, SJ -- Samuel Klein One Laptop per Child skype:metasj +1 617 529 4266 -- http://unimauro.blogspot.com/ Creemos en el amor de los Seres Humanos Carlos Mauro Cárdenas Fernández 4582877 980525716 ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
New joyride build 2281
http://xs-dev.laptop.org/~cscott/olpc/streams/joyride/build2281 Changes in build 2281 from build: 2273 Size delta: 0.00M -kernel 2.6.25-20080804.1.olpc.a347731f82edeb8 +kernel 2.6.25-20080810.1.olpc.0bc186239fb1afa -- This mail was automatically generated See http://dev.laptop.org/~rwh/announcer/joyride-pkgs.html for aggregate logs See http://dev.laptop.org/~rwh/announcer/joyride_vs_update1.html for a comparison ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
A simple signed bundle/directory trust scheme for the XS
The XS now has a few new packages that allow it to auto-install certain types of content (XO installation builds, for starters) from USB keys. This means that I have to address validating that such content comes from a trusted source. So I am setting up a simple and straightforward authentication scheme for the XS. It does not attempt to solve very possible problem -- physical access to the box and various other issues conspire against us. It humbly attempts to establish a simple yet reasonable chain of trust. Comments welcome. Please do keep in mind that I am trying to keep it simple and implementable in a short timeframe. There following are the main moving parts in this scheme. - Initial installation / boot is trusted. During installation and/or initial boot the XS will read a set of trusted public GPG keys from a USB drive, and copy them somewhere in /etc - more that one set of trusted keys is ok. If this happens, a file will exist in /etc indicating (to scripts and sysadmins) that signature checks are enforced. We may signal this in visible UIs too. - Signed content -- we will consider content as signed correctly if it has at its top directory a file called manifest.sha1 that validates the rest of the files in the directory and a manifest.sha1.sig file containing a GPG signature of manifest.sha1 , signed with one of the trusted keys. To avoid race conditions affecting files in a world-readable directory, the checks should be performed in a safe tmpdir. - Signed content maybe a dir on a usb key, or a directory in a zipfile or a tarball. As long as manifest.sha1 provides a valid manifest for all the files in the corresponding directory and subdirectories. Anything that unpacks to a directory is ok. We will use this scheme for a wide range of things - the files may be retrieved by the XS via the network, or uploaded by users via web interfaces. - Extraneous files - not listed in the manifest - cause an error. - We trust signed content - this includes scripts that will run as root, and can add new pub keys to the trusted set. - If we are not in 'enforcing mode' (XSs in pilots, for example) then we don't check for signatures. - Extraneous files and mismatched SHA1s *always* cause an error. - A utility called xs-check-signature Does the Right Thing (including logging) for scripts when passed the path to the manifest.sha1 file. that's all. More words than implementation code probably - :-) cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
New faster build 2281
http://xs-dev.laptop.org/~cscott/olpc/streams/faster/build2281 Changes in build 2281 from build: 2273 Size delta: 0.00M -kernel 2.6.25-20080804.1.olpc.a347731f82edeb8 +kernel 2.6.25-20080810.1.olpc.0bc186239fb1afa -- This mail was automatically generated See http://dev.laptop.org/~rwh/announcer/faster-pkgs.html for aggregate logs See http://dev.laptop.org/~rwh/announcer/joyride_vs_update1.html for a comparison ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST ---- was (Re: not up for Friday meeting about the XS)
On Sat, Aug 9, 2008 at 6:26 PM, Bryan Berry [EMAIL PROTECTED] wrote: feeling better now, antibiotics really work :) Great news. Please let me draw up a base agenda - I do want to outline where we stand with the XS and what the plans challenges and timeframes going forward are. I see the key purpose of this meeting is to let you folks what additional functionality we are working on for Nepal's XS If we are having a regular XS meeting, I also have to consider what we are doing targetting all our other deployments, some of them with thousands of servers :-) and to make sure that our additions don't conflict w/ future changes to the underlying XS. That's a tricky one. What you guys are doing is not particularly recommended unless you have just a small number of server plus deep linux expertise on tap long term. I've been trying to give David sensible advise around what things to avoid... Here is the additional stuff we are looking to build into the XS over the next 6 months: 1) Customized Nepali version of Moodle 2) Mail server using Squirrel Mail* 3) Setting up a local version of Nepal's E-Library on the XS, a copy of Nepal's current E-Library http://pustakalaya.olenepal.org which uses the open-source fedora-commons repository software. 4) and more stuff that I can't remember at the moment. 5) Connecting schools through ejabberd I'll be very interested in 1, 3 and 5, wanting to see how we can make those efforts reusable elsewhere :-) -- WRT 3 one thing that would be great is an exporter from the fedora repo to a static representation, or to something we can search serve easily, so we don't have to carry the fedora sw itself on the XS. I've worked a bit with it, and while usually the repos hosted in it have content that is _gold_, I don't think the sw itself adds any value on the XS. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] unregister from schoolserver
Hi, I was wondering what should/must happen on the server side when an xo wants to unregister. Is there already a command for that? http://dev.laptop.org/ticket/7765 Thanks, Simon ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST ---- was (Re: not up for Friday meeting about the XS)
On Sun, 2008-08-10 at 18:52 +1200, Martin Langhoff wrote: If we are having a regular XS meeting, I also have to consider what we are doing targetting all our other deployments, some of them with thousands of servers :-) Absolutely. We may be a small deployment but our work can benefit much larger deployments. I'll be very interested in 1, 3 and 5, wanting to see how we can make those efforts reusable elsewhere :-) -- I really hope so. WRT 3 one thing that would be great is an exporter from the fedora repo to a static representation, or to something we can search serve easily, so we don't have to carry the fedora sw itself on the XS. I've worked a bit with it, and while usually the repos hosted in it have content that is _gold_, I don't think the sw itself adds any value on the XS. The great thing about the fedora-commons software is the search functionality. Could we actually use search on a static representation of the fedora-commons repository? Ultimately, we want to put a lot of Nepali art and music on the XS. A searchable repository will be key to accessing those resources. In case David hasn't explained earlier, here is why hosting a mail server on the XS is important to us. The teachers aren't using their XO's as much as we would like them too. We are looking for applications that will appeal directly to them and compel them to use their XO's more frequently. We think e-mail is one such application. The Internet connection to our schools is not very reliable and we can only afford 64K per school due to our budget constraints and the high cost of Internet access in Nepal. E-mail is much better suited to this low-bandwidth environment. While it may not be right for every OLPC deployment, it's a good choice for us in Nepal. -- Bryan W. Berry Systems Engineer OLE Nepal, http://www.olenepal.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] VoIP
What are the bandwidth requirements for these various voip strategies, sip, iax2? Tim - Original Message - Date: Sat, 9 Aug 2008 09:17:31 -0700 From: Sameer Verma [EMAIL PROTECTED] Subject: Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST was (Re: not up for Friday meeting about the XS) To: Michael Stone [EMAIL PROTECTED] Cc: Bryan Berry [EMAIL PROTECTED], server-devel@lists.laptop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 On Sat, Aug 9, 2008 at 7:47 AM, Michael Stone [EMAIL PROTECTED] wrote: On Sat, Aug 09, 2008 at 12:11:56PM +0545, Bryan Berry wrote: VoIP would be more effective but would require much more effort. Fedora recently set up its own VOIP system, so there may be experts lurking nearby who could be tempted into assisting you. Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel I'm no VoIP expert, but I played with it for a bit on different distros. Trixbox (http://www.trixbox.org/) is CentOS based and is very featureful. On the other hand, Astlinux (http://www.astlinux.org/) is very interesting in that it has a very small footprint. Astlinux runs off a CF card (64MB if I remember correctly). You can also run it off a bootable CD. All the config is browser-based, and all the config files live on a separate USB key (or any other partition). I suspect we will need something in between. Also along the lines of VoIP clients, I've been looking at IAX2 (http://en.wikipedia.org/wiki/Inter-Asterisk_eXchange) clients instead of SIP. iaxcomm (http://iaxclient.sourceforge.net/iaxcomm/) is a simple IAX2 client. On Ubuntu its current, but I haven't found any active RPMs. IAX routes quite nicely as compared to SIP. I'd be interested in seeing a sugarized iaxcomm on the XO. Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor of Information Systems San Francisco State University San Francisco CA 94132 USA http://verma.sfsu.edu/ http://opensource.sfsu.edu/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST ---- was (Re: not up for Friday meeting about the XS)
On Sun, Aug 10, 2008 at 9:10 PM, Bryan Berry [EMAIL PROTECTED] wrote: On Sun, 2008-08-10 at 18:52 +1200, Martin Langhoff wrote: If we are having a regular XS meeting, I also have to consider what we are doing targetting all our other deployments, some of them with thousands of servers :-) Absolutely. We may be a small deployment but our work can benefit much larger deployments. Small deployment *and* your expert hands at work. Fantastic WRT 3 one thing that would be great is an exporter from the fedora repo to a static representation, or to something we can search serve easily, so we don't have to carry the fedora sw itself on the XS. I've worked a bit with it, and while usually the repos hosted in it have content that is _gold_, I don't think the sw itself adds any value on the XS. The great thing about the fedora-commons software is the search functionality. Could we actually use search on a static representation of the fedora-commons repository? Well, that's exactly my thought. If we can get a static export from it, I'm sure we can feed it into a lightweight search system. Bringing in all the dependencies for Fedora, and agreeing to the memory and cpu footprint is not in my list of things to do. The teachers aren't using their XO's as much as we would like them too. We are looking for applications that will appeal directly to them and compel them to use their XO's more frequently. We think e-mail is one such application. It's a reasonable thing to want, I was worried about kids + email. Doing it without future upgrade conflicts on the XS will be a bit of a challenge. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] VoIP
On Mon, Aug 11, 2008 at 4:35 AM, Tim Moody [EMAIL PROTECTED] wrote: What are the bandwidth requirements for these various voip strategies, sip, iax2? Not sure (google away!) - but the latency requirements very tight for many (most?) of our deployments. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] installing a school server
On Fri, Aug 8, 2008 at 11:20 PM, Joshua N Pritikin [EMAIL PROTECTED] wrote: I finally got a reasonably fast internet connection at our school in India (BSNL EV-DO). I would like to try to install the school server. We have 15 XO laptops. Excellent. Just to get something working, I installed Ubuntu with Squid/Dansguardian. I have about 200Gb of hard drive and 2G RAM. Can I get an ext2 image of the school server and load it on a logical partition? I prefer to store anything important on LVM+RAID1. Does the school server understand this disk format? Yes, but you will need to tweak the kickstart file on the image (no do your own partitioning option yet, sorry). By default, the XS install CD will wipe the disk and setup an LVM (w/o RAID). cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] What's cooking in the XS pot (2008-08-11)
A shorter version of this will appeared on Community News soon - - Douglas started working on the school server this week. He tackled some bugs in the idmgr (#7606 and #7653), but most of the week was really devoted to familiarisation with Fedora and the specifics of the XS. For a while he was befuddled by a faulty network card, but by Friday he was back in control and enjoying himself. - The xs-rsync package is ready and you can update your XO image with it. In general terms, it allows publishing of resources on the XS via rsync, with special support for XO update images. More documentation at http://wiki.laptop.org/go/XS-rsync . Scott has applied a small patch to olpc-update (thanks!) adds support for an --server parameter. - A mechanism for triggering scripts when you insert a USB disks into a XS is ready. This allows us to deploy content and management scripts via USB disks. Policy and guidelines on how to use this, including security, are taking shape. The mechanism uses a ported version of usbmount - early documentation at http://wiki.laptop.org/go/XS_Automount_triggers - Thanks to Axel Thimm we have a fixed fakeroot on the XS, and one less race condition. - Jerry Vonau is exploring ahead on the Fedora 9 port, looking at our custom network scripts, xs-config and livecd/installcd build infrastructure, with a bit of support form Martin Langhoff. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] A simple signed bundle/directory trust scheme for the XS
The XS now has a few new packages that allow it to auto-install certain types of content (XO installation builds, for starters) from USB keys. This means that I have to address validating that such content comes from a trusted source. So I am setting up a simple and straightforward authentication scheme for the XS. It does not attempt to solve very possible problem -- physical access to the box and various other issues conspire against us. It humbly attempts to establish a simple yet reasonable chain of trust. Comments welcome. Please do keep in mind that I am trying to keep it simple and implementable in a short timeframe. There following are the main moving parts in this scheme. - Initial installation / boot is trusted. During installation and/or initial boot the XS will read a set of trusted public GPG keys from a USB drive, and copy them somewhere in /etc - more that one set of trusted keys is ok. If this happens, a file will exist in /etc indicating (to scripts and sysadmins) that signature checks are enforced. We may signal this in visible UIs too. - Signed content -- we will consider content as signed correctly if it has at its top directory a file called manifest.sha1 that validates the rest of the files in the directory and a manifest.sha1.sig file containing a GPG signature of manifest.sha1 , signed with one of the trusted keys. To avoid race conditions affecting files in a world-readable directory, the checks should be performed in a safe tmpdir. - Signed content maybe a dir on a usb key, or a directory in a zipfile or a tarball. As long as manifest.sha1 provides a valid manifest for all the files in the corresponding directory and subdirectories. Anything that unpacks to a directory is ok. We will use this scheme for a wide range of things - the files may be retrieved by the XS via the network, or uploaded by users via web interfaces. - Extraneous files - not listed in the manifest - cause an error. - We trust signed content - this includes scripts that will run as root, and can add new pub keys to the trusted set. - If we are not in 'enforcing mode' (XSs in pilots, for example) then we don't check for signatures. - Extraneous files and mismatched SHA1s *always* cause an error. - A utility called xs-check-signature Does the Right Thing (including logging) for scripts when passed the path to the manifest.sha1 file. that's all. More words than implementation code probably - :-) cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] unregister from schoolserver
Martin Langhoff wrote: On Sun, Aug 10, 2008 at 8:15 PM, Simon Schampijer [EMAIL PROTECTED] wrote: I was wondering what should/must happen on the server side when an xo wants to unregister. Is there already a command for that? http://dev.laptop.org/ticket/7765 None on the server side, and I don't know if there should be one - there is no useful use case for it. It's OK for the XO to 'forget' its registration and not tell the server so as to be free to register to another server. Use cases are for testing and for change of school. The XS will probably learn (later) to forget accounts that it has not seen in a very long time. Yeah that sounds like a good idea to not accumulate data. Thanks for clarifying, Simon ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel