[Server-devel] checking signatures on XS installed content
Douglas Bagnall
douglas at paradise.net.nz
Mon Sep 15 00:09:54 EDT 2008
The primary method of updating content on school servers is via USB
drives: when you plug one in the server searches various paths and
installs stuff accordingly. (USB, because the server may not have
internet, keyboard or screen).
In 0.4 it trusts whatever it is given. Later versions will check that
the installed content has been signed by someone trustworthy. Most
often the content will come with two extra files:
manifest.sha1 -- sha1 sums of the content files
manifest.sha1.sig -- detached GPG signature of manifest.sha1
The server trusts any public keys in /etc/pki/olpc/XS-trusted-keys/ --
I imagine there might be 3 sources of keys: OLPC, the regional/
national Network Operations Centre (NOC), and the installer who will
probably be an employee/contractor of the NOC. The XS doesn't do
web-of-trust stuff; rather it trusts the installed keys equally and
fully, and nobody else.
These keys will also be used to encrypt data like OTP passwords, but
that is another story.
The code that checks this is in the xs-tools package:
http://dev.laptop.org/git?p=users/martin/xs-tools.git
Now is the time to be security nitpickers.
Exactly who will control the keys is something I don't know. The
things that get signed are generally not server team things (we would
make an RPM) but XO software, educational content, and activation
leases.
Douglas
More information about the Server-devel
mailing list