Generating signed builds for Afghanistan

Bernie Innocenti bernie at
Mon Jun 14 08:11:19 EDT 2010

[cc += devel at]

El Mon, 14-06-2010 a las 15:07 +0430, javed khan escribió:
> i am working in Ministry of Education Kabul Afghanistan OLPC team as
> software developer and technical support officer.

Say hello to Mike Dawson from me!

> which linux os is best for developing olpc custom images?

I'm using Fedora 13 (x86_64) to create my images. Older versions of
Fedora also work.

If you also need to rebuild system RPM packages, you may also need to
keep an old Fedora 11 box around. I use one of our servers for this

> how to sign a custom image for xo's in my country ?

I thought that laptops in Afghanistan were being deployed unlocked.
In which case, you don't need to sign your builds.

If you need to implement the theft-deterrence system, you should
generate a set of key-pairs for your deployment using the bios-crypto
package, and load the public firmware key into the manufacturing data of
all your laptops.

Some info:

You will also have to setup a central activation server, or use the new
delegation scheme developed for Peru, which enables schoolservers to
generate activations autonomously. Martin Langhoff and Daniel Drake are
the most up-to-date people on this topic.

Some information here:

Then, you can configure olpc-os-builder to create signed builds. This is
the easiest part. All you have to do is add something like this to your


The entire anti-theft scheme is very complicated and requires a lot of
expertise to implement. In Paraguay, we have to deal with it almost
every day even after one year.

In my opinion, the engineering effort to implement the anti-theft system
is justified only if large quantities of laptops are being stolen every

> how to put custom image into school server so the xo's can update
> from ?

This requires olpc-update. The server side is a python program which
wraps rsync. Depending what version of the OS your laptops are running,
they may or may not ask the schoolserver for updates. Try running
olpc-update from the command line and spy what it is doing on the

Another effective way to update many laptops consists in setting up a
NANDblaster server in the school:

This will wipe the flash, so children and teachers need to be warned
ahead of time so they have time to backup important activities to a USB

PS: I suggest you change your subscription to non-digest mode, as it
makes very hard to follow threads and reply to others. Usually email
clients can filter incoming mailing-list mail into separate folders.

   // Bernie Innocenti -
 \X/  Sugar Labs       -

More information about the Devel mailing list