[Server-devel] /etc/xs-sigchecks-enabled

Douglas Bagnall douglas at paradise.net.nz
Mon Nov 10 20:47:15 EST 2008


Reuben K. Caron wrote:

> Douglas, my testing show it works too. At least the usbmount script and
> processing the magic file on the USB key (and commenting out the encryption
> stuff shows the generated password file works). I could use some more
> documentation on generating the required keys. I've tried generating ones on
> the server, generating my own and placing the public one on the USB Key, and
> different variations.. If you could provide some RTFM direction or more info
> in the Readme that would be great.

Thanks for trying it, Reuben.

I've done some more WTFM, in both the xs-otp and xs-tools packages.

At the bottom of the xs-otp README, there is now a minimal,
works-for-me, description of key generation and decryption.

I've added similar information to the xs-tools README, and put the
test directory from git into the rpm's doc section.  This is unlikely
to be directly useful but it contains examples of gpg usage, including
batch key generation.

There's also /usr/share/doc/xs-tools*/examples, which is more
exemplary but less populated.

However, this:

> generating my own and placing the public one on the USB Key

ought to have worked, if you put the public key in a directory called
'XS-trusted-keys', and it was in the expected format, and either the
server had no other keys in /etc/pki/olpc/XS-trusted-keys, or it did
and they signed the new one.  Did the server make any noise when the
usb key was inserted?

Douglas


More information about the Server-devel mailing list