Keypairs should be generated for italc-master package and debconf question should be displayed to import public keys during installation of italc-client

Bug #499103 reported by Mantas Kriaučiūnas
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Baltix
New
Undecided
Unassigned
italc (Ubuntu)
New
Undecided
Unassigned

Bug Description

Currently postinst script of italc-client package generates private and public keys in /etc/italc/ for admins, teachers and supporters roles (command 'ica -role $role -createkeypair' is used). These keypairs are needed not for clients, but for master computer, so keypairs should be generated during installation of italc-master package and debconf question should be displayed to import public keys (from master computer) during installation of italc-client package.

The correct behavior is used in italc packages for windows, look at these instructions (with screenshots) for installation of italc-master:
http://italc.sourceforge.net/wiki/index.php?title=Installation#Master_Application_Installation_Instructions
http://italc.sourceforge.net/wiki-media/installation-win32/Picture_6.png

And these screenshots for italc-client:
http://italc.sourceforge.net/wiki/index.php?title=Installation#Client_Application_Installation_Instructions
http://italc.sourceforge.net/wiki-media/installation-win32/Picture_13.png

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Just some thoughts:

 * Debconf doesn't have a "browse for files" widget type. Using the string type to enter either the keys path or the keys text would be a little awkward.
 * I'd prefer using scp to copy the keys to dozens of workstations than providing the path to a debconf dialog in each one of them.
 * Maybe one way to do it would be for italc-master to publish the keys using avahi txt records. I think sugar and controlaula use that method. Then, an italc-client postinst script would:
   (a) Automatically use the server keys, if just one italc-master server was found.
   (b) Show a multiselect debconf widget if multiple italc-master servers were found.
   (c) Create new keys (or leave the package in an unconfigured state?) if no italc-master servers were found during installation.
 * While that method would make italc-client installation automatic for the most common case, it also raises some security concerns: what if the correct italc-master server is down while installing italc-client to the clients, and some "malicious" server is up?

If publishing the server keys using avahi is an acceptable method, I'm interested in preparing/proposing a patch for it.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.