#6432 NORM Never A: Autoinstallation of RPMs

Zarro Boogs per Child bugtracker at laptop.org
Mon Jun 30 16:53:24 EDT 2008

#6432: Autoinstallation of RPMs
   Reporter:  cscott     |       Owner:  cscott        
       Type:  defect     |      Status:  new           
   Priority:  normal     |   Milestone:  Never Assigned
  Component:  distro     |     Version:                
 Resolution:             |    Keywords:                
Next_action:  never set  |    Verified:  0             
  Blockedby:             |    Blocking:                

Comment(by cscott):

 Replying to [comment:7 cscott]:
 > In mail to devel@ I've proposed limiting this mechanism to machines with
 dev keys installed, in order to manage the deployment risk I mentioned in
 the bug summary above.
 > Michael has implemented a first draft of this mechanism as a patch to
 olpc-configure.  The draft does not consult external devices, and does not
 check a dev key:
 >    http://lists.laptop.org/pipermail/devel/2008-March/011554.html

 I'm attaching a slight variant of Michael's patch, which does check dev
 keys.  It doesn't check external devices, since udev/sugar haven't mounted
 any at this point in the initscripts. =(

 As mikus has pointed out, 'yumdownloader --resolve' might be used to
 create this cache.  What does 'yum localinstall *.rpm' buy you over 'yum
 -yt --nogpgcheck install $pkgs'?

 The original proposal had a signing step to prevent a cache on removable
 media becoming an easy/sneaky trojan mechanism.  Restricting to 'at first
 boot', dev keys, and the onboard NAND seems to be enough for the moment:
 all we can do it make it more difficult to install a trojan by this means
 than it is to switch to vt 1 and type 'rpm -Uvh /media/*/*.rpm', as mikus
 correctly notes.

 Comments?  Thoughts?

Ticket URL: <http://dev.laptop.org/ticket/6432#comment:14>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system

More information about the Bugs mailing list