From 8127b8be13956e98ad7bade38b207959911328cc Mon Sep 17 00:00:00 2001 From: Daniel Drake Date: Wed, 12 Sep 2012 20:00:53 +0000 Subject: oats_cfg: add option to ignore signatures --- diff --git a/modules/oats_cfg/README b/modules/oats_cfg/README index 50bc2ef..6a10b83 100644 --- a/modules/oats_cfg/README +++ b/modules/oats_cfg/README @@ -11,6 +11,11 @@ to override this behaviour, the school server will not be tried. Useful in deployments with good connectivity where antitheft is controlled in a central location (as opposed to the specific school). +ignore_signature: by default, the OATS client will expect the server's response to be signed, and it will verify the signature. Set this to 1 to ignore all +signatures (and also accept messages with no signature). Useful for +deployments that have not implemented OLPC's security system, but still wish +to take advantage of other OATS features. + stream: the update stream - this is helpful when deploying different OS images that query the same update server. @@ -18,5 +23,6 @@ Example configuration: [oats_cfg] server=my-oats-server.mydeployment.com ignore_xs=1 +ignore_signature=1 stream=xo15hs diff --git a/modules/oats_cfg/kspost.50.oats_cfg.sh b/modules/oats_cfg/kspost.50.oats_cfg.sh index 32989d2..49bae4c 100644 --- a/modules/oats_cfg/kspost.50.oats_cfg.sh +++ b/modules/oats_cfg/kspost.50.oats_cfg.sh @@ -5,12 +5,15 @@ server=$(read_config oats_cfg server) ignore_xs=$(read_config oats_cfg ignore_xs) +ignore_sig=$(read_config oats_cfg ignore_signature) stream=$(read_config oats_cfg stream) if [ "$ignore_xs" = "1" ]; then echo "touch /etc/oats-ignore-xs" fi +[ "$ignore_sig" = "1" ] && echo "touch /etc/oats-ignore-signature" + if [ -n "$server" ]; then echo "echo '$server' > /etc/oats-server" fi @@ -18,4 +21,3 @@ fi if [ -n "$stream" ]; then echo "echo '$stream' > /etc/update-stream" fi - -- cgit v0.9.1