On Tue, 6 Sep 2016, Roland Renaud wrote: > We used Sun "jumpstart" to upgrade machines for Y2K. > In 2005, I used "kickstart" for a few Linux machines. > There might be a modern version of this that might help. > > As far as trusting your downloads, would having SHA sums help to > verify that you got what you expected? it's not the "install" part that's the issue -- we're using yocto project to build the final images, so those final images are ready to go, and verifying checksums is pretty trivial. the issue is how to securely download those images (if, in fact, they even *need* security). i'm still pondering the possibilities. more in a bit. rday > > roland > > > On Tue, Sep 6, 2016 at 2:40 PM, Robert P. J. Day <rpjday [ at ] crashcourse [ dot ] ca> wrote: > > (if there is an obvious solution to this, then i'm just missing it.) > > i'm pondering how best to install a new linux distro on remote > hosts, under the assumption that there will be someone *at* the remote > site and able to invoke the program to kick the whole thing off -- > that part is a given. > > i've already written/stolen an installer which will download various > binary images, and will (as root) partition the target disk, and > create filesystems, and so on and so on ... again, that's not the > issue. that the installer will have to run as root is kind of obvious, > given its need to do low-level disk manipulation and so on, so no > issue there. > > the issue is how to securely download the binary images (u-boot > binary, root filesystem tarball, additional proprietary apps), etc, > etc, where all those images are at a central and well-known IP > address. so here's my thinking thus far. > > the consensus is that we should use "scp" to grab the images, which > is fine with me, but how does one set this up to run "securely" in the > first place. i can already see that the downloading does not require > root privilege -- one can create a username like "installer", which > has limited privileges and exists only for downloading. > > so do we use a password when invoking the remote account for "scp"? > that would kind of defeat the purpose if passwords can be hacked (even > if they're transmitted in ciphertext). > > each installer program could, upon being invoked at the remote site, > create a private/public key pair for the "installer" account, but you > can't use "ssh-copy-id" to add it to the central/server host without a > password, so you're right back where you started. > > one idea i had is that downloading the base linux distro doesn't > need to be that secure as it's just linux, but once that remote > install comes up for the first time, it can (somehow securely) > download the proprietary app. > > am i overthinking this? is there a simply solution i'm overlooking? > > rday > > -- > > ======================================================================== > Robert P. J. Day Ottawa, Ontario, CANADA > http://crashcourse.ca > > Twitter: http://twitter.com/rpjday > LinkedIn: http://ca.linkedin.com/in/rpjday > ======================================================================== > > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux > > > > -- ======================================================================== Robert P. J. Day Ottawa, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ========================================================================