#6432 NORM Never A: Autoinstallation of RPMs

Zarro Boogs per Child bugtracker at laptop.org
Tue Feb 12 18:29:16 EST 2008 

#6432: Autoinstallation of RPMs
--------------------+-------------------------------------------------------
 Reporter:  cscott  |       Owner:  cscott        
     Type:  defect  |      Status:  new           
 Priority:  normal  |   Milestone:  Never Assigned
Component:  distro  |     Version:                
 Keywords:          |    Verified:  0             
 Blocking:          |   Blockedby:                
--------------------+-------------------------------------------------------
 Developers have a peculiar use case: they often want to install multiple
 additional packages on top of the base build, and they are willing to do
 maintenance to fix things that break.

 A proposed mechanism is to have a signed script on an attached USB or SD
 device which is run by olpc-configure on reconfigurations (first boot of a
 new OS build).  The script may be signed by the public/private keypair of
 the XO to tie it to a specific machine, minimizing use of this vector for
 trojans.  (Reflashes nuke the keypair; an alternative is to simply
 incorporate a hash of the SN and (hidden) UUID to equivalently tie the
 script to a specific machine.)

 Ultimately, the desired use case is something like the following:
 {{{
 # olpc-install emacs
 # olpc-sign-cache
 }}}
 This hypothetically would use yum and the network to download emacs and
 its dependent RPMs and store them on an appropriate USB/SD device.  The
 olpc-sign-cache command would create an appropriate script to install
 these RPMs, 'sign' it to tie it to the current machine, and install it
 under the appropriate filename on the USB/SD device.

 First step, however, is just to provide the basic mechanism; the friendly
 tools can come later.

 To think about: in addition to an attached USB or SD device, we could also
 consider looking in /home/olpc/.foobar-cache, which may be appropriate for
 'small' customizations.

 This mechanism is dangerous: countries should be discouraged from using
 this in school deployments because updates may break kids' laptops in
 arbitrary ways.

-- 
Ticket URL: <http://dev.laptop.org/ticket/6432>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list