OOB + signature

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

OOB + signature

Rafael Ortiz
Hi 

We have a question about OOB
and how its resulting files are signed (for instance the content manifest file, specifically for the upgrade files), OOB uses some method when the signature module is activated ?, you have to sing them in an special way?.

Pointers to documentation are appreciated!.

Thanks and cheers.




_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: OOB + signature

Martin Langhoff
On Thu, Feb 7, 2013 at 9:45 AM, Rafael Ortiz <[hidden email]> wrote:
> and how its resulting files are signed (for instance the content manifest
> file, specifically for the upgrade files), OOB uses some method when the
> signature module is activated ?, you have to sing them in an special way?.

If you have the signing keys in the build machine, it's really easy.
Set the .ini file to use the signing modules, tell it where the keys
are, and it'll do it automagically for you.

See in OOB sources, modules/signing/README. Skip the "external signing" section.

hth,



m
--
 [hidden email]
 [hidden email] -- Software Architect - OLPC
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: OOB + signature

Rogelio Mita-2
Thanks a lot Martín!.

Perfect the answer!, then... we understand that the contents manifest file that is the result of build (ussualy .toc, that is used to update method, olpc-update) will also be affected by this process, is this right?.
Because we no found place to verify this assertion in some documentation, only the specification of contents manifest, but found nothing about it, only the following lines that do not answer to our question:

A contents manifest is just a convenience object for bundling a number of related directory objects; it should not be directly signed. Instead, the root directory object in the contents manifest should be the element which receives a signature.

Thanks again!

Regards!

2013/2/8 Martin Langhoff <[hidden email]>
On Thu, Feb 7, 2013 at 9:45 AM, Rafael Ortiz <[hidden email]> wrote:
> and how its resulting files are signed (for instance the content manifest
> file, specifically for the upgrade files), OOB uses some method when the
> signature module is activated ?, you have to sing them in an special way?.

If you have the signing keys in the build machine, it's really easy.
Set the .ini file to use the signing modules, tell it where the keys
are, and it'll do it automagically for you.

See in OOB sources, modules/signing/README. Skip the "external signing" section.

hth,



m
--
 [hidden email]
 [hidden email] -- Software Architect - OLPC
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff



--
Roger.

_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: OOB + signature

Rogelio Mita
In reply to this post by Martin Langhoff
Thanks a lot Martín!.

Perfect the answer!, then... we understand that the contents manifest file that is the result of build (ussualy .toc, that is used to update method, olpc-update) will also be affected by this process, is this right?.
Because we no found place to verify this assertion in some documentation, only the specification of contents manifest, but found nothing about it, only the following lines that do not answer to our question:

A contents manifest is just a convenience object for bundling a number of related directory objects; it should not be directly signed. Instead, the root directory object in the contents manifest should be the element which receives a signature.

Thanks again!

Regards!

2013/2/8 Martin Langhoff <[hidden email]>
On Thu, Feb 7, 2013 at 9:45 AM, Rafael Ortiz <[hidden email]> wrote:
> and how its resulting files are signed (for instance the content manifest
> file, specifically for the upgrade files), OOB uses some method when the
> signature module is activated ?, you have to sing them in an special way?.

If you have the signing keys in the build machine, it's really easy.
Set the .ini file to use the signing modules, tell it where the keys
are, and it'll do it automagically for you.

See in OOB sources, modules/signing/README. Skip the "external signing" section.

hth,



m
--
 [hidden email]
 [hidden email] -- Software Architect - OLPC
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff



--
Roger
_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: OOB + signature

Rogelio Mita
Hi all!

2013/2/8 Rogelio Mita <[hidden email]>
Thanks a lot Martín!.

Perfect the answer!, then... we understand that the contents manifest file that is the result of build (ussualy .toc, that is used to update method, olpc-update) will also be affected by this process, is this right?.
Because we no found place to verify this assertion in some documentation, only the specification of contents manifest, but found nothing about it, only the following lines that do not answer to our question:

A contents manifest is just a convenience object for bundling a number of related directory objects; it should not be directly signed. Instead, the root directory object in the contents manifest should be the element which receives a signature.

Thanks again!

Regards! 
2013/2/8 Martin Langhoff <[hidden email]>
On Thu, Feb 7, 2013 at 9:45 AM, Rafael Ortiz <[hidden email]> wrote:
> and how its resulting files are signed (for instance the content manifest
> file, specifically for the upgrade files), OOB uses some method when the
> signature module is activated ?, you have to sing them in an special way?.

If you have the signing keys in the build machine, it's really easy.
Set the .ini file to use the signing modules, tell it where the keys
are, and it'll do it automagically for you.

Any suggestions on this =) ? Thanks!
 
See in OOB sources, modules/signing/README. Skip the "external signing" section.

hth,



m
--
 [hidden email]
 [hidden email] -- Software Architect - OLPC
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff



--
Roger



--
Roger

_______________________________________________
Devel mailing list
[hidden email]
http://lists.laptop.org/listinfo/devel